return false;
}
- // The getLegacyRole obtains a legacy role value for a role_id.
- // This is a temporary function to allow usage of both old and new roles
- // while new role code is being written and deployed.
- static function getLegacyRole($role_id) {
- global $user;
- $mdb2 = getConnection();
-
- $sql = "select rank from tt_roles where team_id = $user->team_id and id = $role_id";
- $res = $mdb2->query($sql);
-
- if (!is_a($res, 'PEAR_Error')) {
- $val = $res->fetchRow();
- if ($val['rank']) {
- $rank = $val['rank'];
- if ($rank >= ROLE_MANAGER)
- return ROLE_MANAGER;
- else if ($rank >= ROLE_COMANAGER)
- return ROLE_COMANAGER;
- else if ($rank >= ROLE_CLIENT)
- return ROLE_CLIENT;
- else
- return ROLE_USER;
- }
- }
- return false;
- }
-
// isClientRole determines if the role is a "client" role.
// This simply means the role has no "track_own_time" right.
static function isClientRole($role_id) {
$mdb2 = getConnection();
if (isset($options['getAllFields']))
- $sql = "select * from tt_users where team_id = $user->team_id and status = 1 order by upper(name)";
+ $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.team_id = $user->team_id and u.status = 1 order by upper(u.name)";
else
$sql = "select id, name from tt_users where team_id = $user->team_id and status = 1 order by upper(name)";
$res = $mdb2->query($sql);
$mdb2 = getConnection();
if ($all_fields)
- $sql = "select * from tt_users where team_id = $team_id and status = 0 order by upper(name)";
+ $sql = "select u.*, r.name as role_name from tt_users u left join tt_roles r on (u.role_id = r.id) where u.team_id = $team_id and u.status = 0 order by upper(u.name)";
else
$sql = "select id, name from tt_users where team_id = $team_id and status = 0 order by upper(name)";
$res = $mdb2->query($sql);
var $name = null; // User name.
var $id = null; // User id.
var $team_id = null; // Team id.
- var $legacy_role = null; // Old user role (user, client, comanager, manager, admin). TODO: remove when new roles are done.
- // Complete removal requires refactoring migrateLegacyRole, which is used in dbinstall.php.
- // Perhaps, after doing an installer?
-
var $role_id = null; // Role id.
var $rank = null; // User role rank.
var $client_id = null; // Client id for client user role.
$this->name = $val['name'];
$this->id = $val['id'];
$this->team_id = $val['team_id'];
- $this->legacy_role = $val['role'];
$this->role_id = $val['role_id'];
$this->rights = explode(',', $val['rights']);
$this->is_client = !in_array('track_own_time', $this->rights);
// The getUserDetails function returns user details.
static function getUserDetails($user_id) {
- $result = array();
+ global $user;
$mdb2 = getConnection();
- $sql = "select * from tt_users where id = $user_id";
+ $sql = "select u.*, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
$password = 'md5('.$password.')';
$email = isset($fields['email']) ? $fields['email'] : '';
$team_id = (int) $fields['team_id'];
- $role = (int) $fields['role'];
$rate = str_replace(',', '.', isset($fields['rate']) ? $fields['rate'] : 0);
if($rate == '')
$rate = 0;
$status_v = ', '.$mdb2->quote($fields['status']);
}
- $sql = "insert into tt_users (name, login, password, team_id, role, role_id, client_id, rate, email $status_f) values (".
+ $sql = "insert into tt_users (name, login, password, team_id, role_id, client_id, rate, email $status_f) values (".
$mdb2->quote($fields['name']).", ".$mdb2->quote($fields['login']).
- ", $password, $team_id, $role, ".$mdb2->quote($fields['role_id']).", ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email)." $status_v)";
+ ", $password, $team_id, ".$mdb2->quote($fields['role_id']).", ".$mdb2->quote($fields['client_id']).", $rate, ".$mdb2->quote($email)." $status_v)";
$affected = $mdb2->exec($sql);
// Now deal with project assignment.
if (isset($fields['password']))
$pass_part = ', password = md5('.$mdb2->quote($fields['password']).')';
if (in_array('manage_users', $user->rights)) {
- if (isset($fields['role'])) {
- $role = (int) $fields['role'];
- $role_part = ", role = $role";
- }
if (isset($fields['role_id'])) {
$role_id = (int) $fields['role_id'];
$role_id_part = ", role_id = $role_id";
$sql = "update tt_users set login = ".$mdb2->quote($fields['login']).
