From: Nik Okuntseff Date: Sun, 25 Mar 2018 20:43:45 +0000 (+0000) Subject: Improved time page with a better filter for on behalf users - lower roles only. X-Git-Tag: timetracker_1.19-1~941 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=e7b081c97f2f2cfa69ca8df99afdeb8506eff726;p=timetracker.git Improved time page with a better filter for on behalf users - lower roles only. --- diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 7a02ae7b..d1cf3d01 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.17.71.4165 | Copyright © Anuko | +  Anuko Time Tracker 1.17.71.4166 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/time.php b/time.php index 1c29aa8f..18979fe2 100644 --- a/time.php +++ b/time.php @@ -41,11 +41,19 @@ import('DateAndTime'); // die ("Your browser's cookie functionality is turned off. Please turn it on."); // } -// Access check. +// Access checks. if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } +if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) { + header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user. + exit(); +} +if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) { + header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to view on behalf. + exit(); +} // Initialize and store date in session. $cl_date = $request->getParameter('date', @$_SESSION['date']); @@ -103,9 +111,13 @@ $_SESSION['task'] = $cl_task; // Elements of timeRecordForm. $form = new Form('timeRecordForm'); -if ($user->canManageTeam()) { - $user_list = ttTeamHelper::getActiveUsers(array('putSelfFirst'=>true)); - if (count($user_list) > 1) { +if ($user->can('track_time')) { + if ($user->can('track_own_time')) + $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true); + else + $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1); + $user_list = $user->getUsers($options); + if (count($user_list) >= 1) { $form->addInput(array('type'=>'combobox', 'onchange'=>'this.form.submit();', 'name'=>'onBehalfUser',