From: Nik Okuntseff <support@anuko.com>
Date: Tue, 27 Mar 2018 20:47:40 +0000 (+0000)
Subject: Refactored headers to use view_own_projects right check.
X-Git-Tag: timetracker_1.19-1~915
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=216d1c29ae204a1404a5d38cad77abce516e2386;p=timetracker.git

Refactored headers to use view_own_projects right check.
---

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 67a6e0a0..e939e021 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.79.4191 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.79.4192 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/header.tpl b/WEB-INF/templates/header.tpl
index ac6e99fe..b74923ba 100644
--- a/WEB-INF/templates/header.tpl
+++ b/WEB-INF/templates/header.tpl
@@ -113,7 +113,7 @@
       || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode || $user->isPluginEnabled('cl'))}
             &middot; <a class="mainMenu" href="charts.php">{$i18n.menu.charts}</a>
     {/if}
-    {if ($user->can('manage_projects') || $user->can('track_own_time') || $user->can('track_time')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
+    {if ($user->can('view_own_projects') || $user->can('manage_projects')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
             &middot; <a class="mainMenu" href="projects.php">{$i18n.menu.projects}</a>
     {/if}
     {if ($smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode) && $user->can('manage_tasks')}
diff --git a/WEB-INF/templates/mobile/header.tpl b/WEB-INF/templates/mobile/header.tpl
index 507a07e0..7118cfa4 100644
--- a/WEB-INF/templates/mobile/header.tpl
+++ b/WEB-INF/templates/mobile/header.tpl
@@ -79,7 +79,7 @@
     {if $user->isPluginEnabled('ex') && ($user->can('track_own_expenses') || $user->can('track_expenses'))}
             &middot; <a class="mainMenu" href="expenses.php">{$i18n.menu.expenses}</a>
     {/if}
-    {if ($user->can('manage_projects') || $user->can('track_own_time') || $user->can('track_time')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
+    {if ($user->can('view_own_projects') || $user->can('manage_projects')) && ($smarty.const.MODE_PROJECTS == $user->tracking_mode || $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode)}
             &middot; <a class="mainMenu" href="projects.php">{$i18n.menu.projects}</a>
     {/if}
     {if $user->can('manage_tasks') && $smarty.const.MODE_PROJECTS_AND_TASKS == $user->tracking_mode}
diff --git a/mobile/project_add.php b/mobile/project_add.php
index a9495d71..bb0f1d09 100644
--- a/mobile/project_add.php
+++ b/mobile/project_add.php
@@ -40,6 +40,7 @@ if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->t
   header('Location: feature_disabled.php');
   exit();
 }
+// End of access checks.
 
 $users = ttTeamHelper::getActiveUsers();
 foreach ($users as $user_item)
diff --git a/mobile/projects.php b/mobile/projects.php
index c35e738a..a9f8ab02 100644
--- a/mobile/projects.php
+++ b/mobile/projects.php
@@ -31,8 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access checks.
-// TODO: introduce view_own_projects right to keep access checks simple.
-if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) {
+if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -40,6 +39,7 @@ if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->t
   header('Location: feature_disabled.php');
   exit();
 }
+// End of access checks.
 
 if($user->can('manage_projects')) {
   $active_projects = ttTeamHelper::getActiveProjects($user->team_id);
diff --git a/projects.php b/projects.php
index 1d5f7e2e..bf6aed1c 100644
--- a/projects.php
+++ b/projects.php
@@ -31,8 +31,7 @@ import('form.Form');
 import('ttTeamHelper');
 
 // Access checks.
-// TODO: introduce view_projects right to keep access checks simple.
-if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) {
+if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects'))) {
   header('Location: access_denied.php');
   exit();
 }