From: Nik Okuntseff <support@anuko.com>
Date: Sun, 25 Mar 2018 16:22:57 +0000 (+0000)
Subject: Fixed the charts tab to work better for lower roles only.
X-Git-Tag: timetracker_1.19-1~944
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=68a5cc5aff88d6144b6db95f7d01315c15e2ebda;p=timetracker.git

Fixed the charts tab to work better for lower roles only.
---

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 0a104888..95edd6e4 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -241,4 +241,58 @@ class ttUser {
 
     return true;
   }
+
+  // getUsers obtains users in a group, as specififed by options.
+  function getUsers($options) {
+
+    $mdb2 = getConnection();
+
+    $skipClients = !isset($options['include_clients']);
+    $includeSelf = isset($options['include_self']);
+
+    $select_part = 'select u.id, u.name';
+    if (!isset($options['include_clients'])) $select_part .= ', r.rights';
+
+    $from_part = ' from tt_users u';
+
+    $left_joins = null;
+    if (isset($options['max_rank']) || $skipClients)
+        $left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
+
+    $where_part = " where u.team_id = $this->team_id";
+    if (isset($options['status'])) $where_part .= ' and u.status = '.(int)$options['status'];
+    if ($includeSelf) {
+      $where_part .= " and (u.id = $this->id || r.rank <= ".(int)$options['max_rank'].')';
+    } else {
+      if (isset($options['max_rank'])) $where_part .= ' and r.rank <= '.(int)$options['max_rank'];
+    }
+
+    $sql = $select_part.$from_part.$left_joins.$where_part;
+    $res = $mdb2->query($sql);
+    $user_list = array();
+    if (is_a($res, 'PEAR_Error'))
+      return false;
+
+    while ($val = $res->fetchRow()) {
+      if ($skipClients) {
+        $isClient = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have track_own_time right.
+        if ($isClient)
+          continue; // Skip adding clients.
+      }
+      $user_list[] = $val;
+    }
+
+    if (isset($options['self_first'])) {
+      // Put own entry at the front.
+      $cnt = count($user_list);
+      for($i = 0; $i < $cnt; $i++) {
+        if ($user_list[$i]['id'] == $this->id) {
+          $self = $user_list[$i]; // Found self.
+          array_unshift($user_list, $self); // Put own entry at the front.
+          array_splice($user_list, $i+1, 1); // Remove duplicate.
+        }
+      }
+    }
+    return $user_list;
+  }
 }
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 5f16dbdf..a470afaa 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.70.4162 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.71.4163 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/users.tpl b/WEB-INF/templates/users.tpl
index f4743532..00841339 100644
--- a/WEB-INF/templates/users.tpl
+++ b/WEB-INF/templates/users.tpl
@@ -11,9 +11,9 @@
         <tr><td class="sectionHeaderNoBorder">{$i18n.form.users.active_users}</td></tr>
   {/if}
         <tr>
-          <td width="35%" class="tableHeader">{$i18n.label.person_name}</td>
-          <td width="35%" class="tableHeader">{$i18n.label.login}</td>
-          <td width="10%" class="tableHeader">{$i18n.form.users.role}</td>
+          <td width="30%" class="tableHeader">{$i18n.label.person_name}</td>
+          <td width="30%" class="tableHeader">{$i18n.label.login}</td>
+          <td width="20%" class="tableHeader">{$i18n.form.users.role}</td>
           <td width="10%" class="tableHeader">{$i18n.label.edit}</td>
           <td width="10%" class="tableHeader">{$i18n.label.delete}</td>
         </tr>
@@ -52,9 +52,9 @@
       <table cellspacing="1" cellpadding="3" border="0" width="100%">
         <tr><td class="sectionHeaderNoBorder">{$i18n.form.users.inactive_users}</td></tr>
         <tr>
-          <td width="35%" class="tableHeader">{$i18n.label.person_name}</td>
-          <td width="35%" class="tableHeader">{$i18n.label.login}</td>
-          <td width="10%" class="tableHeader">{$i18n.form.users.role}</td>
+          <td width="30%" class="tableHeader">{$i18n.label.person_name}</td>
+          <td width="30%" class="tableHeader">{$i18n.label.login}</td>
+          <td width="20%" class="tableHeader">{$i18n.form.users.role}</td>
           <td width="10%" class="tableHeader">{$i18n.label.edit}</td>
           <td width="10%" class="tableHeader">{$i18n.label.delete}</td>
         </tr>
diff --git a/charts.php b/charts.php
index f2b01f16..a44c9926 100644
--- a/charts.php
+++ b/charts.php
@@ -38,7 +38,7 @@ import('ttUserHelper');
 import('ttTeamHelper');
 
 // Access checks.
-if (!ttAccessAllowed('view_own_charts')) {
+if (!(ttAccessAllowed('view_own_charts') || ttAccessAllowed('view_charts'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -128,8 +128,12 @@ $chart_form = new Form('chartForm');
 
 // User dropdown. Changes the user "on behalf" of whom we are working. 
 if ($user->can('view_charts')) {
-  $user_list = ttTeamHelper::getActiveUsers(array('putSelfFirst'=>true));
-  if (count($user_list) > 1) {
+  if ($user->can('view_own_charts'))
+    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true);
+  else
+    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1);
+  $user_list = $user->getUsers($options);
+  if (count($user_list) >= 1) {
     $chart_form->addInput(array('type'=>'combobox',
       'onchange'=>'this.form.submit();',
       'name'=>'onBehalfUser',