}
// getRecord - retrieves a time record identified by its id.
- static function getRecord($id, $user_id) {
+ static function getRecord($id) {
global $user;
+
+ $user_id = $user->getUser();
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
$sql_time_format = "'%k:%i'"; // 24 hour format.
if ('%I:%M %p' == $user->time_format)
$sql_time_format = "'%h:%i %p'"; // 12 hour format for MySQL TIME_FORMAT function.
" l.timesheet_id, l.invoice_id, l.billable, l.paid, l.date from tt_log l".
" left join tt_projects p on (p.id = l.project_id)".
" left join tt_tasks t on (t.id = l.task_id)".
- " where l.id = $id and l.user_id = $user_id and l.status = 1";
+ " where l.id = $id and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if (!$res->numRows()) {
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.46.4796 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.46.4797 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
exit();
}
$cl_id = (int)$request->getParameter('id');
-$user_id = $user->getUser();
-$time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
+$time_rec = ttTimeHelper::getRecord($cl_id);
if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
// Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
header('Location: access_denied.php');
exit();
}
$cl_id = (int)$request->getParameter('id');
-$user_id = $user->getUser();
-$time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
+$time_rec = ttTimeHelper::getRecord($cl_id);
if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
// Prohibit editing not ours, or assigned to timesheet, or invoiced records.
header('Location: access_denied.php');
}
// End of access checks.
+$user_id = $user->getUser();
+
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
require_once('../plugins/CustomFields.class.php');
}
if ($request->getParameter('btn_stop')) {
// Stop button clicked. We need to finish an uncompleted record in progress.
- $record = ttTimeHelper::getRecord($uncompleted['id'], $user->getUser());
+ $record = ttTimeHelper::getRecord($uncompleted['id']);
// Can we complete this record?
if (ttTimeHelper::isValidInterval($record['start'], $cl_finish) // finish time is greater than start time
}
// End of access checks.
-// Determine user for which we display this page.
+// Determine user for whom we display this page.
if ($request->isPost() && $userChanged) {
$user_id = $request->getParameter('user');
$user->setOnBehalfUser($user_id);
} elseif ($request->getParameter('btn_stop')) {
// Stop button pressed to finish an uncompleted record.
$record_id = $request->getParameter('record_id');
- $record = ttTimeHelper::getRecord($record_id, $user_id);
+ $record = ttTimeHelper::getRecord($record_id);
$browser_date = $request->getParameter('browser_date');
$browser_time = $request->getParameter('browser_time');
exit();
}
$cl_id = (int)$request->getParameter('id');
-$user_id = $user->getUser();
-$time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
+$time_rec = ttTimeHelper::getRecord($cl_id);
if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
// Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
header('Location: access_denied.php');
exit();
}
$cl_id = (int)$request->getParameter('id');
-$user_id = $user->getUser();
-$time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
+$time_rec = ttTimeHelper::getRecord($cl_id);
if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
// Prohibit editing not ours, or assigned to timesheet, or invoiced records.
header('Location: access_denied.php');
}
// End of access checks.
+$user_id = $user->getUser();
+
// Use custom fields plugin if it is enabled.
if ($user->isPluginEnabled('cf')) {
require_once('plugins/CustomFields.class.php');