From 83987222fbafb8d6dbbbd9578ed2f949f65004d3 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Wed, 11 Apr 2018 14:38:47 +0000
Subject: [PATCH] Introduced delete_group right.

---
 WEB-INF/templates/group_delete.tpl | 20 +++++++++
 dbinstall.php                      | 10 +++--
 group_delete.php                   | 71 ++++++++++++++++++++++++++++++
 mysql.sql                          |  4 +-
 4 files changed, 99 insertions(+), 6 deletions(-)
 create mode 100644 WEB-INF/templates/group_delete.tpl
 create mode 100644 group_delete.php

diff --git a/WEB-INF/templates/group_delete.tpl b/WEB-INF/templates/group_delete.tpl
new file mode 100644
index 00000000..57164d4a
--- /dev/null
+++ b/WEB-INF/templates/group_delete.tpl
@@ -0,0 +1,20 @@
+{$forms.groupForm.open}
+<table cellspacing="4" cellpadding="7" border="0">
+  <tr>
+    <td>
+      <table cellspacing="0" cellpadding="0" border="0">
+        <tr>
+          <td colspan="2" align="center"><b>{$group_to_delete|escape}</b></td>
+        </tr>
+        <tr>
+          <td colspan="2" align="center">&nbsp;</td>
+        </tr>
+        <tr>
+          <td align="right">{$forms.groupForm.btn_delete.control}&nbsp;</td>
+          <td align="left">&nbsp;{$forms.groupForm.btn_cancel.control}</td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+{$forms.groupForm.close}
diff --git a/dbinstall.php b/dbinstall.php
index b076741e..d5059444 100644
--- a/dbinstall.php
+++ b/dbinstall.php
@@ -805,7 +805,7 @@ if ($_POST) {
     print "Updated $users_updated users...<br>\n";
   }
 
-  if ($_POST["convert11744to11787"]) {
+  if ($_POST["convert11744to11788"]) {
     setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.44') set rights = replace(rights, 'override_punch_mode,override_date_lock', 'override_punch_mode,override_own_punch_mode,override_date_lock')");
     setChange("UPDATE `tt_site_config` SET param_value = '1.17.48' where param_name = 'version_db' and param_value = '1.17.44'");
     setChange("update `tt_users` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.48') set role_id = (select id from tt_roles where team_id = 0 and rank = 512) where role = 324");
@@ -897,6 +897,8 @@ if ($_POST) {
     setChange("UPDATE `tt_site_config` SET param_value = '1.17.86', modified = now() where param_name = 'version_db' and param_value = '1.17.85'");
     setChange("ALTER TABLE `tt_groups` ADD `password_complexity` varchar(64) default NULL AFTER `allow_ip`");
     setChange("UPDATE `tt_site_config` SET param_value = '1.17.87', modified = now() where param_name = 'version_db' and param_value = '1.17.86'");
+    setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.87') set rights = replace(rights, 'manage_subgroups', 'manage_subgroups,delete_group') where rank = 512");
+    setChange("UPDATE `tt_site_config` SET param_value = '1.17.88', modified = now() where param_name = 'version_db' and param_value = '1.17.87'");
   }
 
   if ($_POST["cleanup"]) {
@@ -942,7 +944,7 @@ if ($_POST) {
 <h2>DB Install</h2>
 <table width="80%" border="1" cellpadding="10" cellspacing="0">
   <tr>
-    <td width="80%"><b>Create database structure (v1.17.87)</b>
+    <td width="80%"><b>Create database structure (v1.17.88)</b>
     <br>(applies only to new installations, do not execute when updating)</br></td><td><input type="submit" name="crstructure" value="Create"></td>
   </tr>
 </table>
@@ -982,8 +984,8 @@ if ($_POST) {
     <td><input type="submit" name="convert11400to11744" value="Update"><br><input type="submit" name="update_role_id" value="Update role_id"></td>
   </tr>
     <tr valign="top">
-    <td>Update database structure (v1.17.44 to v1.17.87)</td>
-    <td><input type="submit" name="convert11744to11787" value="Update"></td>
+    <td>Update database structure (v1.17.44 to v1.17.88)</td>
+    <td><input type="submit" name="convert11744to11788" value="Update"></td>
   </tr>
 </table>
 
