projects / timetracker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
posaune
[timetracker.git] / expense_edit.php
diff --git a/expense_edit.php b/expense_edit.php
index 667d034..3cebac1 100644 (file)
--- a/expense_edit.php
+++ b/expense_edit.php
@@ -30,6 +30,7 @@ require_once('initialize.php');
 import('form.Form');
 import('ttGroupHelper');
 import('DateAndTime');
+import('ttTimeHelper');
 import('ttExpenseHelper');
 
 // Access checks.
@@ -44,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
 $cl_id = (int)$request->getParameter('id');
 // Get the expense item we are editing.
 $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
   header('Location: access_denied.php');
   exit();
 }
@@ -159,7 +160,7 @@ $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get(
 
 if ($request->isPost()) {
   // Validate user input.
-  if ($user->isPluginEnabled('cl') && $user->isPluginEnabled('cm') && !$cl_client)
+  if ($user->isPluginEnabled('cl') && $user->isOptionEnabled('client_required') && !$cl_client)
     $err->add($i18n->get('error.client'));
   if ($show_project && !$cl_project)
     $err->add($i18n->get('error.project'));
@@ -176,6 +177,8 @@ if ($request->isPost()) {
     if ($new_date->after($browser_today))
       $err->add($i18n->get('error.future_date'));
   }
+  if (!ttTimeHelper::canAdd()) $err->add($i18n->get('error.expired'));
+  // Finished validating user input.
 
   // Save record.
   if ($request->getParameter('btn_save')) {
@@ -194,7 +197,7 @@ if ($request->isPost()) {
 
     // Now, an update.
     if ($err->no()) {
-      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(),
+      if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),
           'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'paid'=>$cl_paid))) {
         header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT));
         exit();
@@ -229,11 +232,12 @@ if ($confirm_save) {
   $smarty->assign('confirm_save', true);
   $smarty->assign('entry_date', $cl_date);
 }
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('show_project', $show_project);
 $smarty->assign('predefined_expenses', $predefined_expenses);
 $smarty->assign('client_list', $client_list);
 $smarty->assign('project_list', $project_list);
 $smarty->assign('task_list', $task_list);
-$smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('title', $i18n->get('title.edit_expense'));
 $smarty->assign('content_page_name', 'expense_edit.tpl');
 $smarty->display('index.tpl');
Unnamed repository; edit this file 'description' to name the repository.