posaune

[timetracker.git] / timesheet_edit.php

diff --git a/timesheet_edit.php b/timesheet_edit.php
index 1708bdf..b883b20 100644 (file)
--- a/timesheet_edit.php
+++ b/timesheet_edit.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -53,10 +53,15 @@ if ($request->isPost()) {
   $cl_status = $request->getParameter('status');
 } else {
   $cl_name = $timesheet['name'];
-  $cl_comment = $timesheet['submitter_comment'];
+  $cl_comment = $timesheet['comment'];
   $cl_status = $timesheet['status'];
 }
 
+// Can we delete this timesheet?
+$canDelete = $timesheet['approve_status'] != 1
+  || (($user->id == $timesheet['user_id'] && $user->can('approve_own_timesheets'))
+  || ($user->id != $timesheet['user_id'] && $user->can('approve_timesheets')));
+
 $form = new Form('timesheetForm');
 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_timesheet_id));
 $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'timesheet_name','style'=>'width: 250px;','value'=>$cl_name));
@@ -64,7 +69,7 @@ $form->addInput(array('type'=>'textarea','name'=>'comment','style'=>'width: 250p
 $form->addInput(array('type'=>'combobox','name'=>'status','value'=>$cl_status,
   'data'=>array(ACTIVE=>$i18n->get('dropdown.status_active'),INACTIVE=>$i18n->get('dropdown.status_inactive'))));
 $form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
-$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
+if ($canDelete) $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
 
 if ($request->isPost()) {
   // Validate user input.
@@ -73,13 +78,13 @@ if ($request->isPost()) {
 
   if ($request->getParameter('btn_save')) {
     if ($err->no()) {
-      $existing_timesheet = ttTimesheetHelper::getTimesheetByName($cl_name, $timesheet['user_id']);
+      $existing_timesheet = ttTimesheetHelper::getTimesheetByName($cl_name);
       if (!$existing_timesheet || ($cl_timesheet_id == $existing_timesheet['id'])) {
          // Update timesheet information.
          if (ttTimesheetHelper::update(array(
            'id' => $cl_timesheet_id,
            'name' => $cl_name,
-           'submitter_comment' => $cl_comment,
+           'comment' => $cl_comment,
            'status' => $cl_status))) {
            header('Location: timesheets.php');
            exit();
@@ -90,7 +95,7 @@ if ($request->isPost()) {
     }
   }
 
-  if ($request->getParameter('btn_delete')) {
+  if ($request->getParameter('btn_delete') && $canDelete) {
     header("Location: timesheet_delete.php?id=$cl_timesheet_id");
     exit();
   }
@@ -98,8 +103,7 @@ if ($request->isPost()) {
 
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('onload', 'onLoad="document.timesheetForm.timesheet_name.focus()"');
-$smarty->assign('show_users', count($users) > 0);
-$smarty->assign('show_tasks', $show_tasks);
+$smarty->assign('can_delete', $canDelete);
 $smarty->assign('title', $i18n->get('title.edit_timesheet'));
 $smarty->assign('content_page_name', 'timesheet_edit.tpl');
 $smarty->display('index.tpl');