From b134135b685422ddcdc2d6856972c60ea15f661f Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Sat, 3 Nov 2018 15:34:15 +0000
Subject: [PATCH] Work in progress on subgroups. Made user list population more
 robust.

---
 WEB-INF/lib/ttGroupHelper.class.php | 16 +++++++++++++
 WEB-INF/lib/ttUser.class.php        | 35 +++++++++++++++++++++++++++++
 WEB-INF/templates/footer.tpl        |  2 +-
 initialize.php                      |  1 +
 time.php                            |  7 +++---
 5 files changed, 56 insertions(+), 5 deletions(-)

diff --git a/WEB-INF/lib/ttGroupHelper.class.php b/WEB-INF/lib/ttGroupHelper.class.php
index 22362b5b..3fb01c60 100644
--- a/WEB-INF/lib/ttGroupHelper.class.php
+++ b/WEB-INF/lib/ttGroupHelper.class.php
@@ -62,4 +62,20 @@ class ttGroupHelper {
     }
     return false;
   }
+
+  // The getParentGroup determines a parent group for a given group.
+  static function getParentGroup($group_id) {
+    global $user;
+
+    $mdb2 = getConnection();
+
+    $sql = "select parent_id from tt_groups where id = $group_id and org_id = $user->org_id and status = 1";
+    $res = $mdb2->query($sql);
+
+    if (!is_a($res, 'PEAR_Error')) {
+      $val = $res->fetchRow();
+      return $val['parent_id'];
+    }
+    return false;
+  }
 }
diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 003cf0fe..b7ea34f0 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -559,4 +559,39 @@ class ttUser {
 
     return true;
   }
+
+  // isSubgroupValid determines if a subgroup is valid for user.
+  // A subgroup is valid if:
+  //   - user can manage_subgroups;
+  //   - subgroup is either a direct child of user group, or "on the path"
+  //   to it (grand-child, etc.).
+  function isSubgroupValid($subgroup_id) {
+    if (!$this->can('manage_subgroups')) return false; // User cannot manage subgroups.
+
+    $current_group_id = $subgroup_id;
+    while ($parent_group_id = ttGroupHelper::getParentGroup($current_group_id)) {
+      if ($parent_group_id == $this->group_id) {
+        return true; // Found it.
+      }
+      $current_group_id = $parent_group_id;
+    }
+    return false;
+  }
+
+  // getMaxRankForGroup determines effective user rank for a user in a given group.
+  // For home group it is the existing user rank (as per role) minus 1.
+  // For subgroups, if user can "manage_subgroups", it is MAX_RANK.
+  function getMaxRankForGroup($group_id) {
+
+    $max_rank = 0; // Start safely.
+    if ($this->group_id == $group_id) {
+      $max_rank = $this->rank - 1;
+      return $max_rank;
+    }
+
+    if ($this->isSubgroupValid($group_id))
+      $max_rank = MAX_RANK;
+
+    return $max_rank;
+  }
 }
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index d9c3e334..fda4c01a 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.06.4352 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.06.4353 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/initialize.php b/initialize.php
index 79540850..241d7233 100644
--- a/initialize.php
+++ b/initialize.php
@@ -42,6 +42,7 @@ define("LIBRARY_DIR", APP_DIR."/WEB-INF/lib");
 define("TEMPLATE_DIR", APP_DIR."/WEB-INF/templates");
 // Date format for database and URI parameters.
 define('DB_DATEFORMAT', '%Y-%m-%d');
+define('MAX_RANK', 512); // Max user rank.
 
 require_once(LIBRARY_DIR.'/common.lib.php');
 
diff --git a/time.php b/time.php
index da816362..6d62fb69 100644
--- a/time.php
+++ b/time.php
@@ -124,12 +124,11 @@ if ($user->can('manage_subgroups')) {
 } // SUBGROUP_DEBUG
 
 if ($user->can('track_time')) {
-  // Determine max rank.
-  $max_rank = $on_behalf_group_id == $user->group_id ? $user->rank-1 : 512; // TODO: stop using magic numbers.
+  $rank = $user->getMaxRankForGroup($on_behalf_group_id);
   if ($user->can('track_own_time'))
-    $options = array('group_id'=>$on_behalf_group_id,'status'=>ACTIVE,'max_rank'=>$max_rank,'include_self'=>true,'self_first'=>true);
+    $options = array('group_id'=>$on_behalf_group_id,'status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
   else
-    $options = array('group_id'=>$on_behalf_group_id,'status'=>ACTIVE,'max_rank'=>$max_rank);
+    $options = array('group_id'=>$on_behalf_group_id,'status'=>ACTIVE,'max_rank'=>$rank);
   $user_list = $user->getUsers($options);
   if (count($user_list) >= 1) {
     $form->addInput(array('type'=>'combobox',
-- 
2.20.1