"$pass_part, name = ".$mdb2->quote($fields['name']).
- "$role_part $role_id_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']).
+ "$role_id_part $client_part $rate_part $status_part, email = ".$mdb2->quote($fields['email']).
" where id = $user_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.45.4082 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.46.4083 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<script>
+// Prepare an array of available roles. We need it for "is_client" property.
+// It is used to selectively display client selector for client roles.
+roles = new Array();
+var idx = 0;
+{foreach $active_roles as $active_role}
+roles[idx] = new Array({$active_role.id}, '{$active_role.is_client}');
+idx++;
+{/foreach}
+
// The setDefaultRate function sets / unsets default rate for a project
// when a corresponding checkbox is ticked.
function setDefaultRate(element) {
// handleClientControl - controls visibility of the client dropdown depending on the selected user role.
// We need to show it only when the "Client" user role is selected.
function handleClientControl() {
+ var selectedRoleId = document.getElementById("role").value;
var clientControl = document.getElementById("client");
- if ("16" == document.getElementById("role").value)
- clientControl.style.visibility = "visible";
- else
- clientControl.style.visibility = "hidden";
+ var len = roles.length;
+ for (var i = 0; i < len; i++) {
+ if (selectedRoleId == roles[i][0]) {
+ var isClient = roles[i][1];
+ if (isClient == 1)
+ clientControl.style.visibility = "visible";
+ else
+ clientControl.style.visibility = "hidden";
+ break;
+ }
+ }
}
</script>
<td align="right" nowrap>{$i18n.label.email}:</td>
<td>{$forms.userForm.email.control}</td>
</tr>
-{if $user->isManager()}
<tr>
<td align="right">{$i18n.form.users.role}:</td>
<td>{$forms.userForm.role.control} {$forms.userForm.client.control}</td>
</tr>
-{/if}
<tr>
<td align="right">{$i18n.form.users.default_rate} (0{$user->decimal_mark}00):</td>
<td>{$forms.userForm.rate.control}</td>
<script>
+// Prepare an array of available roles. We need it for "is_client" property.
+// It is used to selectively display client selector for client roles.
+roles = new Array();
+var idx = 0;
+{foreach $active_roles as $active_role}
+roles[idx] = new Array({$active_role.id}, '{$active_role.is_client}');
+idx++;
+{/foreach}
+
// Prepare an array of rates.
// Format: project_rates[0] = Array(100, '25.00'), project_rates[1] = Array(120, '30.00'), etc...
// First element = project_id, second element = rate for project. Quotes needed for string representation of rates.
// handleClientControl - controls visibility of the client dropdown depending on the selected user role.
// We need to show it only when the "Client" user role is selected.
