From 03e3d32869aa0791e1d841be69cf5c0c84a5450f Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Wed, 5 Dec 2018 16:43:13 +0000
Subject: [PATCH] More refactoring for subgroups.

---
 WEB-INF/lib/ttGroup.class.php  |  2 +-
 WEB-INF/lib/ttUser.class.php   |  9 +++--
 WEB-INF/templates/expenses.tpl |  4 +--
 WEB-INF/templates/footer.tpl   |  2 +-
 charts.php                     |  5 +--
 expenses.php                   | 60 +++++++++++++++++++---------------
 6 files changed, 48 insertions(+), 34 deletions(-)

diff --git a/WEB-INF/lib/ttGroup.class.php b/WEB-INF/lib/ttGroup.class.php
index b0c50eef..bb03845d 100644
--- a/WEB-INF/lib/ttGroup.class.php
+++ b/WEB-INF/lib/ttGroup.class.php
@@ -97,8 +97,8 @@ class ttGroup {
       */
       $this->currency = $val['currency'];
       $this->plugins = $val['plugins'];
-      /*
       $this->lock_spec = $val['lock_spec'];
+      /*
       $this->workday_minutes = $val['workday_minutes'];
       $this->custom_logo = $val['custom_logo'];
       */
diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 548d70ec..05081c5a 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -209,6 +209,11 @@ class ttUser {
     return ($this->behalfGroup ? $this->behalfGroup->plugins : $this->plugins);
   }
 
+  // getLockSpec returns lock specification for active group.
+  function getLockSpec() {
+    return ($this->behalfGroup ? $this->behalfGroup->lock_spec : $this->lock_spec);
+  }
+
   // getConfig returns config string for active group.
   function getConfig() {
     return ($this->behalfGroup ? $this->behalfGroup->config : $this->config);
@@ -329,7 +334,7 @@ class ttUser {
     if (!$this->isPluginEnabled('lk'))
       return false; // Locking feature is disabled.
 
-    if (!$this->lock_spec)
+    if (!$this->getLockSpec())
       return false; // There is no lock specification.
 
     if (!$this->behalf_id && $this->can('override_own_date_lock'))
@@ -342,7 +347,7 @@ class ttUser {
     require_once(LIBRARY_DIR.'/tdcron/class.tdcron.entry.php');
 
     // Calculate the last occurrence of a lock.
-    $last = tdCron::getLastOccurrence($this->lock_spec, time());
+    $last = tdCron::getLastOccurrence($this->getLockSpec(), time());
     $lockdate = new DateAndTime(DB_DATEFORMAT, strftime('%Y-%m-%d', $last));
     if ($date->before($lockdate))
       return true;
diff --git a/WEB-INF/templates/expenses.tpl b/WEB-INF/templates/expenses.tpl
index 8e1ef0a8..17b8c8fb 100644
--- a/WEB-INF/templates/expenses.tpl
+++ b/WEB-INF/templates/expenses.tpl
@@ -117,10 +117,10 @@ function recalculateCost() {
   <tr>
     <td valign="top">
       <table>
-{if $on_behalf_control}
+{if $user_dropdown}
         <tr>
           <td align="right">{$i18n.label.user}:</td>
-          <td>{$forms.expensesForm.onBehalfUser.control}</td>
+          <td>{$forms.expensesForm.user.control}</td>
         </tr>
 {/if}
 {if $user->isPluginEnabled('cl')}
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index d7903e75..96fdee80 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.29.4590 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.29.4591 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/charts.php b/charts.php
index adaa8ae5..6329e14f 100644
--- a/charts.php
+++ b/charts.php
@@ -114,10 +114,11 @@ $chart_form = new Form('chartForm');
 
 // User dropdown. Changes the user "on behalf" of whom we are working. 
 if ($user->can('view_charts')) {
+  $rank = $user->getMaxRankForGroup($user->getGroup());
   if ($user->can('view_own_charts'))
-    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true);
+    $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
   else
-    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1);
+    $options = array('status'=>ACTIVE,'max_rank'=>$rank);
   $user_list = $user->getUsers($options);
   if (count($user_list) >= 1) {
     $chart_form->addInput(array('type'=>'combobox',
diff --git a/expenses.php b/expenses.php
index e459c37c..fa844a22 100644
--- a/expenses.php
+++ b/expenses.php
@@ -50,8 +50,26 @@ if (!$user->behalf_id && !$user->can('track_own_expenses') && !$user->adjustBeha
   header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
   exit();
 }
+if ($request->isPost() && $request->getParameter('user')) {
+  if (!$user->isUserValid($request->getParameter('user'))) {
+    header('Location: access_denied.php'); // Wrong user id on post.
+    exit();
+  }
+}
 // End of access checks.
 
