From: Nik Okuntseff <support@anuko.com>
Date: Sat, 14 Apr 2018 13:50:14 +0000 (+0000)
Subject: Replaced all calls to canManageTeam() with rights checks.
X-Git-Tag: timetracker_1.19-1~832
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=047bc803a5228a0a786462cabdfa5fdd9be762a4;p=timetracker.git

Replaced all calls to canManageTeam() with rights checks.
---

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 36d71363..07d810b8 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -155,14 +155,6 @@ class ttUser {
     return $this->is_client;
   }
 
-  // canManageTeam - determines whether current user is manager or co-manager.
-  // This is a legacy function that we are getting rid of by replacing with rights check.
-  function canManageTeam() {
-    return $this->can('manage_users'); // By default this is assigned to co-managers (an managers).
-                                       // Which is sufficient for now until we refactor all calls
-                                       // to this function and then remove it.
-  }
-
   // isPluginEnabled checks whether a plugin is enabled for user.
   function isPluginEnabled($plugin)
   {
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 8c6edaee..e1a3e385 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.88.4268 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.89.4269 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/tofile.php b/tofile.php
index 62632fa9..909fdd3e 100644
--- a/tofile.php
+++ b/tofile.php
@@ -97,7 +97,7 @@ if ('xml' == $type) {
       }
       if ($bean->getAttribute('chcost')) {
         print "\t<cost><![CDATA[";
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
           print $subtotal['cost'];
         else
           print $subtotal['expenses'];
@@ -111,7 +111,7 @@ if ('xml' == $type) {
       print "<row>\n";
 