function handleClientControl() {
+ var selectedRoleId = document.getElementById("role").value;
var clientControl = document.getElementById("client");
- if ("16" == document.getElementById("role").value)
- clientControl.style.visibility = "visible";
- else
- clientControl.style.visibility = "hidden";
+ var len = roles.length;
+ for (var i = 0; i < len; i++) {
+ if (selectedRoleId == roles[i][0]) {
+ var isClient = roles[i][1];
+ if (isClient == 1)
+ clientControl.style.visibility = "visible";
+ else
+ clientControl.style.visibility = "hidden";
+ break;
+ }
+ }
}
</script>
<td align="right" nowrap>{$i18n.label.email}:</td>
<td>{$forms.userForm.email.control}</td>
</tr>
-{if $user->isManager() && ($user->id != $user_id)}
+{if $user->id != $user_id}
<tr>
<td align="right">{$i18n.form.users.role}:</td>
<td>{$forms.userForm.role.control} {$forms.userForm.client.control}</td>
</tr>
-{/if}
-{* Prohibit deactivating team manager. Deactivating others is ok. *}
-{if $user->canManageTeam() && !($user->isManager() && $user->id == $user_id)}
<tr>
<td align="right">{$i18n.label.status}:</td>
<td>{$forms.userForm.status.control}</td>
<table class="mobile-table">
<tr>
<td valign="top">
-{if $user->canManageTeam()}
+{if $user->can('manage_users')}
<table class="mobile-table-details">
{if $inactive_users}
<tr><td class="sectionHeaderNoBorder">{$i18n.form.users.active_users}</td></tr>
{if $user->uncompleted_indicators}
<span class="uncompleted-entry{if $u.has_uncompleted_entry} active{/if}"{if $u.has_uncompleted_entry} title="{$i18n.form.users.uncompleted_entry}"{/if}></span>
{/if}
- {if $user->isManager()}
+ {if $u.rank <= $user->rank}
<a href="user_edit.php?id={$u.id}">{$u.name|escape}</a>
{else}
- {if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}
- <a href="user_edit.php?id={$u.id}">{$u.name|escape}</a>
- {else}
- {$u.name|escape}
- {/if}
+ {$u.name|escape}
{/if}
</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
+ <td>{$u.role_name|escape}</td>
</tr>
{/foreach}
{/if}
</table>
{if $inactive_users}
- <table cellspacing="1" cellpadding="3" border="0" width="100%">
+ <table class="mobile-table-details">
<tr><td class="sectionHeaderNoBorder">{$i18n.form.users.inactive_users}</td></tr>
<tr>
<td width="35%" class="tableHeader">{$i18n.label.person_name}</td>
<td width="35%" class="tableHeader">{$i18n.label.login}</td>
<td width="10%" class="tableHeader">{$i18n.form.users.role}</td>
- <td width="10%" class="tableHeader">{$i18n.label.edit}</td>
</tr>
{foreach $inactive_users as $u}
<tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>
- {if $user->isManager()}
+ {if $u.rank <= $user->rank}
<a href="user_edit.php?id={$u.id}">{$u.name|escape}</a>
{else}
- {if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_edit.php?id={$u.id}">{$u.name|escape}</a>{/if}
+ {$u.name|escape}
{/if}
</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
- {if $user->isManager()}
- <!-- Manager can edit everybody. -->
- <td><a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a></td>
- {else}
- <!-- Comanager can edit self and clients or users but not manager and other comanagers. -->
- <td>{if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a>{/if}</td>
- {/if}
+ <td>{$u.role_name|escape}</td>
</tr>
{/foreach}
-
</table>
<table width="100%">
<tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>{$u.name|escape}</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
+ <td>{$u.role_name|escape}</td>
</tr>
{/foreach}
</table>
<td align="right" nowrap>{$i18n.label.email}:</td>
<td>{$forms.userForm.email.control}</td>
</tr>
-{if $user->isManager()}
<tr>
<td align="right">{$i18n.form.users.role}:</td>
<td>{$forms.userForm.role.control} {$forms.userForm.client.control}</td>
</tr>
-{/if}
<tr>
<td align="right">{$i18n.form.users.default_rate} (0{$user->decimal_mark}00):</td>
<td>{$forms.userForm.rate.control}</td>
<td align="right" nowrap>{$i18n.label.email}:</td>
<td>{$forms.userForm.email.control}</td>
</tr>
-{if $user->isManager() && ($user->id != $user_id)}
+{if $user->id != $user_id}
<tr>
<td align="right">{$i18n.form.users.role}:</td>
<td>{$forms.userForm.role.control} {$forms.userForm.client.control}</td>
</tr>
-{/if}
-{* Prohibit deactivating team manager. Deactivating others is ok. *}
-{if $user->canManageTeam() && !($user->isManager() && $user->id == $user_id)}
<tr>
<td align="right">{$i18n.label.status}:</td>
<td>{$forms.userForm.status.control}</td>
