From 0cb4a15ec1079fc325845640357dfc75aba0ae23 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sat, 6 Apr 2019 14:39:35 +0000 Subject: [PATCH] Added attachment capability to time records. --- WEB-INF/templates/projects.tpl | 4 ++-- file_delete.php | 28 ++++++++++++++++++++++------ file_download.php | 15 +++++++++++---- file_edit.php | 23 ++++++++++++++++++----- time.php | 2 +- 5 files changed, 54 insertions(+), 18 deletions(-) diff --git a/WEB-INF/templates/projects.tpl b/WEB-INF/templates/projects.tpl index dafe1d8d..0d5eae58 100644 --- a/WEB-INF/templates/projects.tpl +++ b/WEB-INF/templates/projects.tpl @@ -81,7 +81,7 @@ {$i18n.label.thing_name} {$i18n.label.description} {if $show_files} - {$i18n.label.files} + {/if} {if $active_projects} @@ -90,7 +90,7 @@ {$project.name|escape} {$project.description|escape} {if $show_files} - {$i18n.label.view} + {$i18n.label.files} {/if} {/foreach} diff --git a/file_delete.php b/file_delete.php index d98259d6..3ef22aea 100644 --- a/file_delete.php +++ b/file_delete.php @@ -29,6 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttFileHelper'); +import('ttTimeHelper'); import('ttProjectHelper'); // Access checks. @@ -39,14 +40,21 @@ if (!$file) { exit(); } // Entity-specific checks. -if ($file['entity_type'] == 'project') { +$entity_type = $file['entity_type']; +if ($entity_type == 'time') { + if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) { + header('Location: access_denied.php'); + exit(); + } +} +if ($entity_type == 'project') { if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) { header('Location: access_denied.php'); exit(); } } -if ($file['entity_type'] != 'project') { - // Currently, files are only associated with projects. +if ($entity_type != 'project' && $entity_type != 'time') { + // Currently, files are only associated with time records and projects. // Improve access checks when the feature evolves. header('Location: access_denied.php'); exit(); @@ -64,12 +72,20 @@ if ($request->isPost()) { if ($request->getParameter('btn_delete')) { $fileHelper = new ttFileHelper($err); $deleted = $fileHelper->deleteFile($file); - if ($deleted && $file['entity_type'] == 'project') { - header('Location: project_files.php?id='.$file['entity_id']); + if ($deleted) { + if ($entity_type == 'time') { + header('Location: time_files.php?id='.$file['entity_id']); + } + if ($entity_type == 'project') { + header('Location: project_files.php?id='.$file['entity_id']); + } exit(); } } elseif ($request->getParameter('btn_cancel')) { - if ($file['entity_type'] == 'project') { + if ($entity_type == 'time') { + header('Location: time_files.php?id='.$file['entity_id']); + } + if ($entity_type == 'project') { header('Location: project_files.php?id='.$file['entity_id']); } exit(); diff --git a/file_download.php b/file_download.php index 049003ba..8a17b4d7 100644 --- a/file_download.php +++ b/file_download.php @@ -39,14 +39,21 @@ if (!$file) { exit(); } // Entity-specific checks. -if ($file['entity_type'] == 'project') { - if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) { +$entity_type = $file['entity_type']; +if ($entity_type == 'time') { + if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) { header('Location: access_denied.php'); exit(); } } -if ($file['entity_type'] != 'project') { - // Currently, files are only associated with projects. +if ($entity_type == 'project') { + if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects')) || !ttProjectHelper::get($file['entity_id'])) { + header('Location: access_denied.php'); + exit(); + } +} +if ($entity_type != 'project' && $entity_type != 'time') { + // Currently, files are only associated with time records and projects. // Improve access checks when the feature evolves. header('Location: access_denied.php'); exit(); diff --git a/file_edit.php b/file_edit.php index 381508d1..4a675a50 100644 --- a/file_edit.php +++ b/file_edit.php @@ -29,6 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttFileHelper'); +import('ttTimeHelper'); import('ttProjectHelper'); // Access checks. @@ -39,14 +40,21 @@ if (!$file) { exit(); } // Entity-specific checks. -if ($file['entity_type'] == 'project') { +$entity_type = $file['entity_type']; +if ($entity_type == 'time') { + if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) { + header('Location: access_denied.php'); + exit(); + } +} +if ($entity_type == 'project') { if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) { header('Location: access_denied.php'); exit(); } } -if ($file['entity_type'] != 'project') { - // Currently, files are only associated with projects. +if ($entity_type != 'project' && $entity_type != 'time') { + // Currently, files are only associated with time records and projects. // Improve access checks when the feature evolves. header('Location: access_denied.php'); exit(); @@ -75,8 +83,13 @@ if ($request->isPost()) { if ($request->getParameter('btn_save')) { // Update file information. $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description)); - if ($updated && $file['entity_type'] == 'project') { - header('Location: project_files.php?id='.$file['entity_id']); + if ($updated) { + if ($entity_type == 'time') { + header('Location: time_files.php?id='.$file['entity_id']); + } + if ($entity_type == 'project') { + header('Location: project_files.php?id='.$file['entity_id']); + } exit(); } else $err->add($i18n->get('error.db')); diff --git a/time.php b/time.php index 5cec8a7e..e31c98ac 100644 --- a/time.php +++ b/time.php @@ -401,7 +401,7 @@ $smarty->assign('selected_date', $selected_date); $smarty->assign('week_total', $week_total); $smarty->assign('day_total', ttTimeHelper::getTimeForDay($cl_date)); $smarty->assign('time_records', ttTimeHelper::getRecords($user_id, $cl_date)); -if (isTrue('FILES_DEBUG')) $smarty->assign('show_files', $user->isPluginEnabled('at')); +$smarty->assign('show_files', $user->isPluginEnabled('at')); $smarty->assign('client_list', $client_list); $smarty->assign('project_list', $project_list); $smarty->assign('task_list', $task_list); -- 2.20.1