$affected = $mdb2->exec($sql);
return (!is_a($affected, 'PEAR_Error'));
}
+
+ // isUserValid function is used during access checks and determines whether user id, passed in post, is valid
+ // in current context.
+ static function isUserValid($user_id) {
+ // We have to cover several situations.
+ //
+ // 1) User is a client.
+ // 2) User with view_all_timesheets rights.
+ // 3) User with view_timesheets rights.
+
+ global $user;
+
+ // Step 1.
+ // A client must have view_client_timesheets and
+ // aser must be assigned to one of client projects.
+ if ($user->isClient()) {
+ if (!$user->can('view_client_timesheets'))
+ return false;
+ $valid_users = ttGroupHelper::getUsersForClient($user->client_id);
+ $v = 2;
+ }
+
+ return true;
+ }
}
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.37.4741 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.37.4742 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
{$forms.timesheetsForm.open}
<table cellspacing="0" cellpadding="7" border="0" width="720">
+{if $show_hint}
<tr><td align="left">{$i18n.form.timesheets.hint}<br></td></tr>
+{/if}
{if $user_dropdown}
<tr><td align="center">{$i18n.label.user}: {$forms.timesheetsForm.user.control}</td></tr>
{/if}
}
}
-// handleClientControl - controls visibility of the client dropdown depending on the selected user role.
-// We need to show it only when the "Client" user role is selected.
+// handleClientControl - controls visibility of the client dropdown depending on the selected user role,
+// also hides and unselects projects when "Client" user role is selected.
function handleClientControl() {
var selectedRoleId = document.getElementById("role").value;
var clientControl = document.getElementById("client");
+ var projectsControl = document.getElementById("projects_control");
+
var len = roles.length;
for (var i = 0; i < len; i++) {
if (selectedRoleId == roles[i][0]) {
var isClient = roles[i][1];
- if (isClient == 1)
+ if (isClient == 1) {
clientControl.style.visibility = "visible";
- else {
- clientControl.value = '';
+ projectsControl.style.display = "none";
+
+ // Uncheck all project checkboxes.
+ var checkboxes = document.getElementsByName("projects[]");
+ var j;
+ for (j = 0; j < checkboxes.length; j++) {
+ checkboxes[j].checked = false;
+ }
+ } else {
+ clientControl.value = "";
clientControl.style.visibility = "hidden";
+ projectsControl.style.display = "";
}
break;
}
{/if}
{if $show_projects}
<tr><td> </td></tr>
+<tbody id="projects_control">
<tr valign="top">
<td align="right">{$i18n.label.projects}:</td>
<td>{$forms.userForm.projects.control}</td>
</tr>
+</tbody>
{/if}
<tr>
<td colspan="2" align="center">{$i18n.label.required_fields}</td>
require_once('initialize.php');
import('form.Form');
+import('ttGroupHelper');
import('ttTimesheetHelper');
// Access checks.
header('Location: feature_disabled.php');
exit();
}
+if ($user->isClient()) {
+ $users_for_client = ttGroupHelper::getUsersForClient($user->client_id);
+ if (count($users_for_client) == 0) {
+ header('Location: access_denied.php'); // There are no users for client.
+ exit();
+ }
+}
if ($request->isPost()) {
$userChanged = $request->getParameter('user_changed');
- if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
- header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
+ if ($userChanged && !(ttTimesheetHelper::isUserValid($request->getParameter('user')))) {
+ header('Location: access_denied.php'); // Wrong user id.
exit();
}
}
// End of access checks.
// Determine user for whom we display this page.
+$notClient = !$user->isClient();
if ($request->isPost() && $userChanged) {
$user_id = $request->getParameter('user');
} else {
- $user_id = $user->getUser();
+ if ($notClient)
+ $user_id = $user->getUser();
+ else
+ $user_id = $users_for_client[0]['id']; // First found user for a client.
}
+
$group_id = $user->getGroup();
// Elements of timesheetsForm.
// TODO: fix this for client access.
$active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id);
$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
-$show_client = $user->isPluginEnabled('cl') && !$user->isClient();
+$show_client = $user->isPluginEnabled('cl') && $notClient;
$smarty->assign('active_timesheets', $active_timesheets);
$smarty->assign('inactive_timesheets', $inactive_timesheets);
$smarty->assign('show_client', $show_client);
-$smarty->assign('show_submit_status', !$user->isClient());
-$smarty->assign('show_approval_status', !$user->isClient());
+$smarty->assign('show_hint', $notClient);
+$smarty->assign('show_submit_status', $notClient);
+$smarty->assign('show_approval_status', $notClient);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('title.timesheets'));
$smarty->assign('content_page_name', 'timesheets.tpl');
// Create projects table.
$table = new Table('projects');
$table->setIAScript('setRate');
-$table->setTableOptions(array('width'=>'100%','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
+$table->setTableOptions(array('width'=>'300','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
$table->setRowOptions(array('valign'=>'top','class'=>'tableHeader'));
$table->setData($projects);
$table->setKeyField('id');