From 1f470d31dc499b7a196184157c6dd77225b448e8 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sun, 25 Nov 2018 13:38:39 +0000
Subject: [PATCH] Adjusted user_add.php and user_edit.php to operate with
 subgroups.

---
 WEB-INF/lib/ttUser.class.php | 28 ++++++++++++++++++----------
 WEB-INF/templates/footer.tpl |  2 +-
 user_add.php                 |  4 ++--
 user_edit.php                |  4 ++--
 4 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index e150f0b5..8c4595db 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -440,11 +440,13 @@ class ttUser {
     if (!$this->can('manage_users')) return false;
 
     $mdb2 = getConnection();
+    $group_id = $this->getActiveGroup();
+    $org_id = $this->org_id;
 
     $sql =  "select u.id, u.name, u.login, u.role_id, u.client_id, u.status, u.rate, u.email from tt_users u".
-            " left join tt_roles r on (u.role_id = r.id)".
-            " where u.id = $user_id and u.group_id = $this->group_id and u.status is not null".
-            " and (r.rank < $this->rank or (r.rank = $this->rank and u.id = $this->id))"; // Users with lesser roles or self.
+      " left join tt_roles r on (u.role_id = r.id)".
+      " where u.id = $user_id and u.group_id = $group_id and u.org_id = $org_id and u.status is not null".
+      " and (r.rank < $this->rank or (r.rank = $this->rank and u.id = $this->id))"; // Users with lesser roles or self.
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       $val = $res->fetchRow();
@@ -565,21 +567,26 @@ class ttUser {
     if (!$user_details) return false;
 
     $mdb2 = getConnection();
+    $group_id = $this->getActiveGroup();
+    $org_id = $this->org_id;
 
     // Mark user to project binds as deleted.
-    $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id";
+    $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
     // Mark user favorite reports as deleted.
-    $sql = "update tt_fav_reports set status = NULL where user_id = $user_id";
+    $sql = "update tt_fav_reports set status = NULL where user_id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
     // Mark user as deleted.
-    $sql = "update tt_users set status = NULL where id = $user_id and group_id = ".$this->group_id;
+    $sql = "update tt_users set status = NULL where id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
@@ -684,8 +691,12 @@ class ttUser {
     // Unset things first.
     $this->behalf_group_id = null;
     $this->behalf_group_name = null;
+    $this->behalf_id = null;
+    $this->behalf_name = null;
     unset($_SESSION['behalf_group_id']);
     unset($_SESSION['behalf_group_name']);
+    unset($_SESSION['behalf_id']);
+    unset($_SESSION['behalf_name']);
 
     // Do not do anything if we don't have rights.
     if (!$this->can('manage_subgroups')) return;
@@ -703,10 +714,7 @@ class ttUser {
     $this->behalf_group_id = $group_id;
     $this->behalf_group_name = $onBehalfGroupName;
 
-    // Question remains whether or not we need to adjust on behalf user.
-    // Adjusting for now. Test it and redesign if necessary.
-    unset($_SESSION['behalf_id']);
-    unset($_SESSION['behalf_name']);
+    // Adjust on behalf user.
     $this->adjustBehalfId();
     return;
   }
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 188c495f..dee9c5e1 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.28.4513 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.28.4514 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/user_add.php b/user_add.php
index eb939147..662813ea 100644
--- a/user_add.php
+++ b/user_add.php
@@ -46,7 +46,7 @@ if (!ttAccessAllowed('manage_users')) {
 @include('plugins/limit/user_add.php');
 
 if ($user->isPluginEnabled('cl'))
-  $clients = ttTeamHelper::getActiveClients($user->group_id);
+  $clients = ttTeamHelper::getActiveClients($user->getActiveGroup());
 
 $assigned_projects = array();
 if ($request->isPost()) {
@@ -90,7 +90,7 @@ if ($user->isPluginEnabled('cl'))
 
 $form->addInput(array('type'=>'floatfield','maxlength'=>'10','name'=>'rate','format'=>'.2','value'=>$cl_rate));
 
-$projects = ttTeamHelper::getActiveProjects($user->group_id);
+$projects = ttTeamHelper::getActiveProjects($user->getActiveGroup());
 
 // Define classes for the projects table.
 class NameCellRenderer extends DefaultCellRenderer {
diff --git a/user_edit.php b/user_edit.php
index f370f451..49e2505d 100644
--- a/user_edit.php
+++ b/user_edit.php
@@ -49,9 +49,9 @@ if (!$user_details) {
 // End of access checks.
 
 if ($user->isPluginEnabled('cl'))
-  $clients = ttTeamHelper::getActiveClients($user->group_id);
+  $clients = ttTeamHelper::getActiveClients($user->getActiveGroup());
 
-$projects = ttTeamHelper::getActiveProjects($user->group_id);
+$projects = ttTeamHelper::getActiveProjects($user->getActiveGroup());
 $assigned_projects = array();
 
 if ($request->isPost()) {
-- 
2.20.1