<table cellspacing="0" cellpadding="7" border="0" width="720">
<tr>
<td valign="top">
-{if $user->canManageTeam()}
+{if $user->can('manage_users')}
<table cellspacing="1" cellpadding="3" border="0" width="100%">
{if $inactive_users}
<tr><td class="sectionHeaderNoBorder">{$i18n.form.users.active_users}</td></tr>
{$u.name|escape}
</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
- {if $user->isManager()}
- <!-- Manager can edit everybody. -->
+ <td>{$u.role_name|escape}</td>
+ {if $u.rank <= $user->rank}
<td><a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a></td>
- <td>{if $smarty.const.ROLE_MANAGER != $u.role || $can_delete_manager}<a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a>{/if}</td>
+ {if $u.id != $user->id}<td><a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a></td>{else}<td></td>{/if}
{else}
- <!-- Comanager can edit self and clients or users but not manager and other comanagers. -->
- <td>{if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a>{/if}</td>
- <td>{if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a>{/if}</td>
+ <td></td>
+ <td></td>
{/if}
</tr>
{/foreach}
<tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>{$u.name|escape}</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
- {if $user->isManager()}
- <!-- Manager can edit everybody. -->
+ <td>{$u.role_name|escape}</td>
+ {if $u.rank <= $user->rank}
<td><a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a></td>
- <td>{if $smarty.const.ROLE_MANAGER != $u.role || $can_delete_manager}<a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a>{/if}</td>
+ {if $u.id != $user->id}<td><a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a></td>{else}<td></td>{/if}
{else}
- <!-- Comanager can edit self and clients or users but not manager and other comanagers. -->
- <td>{if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_edit.php?id={$u.id}">{$i18n.label.edit}</a>{/if}</td>
- <td>{if ($user->id == $u.id) || ($smarty.const.ROLE_CLIENT == $u.role) || ($smarty.const.ROLE_USER == $u.role)}<a href="user_delete.php?id={$u.id}">{$i18n.label.delete}</a>{/if}</td>
+ <td></td>
+ <td></td>
{/if}
</tr>
{/foreach}
<tr bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>{$u.name|escape}</td>
<td>{$u.login|escape}</td>
- {if $smarty.const.ROLE_MANAGER == $u.role}
- <td>{$i18n.form.users.manager}</td>
- {elseif $smarty.const.ROLE_COMANAGER == $u.role}
- <td>{$i18n.form.users.comanager}</td>
- {elseif $smarty.const.ROLE_CLIENT == $u.role}
- <td>{$i18n.label.client}</td>
- {elseif $smarty.const.ROLE_USER == $u.role}
- <td>{$i18n.label.user}</td>
- {/if}
+ <td>{$u.role_name|escape}</td>
</tr>
{/foreach}
</table>
$cl_password2 = $request->getParameter('pas2');
}
$cl_email = trim($request->getParameter('email'));
- $cl_role = $request->getParameter('role');
- if (!$cl_role) $cl_role = ROLE_USER;
+ $cl_role_id = $request->getParameter('role');
$cl_client_id = $request->getParameter('client');
$cl_rate = $request->getParameter('rate');
$cl_projects = $request->getParameter('projects');
}
$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','value'=>$cl_email));
-$roles[ROLE_USER] = $i18n->getKey('label.user');
-$roles[ROLE_COMANAGER] = $i18n->getKey('form.users.comanager');
-if ($user->isPluginEnabled('cl'))
- $roles[ROLE_CLIENT] = $i18n->getKey('label.client');
-$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role,'data'=>$roles));
+$active_roles = ttTeamHelper::getActiveRolesForUser();
+$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role_id,'data'=>$active_roles,'datakeys'=>array('id', 'name')));
if ($user->isPluginEnabled('cl'))
$form->addInput(array('type'=>'combobox','name'=>'client','value'=>$cl_client_id,'data'=>$clients,'datakeys'=>array('id', 'name'),'empty'=>array(''=>$i18n->getKey('dropdown.select'))));
'password' => $cl_password1,
'rate' => $cl_rate,
'team_id' => $user->team_id,
- 'role' => $cl_role,
+ 'role_id' => $cl_role_id,
'client_id' => $cl_client_id,
'projects' => $assigned_projects,
'email' => $cl_email);
} // isPost
$smarty->assign('auth_external', $auth->isPasswordExternal());
+$smarty->assign('active_roles', $active_roles);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('onload', 'onLoad="document.userForm.name.focus();handleClientControl();"');
$smarty->assign('title', $i18n->getKey('title.add_user'));
$user_details = ttUserHelper::getUserDetails($user_id);
// Security checks.
