From ae00c14ac2999773e17a761542932cb95420430a Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Tue, 13 Mar 2018 21:22:56 +0000 Subject: [PATCH] Split data_entry right into track_time and track_expenses. --- WEB-INF/lib/ttRoleHelper.class.php | 12 ++++++------ WEB-INF/lib/ttTeamHelper.class.php | 8 ++++---- WEB-INF/lib/ttUser.class.php | 13 +++++++++---- WEB-INF/templates/footer.tpl | 2 +- dbinstall.php | 11 +++++++---- expense_delete.php | 2 +- expense_edit.php | 2 +- expenses.php | 2 +- mobile/expense_delete.php | 2 +- mobile/expense_edit.php | 2 +- mobile/expenses.php | 2 +- mobile/projects.php | 2 +- mobile/time.php | 2 +- mobile/time_delete.php | 2 +- mobile/time_edit.php | 2 +- mobile/timer.php | 2 +- mysql.sql | 4 ++-- projects.php | 2 +- role_add.php | 2 +- time.php | 2 +- time_delete.php | 2 +- time_edit.php | 2 +- week.php | 2 +- 23 files changed, 46 insertions(+), 38 deletions(-) diff --git a/WEB-INF/lib/ttRoleHelper.class.php b/WEB-INF/lib/ttRoleHelper.class.php index 20d31bcd..bcd66051 100644 --- a/WEB-INF/lib/ttRoleHelper.class.php +++ b/WEB-INF/lib/ttRoleHelper.class.php @@ -111,7 +111,7 @@ class ttRoleHelper { } // isClientRole determines if the role is a "client" role. - // This simply means the role has no "data_entry" right. + // This simply means the role has no "track_own_time" right. static function isClientRole($role_id) { global $user; $mdb2 = getConnection(); @@ -122,7 +122,7 @@ class ttRoleHelper { if (!is_a($res, 'PEAR_Error')) { $val = $res->fetchRow(); if ($val['rights']) { - return !in_array('data_entry', explode(',', $val['rights'])); + return !in_array('track_own_time', explode(',', $val['rights'])); } } return false; @@ -222,8 +222,8 @@ class ttRoleHelper { $mdb2 = getConnection(); $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings'; - $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users'; - $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; + $rights_user = 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,manage_own_settings,view_users'; + $rights_supervisor = $rights_user.',track_time,track_expenses,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices'; $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'; @@ -280,8 +280,8 @@ class ttRoleHelper { global $user; $rights_client = 'view_own_reports,view_own_charts,view_own_invoices,manage_own_settings'; - $rights_user = 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users'; - $rights_supervisor = $rights_user.',on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; + $rights_user = 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,manage_own_settings,view_users'; + $rights_supervisor = $rights_user.',track_time,track_expenses,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets'; $rights_comanager = $rights_supervisor.',manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices'; $rights_manager = $rights_comanager.',manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'; diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php index d20f2a23..38a2d819 100644 --- a/WEB-INF/lib/ttTeamHelper.class.php +++ b/WEB-INF/lib/ttTeamHelper.class.php @@ -276,9 +276,9 @@ class ttTeamHelper { $result = array(); if (!is_a($res, 'PEAR_Error')) { while ($val = $res->fetchRow()) { - $val['is_client'] = in_array('data_entry', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right. + $val['is_client'] = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right. if ($val['is_client'] && !$user->isPluginEnabled('cl')) - continue; // Skip adding a client role/ + continue; // Skip adding a client role. $result[] = $val; } } @@ -296,7 +296,7 @@ class ttTeamHelper { $result = array(); if (!is_a($res, 'PEAR_Error')) { while ($val = $res->fetchRow()) { - $val['is_client'] = in_array('data_entry', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right. + $val['is_client'] = in_array('track_own_time', explode(',', $val['rights'])) ? 