projects
/
timetracker.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
3572757
)
Refactored profile_edit.php for subgroups.
author
Nik Okuntseff
<support@anuko.com>
Sun, 9 Dec 2018 14:05:19 +0000
(14:05 +0000)
committer
Nik Okuntseff
<support@anuko.com>
Sun, 9 Dec 2018 14:05:19 +0000
(14:05 +0000)
WEB-INF/lib/ttUserHelper.class.php
patch
|
blob
|
history
WEB-INF/templates/footer.tpl
patch
|
blob
|
history
WEB-INF/templates/header.tpl
patch
|
blob
|
history
predefined_expense_add.php
patch
|
blob
|
history
profile_edit.php
patch
|
blob
|
history
diff --git
a/WEB-INF/lib/ttUserHelper.class.php
b/WEB-INF/lib/ttUserHelper.class.php
index
0d628f6
..
f91128e
100644
(file)
--- a/
WEB-INF/lib/ttUserHelper.class.php
+++ b/
WEB-INF/lib/ttUserHelper.class.php
@@
-146,16
+146,27
@@
class ttUserHelper {
$mdb2 = getConnection();
// Check parameters.
$mdb2 = getConnection();
// Check parameters.
- if (!$user_id
|| !isset($fields['login'])
)
+ if (!$user_id)
return false;
return false;
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
// Prepare query parts.
// Prepare query parts.
+ if (isset($fields['login'])) {
+ $login_part = ", login = ".$mdb2->quote($fields['login']);
+ }
+
if (isset($fields['password']))
$pass_part = ', password = md5('.$mdb2->quote($fields['password']).')';
if (isset($fields['password']))
$pass_part = ', password = md5('.$mdb2->quote($fields['password']).')';
- if (in_array('manage_users', $user->rights)) {
+
+ if (isset($fields['name']))
+ $name_part = ', name = '.$mdb2->quote($fields['name']);
+
+ if ($user->can('manage_users')) {
if (isset($fields['role_id'])) {
$role_id = (int) $fields['role_id'];
if (isset($fields['role_id'])) {
$role_id = (int) $fields['role_id'];
- $role_
id_
part = ", role_id = $role_id";
+ $role_part = ", role_id = $role_id";
}
if (array_key_exists('client_id', $fields)) // Could be NULL.
$client_part = ", client_id = ".$mdb2->quote($fields['client_id']);
}
if (array_key_exists('client_id', $fields)) // Could be NULL.
$client_part = ", client_id = ".$mdb2->quote($fields['client_id']);
@@
-167,17
+178,19
@@
class ttUserHelper {
$rate_part = ", rate = ".$mdb2->quote($rate);
}
$rate_part = ", rate = ".$mdb2->quote($rate);
}
+ if (isset($fields['email']))
+ $email_part = ', email = '.$mdb2->quote($fields['email']);
+
if (isset($fields['status'])) {
$status = (int) $fields['status'];
$status_part = ", status = $status";
}
$modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
if (isset($fields['status'])) {
$status = (int) $fields['status'];
$status_part = ", status = $status";
}
$modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+ $parts = ltrim($login_part.$pass_part.$name_part.$role_part.$client_part.$rate_part.$email_part.$modified_part.$status_part, ',');
- $sql = "update tt_users set login = ".$mdb2->quote($fields['login']).
- "$pass_part, name = ".$mdb2->quote($fields['name']).
- "$role_id_part $client_part $rate_part $modified_part $status_part, email = ".$mdb2->quote($fields['email']).
- " where id = $user_id";
+ $sql = "update tt_users set $parts".
+ " where id = $user_id and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
diff --git
a/WEB-INF/templates/footer.tpl
b/WEB-INF/templates/footer.tpl
index
ed2a2f0
..
d703090
100644
(file)
--- a/
WEB-INF/templates/footer.tpl
+++ b/
WEB-INF/templates/footer.tpl
@@
-12,7
+12,7
@@
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.29.461
7
| Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.29.461
8
| Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git
a/WEB-INF/templates/header.tpl
b/WEB-INF/templates/header.tpl
index
0527029
..
