Extended right set for more flexibility.
authorNik Okuntseff <support@anuko.com>
Mon, 12 Mar 2018 18:10:55 +0000 (18:10 +0000)
committerNik Okuntseff <support@anuko.com>
Mon, 12 Mar 2018 18:10:55 +0000 (18:10 +0000)
14 files changed:
WEB-INF/lib/ttRoleHelper.class.php
WEB-INF/templates/footer.tpl
charts.php
dbinstall.php
expense_delete.php
expense_edit.php
expenses.php
export.php
import.php
invoice_add.php
invoice_delete.php
invoice_send.php
mysql.sql
role_add.php

index 3ed85c3..20d31bc 100644 (file)
@@ -221,9 +221,9 @@ class ttRoleHelper {
 
     $mdb2 = getConnection();
 
-    $rights_client = 'view_own_data,manage_own_settings';
-    $rights_user = 'data_entry,view_own_data,manage_own_settings,view_users';
-    $rights_supervisor = $rights_user.',on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets';
+    $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings';
+    $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users';
+    $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets';
     $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices';
     $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups';
 
@@ -279,9 +279,9 @@ class ttRoleHelper {
     global $i18n;
     global $user;
 
-    $rights_client = 'view_own_data,manage_own_settings';
-    $rights_user = 'data_entry,view_own_data,manage_own_settings,view_users';
-    $rights_supervisor = $rights_user.',on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets';
+    $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings';
+    $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users';
+    $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets';
     $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices';
     $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups';
 
index 4d0147d..27fdad1 100644 (file)
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.39.4062 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.40.4063 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
index df38cce..9df70d5 100644 (file)
@@ -38,7 +38,7 @@ import('ttUserHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!ttAccessAllowed('view_own_data') || !$user->isPluginEnabled('ch')) {
+if (!ttAccessAllowed('view_own_charts') || !$user->isPluginEnabled('ch')) {
   header('Location: access_denied.php');
   exit();
 }
index f333bd3..6a37805 100755 (executable)
@@ -752,6 +752,10 @@ if ($_POST) {
     setChange("INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_data,manage_own_settings,view_users,on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups')");
     setChange("UPDATE `tt_site_config` SET `param_value` = '1.17.35' where param_name = 'version_db'");
     setChange("update `tt_users` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set role_id = (select id from tt_roles where rank = 1024) where role = 1024");
+    setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = 'data_entry,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups' where team_id = 0 and rank = 512");
+    setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_own_data', 'view_own_reports,view_own_charts') where team_id > 0");
+    setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_data', 'view_reports,view_charts') where team_id > 0");
+    setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_own_charts', 'view_own_charts,view_own_invoices') where team_id > 0 and rank = 16");
   }
 
   if ($_POST["cleanup"]) {
index c5f53aa..d17f251 100644 (file)
@@ -32,7 +32,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }
index f13c791..3fd2359 100644 (file)
@@ -33,7 +33,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }
index 9941827..a6502fa 100644 (file)
@@ -34,7 +34,7 @@ import('DateAndTime');
 import('ttExpenseHelper');
 
 // Access check.
-if (!ttAccessCheck(right_data_entry) || !$user->isPluginEnabled('ex')) {
+if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) {
   header('Location: access_denied.php');
   exit();
 }
index f046949..7ccce33 100644 (file)
@@ -31,7 +31,7 @@ import('ttExportHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_export_team)) {
+if (!ttAccessAllowed('export_data')) {
   header('Location: access_denied.php');
   exit();
 }
index ce6aa72..dd30ad3 100644 (file)
@@ -31,7 +31,7 @@ import('ttImportHelper');
 import('form.Form');
 
 // Access check.
-if (!ttAccessCheck(right_administer_site)) {
+if (!ttAccessAllowed('administer_site')) {
   header('Location: access_denied.php');
   exit();
 }
index 0e752dc..01b7761 100644 (file)
@@ -32,7 +32,7 @@ import('ttTeamHelper');
 import('ttInvoiceHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) {
+if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) {
   header('Location: access_denied.php');
   exit();
 }
index 175889e..6fd8270 100644 (file)
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttInvoiceHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('iv')) {
+if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) {
   header('Location: access_denied.php');
   exit();
 }
index eb4b2a3..ee333a6 100644 (file)
@@ -32,7 +32,7 @@ import('ttInvoiceHelper');
 import('ttSysConfig');
 
 // Access check.
-if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
+if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) {
   header('Location: access_denied.php');
   exit();
 }
index 35ff8ce..4cacf9a 100644 (file)
--- a/mysql.sql
+++ b/mysql.sql
@@ -66,7 +66,7 @@ create unique index role_idx on tt_roles(team_id, rank, status);
 
 # Insert site-wide roles - site administrator and top manager.
 INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site');
-INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_data,manage_own_settings,view_users,on_behalf_data_entry,view_data,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups');
+INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups');
 
 
 #
index b44304b..de25f70 100644 (file)
@@ -67,7 +67,7 @@ if ($request->isPost()) {
           'name' => $cl_name,
           'rank' => $cl_rank,
           'description' => $cl_description,
-          'rights' => 'data_entry,view_own_data,manage_own_settings,view_users', // Default user rights.
+          'rights' => 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users', // Default user rights.
           'status' => ACTIVE))) {
           header('Location: roles.php');
           exit();