global $user;
$mdb2 = getConnection();
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
// Determine these once as they are used in multiple places in this function.
$canViewReports = $user->can('view_reports') || $user->can('view_all_reports');
$isClient = $user->isClient();
// Add timesheet name if it is selected.
if ($options['show_timesheet'])
array_push($fields, 'ts.name as timesheet_name');
+ // Add has_files.
+ if ($options['show_files'])
+ array_push($fields, 'if(Sub1.entity_id is null, 0, 1) as has_files');
// Prepare sql query part for left joins.
$left_joins = null;
}
if ($includeCost && MODE_TIME != $trackingMode)
$left_joins .= " left join tt_user_project_binds upb on (l.user_id = upb.user_id and l.project_id = upb.project_id)";
+ if ($options['show_files']) {
+ $left_joins .= " left join (select distinct entity_id from tt_files".
+ " where entity_type = 'time' and group_id = $group_id and org_id = $org_id and status = 1) Sub1".
+ " on (l.id = Sub1.entity_id)";
+ }
// Prepare sql query part for inner joins.
$inner_joins = null;
$options['show_custom_field_1'] = $bean->getAttribute('chcf_1');
$options['show_work_units'] = $bean->getAttribute('chunits');
$options['show_timesheet'] = $bean->getAttribute('chtimesheet');
+ $options['show_files'] = $bean->getAttribute('chfiles');
$options['show_totals_only'] = $bean->getAttribute('chtotalsonly');
$options['group_by1'] = $bean->getAttribute('group_by1');
$options['group_by2'] = $bean->getAttribute('group_by2');
return false;
}
+ // getRecordForFileView - retrieves a time record identified by its id for
+ // attachment view operation.
+ //
+ // It is different from getRecord, as we want users with appropriate rights
+ // to be able to see other users files, without changing "on behalf" user.
+ // For example, viewing reports for all users and their attached files
+ // from report links.
+ static function getRecordForFileView($id) {
+ // TODO: code this function properly. There are no security checks now.
+ global $user;
+
+ // $user_id = $user->getUser();
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
+ $mdb2 = getConnection();
+
+ $sql = "select l.id, l.timesheet_id, l.invoice_id, l.approved from tt_log l".
+ " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";
+ $res = $mdb2->query($sql);
+ if (!is_a($res, 'PEAR_Error')) {
+ if (!$res->numRows()) {
+ return false;
+ }
+ if ($val = $res->fetchRow()) {
+ return $val;
+ }
+ }
+ return false;
+ }
+
// getAllRecords - returns all time records for a certain user.
static function getAllRecords($user_id) {
$result = array();
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.64.491
7 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.64.491
8 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
{if $bean->getAttribute('chip')}<td class="tableHeaderCentered">{$i18n.label.ip}</td>{/if}
{if $bean->getAttribute('chinvoice')}<td class="tableHeader">{$i18n.label.invoice}</td>{/if}
{if $bean->getAttribute('chtimesheet')}<td class="tableHeader">{$i18n.label.timesheet}</td>{/if}
+ {if $bean->getAttribute('chfiles')}<td></td>{/if}
</tr>
{foreach $report_items as $item}
<!-- print subtotal for a block of grouped values -->
{if $bean->getAttribute('chip')}<td></td>{/if}
{if $bean->getAttribute('chinvoice')}<td></td>{/if}
{if $bean->getAttribute('chtimesheet')}<td></td>{/if}
+ {if $bean->getAttribute('chfiles')}<td></td>{/if}
{if $use_checkboxes}<td></td>{/if}
</tr>
<tr><td> </td></tr>
{if $bean->getAttribute('chip')}<td class="cellRightAligned">{if $item.modified}{$item.modified_ip} {$item.modified}{else}{$item.created_ip} {$item.created}{/if}{/if}
{if $bean->getAttribute('chinvoice')}<td class="cellRightAligned">{$item.invoice|escape}</td>{/if}
{if $bean->getAttribute('chtimesheet')}<td class="cellRightAligned">{$item.timesheet_name|escape}</td>{/if}
+ {if $bean->getAttribute('chfiles')}<td class="cellRightAligned">{if $item.has_files}<a href="time_files.php?id={$item.id}"><img class="table_icon" alt="{$i18n.label.files}" src="images/icon_files.png"></a>{/if}</td>{/if}
{if $use_checkboxes}
{if 1 == $item.type}<td bgcolor="white"><input type="checkbox" name="log_id_{$item.id}"></td>{/if}
{if 2 == $item.type}<td bgcolor="white"><input type="checkbox" name="item_id_{$item.id}"></td>{/if}
{if $bean->getAttribute('chip')}<td></td>{/if}
{if $bean->getAttribute('chinvoice')}<td></td>{/if}
{if $bean->getAttribute('chtimesheet')}<td></td>{/if}
+ {if $bean->getAttribute('chfiles')}<td></td>{/if}
{if $use_checkboxes}<td></td>{/if}
</tr>
{/if}
{if $bean->getAttribute('chip')}<td></td>{/if}
{if $bean->getAttribute('chinvoice')}<td></td>{/if}
{if $bean->getAttribute('chtimesheet')}<td></td>{/if}
+ {if $bean->getAttribute('chfiles')}<td></td>{/if}
{if $use_checkboxes}<td></td>{/if}
</tr>
{/if}
if ($bean->getAttribute('chip')) $colspan++;
if ($bean->getAttribute('chinvoice')) $colspan++;
if ($bean->getAttribute('chtimesheet')) $colspan++;
+if ($bean->getAttribute('chfiles')) $colspan++;
// Assign variables that are used to alternate color of rows for different dates.
$smarty->assign('prev_date', '');
header('Location: access_denied.php');
exit();
}
+if (!$user->isPluginEnabled('at')) {
+ header('Location: feature_disabled.php');
+ exit();
+}
$cl_id = (int)$request->getParameter('id');
-$time_rec = ttTimeHelper::getRecord($cl_id);
+$time_rec = ttTimeHelper::getRecordForFileView($cl_id);
if (!$time_rec) {
header('Location: access_denied.php');
exit();
}
-if (!$user->isPluginEnabled('at')) {
- header('Location: feature_disabled.php');
- exit();
-}
-// TODO: review access checks, specifically for on behalf operations.
// End of access checks.
if ($request->isPost()) {
projects / timetracker.git / commitdiff