0 : 1; // Clients do not have data entry right. $result[] = $val; } } @@ -409,7 +409,7 @@ class ttTeamHelper { $result = array(); $mdb2 = getConnection(); - if (ROLE_CLIENT == $user->role && $user->client_id) + if ($user->isClient()) $client_part = " and i.client_id = $user->client_id"; $sql = "select i.id, i.name, i.date, i.client_id, i.status, c.name as client_name from tt_invoices i diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php index fa9f0201..2f7ff958 100644 --- a/WEB-INF/lib/ttUser.class.php +++ b/WEB-INF/lib/ttUser.class.php @@ -60,8 +60,8 @@ class ttUser { var $custom_logo = 0; // Whether to use a custom logo for team. var $lock_spec = null; // Cron specification for record locking. var $workday_minutes = 480; // Number of work minutes in a regular day. - var $rights = array(); // An array of user rights such as 'data_entry', etc. - var $is_client = false; // Whether user is a client as determined by missing 'data_entry' right. + var $rights = array(); // An array of user rights such as 'track_own_time', etc. + var $is_client = false; // Whether user is a client as determined by missing 'track_own_time' right. // Constructor. function __construct($login, $id = null) { @@ -97,7 +97,7 @@ class ttUser { $this->role = $val['role']; $this->role_id = $val['role_id']; $this->rights = explode(',', $val['rights']); - $this->is_client = !in_array('data_entry', $this->rights); + $this->is_client = !in_array('track_own_time', $this->rights); $this->rank = $val['rank']; // Downgrade rank to legacy role, if it is still in use. if ($this->role > 0 && $this->rank > $this->role) @@ -142,11 +142,16 @@ class ttUser { } } - // The getActiveUser returns user id on behalf of whom current user is operating. + // The getActiveUser returns user id on behalf of whom the current user is operating. function getActiveUser() { return ($this->behalf_id ? $this->behalf_id : $this->id); } + // can - determines whether user has a right to do something. + function can($do_something) { + return in_array($do_something, $this->rights); + } + // isAdmin - determines whether current user is admin (has right_administer_site). function isAdmin() { return (right_administer_site & $this->role); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index b4683b9b..364fc349 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
- - - + +
 Anuko Time Tracker 1.17.42.4068 | Copyright © Anuko | +  Anuko Time Tracker 1.17.43.4069 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/dbinstall.php b/dbinstall.php index d461dcb7..3db74cc5 100644 --- a/dbinstall.php +++ b/dbinstall.php @@ -722,7 +722,7 @@ if ($_POST) { setChange("ALTER TABLE `tt_log` ADD `paid` tinyint(4) NULL default '0' AFTER `billable`"); } - if ($_POST["convert11400to11740"]) { + if ($_POST["convert11400to11743"]) { setChange("ALTER TABLE `tt_teams` DROP `address`"); setChange("ALTER TABLE `tt_fav_reports` ADD `report_spec` text default NULL AFTER `user_id`"); setChange("ALTER TABLE `tt_fav_reports` ADD `paid_status` tinyint(4) default NULL AFTER `invoice`"); @@ -757,6 +757,9 @@ if ($_POST) { setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_data', 'view_reports,view_charts') where team_id > 0"); setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.35') set rights = replace(rights, 'view_own_charts,manage_own_settings', 'view_own_charts,view_own_invoices,manage_own_settings') where team_id > 0 and rank = 16"); setChange("UPDATE `tt_site_config` SET `param_value` = '1.17.40' where param_name = 'version_db'"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.40') set rights = replace(rights, 'on_behalf_data_entry', 'track_time,track_expenses')"); + setChange("update `tt_roles` inner join `tt_site_config` sc on (sc.param_name = 'version_db' and sc.param_value = '1.17.40') set rights = replace(rights, 'data_entry', 'track_own_time,track_own_expenses')"); + setChange("UPDATE `tt_site_config` SET `param_value` = '1.17.43' where param_name = 'version_db'"); } if ($_POST["cleanup"]) { @@ -802,7 +805,7 @@ if ($_POST) {

DB Install

-
Create database structure (v1.17.40) + Create database structure (v1.17.43)
(applies only to new installations, do not execute when updating)
@@ -838,8 +841,8 @@ if ($_POST) {
Update database structure (v1.14 to v1.17.40)
Update database structure (v1.14 to v1.17.43)
diff --git a/expense_delete.php b/expense_delete.php index d17f251e..d5b4e8d2 100644 --- a/expense_delete.php +++ b/expense_delete.php @@ -32,7 +32,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/expense_edit.php b/expense_edit.php index 3fd23591..dbd14d96 100644 --- a/expense_edit.php +++ b/expense_edit.php @@ -33,7 +33,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/expenses.php b/expenses.php index a6502fa1..ca681d41 100644 --- a/expenses.php +++ b/expenses.php @@ -34,7 +34,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php index 1b4a3905..da902b4f 100644 --- a/mobile/expense_delete.php +++ b/mobile/expense_delete.php @@ -32,7 +32,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php index e54ffb05..fff249e7 100644 --- a/mobile/expense_edit.php +++ b/mobile/expense_edit.php @@ -33,7 +33,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/expenses.php b/mobile/expenses.php index 24c78ce0..40b3a342 100644 --- a/mobile/expenses.php +++ b/mobile/expenses.php @@ -34,7 +34,7 @@ import('DateAndTime'); import('ttExpenseHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('ex')) { +if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/projects.php b/mobile/projects.php index 0a9c490c..a6aa0448 100644 --- a/mobile/projects.php +++ b/mobile/projects.