From c3e6cb49a67ee660c2eaeef53e15c85c19d805dd Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Sun, 7 Apr 2019 15:03:34 +0000 Subject: [PATCH] More work in progress integrating attachments in reports. --- WEB-INF/lib/ttReportHelper.class.php | 12 +++++++++++ WEB-INF/lib/ttTimeHelper.class.php | 31 ++++++++++++++++++++++++++++ WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/report.tpl | 5 +++++ report.php | 1 + time_files.php | 11 +++++----- 6 files changed, 55 insertions(+), 7 deletions(-) diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php index 5e8f799f..74f2537f 100644 --- a/WEB-INF/lib/ttReportHelper.class.php +++ b/WEB-INF/lib/ttReportHelper.class.php @@ -154,6 +154,9 @@ class ttReportHelper { global $user; $mdb2 = getConnection(); + $group_id = $user->getGroup(); + $org_id = $user->org_id; + // Determine these once as they are used in multiple places in this function. $canViewReports = $user->can('view_reports') || $user->can('view_all_reports'); $isClient = $user->isClient(); @@ -251,6 +254,9 @@ class ttReportHelper { // Add timesheet name if it is selected. if ($options['show_timesheet']) array_push($fields, 'ts.name as timesheet_name'); + // Add has_files. + if ($options['show_files']) + array_push($fields, 'if(Sub1.entity_id is null, 0, 1) as has_files'); // Prepare sql query part for left joins. $left_joins = null; @@ -274,6 +280,11 @@ class ttReportHelper { } if ($includeCost && MODE_TIME != $trackingMode) $left_joins .= " left join tt_user_project_binds upb on (l.user_id = upb.user_id and l.project_id = upb.project_id)"; + if ($options['show_files']) { + $left_joins .= " left join (select distinct entity_id from tt_files". + " where entity_type = 'time' and group_id = $group_id and org_id = $org_id and status = 1) Sub1". + " on (l.id = Sub1.entity_id)"; + } // Prepare sql query part for inner joins. $inner_joins = null; @@ -1143,6 +1154,7 @@ class ttReportHelper { $options['show_custom_field_1'] = $bean->getAttribute('chcf_1'); $options['show_work_units'] = $bean->getAttribute('chunits'); $options['show_timesheet'] = $bean->getAttribute('chtimesheet'); + $options['show_files'] = $bean->getAttribute('chfiles'); $options['show_totals_only'] = $bean->getAttribute('chtotalsonly'); $options['group_by1'] = $bean->getAttribute('group_by1'); $options['group_by2'] = $bean->getAttribute('group_by2'); diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php index a5152071..9b570ae2 100644 --- a/WEB-INF/lib/ttTimeHelper.class.php +++ b/WEB-INF/lib/ttTimeHelper.class.php @@ -692,6 +692,37 @@ class ttTimeHelper { return false; } + // getRecordForFileView - retrieves a time record identified by its id for + // attachment view operation. + // + // It is different from getRecord, as we want users with appropriate rights + // to be able to see other users files, without changing "on behalf" user. + // For example, viewing reports for all users and their attached files + // from report links. + static function getRecordForFileView($id) { + // TODO: code this function properly. There are no security checks now. + global $user; + + // $user_id = $user->getUser(); + $group_id = $user->getGroup(); + $org_id = $user->org_id; + + $mdb2 = getConnection(); + + $sql = "select l.id, l.timesheet_id, l.invoice_id, l.approved from tt_log l". + " where l.id = $id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1"; + $res = $mdb2->query($sql); + if (!is_a($res, 'PEAR_Error')) { + if (!$res->numRows()) { + return false; + } + if ($val = $res->fetchRow()) { + return $val; + } + } + return false; + } + // getAllRecords - returns all time records for a certain user. static function getAllRecords($user_id) { $result = array(); diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 45e4aecd..96f2ae3e 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
- {/if} {if $bean->getAttribute('chinvoice')}{/if} {if $bean->getAttribute('chtimesheet')}{/if} + {if $bean->getAttribute('chfiles')}{/if} {foreach $report_items as $item} @@ -78,6 +79,7 @@ {if $bean->getAttribute('chip')}{/if} {if $bean->getAttribute('chinvoice')}{/if} {if $bean->getAttribute('chtimesheet')}{/if} + {if $bean->getAttribute('chfiles')}{/if} {if $use_checkboxes}{/if} @@ -105,6 +107,7 @@ {if $bean->getAttribute('chip')}{/if} {if $bean->getAttribute('chtimesheet')}{/if} + {if $bean->getAttribute('chfiles')}{/if} {if $use_checkboxes} {if 1 == $item.type}{/if} {if 2 == $item.type}{/if} @@ -138,6 +141,7 @@ {if $bean->getAttribute('chip')}{/if} {if $bean->getAttribute('chinvoice')}{/if} {if $bean->getAttribute('chtimesheet')}{/if} + {if $bean->getAttribute('chfiles')}{/if} {if $use_checkboxes}{/if} {/if} @@ -160,6 +164,7 @@ {if $bean->getAttribute('chip')}{/if} {if $bean->getAttribute('chinvoice')}{/if} {if $bean->getAttribute('chtimesheet')}{/if} + {if $bean->getAttribute('chfiles')}{/if} {if $use_checkboxes}{/if} {/if} diff --git a/report.php b/report.php index 620064af..3bd410a4 100644 --- a/report.php +++ b/report.php @@ -299,6 +299,7 @@ if ($bean->getAttribute('chpaid')) $colspan++; if ($bean->getAttribute('chip')) $colspan++; if ($bean->getAttribute('chinvoice')) $colspan++; if ($bean->getAttribute('chtimesheet')) $colspan++; +if ($bean->getAttribute('chfiles')) $colspan++; // Assign variables that are used to alternate color of rows for different dates. $smarty->assign('prev_date', ''); diff --git a/time_files.php b/time_files.php index 2ba0efce..40a0c506 100644 --- a/time_files.php +++ b/time_files.php @@ -36,17 +36,16 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) { header('Location: access_denied.php'); exit(); } +if (!$user->isPluginEnabled('at')) { + header('Location: feature_disabled.php'); + exit(); +} $cl_id = (int)$request->getParameter('id'); -$time_rec = ttTimeHelper::getRecord($cl_id); +$time_rec = ttTimeHelper::getRecordForFileView($cl_id); if (!$time_rec) { header('Location: access_denied.php'); exit(); } -if (!$user->isPluginEnabled('at')) { - header('Location: feature_disabled.php'); - exit(); -} -// TODO: review access checks, specifically for on behalf operations. // End of access checks. if ($request->isPost()) { -- 2.20.1
 Anuko Time Tracker 1.18.64.4917 | Copyright © Anuko | +  Anuko Time Tracker 1.18.64.4918 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/report.tpl b/WEB-INF/templates/report.tpl index df122486..d0304a9f 100644 --- a/WEB-INF/templates/report.tpl +++ b/WEB-INF/templates/report.tpl @@ -54,6 +54,7 @@ {if $bean->getAttribute('chip')}{$i18n.label.ip}{$i18n.label.invoice}{$i18n.label.timesheet}
 
{if $item.modified}{$item.modified_ip} {$item.modified}{else}{$item.created_ip} {$item.created}{/if}{/if} {if $bean->getAttribute('chinvoice')}{$item.invoice|escape}{$item.timesheet_name|escape}{if $item.has_files}{$i18n.label.files}{/if}