From bfbd5b318b37a66ece219e719734a60249781b6d Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Thu, 28 Feb 2019 22:00:25 +0000 Subject: [PATCH] More work in progress on timesheets, simplifying access rights. --- WEB-INF/lib/ttTimesheetHelper.class.php | 10 +++------- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/timesheet_view.tpl | 12 +++++------- WEB-INF/templates/timesheets.tpl | 8 -------- timesheet_add.php | 2 +- timesheet_delete.php | 2 +- timesheet_edit.php | 2 +- timesheet_view.php | 11 +++++------ timesheets.php | 24 +++++++++++++----------- 9 files changed, 30 insertions(+), 43 deletions(-) diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php index e65a6216..25685483 100644 --- a/WEB-INF/lib/ttTimesheetHelper.class.php +++ b/WEB-INF/lib/ttTimesheetHelper.class.php @@ -170,16 +170,12 @@ class ttTimesheetHelper { global $user; $mdb2 = getConnection(); + $user_id = $user->getUser(); $group_id = $user->getGroup(); $org_id = $user->org_id; - if ($user->isClient()) $client_part = "and ts.client_id = $user->client_id"; - - $sql = "select ts.id, ts.user_id, u.name as user_name, ts.client_id, c.name as client_name,". - " ts.name, ts.submitter_comment, ts.submit_status, ts.approval_status, ts.manager_comment from tt_timesheets ts". - " left join tt_users u on (u.id = ts.user_id)". - " left join tt_clients c on (c.id = ts.client_id)". - " where ts.id = $timesheet_id and ts.group_id = $group_id and ts.org_id = $org_id $client_part and ts.status is not null"; + $sql = "select * from tt_timesheets". + " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id and status is not null"; $res = $mdb2->query($sql); if (!is_a($res, 'PEAR_Error')) { if ($val = $res->fetchRow()) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 5499b12e..e23882ac 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
- {/if} -{if $not_client} - {if $timesheet['submitter_comment']} +{if $timesheet['submitter_comment']} - {/if} - {if $timesheet['submit_status']} +{/if} +{if $timesheet['submit_status']} {/if} - {/if} - {if $timesheet['manager_comment']} +{/if} +{if $timesheet['manager_comment']} - {/if} {/if}
 Anuko Time Tracker 1.18.46.4794 | Copyright © Anuko | +  Anuko Time Tracker 1.18.46.4795 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/timesheet_view.tpl b/WEB-INF/templates/timesheet_view.tpl index 97591fe0..e6988253 100644 --- a/WEB-INF/templates/timesheet_view.tpl +++ b/WEB-INF/templates/timesheet_view.tpl @@ -11,17 +11,15 @@ {if $timesheet['client_id']}
{$i18n.label.client}: {$timesheet['client_name']|escape}
{$i18n.label.submitted}: {if $timesheet.submit_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}
{$i18n.label.comment}: {$timesheet['submitter_comment']|escape}
{$i18n.label.approved}: {if $timesheet.approval_status != null}{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}
{$i18n.label.note}: {$timesheet['manager_comment']|escape}
diff --git a/WEB-INF/templates/timesheets.tpl b/WEB-INF/templates/timesheets.tpl index df4782b6..907f4155 100644 --- a/WEB-INF/templates/timesheets.tpl +++ b/WEB-INF/templates/timesheets.tpl @@ -21,9 +21,7 @@ {$i18n.label.submitted} {$i18n.label.approved} {$i18n.label.view} -{if $can_edit} {$i18n.label.edit} -{/if} {foreach $active_timesheets as $timesheet} @@ -38,9 +36,7 @@ {if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if} {/if} {$i18n.label.view} - {if $can_edit} {$i18n.label.edit} - {/if} {/foreach} @@ -61,9 +57,7 @@ {$i18n.label.submitted} {$i18n.label.approved} {$i18n.label.view} - {if $can_edit} {$i18n.label.edit} - {/if} {foreach $inactive_timesheets as $timesheet} @@ -78,9 +72,7 @@ {if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if} {/if} {$i18n.label.view} - {if $can_edit} {$i18n.label.edit} - {/if} {/foreach} diff --git a/timesheet_add.php b/timesheet_add.php index c450695e..294886be 100644 --- a/timesheet_add.php +++ b/timesheet_add.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets') || ttAccessAllowed('manage_all_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/timesheet_delete.php b/timesheet_delete.php index e4bf453c..5e98a6cc 100644 --- a/timesheet_delete.php +++ b/timesheet_delete.