From: Nik Okuntseff Date: Sat, 8 Dec 2018 16:02:00 +0000 (+0000) Subject: Some more refactoring in notification config. X-Git-Tag: timetracker_1.19-1~451 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=63413a7d9e47dbd3d91de82e02f8c6d4ee4d4c21;p=timetracker.git Some more refactoring in notification config. --- diff --git a/WEB-INF/lib/ttFavReportHelper.class.php b/WEB-INF/lib/ttFavReportHelper.class.php index 3625c9de..a1f2b945 100644 --- a/WEB-INF/lib/ttFavReportHelper.class.php +++ b/WEB-INF/lib/ttFavReportHelper.class.php @@ -53,7 +53,30 @@ class ttFavReportHelper { return false; } + // get - returns a report identified by its id for user. + static function get($id) { + global $user; + $mdb2 = getConnection(); + + $user_id = $user->getUser(); + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "select * from tt_fav_reports". + " where id = $id and user_id = $user_id and group_id = $group_id and org_id = $org_id and status = 1"; + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + if ($val = $res->fetchRow()) { + return $val; + } + } + return false; + } + // getReport - returns a report identified by its id. + // TODO: get rid of this function by encapsulating all cron related tasks in its own class. + // Because cron works for all orgs and we want this class to always work in context of + // a logged on user, for better security. static function getReport($id) { $mdb2 = getConnection(); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 7e5b94b1..eb75ce26 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4613 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4614 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/notification_add.php b/notification_add.php index e7f541bb..05a09546 100644 --- a/notification_add.php +++ b/notification_add.php @@ -47,10 +47,8 @@ if (!$user->exists()) { exit(); } if ($request->isPost()) { - // TODO: improve this, perhaps by refactoring elsewhere. - $cl_fav_report = (int) $request->getParameter('fav_report'); - $fav_report = ttFavReportHelper::getReport($cl_fav_report); - if ($user->getUser() != $fav_report['user_id']) { + $cl_fav_report_id = (int) $request->getParameter('fav_report'); + if (!ttFavReportHelper::get($cl_fav_report_id)) { header('Location: access_denied.php'); // Invalid fav report id in post. exit(); } @@ -73,7 +71,7 @@ $form = new Form('notificationForm'); $form->addInput(array('type'=>'combobox', 'name'=>'fav_report', 'style'=>'width: 250px;', - 'value'=>$cl_fav_report, + 'value'=>$cl_fav_report_id, 'data'=>$fav_reports, 'datakeys'=>array('id','name'), 'empty'=>array(''=>$i18n->get('dropdown.select')) @@ -87,7 +85,7 @@ $form->addInput(array('type'=>'submit','name'=>'btn_add','value'=>$i18n->get('bu if ($request->isPost()) { // Validate user input. - if (!$cl_fav_report) $err->add($i18n->get('error.report')); + if (!$cl_fav_report_id) $err->add($i18n->get('error.report')); if (!ttValidCronSpec($cl_cron_spec)) $err->add($i18n->get('error.field'), $i18n->get('label.schedule')); if (!ttValidEmail($cl_email)) $err->add($i18n->get('error.field'), $i18n->get('label.email')); if (!ttValidEmail($cl_cc, true)) $err->add($i18n->get('error.field'), $i18n->get('label.cc')); @@ -101,7 +99,7 @@ if ($request->isPost()) { if (ttNotificationHelper::insert(array( 'cron_spec' => $cl_cron_spec, 'next' => $next, - 'report_id' => $cl_fav_report, + 'report_id' => $cl_fav_report_id, 'email' => $cl_email, 'cc' => $cl_cc, 'subject' => $cl_subject, diff --git a/notification_edit.php b/notification_edit.php index 5755e95c..90b84e5a 100644 --- a/notification_edit.php +++ b/notification_edit.php @@ -53,10 +53,8 @@ if (!$notification) { exit(); } if ($request->isPost()) { - // TODO: improve this, perhaps by refactoring elsewhere. - $cl_fav_report = (int) $request->getParameter('fav_report'); - $fav_report = ttFavReportHelper::getReport($cl_fav_report); - if ($user->getUser() != $fav_report['user_id']) { + $cl_fav_report_id = (int) $request->getParameter('fav_report'); + if ($cl_fav_report_id && !ttFavReportHelper::get($cl_fav_report_id)) { header('Location: access_denied.php'); // Invalid fav report id in post. exit(); } @@ -73,7 +71,7 @@ if ($request->isPost()) { $cl_report_condition = trim($request->getParameter('report_condition')); } else { $notification = ttNotificationHelper::get($notification_id); - $cl_fav_report = $notification['report_id']; + $cl_fav_report_id = $notification['report_id']; $cl_cron_spec = $notification['cron_spec']; $cl_email = $notification['email']; $cl_cc = $notification['cc']; @@ -86,7 +84,7 @@ $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$notification_id)); $form->addInput(array('type'=>'combobox', 'name'=>'fav_report', 'style'=>'width: 250px;', - 'value'=>$cl_fav_report, + 'value'=>$cl_fav_report_id, 'data'=>$fav_reports, 'datakeys'=>array('id','name'), 'empty'=>array(''=>$i18n->get('dropdown.select')))); @@ -99,7 +97,7 @@ $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get( if ($request->isPost()) { // Validate user input. - if (!$cl_fav_report) $err->add($i18n->get('error.report')); + if (!$cl_fav_report_id) $err->add($i18n->get('error.report')); if (!ttValidCronSpec($cl_cron_spec)) $err->add($i18n->get('error.field'), $i18n->get('label.schedule')); if (!ttValidEmail($cl_email)) $err->add($i18n->get('error.field'), $i18n->get('label.email')); if (!ttValidEmail($cl_cc, true)) $err->add($i18n->get('error.field'), $i18n->get('label.cc')); @@ -114,7 +112,7 @@ if ($request->isPost()) { 'id' => $notification_id, 'cron_spec' => $cl_cron_spec, 'next' => $next, - 'report_id' => $cl_fav_report, + 'report_id' => $cl_fav_report_id, 'email' => $cl_email, 'cc' => $cl_cc, 'subject' => $cl_subject,