Replaced all calls to canManageTeam() with rights checks.

author Nik Okuntseff <support@anuko.com>

Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)

committer Nik Okuntseff <support@anuko.com>

Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)
author Nik Okuntseff <support@anuko.com>
Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)
committer Nik Okuntseff <support@anuko.com>
Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)
diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php

index 36d7136..07d810b 100644 (file)
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -155,14 +155,6 @@ class ttUser {
      return $this->is_client;
    }
  
-  // canManageTeam - determines whether current user is manager or co-manager.
-  // This is a legacy function that we are getting rid of by replacing with rights check.
-  function canManageTeam() {
-    return $this->can('manage_users'); // By default this is assigned to co-managers (an managers).
-                                       // Which is sufficient for now until we refactor all calls
-                                       // to this function and then remove it.
-  }
-
    // isPluginEnabled checks whether a plugin is enabled for user.
    function isPluginEnabled($plugin)
    {
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl

index 8c6edae..e1a3e38 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.88.4268 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.89.4269 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/tofile.php b/tofile.php

index 62632fa..909fdd3 100644 (file)
--- a/tofile.php
+++ b/tofile.php
@@ -97,7 +97,7 @@ if ('xml' == $type) {
        }
        if ($bean->getAttribute('chcost')) {
          print "\t<cost><![CDATA[";
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
            print $subtotal['cost'];
          else
            print $subtotal['expenses'];
@@ -111,7 +111,7 @@ if ('xml' == $type) {
        print "<row>\n";
  
        print "\t<date><![CDATA[".$item['date']."]]></date>\n";
-      if ($user->canManageTeam() || $user->isClient()) print "\t<user><![CDATA[".$item['user']."]]></user>\n"; 
+      if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print "\t<user><![CDATA[".$item['user']."]]></user>\n"; 
        if ($bean->getAttribute('chclient')) print "\t<client><![CDATA[".$item['client']."]]></client>\n";
        if ($bean->getAttribute('chproject')) print "\t<project><![CDATA[".$item['project']."]]></project>\n";
        if ($bean->getAttribute('chtask')) print "\t<task><![CDATA[".$item['task']."]]></task>\n";
@@ -127,7 +127,7 @@ if ('xml' == $type) {
        if ($bean->getAttribute('chnote')) print "\t<note><![CDATA[".$item['note']."]]></note>\n";
        if ($bean->getAttribute('chcost')) {
          print "\t<cost><![CDATA[";
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
            print $item['cost'];
          else
            print $item['expense'];
@@ -184,7 +184,7 @@ if ('csv' == $type) {
          print ',"'.$val.'"';
        }
        if ($bean->getAttribute('chcost')) {
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
            print ',"'.$subtotal['cost'].'"';
          else
            print ',"'.$subtotal['expenses'].'"';
@@ -194,7 +194,7 @@ if ('csv' == $type) {
    } else {
      // Normal report. Print headers.
      print '"'.$i18n->get('label.date').'"';
-    if ($user->canManageTeam() || $user->isClient()) print ',"'.$i18n->get('label.user').'"';
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print ',"'.$i18n->get('label.user').'"';
      if ($bean->getAttribute('chclient')) print ',"'.$i18n->get('label.client').'"';
      if ($bean->getAttribute('chproject')) print ',"'.$i18n->get('label.project').'"';
      if ($bean->getAttribute('chtask')) print ',"'.$i18n->get('label.task').'"';
@@ -212,7 +212,7 @@ if ('csv' == $type) {
      // Print items.
      foreach ($items as $item) {
        print '"'.$item['date'].'"';
-      if ($user->canManageTeam() || $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"';
+      if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) print ',"'.str_replace('"','""',$item['user']).'"';
        if ($bean->getAttribute('chclient')) print ',"'.str_replace('"','""',$item['client']).'"';
        if ($bean->getAttribute('chproject')) print ',"'.str_replace('"','""',$item['project']).'"';
        if ($bean->getAttribute('chtask')) print ',"'.str_replace('"','""',$item['task']).'"';
@@ -227,7 +227,7 @@ if ('csv' == $type) {
        }
        if ($bean->getAttribute('chnote')) print ',"'.str_replace('"','""',$item['note']).'"';
        if ($bean->getAttribute('chcost')) {
-        if ($user->canManageTeam() || $user->isClient())
+        if ($user->can('manage_invoices') || $user->isClient())
            print ',"'.$item['cost'].'"';
          else
            print ',"'.$item['expense'].'"';
diff --git a/topdf.php b/topdf.php

