Prohibited editing approved expense items.
authorNik Okuntseff <support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
committerNik Okuntseff <support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
WEB-INF/lib/ttExpenseHelper.class.php
WEB-INF/templates/expenses.tpl
WEB-INF/templates/footer.tpl
WEB-INF/templates/mobile/expenses.tpl
expense_delete.php
expense_edit.php
mobile/expense_delete.php
mobile/expense_edit.php

index 40a3e88..e7da92c 100644 (file)
@@ -140,7 +140,8 @@ class ttExpenseHelper {
     if ($user->isPluginEnabled('cl'))
       $left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
 
-    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.paid $client_field, p.name as project_name".
+    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.approved,".
+      " ei.paid $client_field, p.name as project_name".
       " from tt_expense_items ei $left_joins".
       " where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.user_id = $user_id and ei.status = 1";
     $res = $mdb2->query($sql);
@@ -177,7 +178,7 @@ class ttExpenseHelper {
       $left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
 
     $sql = "select ei.id as id $client_field, p.name as project, ei.name as item, ei.cost as cost,".
-      " ei.invoice_id from tt_expense_items ei $left_joins".
+      " ei.invoice_id, ei.approved from tt_expense_items ei $left_joins".
       " where ei.date = ".$mdb2->quote($date)." and ei.user_id = $user_id".
       " and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1 order by ei.id";
 
index 45a8ef2..11b4fb8 100644 (file)
@@ -195,7 +195,13 @@ function recalculateCost() {
     {/if}
         <td valign="top">{$item.item|escape}</td>
         <td valign="top" align="right">{$item.cost}</td>
-        <td valign="top" align="center">{if $item.invoice_id}&nbsp;{else}<a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>{/if}</td>
+        <td valign="top" align="center">
+    {if $item.approved || $item.invoice_id}
+          &nbsp;
+    {else}
+          <a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>
+    {/if}
+        </td>
       </tr>
   {/foreach}
     </table>
index 180b9a8..2c36762 100644 (file)
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4832 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4833 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
index a6aa66d..7afde73 100644 (file)
@@ -203,7 +203,13 @@ function recalculateCost() {
     {if $show_project}
         <td valign="top">{$item.project|escape}</td>
     {/if}
-        <td valign="top">{if $item.invoice_id} {$item.item|escape} {else}<a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>{/if}</td>
+        <td valign="top">
+    {if $item.approved || $item.invoice_id}
+          {$item.item|escape}
+    {else}
+          <a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>
+    {/if}
+        </td>
         <td valign="top" align="right">{$item.cost}</td>
       </tr>
   {/foreach}
index c703176..788fb59 100644 (file)
@@ -43,8 +43,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are deleting.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
index b1115f1..877ec66 100644 (file)
@@ -45,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
index 3bdc179..48e74dc 100644 (file)
@@ -43,8 +43,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are deleting.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
index e9e1ca6..10035a9 100644 (file)
@@ -45,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }