<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.29.46
09 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.29.46
10 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
</tr>
<tr>
<td align="right" nowrap>{$forms.pluginsForm.notifications.control}</td>
- <td><label for="notifications">{$i18n.title.notifications}</label> <span id="notifications_config"><a href="notifications.php">{$i18n.label.configure}</a></span></td>
+ <td><label for="notifications">{$i18n.title.notifications}</label> <span id="notifications_config">{if $user_exists}<a href="notifications.php">{$i18n.label.configure}</a>{/if}</span></td>
</tr>
<tr>
<td align="right" nowrap>{$forms.pluginsForm.locking.control}</td>
header('Location: feature_disabled.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
+if ($request->isPost()) {
+ // TODO: improve this, perhaps by refactoring elsewhere.
+ $cl_fav_report = (int) $request->getParameter('fav_report');
+ $fav_report = ttFavReportHelper::getReport($cl_fav_report);
+ if ($user->getUser() != $fav_report['user_id']) {
+ header('Location: access_denied.php'); // Invalid fav report id in post.
+ exit();
+ }
+}
+// End of access checks.
-$fav_reports = ttFavReportHelper::getReports($user->id);
+$fav_reports = ttFavReportHelper::getReports($user->getUser());
if ($request->isPost()) {
- $cl_fav_report = trim($request->getParameter('fav_report'));
$cl_cron_spec = trim($request->getParameter('cron_spec'));
$cl_email = trim($request->getParameter('email'));
$cl_cc = trim($request->getParameter('cc'));
$next = tdCron::getNextOccurrence($cl_cron_spec, mktime());
if (ttNotificationHelper::insert(array(
- 'group_id' => $user->group_id,
'cron_spec' => $cl_cron_spec,
'next' => $next,
'report_id' => $cl_fav_report,
header('Location: feature_disabled.php');
exit();
}
-
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
$cl_notification_id = (int)$request->getParameter('id');
$notification = ttNotificationHelper::get($cl_notification_id);
+if (!$notification) {
+ header('Location: access_denied.php'); // Wrong notification id.
+ exit();
+}
+// End of access checks.
+
$notification_to_delete = $notification['name'];
$form = new Form('notificationDeleteForm');
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
- if(ttNotificationHelper::get($cl_notification_id)) {
- if (ttNotificationHelper::delete($cl_notification_id)) {
- header('Location: notifications.php');
- exit();
- } else
- $err->add($i18n->get('error.db'));
+ if (ttNotificationHelper::delete($cl_notification_id)) {
+ header('Location: notifications.php');
+ exit();
} else
$err->add($i18n->get('error.db'));
} elseif ($request->getParameter('btn_cancel')) {
header('Location: feature_disabled.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
+$notification_id = (int)$request->getParameter('id');
+$notification = ttNotificationHelper::get($notification_id);
+if (!$notification) {
+ header('Location: access_denied.php'); // Wrong notification id.
+ exit();
+}
+if ($request->isPost()) {
+ // TODO: improve this, perhaps by refactoring elsewhere.
+ $cl_fav_report = (int) $request->getParameter('fav_report');
+ $fav_report = ttFavReportHelper::getReport($cl_fav_report);
+ if ($user->getUser() != $fav_report['user_id']) {
+ header('Location: access_denied.php'); // Invalid fav report id in post.
+ exit();
+ }
+}
+// End of access checks.
-$notification_id = (int) $request->getParameter('id');
-$fav_reports = ttFavReportHelper::getReports($user->id);
+$fav_reports = ttFavReportHelper::getReports($user->getUser());
if ($request->isPost()) {
- $cl_fav_report = trim($request->getParameter('fav_report'));
$cl_cron_spec = trim($request->getParameter('cron_spec'));
$cl_email = trim($request->getParameter('email'));
$cl_cc = trim($request->getParameter('cc'));
header('Location: feature_disabled.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
+// End of access checks.
+
+// TODO: extend and re-design notifications.
+// Currently they only work with fav reports, which are bound to users.
$form = new Form('notificationsForm');
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('onload', 'onLoad="handlePluginCheckboxes();"');
+$smarty->assign('user_exists', $user->exists());
$smarty->assign('title', $i18n->get('title.plugins'));
$smarty->assign('content_page_name', 'plugins.tpl');
$smarty->display('index.tpl');
'client_id' => $cl_client_id,
'projects' => $assigned_projects,
'email' => $cl_email);
- if (ttUserHelper::insert($fields)) {
+ $user_id = ttUserHelper::insert($fields);
+ if ($user_id) {
+ if (!$user->exists()) {
+ // We added a user to an empty subgroup. Set new user as on behalf user.
+ // Needed for user-based things to work (such as notifications config).
+ $user->setOnBehalfUser($user_id);
+ }
header('Location: users.php');
exit();
} else
projects / timetracker.git / commitdiff