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/timesheet_edit.php b/timesheet_edit.php index 1708bdf7..d275ce5f 100644 --- a/timesheet_edit.php +++ b/timesheet_edit.php @@ -31,7 +31,7 @@ import('form.Form'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } diff --git a/timesheet_view.php b/timesheet_view.php index e86b2df7..df28e306 100644 --- a/timesheet_view.php +++ b/timesheet_view.php @@ -30,7 +30,7 @@ require_once('initialize.php'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } @@ -38,8 +38,8 @@ if (!$user->isPluginEnabled('ts')) { header('Location: feature_disabled.php'); exit(); } -$timesheet_id = (int)$request->getParameter('id'); -$timesheet = ttTimesheetHelper::getTimesheet($timesheet_id); +$cl_timesheet_id = (int)$request->getParameter('id'); +$timesheet = ttTimesheetHelper::getTimesheet($cl_timesheet_id); if (!$timesheet) { header('Location: access_denied.php'); exit(); @@ -55,13 +55,12 @@ if ($request->isPost()) { $options = ttTimesheetHelper::getReportOptions($timesheet); $subtotals = ttReportHelper::getSubtotals($options); $totals = ttReportHelper::getTotals($options); -$notClient = !$user->isClient(); // Determine which controls to show and obtain date for them. -$showSubmit = $notClient && !$timesheet['submit_status']; +$showSubmit = !$timesheet['submit_status']; if ($showSubmit) $approvers = ttTimesheetHelper::getApprovers($timesheet['user_id']); $canApprove = $user->can('approve_timesheets') || $user->can('approve_all_timesheets'); -$showApprove = $notClient && $timesheet['submit_status'] && $timesheet['approval_status'] == null; +$showApprove = $timesheet['submit_status'] && $timesheet['approval_status'] == null; // Add a form with controls. $form = new Form('timesheetForm'); diff --git a/timesheets.php b/timesheets.php index cc43f0dd..650575e6 100644 --- a/timesheets.php +++ b/timesheets.php @@ -32,22 +32,26 @@ import('ttGroupHelper'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) { +if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } -if (!$user->isPluginEnabled('ts')) { - header('Location: feature_disabled.php'); +if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) { + header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user. + exit(); +} +if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) { + header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf. exit(); } -if ($user->isClient()) { - header('Location: access_denied.php'); // No timesheets for clients. +if (!$user->isPluginEnabled('ts')) { + header('Location: feature_disabled.php'); exit(); } if ($request->isPost()) { $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below. - if ($userChanged && !($user->can('view_timesheets') && $user->isUserValid($request->getParameter('user')))) { - header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. TODO: research relevance of this... + if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) { + header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. exit(); } } @@ -66,9 +70,9 @@ $group_id = $user->getGroup(); // Elements of timesheetsForm. $form = new Form('timesheetsForm'); -if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) { +if ($user->can('track_time')) { $rank = $user->getMaxRankForGroup($group_id); - if ($user->can('view_own_timesheets')) + if ($user->can('track_own_time')) $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true); else $options = array('status'=>ACTIVE,'max_rank'=>$rank); @@ -90,12 +94,10 @@ $active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id); $inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id); $showClient = $user->isPluginEnabled('cl'); -$canEdit = $user->can('manage_own_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets'); $smarty->assign('active_timesheets', $active_timesheets); $smarty->assign('inactive_timesheets', $inactive_timesheets); $smarty->assign('show_client', $showClient); -$smarty->assign('can_edit', $canEdit); $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('title', $i18n->get('title.timesheets')); $smarty->assign('content_page_name', 'timesheets.tpl'); -- 2.20.1