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('track_own_time') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time.php b/mobile/time.php index dcef6483..1a4b235c 100644 --- a/mobile/time.php +++ b/mobile/time.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time_delete.php b/mobile/time_delete.php index 81e0c654..63884d23 100644 --- a/mobile/time_delete.php +++ b/mobile/time_delete.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/time_edit.php b/mobile/time_edit.php index 74805ab7..25c5c92c 100644 --- a/mobile/time_edit.php +++ b/mobile/time_edit.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/mobile/timer.php b/mobile/timer.php index 47310b72..6851052f 100644 --- a/mobile/timer.php +++ b/mobile/timer.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/mysql.sql b/mysql.sql index ffba70f1..a3c1cbc0 100644 --- a/mysql.sql +++ b/mysql.sql @@ -66,7 +66,7 @@ create unique index role_idx on tt_roles(team_id, rank, status); # Insert site-wide roles - site administrator and top manager. INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Site administrator', 1024, 'administer_site'); -INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'data_entry,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,on_behalf_data_entry,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'); +INSERT INTO `tt_roles` (`team_id`, `name`, `rank`, `rights`) VALUES (0, 'Top manager', 512, 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,view_own_invoices,manage_own_settings,view_users,track_time,track_expenses,view_reports,view_charts,override_punch_mode,swap_roles,approve_timesheets,manage_users,manage_projects,manage_tasks,manage_custom_fields,manage_clients,manage_invoices,manage_features,manage_basic_settings,manage_advanced_settings,manage_roles,export_data,manage_subgroups'); # @@ -427,4 +427,4 @@ CREATE TABLE `tt_site_config` ( PRIMARY KEY (`param_name`) ); -INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.40', now()); # TODO: change when structure changes. +INSERT INTO `tt_site_config` (`param_name`, `param_value`, `created`) VALUES ('version_db', '1.17.43', now()); # TODO: change when structure changes. diff --git a/projects.php b/projects.php index d5f3bc12..ce7bb9a1 100644 --- a/projects.php +++ b/projects.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTeamHelper'); // Access check. -if (!ttAccessAllowed('data_entry') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { +if (!ttAccessAllowed('track_own_time') || (MODE_PROJECTS != $user->tracking_mode && MODE_PROJECTS_AND_TASKS != $user->tracking_mode)) { header('Location: access_denied.php'); exit(); } diff --git a/role_add.php b/role_add.php index 684ee11b..7a01cfcd 100644 --- a/role_add.php +++ b/role_add.php @@ -67,7 +67,7 @@ if ($request->isPost()) { 'name' => $cl_name, 'rank' => $cl_rank, 'description' => $cl_description, - 'rights' => 'data_entry,view_own_reports,view_own_charts,manage_own_settings,view_users', // Default user rights. + 'rights' => 'track_own_time,track_own_expenses,view_own_reports,view_own_charts,manage_own_settings,view_users', // Default user rights. 'status' => ACTIVE))) { header('Location: roles.php'); exit(); diff --git a/time.php b/time.php index aeeedd25..62d6bced 100644 --- a/time.php +++ b/time.php @@ -42,7 +42,7 @@ import('DateAndTime'); // } // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/time_delete.php b/time_delete.php index 3b4d95c2..0cdd8816 100644 --- a/time_delete.php +++ b/time_delete.php @@ -33,7 +33,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/time_edit.php b/time_edit.php index b665bf86..3f2035c9 100644 --- a/time_edit.php +++ b/time_edit.php @@ -35,7 +35,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry')) { +if (!ttAccessAllowed('track_own_time')) { header('Location: access_denied.php'); exit(); } diff --git a/week.php b/week.php index be89944c..6bd2d492 100644 --- a/week.php +++ b/week.php @@ -39,7 +39,7 @@ import('ttTimeHelper'); import('DateAndTime'); // Access check. -if (!ttAccessAllowed('data_entry') || !$user->isPluginEnabled('wv')) { +if (!ttAccessAllowed('track_own_time') || !$user->isPluginEnabled('wv')) { header('Location: access_denied.php'); exit(); } -- 2.20.1