+// Determine user for which we display this page.
+$userChanged = $request->getParameter('user_changed');
+if ($request->isPost() && $userChanged) {
+  $user_id = $request->getParameter('user');
+  $user->setOnBehalfUser($user_id);
+} else {
+  $user_id = $user->getUser();
+  // Handle a situation for no users in on behalf group.
+  if ($user->behalfGroup && $user_id == $user->id)
+    $user_id = null;
+}
+
 // Initialize and store date in session.
 $cl_date = $request->getParameter('date', @$_SESSION['date']);
 $selected_date = new DateAndTime(DB_DATEFORMAT, $cl_date);
@@ -61,8 +79,10 @@ if(!$cl_date)
   $cl_date = $selected_date->toString(DB_DATEFORMAT);
 $_SESSION['date'] = $cl_date;
 
+$tracking_mode = $user->getTrackingMode();
+$show_project = MODE_PROJECTS == $tracking_mode || MODE_PROJECTS_AND_TASKS == $tracking_mode;
+
 // Initialize variables.
-$on_behalf_id = $request->getParameter('onBehalfUser', (isset($_SESSION['behalf_id']) ? $_SESSION['behalf_id'] : $user->id));
 $cl_client = $request->getParameter('client', ($request->isPost() ? null : @$_SESSION['client']));
 $_SESSION['client'] = $cl_client;
 $cl_project = $request->getParameter('project', ($request->isPost() ? null : @$_SESSION['project']));
@@ -74,25 +94,27 @@ $cl_cost = $request->getParameter('cost');
 $form = new Form('expensesForm');
 
 if ($user->can('track_expenses')) {
+  $rank = $user->getMaxRankForGroup($user->getGroup());
   if ($user->can('track_own_expenses'))
-    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_self'=>true,'self_first'=>true);
+    $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
   else
-    $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1);
+    $options = array('status'=>ACTIVE,'max_rank'=>$rank);
   $user_list = $user->getUsers($options);
   if (count($user_list) >= 1) {
     $form->addInput(array('type'=>'combobox',
-      'onchange'=>'this.form.submit();',
-      'name'=>'onBehalfUser',
+      'onchange'=>'this.form.user_changed.value=1;this.form.submit();',
+      'name'=>'user',
       'style'=>'width: 250px;',
-      'value'=>$on_behalf_id,
+      'value'=>$user_id,
       'data'=>$user_list,
       'datakeys'=>array('id','name')));
-    $smarty->assign('on_behalf_control', 1);
+    $form->addInput(array('type'=>'hidden','name'=>'user_changed'));
+    $smarty->assign('user_dropdown', 1);
   }
 }
 
 // Dropdown for clients in MODE_TIME. Use all active clients.
-if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
+if (MODE_TIME == $tracking_mode && $user->isPluginEnabled('cl')) {
     $active_clients = ttGroupHelper::getActiveClients(true);
     $form->addInput(array('type'=>'combobox',
       'onchange'=>'fillProjectDropdown(this.value);',
@@ -105,11 +127,10 @@ if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) {
   // Note: in other modes the client list is filtered to relevant clients only. See below.
 }
 
-if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->tracking_mode) {
+if ($show_project) {
   // Dropdown for projects assigned to user.
   $project_list = $user->getAssignedProjects();
   $form->addInput(array('type'=>'combobox',
-    // 'onchange'=>'fillTaskDropdown(this.value);',
     'name'=>'project',
     'style'=>'width: 250px;',
     'value'=>$cl_project,
@@ -169,14 +190,13 @@ if ($request->isPost()) {
     // Validate user input.
     if ($user->isPluginEnabled('cl') && $user->isPluginEnabled('cm') && !$cl_client)
       $err->add($i18n->get('error.client'));
-    if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->tracking_mode) {
-      if (!$cl_project) $err->add($i18n->get('error.project'));
-    }
+    if ($show_project && !$cl_project)
+      $err->add($i18n->get('error.project'));
     if (!ttValidString($cl_item_name)) $err->add($i18n->get('error.field'), $i18n->get('label.comment'));
     if (!ttValidFloat($cl_cost)) $err->add($i18n->get('error.field'), $i18n->get('label.cost'));
 
     // Prohibit creating entries in future.
-    if (!$user->future_entries) {
+    if (!$user->getConfigOption('future_entries')) {
       $browser_today = new DateAndTime(DB_DATEFORMAT, $request->getParameter('browser_today', null));
       if ($selected_date->after($browser_today))
         $err->add($i18n->get('error.future_date'));
@@ -196,18 +216,6 @@ if ($request->isPost()) {
       } else
         $err->add($i18n->get('error.db'));
     }
-  } elseif ($request->getParameter('onBehalfUser')) {
-    if($user->can('track_expenses')) {
-      unset($_SESSION['behalf_id']);
-      unset($_SESSION['behalf_name']);
-
-      if($on_behalf_id != $user->id) {
-        $_SESSION['behalf_id'] = $on_behalf_id;
-        $_SESSION['behalf_name'] = ttUserHelper::getUserName($on_behalf_id);
-      }
-      header('Location: expenses.php');
-      exit();
-    }
   }
 }
 
-- 
2.20.1