From 086b93bd5a71b4c68ae3fa3e37d97182ee2a5b73 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Thu, 28 Feb 2019 22:47:13 +0000 Subject: [PATCH] A bit of refactoring. --- WEB-INF/lib/ttTimeHelper.class.php | 9 +++++++-- WEB-INF/templates/footer.tpl | 2 +- mobile/time_delete.php | 3 +-- mobile/time_edit.php | 5 +++-- mobile/timer.php | 2 +- time.php | 4 ++-- time_delete.php | 3 +-- time_edit.php | 5 +++-- 8 files changed, 19 insertions(+), 14 deletions(-) diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php index bdec1a5f..d2a35647 100644 --- a/WEB-INF/lib/ttTimeHelper.class.php +++ b/WEB-INF/lib/ttTimeHelper.class.php @@ -659,8 +659,13 @@ class ttTimeHelper { } // getRecord - retrieves a time record identified by its id. - static function getRecord($id, $user_id) { + static function getRecord($id) { global $user; + + $user_id = $user->getUser(); + $group_id = $user->getGroup(); + $org_id = $user->org_id; + $sql_time_format = "'%k:%i'"; // 24 hour format. if ('%I:%M %p' == $user->time_format) $sql_time_format = "'%h:%i %p'"; // 12 hour format for MySQL TIME_FORMAT function. @@ -674,7 +679,7 @@ class ttTimeHelper { " l.timesheet_id, l.invoice_id, l.billable, l.paid, l.date from tt_log l". " left join tt_projects p on (p.id = l.project_id)". " left join tt_tasks t on (t.id = l.task_id)". - " where l.id = $id and l.user_id = $user_id and l.status = 1"; + " where l.id = $id and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { if (!$res->numRows()) { diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index b5578c43..eb0fd592 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.46.4796 | Copyright © Anuko | +  Anuko Time Tracker 1.18.46.4797 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/mobile/time_delete.php b/mobile/time_delete.php index 8ebb98a8..1b122fb9 100644 --- a/mobile/time_delete.php +++ b/mobile/time_delete.php @@ -38,8 +38,7 @@ if (!ttAccessAllowed('track_own_time')) { exit(); } $cl_id = (int)$request->getParameter('id'); -$user_id = $user->getUser(); -$time_rec = ttTimeHelper::getRecord($cl_id, $user_id); +$time_rec = ttTimeHelper::getRecord($cl_id); if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { // Prohibit deleting not ours, or assigned to timesheet, or invoiced records. header('Location: access_denied.php'); diff --git a/mobile/time_edit.php b/mobile/time_edit.php index 0b5b090e..1f8f7de9 100644 --- a/mobile/time_edit.php +++ b/mobile/time_edit.php @@ -40,8 +40,7 @@ if (!ttAccessAllowed('track_own_time')) { exit(); } $cl_id = (int)$request->getParameter('id'); -$user_id = $user->getUser(); -$time_rec = ttTimeHelper::getRecord($cl_id, $user_id); +$time_rec = ttTimeHelper::getRecord($cl_id); if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { // Prohibit editing not ours, or assigned to timesheet, or invoiced records. header('Location: access_denied.php'); @@ -49,6 +48,8 @@ if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { } // End of access checks. +$user_id = $user->getUser(); + // Use custom fields plugin if it is enabled. if ($user->isPluginEnabled('cf')) { require_once('../plugins/CustomFields.class.php'); diff --git a/mobile/timer.php b/mobile/timer.php index c754740a..d3a0d0fb 100644 --- a/mobile/timer.php +++ b/mobile/timer.php @@ -254,7 +254,7 @@ if ($request->isPost()) { } if ($request->getParameter('btn_stop')) { // Stop button clicked. We need to finish an uncompleted record in progress. - $record = ttTimeHelper::getRecord($uncompleted['id'], $user->getUser()); + $record = ttTimeHelper::getRecord($uncompleted['id']); // Can we complete this record? if (ttTimeHelper::isValidInterval($record['start'], $cl_finish) // finish time is greater than start time diff --git a/time.php b/time.php index e4547a94..f7b1c12e 100644 --- a/time.php +++ b/time.php @@ -56,7 +56,7 @@ if ($request->isPost()) { } // End of access checks. -// Determine user for which we display this page. +// Determine user for whom we display this page. if ($request->isPost() && $userChanged) { $user_id = $request->getParameter('user'); $user->setOnBehalfUser($user_id); @@ -347,7 +347,7 @@ if ($request->isPost()) { } elseif ($request->getParameter('btn_stop')) { // Stop button pressed to finish an uncompleted record. $record_id = $request->getParameter('record_id'); - $record = ttTimeHelper::getRecord($record_id, $user_id); + $record = ttTimeHelper::getRecord($record_id); $browser_date = $request->getParameter('browser_date'); $browser_time = $request->getParameter('browser_time'); diff --git a/time_delete.php b/time_delete.php index 1b6f5c29..e83630ed 100644 --- a/time_delete.php +++ b/time_delete.php @@ -38,8 +38,7 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { exit(); } $cl_id = (int)$request->getParameter('id'); -$user_id = $user->getUser(); -$time_rec = ttTimeHelper::getRecord($cl_id, $user_id); +$time_rec = ttTimeHelper::getRecord($cl_id); if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { // Prohibit deleting not ours, or assigned to timesheet, or invoiced records. header('Location: access_denied.php'); diff --git a/time_edit.php b/time_edit.php index 48db27ea..23cc63d5 100644 --- a/time_edit.php +++ b/time_edit.php @@ -40,8 +40,7 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { exit(); } $cl_id = (int)$request->getParameter('id'); -$user_id = $user->getUser(); -$time_rec = ttTimeHelper::getRecord($cl_id, $user_id); +$time_rec = ttTimeHelper::getRecord($cl_id); if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { // Prohibit editing not ours, or assigned to timesheet, or invoiced records. header('Location: access_denied.php'); @@ -49,6 +48,8 @@ if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) { } // End of access checks. +$user_id = $user->getUser(); + // Use custom fields plugin if it is enabled. if ($user->isPluginEnabled('cf')) { require_once('plugins/CustomFields.class.php'); -- 2.20.1