-$ok_to_go = $user->canManageTeam(); // Are we authorized for user deletes?
-if ($ok_to_go) $ok_to_go = $ok_to_go && $user_details; // Are we deleting a real user?
-if ($ok_to_go) $ok_to_go = $ok_to_go && ($user->team_id == $user_details['team_id']); // User belongs to our team?
-if ($ok_to_go && $user->isCoManager() && (ROLE_COMANAGER == $user_details['role']))
- $ok_to_go = ($user->id == $user_details['id']); // Comanager is not allowed to delete other comanagers.
-if ($ok_to_go && $user->isCoManager() && (ROLE_MANAGER == $user_details['role']))
- $ok_to_go = false; // Comanager is not allowed to delete a manager.
+if (!$user_details || // No details.
+ $user_details['team_id'] <> $user->team_id || // User not in team.
+ $user_details['rank'] > $user->rank || // User has a bigger rank.
+ ($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
+ ) {
+ header('Location: access_denied.php');
+ exit();
+}
-if (!$ok_to_go)
- die ($i18n->getKey('error.sys'));
-else
- $smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")");
+$smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")");
// Create confirmation form.
$form = new Form('userDeleteForm');
// Get user id we are editing from the request.
$user_id = (int) $request->getParameter('id');
-
// Get user details.
$user_details = ttUserHelper::getUserDetails($user_id);
// Security checks.
-$ok_to_go = $user->canManageTeam(); // Are we authorized for user management?
-if ($ok_to_go) $ok_to_go = $ok_to_go && $user_details; // Are we editing a real user?
-if ($ok_to_go) $ok_to_go = $ok_to_go && ($user->team_id == $user_details['team_id']); // User belongs to our team?
-if ($ok_to_go && $user->isCoManager() && (ROLE_COMANAGER == $user_details['role']))
- $ok_to_go = ($user->id == $user_details['id']); // Comanager is not allowed to edit other comanagers.
-if ($ok_to_go && $user->isCoManager() && (ROLE_MANAGER == $user_details['role']))
- $ok_to_go = false; // Comanager is not allowed to edit a manager.
-if (!$ok_to_go) {
- die ($i18n->getKey('error.sys'));
+if (!$user_details || // No details.
+ $user_details['team_id'] <> $user->team_id || // User not in team.
+ $user_details['rank'] > $user->rank || // User has a bigger rank.
+ ($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
+ ) {
+ header('Location: access_denied.php');
+ exit();
}
if ($user->isPluginEnabled('cl'))
$cl_password2 = $request->getParameter('pas2');
}
$cl_email = trim($request->getParameter('email'));
- $cl_role = $request->getParameter('role');
+ $cl_role_id = $request->getParameter('role');
$cl_client_id = $request->getParameter('client');
$cl_status = $request->getParameter('status');
$cl_rate = $request->getParameter('rate');
$cl_login = $user_details['login'];
$cl_email = $user_details['email'];
$cl_rate = str_replace('.', $user->decimal_mark, $user_details['rate']);
- $cl_role = $user_details['role'];
+ $cl_role_id = $user_details['role_id'];
$cl_client_id = $user_details['client_id'];
$cl_status = $user_details['status'];
$cl_projects = array();
}
$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','value'=>$cl_email));
-$roles[ROLE_USER] = $i18n->getKey('label.user');
-$roles[ROLE_COMANAGER] = $i18n->getKey('form.users.comanager');
-if ($user->isPluginEnabled('cl'))
- $roles[ROLE_CLIENT] = $i18n->getKey('label.client');
-$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role,'data'=>$roles));
+$active_roles = ttTeamHelper::getActiveRolesForUser();
+$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role_id,'data'=>$active_roles,'datakeys'=>array('id', 'name')));
if ($user->isPluginEnabled('cl'))
