From: Nik Okuntseff <support@anuko.com>
Date: Sat, 6 Apr 2019 14:39:35 +0000 (+0000)
Subject: Added attachment capability to time records.
X-Git-Tag: timetracker_1.19-1~123
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=0cb4a15ec1079fc325845640357dfc75aba0ae23;p=timetracker.git

Added attachment capability to time records.
---

diff --git a/WEB-INF/templates/projects.tpl b/WEB-INF/templates/projects.tpl
index dafe1d8d..0d5eae58 100644
--- a/WEB-INF/templates/projects.tpl
+++ b/WEB-INF/templates/projects.tpl
@@ -81,7 +81,7 @@
           <td class="tableHeader">{$i18n.label.thing_name}</td>
           <td class="tableHeader">{$i18n.label.description}</td>
     {if $show_files}
-          <td class="tableHeader">{$i18n.label.files}</td>
+          <td></td>
     {/if}
         </tr>
   {if $active_projects}
@@ -90,7 +90,7 @@
           <td>{$project.name|escape}</td>
           <td>{$project.description|escape}</td>
       {if $show_files}
-          <td><a href="project_files.php?id={$project.id}">{$i18n.label.view}</a></td>
+          <td><a href="project_files.php?id={$project.id}"><img class="table_icon" alt="{$i18n.label.files}" src="images/icon_files.png"></a></td>
       {/if}
         </tr>
     {/foreach}
diff --git a/file_delete.php b/file_delete.php
index d98259d6..3ef22aea 100644
--- a/file_delete.php
+++ b/file_delete.php
@@ -29,6 +29,7 @@
 require_once('initialize.php');
 import('form.Form');
 import('ttFileHelper');
+import('ttTimeHelper');
 import('ttProjectHelper');
 
 // Access checks.
@@ -39,14 +40,21 @@ if (!$file) {
   exit();
 }
 // Entity-specific checks.
-if ($file['entity_type'] == 'project') {
+$entity_type = $file['entity_type'];
+if ($entity_type == 'time') {
+  if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
+    header('Location: access_denied.php');
+    exit();
+  }
+}
+if ($entity_type == 'project') {
   if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
     header('Location: access_denied.php');
     exit();
   }
 }
-if ($file['entity_type'] != 'project') {
-  // Currently, files are only associated with projects.
+if ($entity_type != 'project' && $entity_type != 'time') {
+  // Currently, files are only associated with time records and projects.
   // Improve access checks when the feature evolves.
   header('Location: access_denied.php');
   exit();
@@ -64,12 +72,20 @@ if ($request->isPost()) {
   if ($request->getParameter('btn_delete')) {
     $fileHelper = new ttFileHelper($err);
     $deleted = $fileHelper->deleteFile($file);
-    if ($deleted && $file['entity_type'] == 'project') {
-      header('Location: project_files.php?id='.$file['entity_id']);
+    if ($deleted) {
+      if ($entity_type == 'time') {
+        header('Location: time_files.php?id='.$file['entity_id']);
+      }
+      if ($entity_type == 'project') {
+        header('Location: project_files.php?id='.$file['entity_id']);
+      }
       exit();
     }
   } elseif ($request->getParameter('btn_cancel')) {
-    if ($file['entity_type'] == 'project') {
+    if ($entity_type == 'time') {
+      header('Location: time_files.php?id='.$file['entity_id']);
+    }
+    if ($entity_type == 'project') {
       header('Location: project_files.php?id='.$file['entity_id']);
     }
     exit();
diff --git a/file_download.php b/file_download.php
index 049003ba..8a17b4d7 100644
--- a/file_download.php
+++ b/file_download.php
@@ -39,14 +39,21 @@ if (!$file) {
   exit();
 }
 // Entity-specific checks.
-if ($file['entity_type'] == 'project') {
-  if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
+$entity_type = $file['entity_type'];
+if ($entity_type == 'time') {
+  if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
     header('Location: access_denied.php');
     exit();
   }
 }
-if ($file['entity_type'] != 'project') {
-  // Currently, files are only associated with projects.
+if ($entity_type == 'project') {
+  if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects')) || !ttProjectHelper::get($file['entity_id'])) {
+    header('Location: access_denied.php');
+    exit();
+  }
+}
+if ($entity_type != 'project' && $entity_type != 'time') {
+  // Currently, files are only associated with time records and projects.
   // Improve access checks when the feature evolves.
   header('Location: access_denied.php');
   exit();
diff --git a/file_edit.php b/file_edit.php
index 381508d1..4a675a50 100644
--- a/file_edit.php
+++ b/file_edit.php
@@ -29,6 +29,7 @@
 require_once('initialize.php');
 import('form.Form');
 import('ttFileHelper');
+import('ttTimeHelper');
 import('ttProjectHelper');
 
 // Access checks.
@@ -39,14 +40,21 @@ if (!$file) {
   exit();
 }
 // Entity-specific checks.
-if ($file['entity_type'] == 'project') {
+$entity_type = $file['entity_type'];
+if ($entity_type == 'time') {
+  if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
+    header('Location: access_denied.php');
+    exit();
+  }
+}
+if ($entity_type == 'project') {
   if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
     header('Location: access_denied.php');
     exit();
   }
 }
-if ($file['entity_type'] != 'project') {
-  // Currently, files are only associated with projects.
+if ($entity_type != 'project' && $entity_type != 'time') {
+  // Currently, files are only associated with time records and projects.
   // Improve access checks when the feature evolves.
   header('Location: access_denied.php');
   exit();
@@ -75,8 +83,13 @@ if ($request->isPost()) {
     if ($request->getParameter('btn_save')) {
       // Update file information.
       $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description));
-      if ($updated && $file['entity_type'] == 'project') {
-        header('Location: project_files.php?id='.$file['entity_id']);
+      if ($updated) {
+        if ($entity_type == 'time') {
+          header('Location: time_files.php?id='.$file['entity_id']);
+        }
+        if ($entity_type == 'project') {
+          header('Location: project_files.php?id='.$file['entity_id']);
+        }
         exit();
       } else
         $err->add($i18n->get('error.db'));
diff --git a/time.php b/time.php
index 5cec8a7e..e31c98ac 100644
--- a/time.php
+++ b/time.php
@@ -401,7 +401,7 @@ $smarty->assign('selected_date', $selected_date);
 $smarty->assign('week_total', $week_total);
 $smarty->assign('day_total', ttTimeHelper::getTimeForDay($cl_date));
 $smarty->assign('time_records', ttTimeHelper::getRecords($user_id, $cl_date));
-if (isTrue('FILES_DEBUG')) $smarty->assign('show_files', $user->isPluginEnabled('at'));
+$smarty->assign('show_files', $user->isPluginEnabled('at'));
 $smarty->assign('client_list', $client_list);
 $smarty->assign('project_list', $project_list);
 $smarty->assign('task_list', $task_list);