From d013f6f24164f5476cd270ceee3d5b7edf74ce79 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Mon, 4 Mar 2019 18:41:53 +0000 Subject: [PATCH] Added a check for timesheet delete operation possibility. --- WEB-INF/templates/footer.tpl | 2 +- WEB-INF/templates/timesheet_edit.tpl | 2 +- timesheet_edit.php | 12 ++++++++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index fea07f59..b1be81d2 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
- - +
 Anuko Time Tracker 1.18.52.4821 | Copyright © Anuko | +  Anuko Time Tracker 1.18.52.4822 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/WEB-INF/templates/timesheet_edit.tpl b/WEB-INF/templates/timesheet_edit.tpl index 5848c571..ec112360 100644 --- a/WEB-INF/templates/timesheet_edit.tpl +++ b/WEB-INF/templates/timesheet_edit.tpl @@ -25,7 +25,7 @@
{$forms.timesheetForm.btn_save.control} {$forms.timesheetForm.btn_delete.control}{$forms.timesheetForm.btn_save.control} {if $can_delete}{$forms.timesheetForm.btn_delete.control}{/if}
diff --git a/timesheet_edit.php b/timesheet_edit.php index 7919125a..b883b20e 100644 --- a/timesheet_edit.php +++ b/timesheet_edit.php @@ -57,6 +57,11 @@ if ($request->isPost()) { $cl_status = $timesheet['status']; } +// Can we delete this timesheet? +$canDelete = $timesheet['approve_status'] != 1 + || (($user->id == $timesheet['user_id'] && $user->can('approve_own_timesheets')) + || ($user->id != $timesheet['user_id'] && $user->can('approve_timesheets'))); + $form = new Form('timesheetForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_timesheet_id)); $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'timesheet_name','style'=>'width: 250px;','value'=>$cl_name)); @@ -64,7 +69,7 @@ $form->addInput(array('type'=>'textarea','name'=>'comment','style'=>'width: 250p $form->addInput(array('type'=>'combobox','name'=>'status','value'=>$cl_status, 'data'=>array(ACTIVE=>$i18n->get('dropdown.status_active'),INACTIVE=>$i18n->get('dropdown.status_inactive')))); $form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save'))); -$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); +if ($canDelete) $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); if ($request->isPost()) { // Validate user input. @@ -90,7 +95,7 @@ if ($request->isPost()) { } } - if ($request->getParameter('btn_delete')) { + if ($request->getParameter('btn_delete') && $canDelete) { header("Location: timesheet_delete.php?id=$cl_timesheet_id"); exit(); } @@ -98,8 +103,7 @@ if ($request->isPost()) { $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('onload', 'onLoad="document.timesheetForm.timesheet_name.focus()"'); -$smarty->assign('show_users', count($users) > 0); -$smarty->assign('show_tasks', $show_tasks); +$smarty->assign('can_delete', $canDelete); $smarty->assign('title', $i18n->get('title.edit_timesheet')); $smarty->assign('content_page_name', 'timesheet_edit.tpl'); $smarty->display('index.tpl'); -- 2.20.1