From c3c78e060ef21bf5f4f2fe60fb1202da2489374b Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Mon, 2 Apr 2018 13:56:48 +0000
Subject: [PATCH] Made group name read-only for users without
 manage_advanced_settings right.

---
 WEB-INF/templates/footer.tpl | 2 +-
 group_edit.php               | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 79fc1506..eddadab9 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.86.4218 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.86.4219 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/group_edit.php b/group_edit.php
index eb6995a5..42fe3648 100644
--- a/group_edit.php
+++ b/group_edit.php
@@ -32,12 +32,13 @@ import('ttUserHelper');
 import('ttRoleHelper');
 
 // Access checks.
-if (!ttAccessAllowed('manage_basic_settings')) {
+if (!(ttAccessAllowed('manage_basic_settings') || ttAccessAllowed('manage_advanced_settings'))) {
   header('Location: access_denied.php');
   exit();
 }
 // End of access checks.
 
+$advanced_settings = $user->can('manage_advanced_settings');
 if (!defined('CURRENCY_DEFAULT')) define('CURRENCY_DEFAULT', '$');
 
 if ($request->isPost()) {
@@ -111,7 +112,7 @@ if ($request->isPost()) {
 }
 
 $form = new Form('groupForm');
-$form->addInput(array('type'=>'text','maxlength'=>'200','name'=>'team_name','value'=>$cl_team));
+$form->addInput(array('type'=>'text','maxlength'=>'200','name'=>'team_name','value'=>$cl_team,'enable'=>$advanced_settings));
 $form->addInput(array('type'=>'text','maxlength'=>'7','name'=>'currency','value'=>$cl_currency));
 
 // Prepare an array of available languages.
@@ -187,8 +188,8 @@ $form->addInput(array('type'=>'checkbox','name'=>'future_entries','value'=>$cl_f
 // Uncompleted indicators checkbox.
 $form->addInput(array('type'=>'checkbox','name'=>'uncompleted_indicators','value'=>$cl_uncompleted_indicators));
 
-// Add bcc email control, for manager only.
-if ($user->can('manage_advanced_settings')) {
+// Add bcc email control.
+if ($advanced_settings) {
   $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'bcc_email','value'=>$cl_bcc_email));
   $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'allow_ip','value'=>$cl_allow_ip));
 }
-- 
2.20.1