global $user;
$mdb2 = getConnection();
+ $user_id = $user->getUser();
$group_id = $user->getGroup();
$org_id = $user->org_id;
- if ($user->isClient()) $client_part = "and ts.client_id = $user->client_id";
-
- $sql = "select ts.id, ts.user_id, u.name as user_name, ts.client_id, c.name as client_name,".
- " ts.name, ts.submitter_comment, ts.submit_status, ts.approval_status, ts.manager_comment from tt_timesheets ts".
- " left join tt_users u on (u.id = ts.user_id)".
- " left join tt_clients c on (c.id = ts.client_id)".
- " where ts.id = $timesheet_id and ts.group_id = $group_id and ts.org_id = $org_id $client_part and ts.status is not null";
+ $sql = "select * from tt_timesheets".
+ " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id and status is not null";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if ($val = $res->fetchRow())
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.46.4794 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.46.4795 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
{if $timesheet['client_id']}
<tr><td align="left"><b>{$i18n.label.client}:</b> {$timesheet['client_name']|escape}</td></tr>
{/if}
-{if $not_client}
<tr><td align="left"><b>{$i18n.label.submitted}:</b> {if $timesheet.submit_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td></tr>
- {if $timesheet['submitter_comment']}
+{if $timesheet['submitter_comment']}
<tr><td align="left"><b>{$i18n.label.comment}:</b> {$timesheet['submitter_comment']|escape}</td></tr>
- {/if}
- {if $timesheet['submit_status']}
+{/if}
+{if $timesheet['submit_status']}
<tr><td align="left"><b>{$i18n.label.approved}:</b> {if $timesheet.approval_status != null}{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td></tr>{/if}
- {/if}
- {if $timesheet['manager_comment']}
+{/if}
+{if $timesheet['manager_comment']}
<tr><td align="left"><b>{$i18n.label.note}:</b> {$timesheet['manager_comment']|escape}</td></tr>
- {/if}
{/if}
</table>
</td>
<td class="tableHeader">{$i18n.label.submitted}</td>
<td class="tableHeader">{$i18n.label.approved}</td>
<td class="tableHeader">{$i18n.label.view}</td>
-{if $can_edit}
<td class="tableHeader">{$i18n.label.edit}</td>
-{/if}
</tr>
{foreach $active_timesheets as $timesheet}
<tr valign="top" bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td>
{/if}
<td><a href="timesheet_view.php?id={$timesheet.id}">{$i18n.label.view}</a></td>
- {if $can_edit}
<td><a href="timesheet_edit.php?id={$timesheet.id}">{$i18n.label.edit}</a></td>
- {/if}
</tr>
{/foreach}
</table>
<td class="tableHeader">{$i18n.label.submitted}</td>
<td class="tableHeader">{$i18n.label.approved}</td>
<td class="tableHeader">{$i18n.label.view}</td>
- {if $can_edit}
<td class="tableHeader">{$i18n.label.edit}</td>
- {/if}
</tr>
{foreach $inactive_timesheets as $timesheet}
<tr valign="top" bgcolor="{cycle values="#f5f5f5,#ffffff"}">
<td>{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td>
{/if}
<td><a href="timesheet_view.php?id={$timesheet.id}">{$i18n.label.view}</a></td>
- {if $can_edit}
<td><a href="timesheet_edit.php?id={$timesheet.id}">{$i18n.label.edit}</a></td>
- {/if}
</tr>
{/foreach}
</table>
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets') || ttAccessAllowed('manage_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
header('Location: feature_disabled.php');
exit();
}
-$timesheet_id = (int)$request->getParameter('id');
-$timesheet = ttTimesheetHelper::getTimesheet($timesheet_id);
+$cl_timesheet_id = (int)$request->getParameter('id');
+$timesheet = ttTimesheetHelper::getTimesheet($cl_timesheet_id);
if (!$timesheet) {
header('Location: access_denied.php');
exit();
$options = ttTimesheetHelper::getReportOptions($timesheet);
$subtotals = ttReportHelper::getSubtotals($options);
$totals = ttReportHelper::getTotals($options);
-$notClient = !$user->isClient();
// Determine which controls to show and obtain date for them.
-$showSubmit = $notClient && !$timesheet['submit_status'];
+$showSubmit = !$timesheet['submit_status'];
if ($showSubmit) $approvers = ttTimesheetHelper::getApprovers($timesheet['user_id']);
$canApprove = $user->can('approve_timesheets') || $user->can('approve_all_timesheets');
-$showApprove = $notClient && $timesheet['submit_status'] && $timesheet['approval_status'] == null;
+$showApprove = $timesheet['submit_status'] && $timesheet['approval_status'] == null;
// Add a form with controls.
$form = new Form('timesheetForm');
import('ttTimesheetHelper');
// Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
header('Location: access_denied.php');
exit();
}
-if (!$user->isPluginEnabled('ts')) {
- header('Location: feature_disabled.php');
+if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) {
+ header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+ exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) {
+ header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
exit();
}
-if ($user->isClient()) {
- header('Location: access_denied.php'); // No timesheets for clients.
+if (!$user->isPluginEnabled('ts')) {
+ header('Location: feature_disabled.php');
exit();
}
if ($request->isPost()) {
$userChanged = $request->getParameter('user_changed'); // Reused in multiple places below.
- if ($userChanged && !($user->can('view_timesheets') && $user->isUserValid($request->getParameter('user')))) {
- header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. TODO: research relevance of this...
+ if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
+ header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
exit();
}
}
// Elements of timesheetsForm.
$form = new Form('timesheetsForm');
-if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) {
+if ($user->can('track_time')) {
$rank = $user->getMaxRankForGroup($group_id);
- if ($user->can('view_own_timesheets'))
+ if ($user->can('track_own_time'))
$options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
else
$options = array('status'=>ACTIVE,'max_rank'=>$rank);
$inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
$showClient = $user->isPluginEnabled('cl');
-$canEdit = $user->can('manage_own_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets');
$smarty->assign('active_timesheets', $active_timesheets);
$smarty->assign('inactive_timesheets', $inactive_timesheets);
$smarty->assign('show_client', $showClient);
-$smarty->assign('can_edit', $canEdit);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('title.timesheets'));
$smarty->assign('content_page_name', 'timesheets.tpl');