       print "\t<date><![CDATA[".$item['date']."]]></date>\n";
-      if ($user->canManageTeam() || $user->isClient()) print "\t<user><![CDATA[".$item['user']."]]></user>\n"; 
+      if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print "\t<user><![CDATA[".$item['user']."]]></user>\n"; 
       if ($bean->getAttribute('chclient')) print "\t<client><![CDATA[".$item['client']."]]></client>\n";
       if ($bean->getAttribute('chproject')) print "\t<project><![CDATA[".$item['project']."]]></project>\n";
       if ($bean->getAttribute('chtask')) print "\t<task><![CDATA[".$item['task']."]]></task>\n";
@@ -127,7 +127,7 @@ if ('xml' == $type) {
       if ($bean->getAttribute('chnote')) print "\t<note><![CDATA[".$item['note']."]]></note>\n";
       if ($bean->getAttribute('chcost')) {
         print "\t<cost><![CDATA[";
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
           print $item['cost'];
         else
           print $item['expense'];
@@ -184,7 +184,7 @@ if ('csv' == $type) {
         print ',"'.$val.'"';
       }
       if ($bean->getAttribute('chcost')) {
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
           print ',"'.$subtotal['cost'].'"';
         else
           print ',"'.$subtotal['expenses'].'"';
@@ -194,7 +194,7 @@ if ('csv' == $type) {
   } else {
     // Normal report. Print headers.
     print '"'.$i18n->get('label.date').'"';
-    if ($user->canManageTeam() || $user->isClient()) print ',"'.$i18n->get('label.user').'"';
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print ',"'.$i18n->get('label.user').'"';
     if ($bean->getAttribute('chclient')) print ',"'.$i18n->get('label.client').'"';
     if ($bean->getAttribute('chproject')) print ',"'.$i18n->get('label.project').'"';
     if ($bean->getAttribute('chtask')) print ',"'.$i18n->get('label.task').'"';
@@ -212,7 +212,7 @@ if ('csv' == $type) {
     // Print items.
     foreach ($items as $item) {
       print '"'.$item['date'].'"';
-      if ($user->canManageTeam() || $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"';
+      if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"';
       if ($bean->getAttribute('chclient')) print ',"'.str_replace('"','""',$item['client']).'"';
       if ($bean->getAttribute('chproject')) print ',"'.str_replace('"','""',$item['project']).'"';
       if ($bean->getAttribute('chtask')) print ',"'.str_replace('"','""',$item['task']).'"';
@@ -227,7 +227,7 @@ if ('csv' == $type) {
       }
       if ($bean->getAttribute('chnote')) print ',"'.str_replace('"','""',$item['note']).'"';
       if ($bean->getAttribute('chcost')) {
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
           print ',"'.$item['cost'].'"';
         else
           print ',"'.$item['expense'].'"';
diff --git a/topdf.php b/topdf.php
index 9149e1c6..eb09bc45 100644
--- a/topdf.php
+++ b/topdf.php
@@ -119,7 +119,7 @@ if ($totals_only) {
     if ($bean->getAttribute('chduration')) $html .= "<td $styleRightAligned>".$subtotal['time'].'</td>';
     if ($bean->getAttribute('chcost')) {
       $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
         $html .= $subtotal['cost'];
       else
         $html .= $subtotal['expenses'];
@@ -135,7 +135,7 @@ if ($totals_only) {
   if ($bean->getAttribute('chcost')) {
       $html .= "<td $styleRightAligned>";
       $html .= htmlspecialchars($user->currency).' ';
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
         $html .= $totals['cost'];
       else
         $html .= $totals['expenses'];
@@ -150,7 +150,7 @@ if ($totals_only) {
   $html .= '<thead>';
   $html .= "<tr $styleHeader>";
   $html .= '<td>'.$i18n->get('label.date').'</td>';
-  if ($user->canManageTeam() || $user->isClient()) { $colspan++; $html .= '<td>'.$i18n->get('label.user').'</td>'; }
+  if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) { $colspan++; $html .= '<td>'.$i18n->get('label.user').'</td>'; }
   if ($bean->getAttribute('chclient')) { $colspan++; $html .= '<td>'.$i18n->get('label.client').'</td>'; }
   if ($bean->getAttribute('chproject')) { $colspan++; $html .= '<td>'.$i18n->get('label.project').'</td>'; }
   if ($bean->getAttribute('chtask')) { $colspan++; $html .= '<td>'.$i18n->get('label.task').'</td>'; }
@@ -174,7 +174,7 @@ if ($totals_only) {
       if ($cur_grouped_by != $prev_grouped_by && !$first_pass) {
         $html .= '<tr style="background-color:#e0e0e0;">';
         $html .= '<td>'.$i18n->get('label.subtotal').'</td>';
-        if ($user->canManageTeam() || $user->isClient()) {
+        if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
             $html .= '<td>';
             if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']);
             $html .= '</td>';
@@ -205,7 +205,7 @@ if ($totals_only) {
         if ($bean->getAttribute('chnote')) $html .= '<td></td>';
         if ($bean->getAttribute('chcost')) {
           $html .= "<td $styleRightAligned>";
-          if ($user->canManageTeam() || $user->isClient())
+          if ($user->can('manage_invoices') || $user->isClient())
             $html .= $subtotals[$prev_grouped_by]['cost'];
           else
             $html .= $subtotals[$prev_grouped_by]['expenses'];
@@ -223,7 +223,7 @@ if ($totals_only) {
     // Print a regular row.
     $html .= '<tr>';
     $html .= '<td>'.$item['date'].'</td>';
-    if ($user->canManageTeam() || $user->isClient()) $html .= '<td>'.htmlspecialchars($item['user']).'</td>';
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $html .= '<td>'.htmlspecialchars($item['user']).'</td>';
     if ($bean->getAttribute('chclient')) $html .= '<td>'.htmlspecialchars($item['client']).'</td>';
     if ($bean->getAttribute('chproject')) $html .= '<td>'.htmlspecialchars($item['project']).'</td>';
     if ($bean->getAttribute('chtask')) $html .= '<td>'.htmlspecialchars($item['task']).'</td>';
@@ -234,7 +234,7 @@ if ($totals_only) {
     if ($bean->getAttribute('chnote')) $html .= '<td>'.htmlspecialchars($item['note']).'</td>';
     if ($bean->getAttribute('chcost')) {
       $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
         $html .= $item['cost'];
       else
         $html .= $item['expense'];
@@ -261,7 +261,7 @@ if ($totals_only) {
   if ($print_subtotals) {
     $html .= '<tr style="background-color:#e0e0e0;">';
     $html .= '<td>'.$i18n->get('label.subtotal').'</td>';
-    if ($user->canManageTeam() || $user->isClient()) {
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
       $html .= '<td>';
       if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']);
       $html .= '</td>';
@@ -292,7 +292,7 @@ if ($totals_only) {
     if ($bean->getAttribute('chnote')) $html .= '<td></td>';
     if ($bean->getAttribute('chcost')) {
       $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
         $html .= $subtotals[$prev_grouped_by]['cost'];
       else
         $html .= $subtotals[$prev_grouped_by]['expenses'];
@@ -308,7 +308,7 @@ if ($totals_only) {
   $html .= '<tr><td colspan="'.$colspan.'">&nbsp;</td></tr>';
   $html .= '<tr style="background-color:#e0e0e0;">';
   $html .= '<td>'.$i18n->get('label.total').'</td>';
-  if ($user->canManageTeam() || $user->isClient()) $html .= '<td></td>';
+  if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $html .= '<td></td>';
   if ($bean->getAttribute('chclient')) $html .= '<td></td>';
   if ($bean->getAttribute('chproject')) $html .= '<td></td>';
   if ($bean->getAttribute('chtask')) $html .= '<td></td>';
@@ -319,7 +319,7 @@ if ($totals_only) {
   if ($bean->getAttribute('chnote')) $html .= '<td></td>';
   if ($bean->getAttribute('chcost')) {
     $html .= "<td $styleRightAligned>".htmlspecialchars($user->currency).' ';
-    if ($user->canManageTeam() || $user->isClient())
+    if ($user->can('manage_invoices') || $user->isClient())
       $html .= $totals['cost'];
     else
       $html .= $totals['expenses'];