546fffa
100644
(file)
--- a/
WEB-INF/templates/header.tpl
+++ b/
WEB-INF/templates/header.tpl
@@
-83,7
+83,7
@@
<tr>
<td class="systemMenu" height="17" align="center">
<a class="systemMenu" href="logout.php">{$i18n.menu.logout}</a> ·
<tr>
<td class="systemMenu" height="17" align="center">
<a class="systemMenu" href="logout.php">{$i18n.menu.logout}</a> ·
- {if $user->can('manage_own_settings')}
+ {if $user->
exists() && $user->
can('manage_own_settings')}
<a class="systemMenu" href="profile_edit.php">{$i18n.menu.profile}</a> ·
{/if}
{if $user->can('manage_basic_settings')}
<a class="systemMenu" href="profile_edit.php">{$i18n.menu.profile}</a> ·
{/if}
{if $user->can('manage_basic_settings')}
diff --git
a/predefined_expense_add.php
b/predefined_expense_add.php
index
0bff7e0
..
2a0ab6b
100644
(file)
--- a/
predefined_expense_add.php
+++ b/
predefined_expense_add.php
@@
-39,6
+39,7
@@
if (!$user->isPluginEnabled('ex')) {
header('Location: feature_disabled.php');
exit();
}
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
diff --git
a/profile_edit.php
b/profile_edit.php
index
9de1820
..
d0d3de5
100644
(file)
--- a/
profile_edit.php
+++ b/
profile_edit.php
@@
-36,9
+36,15
@@
if (!ttAccessAllowed('manage_own_settings')) {
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
// End of access checks.
// End of access checks.
-$can_manage_account = $user->can('manage_own_account');
+$can_manage_account = $user->behalfGroup ? $user->can('manage_subgroups') : $user->can('manage_own_account');
+if ($user->behalf_id) $user_details = $user->getUserDetails($user->behalf_id);
+$current_login = $user->behalf_id ? $user_details['login'] : $user->login;
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
@@
-49,9
+55,15
@@
if ($request->isPost()) {
}
$cl_email = trim($request->getParameter('email'));
} else {
}
$cl_email = trim($request->getParameter('email'));
} else {
- $cl_name = $user->name;
- $cl_login = $user->login;
- $cl_email = $user->email;
+ if ($user->behalf_id) {
+ $cl_name = $user_details['name'];
+ $cl_login = $user_details['login'];
+ $cl_email = $user_details['email'];
+ } else {
+ $cl_name = $user->name;
+ $cl_login = $user->login;
+ $cl_email = $user->email;
+ }
}
$form = new Form('profileForm');
}
$form = new Form('profileForm');
@@
-70,7
+82,7
@@
if ($request->isPost()) {
if (!ttValidString($cl_login)) $err->add($i18n->get('error.field'), $i18n->get('label.login'));
// New login must be unique.
if (!ttValidString($cl_login)) $err->add($i18n->get('error.field'), $i18n->get('label.login'));
// New login must be unique.
- if ($cl_login != $
user->
login && ttUserHelper::getUserByLogin($cl_login))
+ if ($cl_login != $
current_
login && ttUserHelper::getUserByLogin($cl_login))
$err->add($i18n->get('error.user_exists'));
if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
$err->add($i18n->get('error.user_exists'));
if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
@@
-83,12
+95,10
@@
if ($request->isPost()) {
// Finished validating user input.
if ($err->no()) {
// Finished validating user input.
if ($err->no()) {
- $update_result = ttUserHelper::update($user->id, array(
- 'name' => $cl_name,
- 'login' => $cl_login,
- 'password' => $cl_password1,
- 'email' => $cl_email,
- 'status' => ACTIVE));
+ $fields = $can_manage_account ?
+ array('name'=>$cl_name,'login'=>$cl_login,'password'=>$cl_password1,'email'=>$cl_email) :
+ array('password'=>$cl_password1);
+ $update_result = ttUserHelper::update($user->getUser(), $fields);
if ($update_result) {
header('Location: time.php');
exit();
if ($update_result) {
header('Location: time.php');
exit();