From 7bc3223af35eeceb1e63daf3ae3cb66739337696 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sun, 25 Nov 2018 15:01:24 +0000
Subject: [PATCH] Adjusted project_add.php and project_edit.php to work with
 subgroups.

---
 WEB-INF/lib/ttProjectHelper.class.php | 9 ++++++---
 WEB-INF/lib/ttTeamHelper.class.php    | 7 +++++--
 WEB-INF/templates/footer.tpl          | 2 +-
 project_add.php                       | 3 ++-
 project_edit.php                      | 2 +-
 5 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/WEB-INF/lib/ttProjectHelper.class.php b/WEB-INF/lib/ttProjectHelper.class.php
index 240760df..5e59a928 100644
--- a/WEB-INF/lib/ttProjectHelper.class.php
+++ b/WEB-INF/lib/ttProjectHelper.class.php
@@ -159,23 +159,26 @@ class ttProjectHelper {
     global $user;
     $mdb2 = getConnection();
 
+    $group_id = $user->getActiveGroup();
+    $org_id = $user->org_id;
+
     // Start with project itself. Reason: if the passed in project_id is bogus,
     // we'll fail right here and don't damage any other data.
 
     // Mark project as deleted and remove associated tasks.
-    $sql = "update tt_projects set status = NULL, tasks = NULL where id = $id and group_id = ".$user->getActiveGroup();
+    $sql = "update tt_projects set status = NULL, tasks = NULL where id = $id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error') || 0 == $affected)
       return false; // An error ocurred, or 0 rows updated.
 
     // Delete user binds to this project.
-    $sql = "delete from tt_user_project_binds where project_id = $id";
+    $sql = "delete from tt_user_project_binds where project_id = $id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
     // Delete task binds to this project.
-    $sql = "delete from tt_project_task_binds where project_id = $id";
+    $sql = "delete from tt_project_task_binds where project_id = $id and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php
index b4454a92..1b2616b3 100644
--- a/WEB-INF/lib/ttTeamHelper.class.php
+++ b/WEB-INF/lib/ttTeamHelper.class.php
@@ -60,10 +60,13 @@ class ttTeamHelper {
     global $i18n;
     $mdb2 = getConnection();
 
+    $group_id = $user->getActiveGroup();
+    $org_id = $user->org_id;
+
     if (isset($options['getAllFields']))
-      $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.group_id = $user->group_id and u.status = 1 order by upper(u.name)";
+      $sql = "select u.*, r.name as role_name, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.group_id = $group_id and u.org_id = $org_id and u.status = 1 order by upper(u.name)";
     else
-      $sql = "select id, name from tt_users where group_id = $user->group_id and status = 1 order by upper(name)";
+      $sql = "select id, name from tt_users where group_id = $group_id and org_id = $org_id and status = 1 order by upper(name)";
     $res = $mdb2->query($sql);
     $user_list = array();
     if (is_a($res, 'PEAR_Error'))
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 4cb0d912..47031b29 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.28.4515 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.28.4516 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/project_add.php b/project_add.php
index 930adf1f..d32c8802 100644
--- a/project_add.php
+++ b/project_add.php
@@ -40,12 +40,13 @@ if (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->t
   header('Location: feature_disabled.php');
   exit();
 }
+// End of access checks.
 
 $users = ttTeamHelper::getActiveUsers();
 foreach ($users as $user_item)
   $all_users[$user_item['id']] = $user_item['name'];
 
-$tasks = ttTeamHelper::getActiveTasks($user->group_id);
+$tasks = ttTeamHelper::getActiveTasks($user->getActiveGroup());
 foreach ($tasks as $task_item)
   $all_tasks[$task_item['id']] = $task_item['name'];
 
diff --git a/project_edit.php b/project_edit.php
index 3cdb4437..20376325 100644
--- a/project_edit.php
+++ b/project_edit.php
@@ -52,7 +52,7 @@ $users = ttTeamHelper::getActiveUsers();
 foreach ($users as $user_item)
   $all_users[$user_item['id']] = $user_item['name'];
 
-$tasks = ttTeamHelper::getActiveTasks($user->group_id);
+$tasks = ttTeamHelper::getActiveTasks($user->getActiveGroup());
 foreach ($tasks as $task_item)
   $all_tasks[$task_item['id']] = $task_item['name'];
 
-- 
2.20.1