<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.74.4181 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.74.4182 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
$cl_description = trim($request->getParameter('description'));
- $cl_rank = (int) $request->getParameter('rank');
+ $cl_rank = (int)$request->getParameter('rank');
}
$form = new Form('roleForm');
// Validate user input.
if (!ttValidString($cl_name)) $err->add($i18n->get('error.field'), $i18n->get('label.thing_name'));
if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+ if ($cl_rank >= $user->rank || $cl_rank < 0) $err->add($i18n->get('error.field'), $i18n->get('form.roles.rank'));
if ($err->no()) {
$existing_role = ttRoleHelper::getRoleByRank($cl_rank, $user->team_id);
header('Location: access_denied.php');
exit();
}
-
$cl_role_id = (int)$request->getParameter('id');
$role = ttRoleHelper::get($cl_role_id);
+if (!$role) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$role_to_delete = $role['name'];
$form = new Form('roleDeleteForm');
require_once('initialize.php');
import('form.Form');
-import('ttTeamHelper'); // TODO: remove this?
-import('ttTaskHelper'); // TODO: remove this?
import('ttRoleHelper');
// Access checks.
header('Location: access_denied.php');
exit();
}
+// End of access checks.
$assigned_rights = explode(',', $role['rights']);
$available_rights = array_diff($user->rights, $assigned_rights);
// Validate user input.
if (!ttValidString($cl_name)) $err->add($i18n->get('error.field'), $i18n->get('label.thing_name'));
if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+ if ($cl_rank >= $user->rank || $cl_rank < 0) $err->add($i18n->get('error.field'), $i18n->get('form.roles.rank'));
if ($err->no()) {
$existing_role = ttRoleHelper::getRoleByName($cl_name);
import('ttTeamHelper');
import('ttRoleHelper');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_roles')) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
$smarty->assign('active_roles', ttTeamHelper::getActiveRolesForUser());
$smarty->assign('inactive_roles', ttTeamHelper::getInactiveRolesForUser());