$form->addInput(array('type'=>'combobox','name'=>'client','value'=>$cl_client_id,'data'=>$clients,'datakeys'=>array('id', 'name'),'empty'=>array(''=>$i18n->getKey('dropdown.select'))));
'rate' => $cl_rate,
'projects' => $assigned_projects);
if (in_array('manage_users', $user->rights)) {
- $fields['role'] = $cl_role;
+ $fields['role_id'] = $cl_role_id;
$fields['client_id'] = $cl_client_id;
}
$smarty->assign('rates', $rates);
$smarty->assign('auth_external', $auth->isPasswordExternal());
+$smarty->assign('active_roles', $active_roles);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('onload', 'onLoad="document.userForm.name.focus();handleClientControl();"');
$smarty->assign('user_id', $user_id);
$cl_password2 = $request->getParameter('pas2');
}
$cl_email = trim($request->getParameter('email'));
- $cl_role = $request->getParameter('role');
- if (!$cl_role) $cl_role = ROLE_USER;
+ $cl_role_id = $request->getParameter('role');
$cl_client_id = $request->getParameter('client');
$cl_rate = $request->getParameter('rate');
$cl_projects = $request->getParameter('projects');
$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','value'=>$cl_email));
$active_roles = ttTeamHelper::getActiveRolesForUser();
-$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role,'data'=>$active_roles,'datakeys'=>array('id', 'name')));
+$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role_id,'data'=>$active_roles,'datakeys'=>array('id', 'name')));
if ($user->isPluginEnabled('cl'))
$form->addInput(array('type'=>'combobox','name'=>'client','value'=>$cl_client_id,'data'=>$clients,'datakeys'=>array('id', 'name'),'empty'=>array(''=>$i18n->getKey('dropdown.select'))));
}
if (!ttValidEmail($cl_email, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.email'));
// Require selection of a client for a client role.
- if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role) && !$cl_client_id) $err->add($i18n->getKey('error.client'));
+ if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role_id) && !$cl_client_id) $err->add($i18n->getKey('error.client'));
if (!ttValidFloat($cl_rate, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('form.users.default_rate'));
if ($err->no()) {
if (!ttUserHelper::getUserByLogin($cl_login)) {
- // Get legacy role value.
- $legacy_role = ttRoleHelper::getLegacyRole($cl_role); // TODO: remove after roles revamp.
$fields = array(
'name' => $cl_name,
'login' => $cl_login,
'password' => $cl_password1,
'rate' => $cl_rate,
'team_id' => $user->team_id,
- 'role' => $legacy_role,
- 'role_id' => $cl_role,
+ 'role_id' => $cl_role_id,
'client_id' => $cl_client_id,
'projects' => $assigned_projects,
'email' => $cl_email);
// Get user id we are deleting from the request.
// A cast to int is for safety against manipulation of request parameter (sql injection).
$user_id = (int) $request->getParameter('id');
-
// We need user name and login to display.
$user_details = ttUserHelper::getUserDetails($user_id);
// Security checks.
-$ok_to_go = $user->canManageTeam(); // Are we authorized for user deletes?
-if ($ok_to_go) $ok_to_go = $ok_to_go && $user_details; // Are we deleting a real user?
-if ($ok_to_go) $ok_to_go = $ok_to_go && ($user->team_id == $user_details['team_id']); // User belongs to our team?
-if ($ok_to_go && $user->isCoManager() && (ROLE_COMANAGER == $user_details['role']))
- $ok_to_go = ($user->id == $user_details['id']); // Comanager is not allowed to delete other comanagers.
-if ($ok_to_go && $user->isCoManager() && (ROLE_MANAGER == $user_details['role']))
- $ok_to_go = false; // Comanager is not allowed to delete a manager.
+if (!$user_details || // No details.
+ $user_details['team_id'] <> $user->team_id || // User not in team.
+ $user_details['rank'] > $user->rank || // User has a bigger rank.