diff --git a/group_delete.php b/group_delete.php
new file mode 100644
index 00000000..65875fad
--- /dev/null
+++ b/group_delete.php
@@ -0,0 +1,71 @@
+<?php
+// +----------------------------------------------------------------------+
+// | Anuko Time Tracker
+// +----------------------------------------------------------------------+
+// | Copyright (c) Anuko International Ltd. (https://www.anuko.com)
+// +----------------------------------------------------------------------+
+// | LIBERAL FREEWARE LICENSE: This source code document may be used
+// | by anyone for any purpose, and freely redistributed alone or in
+// | combination with other software, provided that the license is obeyed.
+// |
+// | There are only two ways to violate the license:
+// |
+// | 1. To redistribute this code in source form, with the copyright
+// |    notice or license removed or altered. (Distributing in compiled
+// |    forms without embedded copyright notices is permitted).
+// |
+// | 2. To redistribute modified versions of this code in *any* form
+// |    that bears insufficient indications that the modifications are
+// |    not the work of the original author(s).
+// |
+// | This license applies to this document only, not any other software
+// | that it may be combined with.
+// |
+// +----------------------------------------------------------------------+
+// | Contributors:
+// | https://www.anuko.com/time_tracker/credits.htm
+// +----------------------------------------------------------------------+
+
+require_once('initialize.php');
+import('form.Form');
+
+// Access checks.
+if (!ttAccessAllowed('delete_group')) {
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
+
+// TODO: refactor this... and the template.
+$group_id = (int)$request->getParameter('id');
+
+$admin = new ttAdmin();
+$group_details = $admin->getGroupDetails($group_id);
+$group_name = $group_details['group_name'];
+
+$form = new Form('groupForm');
+$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$group_id));
+$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
+$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
+
+if ($request->isPost()) {
+  if ($request->getParameter('btn_delete')) {
+    $result = $admin->markGroupDeleted($group_id);
+    if ($result) {
+      header('Location: admin_groups.php');
+      exit();
+    } else
+      $err->add($i18n->get('error.db'));
+  }
+
+  if ($request->getParameter('btn_cancel')) {
+    header('Location: admin_groups.php');
+    exit();
+  }
+} // isPost
+
+$smarty->assign('group_to_delete', $group_name);
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('title', $i18n->get('title.delete_group'));
+$smarty->assign('content_page_name', 'admin_group_delete.tpl');
+$smarty->display('index.tpl');
diff --git a/mysql.sql b/mysql.sql
index ba798632..37ad65e7 100644
--- a/mysql.sql
+++ b/mysql.sql
@@ -73,7 +73,7 @@ create unique index role_idx on tt_roles(group_id, rank, status);
 
 # Insert site-wide roles - site administrator and top manager.
 INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site');
-INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,view_own_invoices,view_own_projects,view_own_tasks,manage_own_settings,view_users,track_time,track_expenses,view_reports,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,approve_timesheets,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,manage_features,manage_advanced_settings,manage_roles,export_data,manage_subgroups');
+INSERT INTO `tt_roles` (`group_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,view_own_invoices,view_own_projects,view_own_tasks,manage_own_settings,view_users,track_time,track_expenses,view_reports,view_charts,view_own_clients,override_punch_mode,override_own_punch_mode,override_date_lock,override_own_date_lock,swap_roles,approve_timesheets,manage_own_account,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,override_allow_ip,manage_basic_settings,view_all_reports,manage_features,manage_advanced_settings,manage_roles,export_data,manage_subgroups,delete_group');
 
 
 #
@@ -449,4 +449,4 @@ CREATE TABLE `tt_site_config` (
   PRIMARY KEY  (`param_name`)
 );
 
-INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.87', now()); # TODO: change when structure changes.
+INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.88', now()); # TODO: change when structure changes.
-- 
2.20.1