Anuko Time Tracker 1.17.88.4268 \| Copyright © Anuko \| +	Anuko Time Tracker 1.17.89.4269 \| Copyright © Anuko \| {$i18n.footer.credits} \| {$i18n.footer.license} \| {$i18n.footer.improve} diff --git a/tofile.php b/tofile.php index 62632fa9..909fdd3e 100644 --- a/tofile.php +++ b/tofile.php @@ -97,7 +97,7 @@ if ('xml' == $type) { } if ($bean->getAttribute('chcost')) { print "\tcanManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) print $subtotal['cost']; else print $subtotal['expenses']; @@ -111,7 +111,7 @@ if ('xml' == $type) { print "\n"; print "\t\n"; - if ($user->canManageTeam() \|\| $user->isClient()) print "\t\n"; + if ($user->can('view_reports') \|\| $user->can('view_all_reports') \|\| $user->isClient()) print "\t\n"; if ($bean->getAttribute('chclient')) print "\t\n"; if ($bean->getAttribute('chproject')) print "\t\n"; if ($bean->getAttribute('chtask')) print "\t\n"; @@ -127,7 +127,7 @@ if ('xml' == $type) { if ($bean->getAttribute('chnote')) print "\t\n"; if ($bean->getAttribute('chcost')) { print "\tcanManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) print $item['cost']; else print $item['expense']; @@ -184,7 +184,7 @@ if ('csv' == $type) { print ',"'.$val.'"'; } if ($bean->getAttribute('chcost')) { - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) print ',"'.$subtotal['cost'].'"'; else print ',"'.$subtotal['expenses'].'"'; @@ -194,7 +194,7 @@ if ('csv' == $type) { } else { // Normal report. Print headers. print '"'.$i18n->get('label.date').'"'; - if ($user->canManageTeam() \|\| $user->isClient()) print ',"'.$i18n->get('label.user').'"'; + if ($user->can('view_reports') \|\| $user->can('view_all_reports') \|\| $user->isClient()) print ',"'.$i18n->get('label.user').'"'; if ($bean->getAttribute('chclient')) print ',"'.$i18n->get('label.client').'"'; if ($bean->getAttribute('chproject')) print ',"'.$i18n->get('label.project').'"'; if ($bean->getAttribute('chtask')) print ',"'.$i18n->get('label.task').'"'; @@ -212,7 +212,7 @@ if ('csv' == $type) { // Print items. foreach ($items as $item) { print '"'.$item['date'].'"'; - if ($user->canManageTeam() \|\| $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"'; + if ($user->can('view_reports') \|\| $user->can('view_all_reports') \|\| $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"'; if ($bean->getAttribute('chclient')) print ',"'.str_replace('"','""',$item['client']).'"'; if ($bean->getAttribute('chproject')) print ',"'.str_replace('"','""',$item['project']).'"'; if ($bean->getAttribute('chtask')) print ',"'.str_replace('"','""',$item['task']).'"'; @@ -227,7 +227,7 @@ if ('csv' == $type) { } if ($bean->getAttribute('chnote')) print ',"'.str_replace('"','""',$item['note']).'"'; if ($bean->getAttribute('chcost')) { - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) print ',"'.$item['cost'].'"'; else print ',"'.$item['expense'].'"'; diff --git a/topdf.php b/topdf.php index 9149e1c6..eb09bc45 100644 --- a/topdf.php +++ b/topdf.php @@ -119,7 +119,7 @@ if ($totals_only) { if ($bean->getAttribute('chduration')) $html .= "	".$subtotal['time'].'	"; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $subtotal['cost']; else $html .= $subtotal['expenses']; @@ -135,7 +135,7 @@ if ($totals_only) { if ($bean->getAttribute('chcost')) { $html .= "	"; $html .= htmlspecialchars($user->currency).' '; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $totals['cost']; else $html .= $totals['expenses']; @@ -150,7 +150,7 @@ if ($totals_only) { $html .= '
'.$i18n->get('label.date').'	'.$i18n->get('label.user').'	'.$i18n->get('label.user').'	'.$i18n->get('label.client').'	'.$i18n->get('label.project').'	'.$i18n->get('label.task').'
'.$i18n->get('label.subtotal').'	'; if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']); $html .= '		"; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $subtotals[$prev_grouped_by]['cost']; else $html .= $subtotals[$prev_grouped_by]['expenses']; @@ -223,7 +223,7 @@ if ($totals_only) { // Print a regular row. $html .= '
'.$item['date'].'	'.htmlspecialchars($item['user']).'	'.htmlspecialchars($item['user']).'	'.htmlspecialchars($item['client']).'	'.htmlspecialchars($item['project']).'	'.htmlspecialchars($item['task']).'	'.htmlspecialchars($item['note']).'	"; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $item['cost']; else $html .= $item['expense']; @@ -261,7 +261,7 @@ if ($totals_only) { if ($print_subtotals) { $html .= '
'.$i18n->get('label.subtotal').'	'; if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']); $html .= '		"; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $subtotals[$prev_grouped_by]['cost']; else $html .= $subtotals[$prev_grouped_by]['expenses']; @@ -308,7 +308,7 @@ if ($totals_only) { $html .= '

'.$i18n->get('label.total').'							".htmlspecialchars($user->currency).' '; - if ($user->canManageTeam() \|\| $user->isClient()) + if ($user->can('manage_invoices') \|\| $user->isClient()) $html .= $totals['cost']; else $html .= $totals['expenses'];