+ ($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
+ ) {
+ header('Location: access_denied.php');
+ exit();
+}
-if (!$ok_to_go)
- die ($i18n->getKey('error.sys'));
-else
- $smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")");
+$smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")");
// Create confirmation form.
$form = new Form('userDeleteForm');
// Get user id we are editing from the request.
$user_id = (int) $request->getParameter('id');
-
// Get user details.
$user_details = ttUserHelper::getUserDetails($user_id);
// Security checks.
-$ok_to_go = $user->canManageTeam(); // Are we authorized for user management?
-if ($ok_to_go) $ok_to_go = $ok_to_go && $user_details; // Are we editing a real user?
-if ($ok_to_go) $ok_to_go = $ok_to_go && ($user->team_id == $user_details['team_id']); // User belongs to our team?
-if ($ok_to_go && $user->isCoManager() && (ROLE_COMANAGER == $user_details['role']))
- $ok_to_go = ($user->id == $user_details['id']); // Comanager is not allowed to edit other comanagers.
-if ($ok_to_go && $user->isCoManager() && (ROLE_MANAGER == $user_details['role']))
- $ok_to_go = false; // Comanager is not allowed to edit a manager.
-if (!$ok_to_go) {
- die ($i18n->getKey('error.sys'));
+if (!$user_details || // No details.
+ $user_details['team_id'] <> $user->team_id || // User not in team.
+ $user_details['rank'] > $user->rank || // User has a bigger rank.
+ ($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
+ ) {
+ header('Location: access_denied.php');
+ exit();
}
if ($user->isPluginEnabled('cl'))
$cl_password2 = $request->getParameter('pas2');
}
$cl_email = trim($request->getParameter('email'));
- $cl_role = $request->getParameter('role');
+ $cl_role_id = $request->getParameter('role');
$cl_client_id = $request->getParameter('client');
$cl_status = $request->getParameter('status');
$cl_rate = $request->getParameter('rate');
$cl_login = $user_details['login'];
$cl_email = $user_details['email'];
$cl_rate = str_replace('.', $user->decimal_mark, $user_details['rate']);
- $cl_role = $user_details['role_id'];
+ $cl_role_id = $user_details['role_id'];
$cl_client_id = $user_details['client_id'];
$cl_status = $user_details['status'];
$cl_projects = array();
$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','style'=>'width: 300px;','value'=>$cl_email));
$active_roles = ttTeamHelper::getActiveRolesForUser();
-$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role,'data'=>$active_roles, 'datakeys'=>array('id', 'name')));
+$form->addInput(array('type'=>'combobox','onchange'=>'handleClientControl()','name'=>'role','value'=>$cl_role_id,'data'=>$active_roles, 'datakeys'=>array('id', 'name')));
if ($user->isPluginEnabled('cl'))
$form->addInput(array('type'=>'combobox','name'=>'client','value'=>$cl_client_id,'data'=>$clients,'datakeys'=>array('id', 'name'),'empty'=>array(''=>$i18n->getKey('dropdown.select'))));
}
if (!ttValidEmail($cl_email, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.email'));
// Require selection of a client for a client role.
- if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role) && !$cl_client_id) $err->add($i18n->getKey('error.client'));
+ if ($user->isPluginEnabled('cl') && ttRoleHelper::isClientRole($cl_role_id) && !$cl_client_id) $err->add($i18n->getKey('error.client'));
if (!ttValidFloat($cl_rate, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('form.users.default_rate'));
if ($err->no()) {
'status' => $cl_status,
'rate' => $cl_rate,
'projects' => $assigned_projects);
- if (in_array('manage_users', $user->rights) && $cl_role) {
- // Get legacy role value.
- $legacy_role = ttRoleHelper::getLegacyRole($cl_role); // TODO: remove after roles revamp.
- $fields['role'] = $legacy_role;
-
- $fields['role_id'] = $cl_role;
+ if (in_array('manage_users', $user->rights) && $cl_role_id) {
+ $fields['role_id'] = $cl_role_id;
$fields['client_id'] = $cl_client_id;
}