From 5e861d92d6d758ba4888e35109cc6df4ab5e2df1 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sat, 3 Nov 2018 20:56:08 +0000
Subject: [PATCH] More progress on subgroups, mostly about setting on behalf
 values properly.

---
 WEB-INF/lib/ttUser.class.php | 38 +++++++++++++++----
 WEB-INF/templates/footer.tpl |  2 +-
 reports.php                  |  2 +-
 time.php                     | 72 +++++++++++++++++++++++++-----------
 4 files changed, 84 insertions(+), 30 deletions(-)

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index b7ea34f0..469345b7 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -429,13 +429,32 @@ class ttUser {
   }
 
   // checkBehalfId checks whether behalf_id is appropriate.
-  // On behalf user must be active and have lower rank.
+  // On behalf user must be active and have lower rank if the user is from home group,
+  // otherwise:
+  // - subgroup must ve valid;
+  // - user should be a member of it.
   function checkBehalfId() {
-    $options = array('status'=>ACTIVE,'max_rank'=>$this->rank-1);
-    $users = $this->getUsers($options);
-    foreach($users as $one_user) {
-      if ($one_user['id'] == $this->behalf_id)
-        return true;
+    if (!$this->behalf_group_id) {
+      // Checking user from home group.
+      $options = array('status'=>ACTIVE,'max_rank'=>$this->rank-1);
+      $users = $this->getUsers($options);
+      foreach($users as $one_user) {
+        if ($one_user['id'] == $this->behalf_id)
+          return true;
+      }
+    } else {
+      // Checking user from a subgroup.
+      $group_id = $this->behalf_group_id;
+      if (!$this->isSubgroupValid($group_id))
+        return false;
+
+      // So far, so good. Check user now.
+      $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>MAX_RANK);
+      $users = $this->getUsers($options);
+      foreach($users as $one_user) {
+        if ($one_user['id'] == $this->behalf_id)
+          return true;
+      }
     }
     return false;
   }
@@ -446,8 +465,13 @@ class ttUser {
   // Needed for situations when user does not have do_own_something right.
   // Example: has view_charts but does not have view_own_charts.
   // In this case we still allow access to charts, but set behalf_id to someone else.
+  // Another example: working in a subgroup on behalf of someone else.
   function adjustBehalfId() {
-    $options = array('status'=>ACTIVE,'max_rank'=>$this->rank-1);
+    $group_id = $this->behalf_group_id ? $this->behalf_group_id : $this->group_id;
+    $rank = $this->getMaxRankForGroup($group_id);
+
+    // Adjust to first found user in group.
+    $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>$rank);
     $users = $this->getUsers($options);
     foreach($users as $one_user) {
       // Fake loop to access first element.
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index fda4c01a..f29129e5 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.06.4353 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.06.4354 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/reports.php b/reports.php
index 31028f2f..6a0687e6 100644
--- a/reports.php
+++ b/reports.php
@@ -149,7 +149,7 @@ if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isCli
   // Prepare user and assigned projects arrays.
   if ($user->can('view_reports') || $user->can('view_all_reports')) {
     $max_rank = $user->rank-1;
-    if ($user->can('view_all_reports')) $max_rank = 512;
+    if ($user->can('view_all_reports')) $max_rank = MAX_RANK;
     if ($user->can('view_own_reports'))
       $options = array('max_rank'=>$max_rank,'include_self'=>true);
     else
diff --git a/time.php b/time.php
index 6d62fb69..258f15c1 100644
--- a/time.php
+++ b/time.php
@@ -366,31 +366,61 @@ if ($request->isPost()) {
       exit();
     }
   }
-  elseif ($request->getParameter('onBehalfGroup')) {
-    if($user->can('manage_subgroups')) {
-      unset($_SESSION['behalf_group_id']);
-      unset($_SESSION['behalf_group_name']);
-
-      if($on_behalf_group_id != $user->group_id) {
-        $_SESSION['behalf_group_id'] = $on_behalf_group_id;
-        $_SESSION['behalf_group_name'] = ttGroupHelper::getGroupName($on_behalf_group_id);
+  elseif ($request->getParameter('onBehalfUser') || $request->getParameter('onBehalfGroup')) {
+    // User changed either on behalf user or group.
+    // TODO: Organize this code into a separate function.
+
+    // We get here if one of the dropdowns changed. Handle these 2 situations differently.
+    // 1) User changed. Determine if user changed. Then do exactly as before.
+    //
+    // Group changed. Determine if group changed.
+    // Adjust group info.
+    // Adjust user info to first user in group (or self if we are in home group now).
+    //
+    // Determine if user was changed.
+    if ($request->getParameter('onBehalfUser')) {
+      $request_user_id = $request->getParameter('onBehalfUser');
+      $session_user_id = $_SESSION['behalf_id'];
+      $user_changed = !(($session_user_id == null && ($user->id == $request_user_id))
+                      || ($session_user_id != null && ($request_user_id == $session_user_id)));
+      if ($user_changed && $user->can('track_time')) {
+        unset($_SESSION['behalf_id']);
+        unset($_SESSION['behalf_name']);
+
+        if($request_user_id != $user->id) {
+          $_SESSION['behalf_id'] = $request_user_id;
+          $_SESSION['behalf_name'] = ttUserHelper::getUserName($request_user_id);
+        }
       }
-      header('Location: time.php');
-      exit();
     }
-  }
-  elseif ($request->getParameter('onBehalfUser')) {
-    if($user->can('track_time')) {
-      unset($_SESSION['behalf_id']);
-      unset($_SESSION['behalf_name']);
-
-      if($on_behalf_id != $user->id) {
-        $_SESSION['behalf_id'] = $on_behalf_id;
-        $_SESSION['behalf_name'] = ttUserHelper::getUserName($on_behalf_id);
+
+    if ($request->getParameter('onBehalfGroup')) {
+      // Determine if group was changed.
+      $request_group_id = $request->getParameter('onBehalfGroup');
+      $session_group_id = $_SESSION['behalf_group_id'];
+      $group_changed = !(($session_group_id == null && ($user->group_id == $request_group_id))
+                      || ($session_group_id != null && ($request_group_id == $session_group_id)));
+
+      if ($group_changed && $user->can('manage_subgroups')) {
+        unset($_SESSION['behalf_group_id']);
+        unset($_SESSION['behalf_group_name']);
+        if ($request_group_id == $user->group_id)
+          $user->behalf_group_id = null;
+
+        if (($request_group_id != $user->group_id) && $user->isSubgroupValid($request_group_id)) {
+          $_SESSION['behalf_group_id'] = $request_group_id;
+          $_SESSION['behalf_group_name'] = ttGroupHelper::getGroupName($request_group_id);
+          $user->behalf_group_id = $request_group_id;
+        }
+
+        unset($_SESSION['behalf_id']);
+        unset($_SESSION['behalf_name']);
+        if ($request_group_id != $user->group_id)
+          $user->adjustBehalfId();
       }
-      header('Location: time.php');
-      exit();
     }
+    header('Location: time.php');
+    exit();
   }
 } // isPost
 
-- 
2.20.1