global $user;
$mdb2 = getConnection();
- $sql = "select * from tt_invoices where id = $invoice_id and team_id = $user->team_id and status = 1";
+ if ($user->isClient()) $client_part = " and client_id = $user->client_id";
+
+ $sql = "select * from tt_invoices where id = $invoice_id and team_id = $user->team_id $client_part and status = 1";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if ($val = $res->fetchRow())
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.40.4064 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.41.4065 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
import('ttSysConfig');
// Access check.
-if (!ttAccessAllowed('manage_invoices') || !$user->isPluginEnabled('iv')) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
header('Location: access_denied.php');
exit();
}
import('form.Form');
// Access check.
-if (!ttAccessCheck(right_view_invoices) || !$user->isPluginEnabled('iv')) {
+if (!(ttAccessAllowed('manage_invoices') || ttAccessAllowed('view_own_invoices')) || !$user->isPluginEnabled('iv')) {
header('Location: access_denied.php');
exit();
}