From: Nik Okuntseff Date: Sun, 2 Dec 2018 15:38:41 +0000 (+0000) Subject: Ongoing refactoring of custom fields for subgroups. X-Git-Tag: timetracker_1.19-1~498 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=95d031241d1e1970e92171e733c81896b53f7cdc;p=timetracker.git Ongoing refactoring of custom fields for subgroups. --- diff --git a/WEB-INF/templates/cf_dropdown_options.tpl b/WEB-INF/templates/cf_dropdown_options.tpl index ba15a416..f9dfcd0d 100644 --- a/WEB-INF/templates/cf_dropdown_options.tpl +++ b/WEB-INF/templates/cf_dropdown_options.tpl @@ -2,7 +2,6 @@ function chLocation(newLocation) { document.location = newLocation; } -{$forms.dropdownOptionsForm.open}
@@ -38,4 +37,3 @@
-{$forms.dropdownOptionsForm.close} diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 77ebe494..4cfac191 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.29.4567 | Copyright © Anuko | +  Anuko Time Tracker 1.18.29.4568 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/cf_dropdown_options.php b/cf_dropdown_options.php index 1afce734..3b4663f8 100644 --- a/cf_dropdown_options.php +++ b/cf_dropdown_options.php @@ -39,15 +39,16 @@ if (!$user->isPluginEnabled('cf')) { header('Location: feature_disabled.php'); exit(); } +$field_id = (int)$request->getParameter('field_id'); +$field = CustomFields::getField($field_id); +if (!$field) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. -$field_id = $request->getParameter('field_id'); $options = CustomFields::getOptions($field_id); -if (false === $options) - $err->add($i18n->get('error.db')); - -$form = new Form('dropdownOptionsForm'); -$smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('field_id', $field_id); $smarty->assign('options', $options); $smarty->assign('title', $i18n->get('title.cf_dropdown_options')); diff --git a/plugins/CustomFields.class.php b/plugins/CustomFields.class.php index 885f60b9..a2e88326 100644 --- a/plugins/CustomFields.class.php +++ b/plugins/CustomFields.class.php @@ -91,20 +91,30 @@ class CustomFields { } function delete($log_id) { - + global $user; $mdb2 = getConnection(); - $sql = "update tt_custom_field_log set status = NULL where log_id = $log_id"; + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "update tt_custom_field_log set status = null". + " where log_id = $log_id and group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); } function get($log_id) { - $fields = array(); - + global $user; $mdb2 = getConnection(); - $sql = "select id, field_id, option_id, value from tt_custom_field_log where log_id = $log_id and status = 1"; + + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "select id, field_id, option_id, value from tt_custom_field_log". + " where log_id = $log_id and group_id = $group_id and org_id = $org_id and status = 1"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { + $fields = array(); while ($val = $res->fetchRow()) { $fields[] = $val; } @@ -123,7 +133,8 @@ class CustomFields { // Check if the option exists. $id = 0; - $sql = "select id from tt_custom_field_options where field_id = $field_id and value = ".$mdb2->quote($option_name); + $sql = "select id from tt_custom_field_options". + " where field_id = $field_id and group_id = $group_id and org_id = $org_id and value = ".$mdb2->quote($option_name); $res = $mdb2->query($sql); if (is_a($res, 'PEAR_Error')) return false; @@ -142,10 +153,14 @@ class CustomFields { // updateOption updates option name. static function updateOption($id, $option_name) { - + global $user; $mdb2 = getConnection(); - $sql = "update tt_custom_field_options set value = ".$mdb2->quote($option_name)." where id = $id"; + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "update tt_custom_field_options set value = ".$mdb2->quote($option_name). + " where id = $id and group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); } @@ -155,25 +170,22 @@ class CustomFields { global $user; $mdb2 = getConnection(); - $field_id = CustomFields::getFieldIdForOption($id); + $group_id = $user->getGroup(); + $org_id = $user->org_id; - // First make sure that the field is ours. - $sql = "select group_id from tt_custom_fields where id = $field_id"; - $res = $mdb2->query($sql); - if (is_a($res, 'PEAR_Error')) - return false; - $val = $res->fetchRow(); - if ($user->group_id != $val['group_id']) - return false; + $field_id = CustomFields::getFieldIdForOption($id); + if (!