projects
/
timetracker.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
a9b8fe4
)
Prohibited editing approved expense items.
author
Nik Okuntseff
<support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000
(16:50 +0000)
committer
Nik Okuntseff
<support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000
(16:50 +0000)
WEB-INF/lib/ttExpenseHelper.class.php
patch
|
blob
|
history
WEB-INF/templates/expenses.tpl
patch
|
blob
|
history
WEB-INF/templates/footer.tpl
patch
|
blob
|
history
WEB-INF/templates/mobile/expenses.tpl
patch
|
blob
|
history
expense_delete.php
patch
|
blob
|
history
expense_edit.php
patch
|
blob
|
history
mobile/expense_delete.php
patch
|
blob
|
history
mobile/expense_edit.php
patch
|
blob
|
history
diff --git
a/WEB-INF/lib/ttExpenseHelper.class.php
b/WEB-INF/lib/ttExpenseHelper.class.php
index
40a3e88
..
e7da92c
100644
(file)
--- a/
WEB-INF/lib/ttExpenseHelper.class.php
+++ b/
WEB-INF/lib/ttExpenseHelper.class.php
@@
-140,7
+140,8
@@
class ttExpenseHelper {
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
if ($user->isPluginEnabled('cl'))
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
- $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.paid $client_field, p.name as project_name".
+ $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.approved,".
+ " ei.paid $client_field, p.name as project_name".
" from tt_expense_items ei $left_joins".
" where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.user_id = $user_id and ei.status = 1";
$res = $mdb2->query($sql);
" from tt_expense_items ei $left_joins".
" where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.user_id = $user_id and ei.status = 1";
$res = $mdb2->query($sql);
@@
-177,7
+178,7
@@
class ttExpenseHelper {
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
$sql = "select ei.id as id $client_field, p.name as project, ei.name as item, ei.cost as cost,".
$left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
$sql = "select ei.id as id $client_field, p.name as project, ei.name as item, ei.cost as cost,".
- " ei.invoice_id from tt_expense_items ei $left_joins".
+ " ei.invoice_id
, ei.approved
from tt_expense_items ei $left_joins".
" where ei.date = ".$mdb2->quote($date)." and ei.user_id = $user_id".
" and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1 order by ei.id";
" where ei.date = ".$mdb2->quote($date)." and ei.user_id = $user_id".
" and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1 order by ei.id";
diff --git
a/WEB-INF/templates/expenses.tpl
b/WEB-INF/templates/expenses.tpl
index
45a8ef2
..
11b4fb8
100644
(file)
--- a/
WEB-INF/templates/expenses.tpl
+++ b/
WEB-INF/templates/expenses.tpl
@@
-195,7
+195,13
@@
function recalculateCost() {
{/if}
<td valign="top">{$item.item|escape}</td>
<td valign="top" align="right">{$item.cost}</td>
{/if}
<td valign="top">{$item.item|escape}</td>
<td valign="top" align="right">{$item.cost}</td>
- <td valign="top" align="center">{if $item.invoice_id} {else}<a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>{/if}</td>
+ <td valign="top" align="center">
+ {if $item.approved || $item.invoice_id}
+
+ {else}
+ <a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>
+ {/if}
+ </td>
</tr>
{/foreach}
</table>
</tr>
{/foreach}
</table>
diff --git
a/WEB-INF/templates/footer.tpl
b/WEB-INF/templates/footer.tpl
index
180b9a8
..
2c36762
100644
(file)
--- a/
WEB-INF/templates/footer.tpl
+++ b/
WEB-INF/templates/footer.tpl
@@
-12,7
+12,7
@@
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.53.483
2
| Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.53.483
3
| Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git
a/WEB-INF/templates/mobile/expenses.tpl
b/WEB-INF/templates/mobile/expenses.tpl
index
a6aa66d
..
7afde73
100644
(file)
--- a/
WEB-INF/templates/mobile/expenses.tpl
+++ b/
WEB-INF/templates/mobile/expenses.tpl
@@
-203,7
+203,13
@@
function recalculateCost() {
{if $show_project}
<td valign="top">{$item.project|escape}</td>
{/if}
{if $show_project}
<td valign="top">{$item.project|escape}</td>
{/if}
- <td valign="top">{if $item.invoice_id} {$item.item|escape} {else}<a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>{/if}</td>
+ <td valign="top">
+ {if $item.approved || $item.invoice_id}
+ {$item.item|escape}
+ {else}
+ <a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>
+ {/if}
+ </td>
<td valign="top" align="right">{$item.cost}</td>
</tr>
{/foreach}
<td valign="top" align="right">{$item.cost}</td>
</tr>
{/foreach}
diff --git
a/expense_delete.php
b/expense_delete.php
index
c703176
..
788fb59
100644
(file)
--- a/
expense_delete.php
+++ b/
expense_delete.php
@@
-43,8
+43,8
@@
if (!$user->isPluginEnabled('ex')) {
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are deleting.
$expense_item = ttExpenseHelper::getItem($cl_id);
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are deleting.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['
approved'] || $expense_item['
invoice_id']) {
+ // Prohibit deleting not ours
, approved,
or invoiced items.
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}
diff --git
a/expense_edit.php
b/expense_edit.php
index
b1115f1
..
877ec66
100644
(file)
--- a/
expense_edit.php
+++ b/
expense_edit.php
@@
-45,8
+45,8
@@
if (!$user->isPluginEnabled('ex')) {
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['
approved'] || $expense_item['
invoice_id']) {
+ // Prohibit editing not ours
, approved,
or invoiced items.
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}
diff --git
a/mobile/expense_delete.php
b/mobile/expense_delete.php
index
3bdc179
..
48e74dc
100644
(file)
--- a/
mobile/expense_delete.php
+++ b/
mobile/expense_delete.php
@@
-43,8
+43,8
@@
if (!$user->isPluginEnabled('ex')) {
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are deleting.
$expense_item = ttExpenseHelper::getItem($cl_id);
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are deleting.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['
approved'] || $expense_item['
invoice_id']) {
+ // Prohibit deleting not ours
, approved,
or invoiced items.
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}
diff --git
a/mobile/expense_edit.php
b/mobile/expense_edit.php
index
e9e1ca6
..
10035a9
100644
(file)
--- a/
mobile/expense_edit.php
+++ b/
mobile/expense_edit.php
@@
-45,8
+45,8
@@
if (!$user->isPluginEnabled('ex')) {
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
$cl_id = (int)$request->getParameter('id');
// Get the expense item we are editing.
$expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
- // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['
approved'] || $expense_item['
invoice_id']) {
+ // Prohibit editing not ours
, approved,
or invoiced items.
header('Location: access_denied.php');
exit();
}
header('Location: access_denied.php');
exit();
}