index 9149e1c..eb09bc4 100644 (file)
--- a/topdf.php
+++ b/topdf.php
@@ -119,7 +119,7 @@ if ($totals_only) {
      if ($bean->getAttribute('chduration')) $html .= "<td $styleRightAligned>".$subtotal['time'].'</td>';
      if ($bean->getAttribute('chcost')) {
        $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
          $html .= $subtotal['cost'];
        else
          $html .= $subtotal['expenses'];
@@ -135,7 +135,7 @@ if ($totals_only) {
    if ($bean->getAttribute('chcost')) {
        $html .= "<td $styleRightAligned>";
        $html .= htmlspecialchars($user->currency).' ';
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
          $html .= $totals['cost'];
        else
          $html .= $totals['expenses'];
@@ -150,7 +150,7 @@ if ($totals_only) {
    $html .= '<thead>';
    $html .= "<tr $styleHeader>";
    $html .= '<td>'.$i18n->get('label.date').'</td>';
-  if ($user->canManageTeam() || $user->isClient()) { $colspan++; $html .= '<td>'.$i18n->get('label.user').'</td>'; }
+  if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) { $colspan++; $html .= '<td>'.$i18n->get('label.user').'</td>'; }
    if ($bean->getAttribute('chclient')) { $colspan++; $html .= '<td>'.$i18n->get('label.client').'</td>'; }
    if ($bean->getAttribute('chproject')) { $colspan++; $html .= '<td>'.$i18n->get('label.project').'</td>'; }
    if ($bean->getAttribute('chtask')) { $colspan++; $html .= '<td>'.$i18n->get('label.task').'</td>'; }
@@ -174,7 +174,7 @@ if ($totals_only) {
        if ($cur_grouped_by != $prev_grouped_by && !$first_pass) {
          $html .= '<tr style="background-color:#e0e0e0;">';
          $html .= '<td>'.$i18n->get('label.subtotal').'</td>';
-        if ($user->canManageTeam() || $user->isClient()) {
+        if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
              $html .= '<td>';
              if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']);
              $html .= '</td>';
@@ -205,7 +205,7 @@ if ($totals_only) {
          if ($bean->getAttribute('chnote')) $html .= '<td></td>';
          if ($bean->getAttribute('chcost')) {
            $html .= "<td $styleRightAligned>";
-          if ($user->canManageTeam() || $user->isClient())
+          if ($user->can('manage_invoices') || $user->isClient())
              $html .= $subtotals[$prev_grouped_by]['cost'];
            else
              $html .= $subtotals[$prev_grouped_by]['expenses'];
@@ -223,7 +223,7 @@ if ($totals_only) {
      // Print a regular row.
      $html .= '<tr>';
      $html .= '<td>'.$item['date'].'</td>';
-    if ($user->canManageTeam() || $user->isClient()) $html .= '<td>'.htmlspecialchars($item['user']).'</td>';
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $html .= '<td>'.htmlspecialchars($item['user']).'</td>';
      if ($bean->getAttribute('chclient')) $html .= '<td>'.htmlspecialchars($item['client']).'</td>';
      if ($bean->getAttribute('chproject')) $html .= '<td>'.htmlspecialchars($item['project']).'</td>';
      if ($bean->getAttribute('chtask')) $html .= '<td>'.htmlspecialchars($item['task']).'</td>';
@@ -234,7 +234,7 @@ if ($totals_only) {
      if ($bean->getAttribute('chnote')) $html .= '<td>'.htmlspecialchars($item['note']).'</td>';
      if ($bean->getAttribute('chcost')) {
        $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
          $html .= $item['cost'];
        else
          $html .= $item['expense'];
@@ -261,7 +261,7 @@ if ($totals_only) {
    if ($print_subtotals) {
      $html .= '<tr style="background-color:#e0e0e0;">';
      $html .= '<td>'.$i18n->get('label.subtotal').'</td>';
-    if ($user->canManageTeam() || $user->isClient()) {
+    if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
        $html .= '<td>';
        if ($group_by == 'user') $html .= htmlspecialchars($subtotals[$prev_grouped_by]['name']);
        $html .= '</td>';
@@ -292,7 +292,7 @@ if ($totals_only) {
      if ($bean->getAttribute('chnote')) $html .= '<td></td>';
      if ($bean->getAttribute('chcost')) {
        $html .= "<td $styleRightAligned>";
-      if ($user->canManageTeam() || $user->isClient())
+      if ($user->can('manage_invoices') || $user->isClient())
          $html .= $subtotals[$prev_grouped_by]['cost'];
        else
          $html .= $subtotals[$prev_grouped_by]['expenses'];
@@ -308,7 +308,7 @@ if ($totals_only) {
    $html .= '<tr><td colspan="'.$colspan.'">&nbsp;</td></tr>';
    $html .= '<tr style="background-color:#e0e0e0;">';
    $html .= '<td>'.$i18n->get('label.total').'</td>';
-  if ($user->canManageTeam() || $user->isClient()) $html .= '<td></td>';
+  if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $html .= '<td></td>';
    if ($bean->getAttribute('chclient')) $html .= '<td></td>';
    if ($bean->getAttribute('chproject')) $html .= '<td></td>';
    if ($bean->getAttribute('chtask')) $html .= '<td></td>';
@@ -319,7 +319,7 @@ if ($totals_only) {
    if ($bean->getAttribute('chnote')) $html .= '<td></td>';
    if ($bean->getAttribute('chcost')) {
      $html .= "<td $styleRightAligned>".htmlspecialchars($user->currency).' ';
-    if ($user->canManageTeam() || $user->isClient())
+    if ($user->can('manage_invoices') || $user->isClient())
        $html .= $totals['cost'];
      else
        $html .= $totals['expenses'];
author	Nik Okuntseff <support@anuko.com>
	Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)
committer	Nik Okuntseff <support@anuko.com>
	Sat, 14 Apr 2018 13:50:14 +0000 (13:50 +0000)
WEB-INF/lib/ttUser.class.php		patch \| blob \| history
WEB-INF/templates/footer.tpl		patch \| blob \| history
tofile.php		patch \| blob \| history
topdf.php		patch \| blob \| history