$field_id) return false; - // Delete log entries with this option. - $sql = "update tt_custom_field_log set status = NULL where field_id = $field_id and value = ".$mdb2->quote($id); + // Delete log entries with this option. TODO: why? Research impact. + $sql = "update tt_custom_field_log set status = null". + " where field_id = $field_id and group_id = $group_id and org_id = $org_id and value = ".$mdb2->quote($id); $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; // Delete the option. - $sql = "update tt_custom_field_options set status = NULL where id = $id"; + $sql = "update tt_custom_field_options set status = null". + " where id = $id and group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); return (!is_a($affected, 'PEAR_Error')); } @@ -182,21 +194,16 @@ class CustomFields { static function getOptions($field_id) { global $user; $mdb2 = getConnection(); - $options = array(); - // First make sure that the field is ours. - $sql = "select group_id from tt_custom_fields where id = $field_id"; - $res = $mdb2->query($sql); - if (is_a($res, 'PEAR_Error')) - return false; - $val = $res->fetchRow(); - if ($user->group_id != $val['group_id']) - return false; + $group_id = $user->getGroup(); + $org_id = $user->org_id; // Get options. - $sql = "select id, value from tt_custom_field_options where field_id = $field_id and status = 1 order by value"; + $sql = "select id, value from tt_custom_field_options". + " where field_id = $field_id and group_id = $group_id and org_id = $org_id and status = 1 order by value"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { + $options = array(); while ($val = $res->fetchRow()) { $options[$val['id']] = $val['value']; } @@ -210,19 +217,11 @@ class CustomFields { global $user; $mdb2 = getConnection(); - $field_id = CustomFields::getFieldIdForOption($id); - - // First make sure that the field is ours. - $sql = "select group_id from tt_custom_fields where id = $field_id"; - $res = $mdb2->query($sql); - if (is_a($res, 'PEAR_Error')) - return false; - $val = $res->fetchRow(); - if ($user->group_id != $val['group_id']) - return false; + $group_id = $user->getGroup(); + $org_id = $user->org_id; - // Get option name. - $sql = "select value from tt_custom_field_options where id = $id"; + $sql = "select value from tt_custom_field_options". + " where id = $id and group_id = $group_id and org_id = $org_id"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { $val = $res->fetchRow(); @@ -275,9 +274,14 @@ class CustomFields { // getFieldIdForOption returns field id from an associated option id. static function getFieldIdForOption($option_id) { + global $user; $mdb2 = getConnection(); - $sql = "select field_id from tt_custom_field_options where id = $option_id"; + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $sql = "select field_id from tt_custom_field_options". + " where id = $option_id and group_id = $group_id and org_id = $org_id"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { $val = $res->fetchRow(); @@ -291,8 +295,10 @@ class CustomFields { static function insertField($field_name, $field_type, $required) { global $user; $mdb2 = getConnection(); + $group_id = $user->getGroup(); $org_id = $user->org_id; + $sql = "insert into tt_custom_fields (group_id, org_id, type, label, required, status)". " values($group_id, $org_id, $field_type, ".$mdb2->quote($field_name).", $required, 1)"; $affected = $mdb2->exec($sql); @@ -303,8 +309,10 @@ class CustomFields { static function updateField($id, $name, $type, $required) { global $user; $mdb2 = getConnection(); + $group_id = $user->getGroup(); $org_id = $user->org_id; + $sql = "update tt_custom_fields set label = ".$mdb2->quote($name).", type = $type, required = $required". " where id = $id and group_id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); diff --git a/time_edit.php b/time_edit.php index e6a8adb8..f4eb41d2 100644 --- a/time_edit.php +++ b/time_edit.php @@ -53,7 +53,7 @@ if (!$time_rec || $time_rec['invoice_id']) { // Use custom fields plugin if it is enabled. if ($user->isPluginEnabled('cf')) { require_once('plugins/CustomFields.class.php'); - $custom_fields = new CustomFields($user->group_id); + $custom_fields = new CustomFields($user->getGroup()); $smarty->assign('custom_fields', $custom_fields); }