<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.7
4.4182 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.7
5.4183 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
header('Location: feature_disabled.php');
exit();
}
-
$cl_project_id = (int)$request->getParameter('id');
$project = ttProjectHelper::get($cl_project_id);
+if (!$project) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$project_to_delete = $project['name'];
$form = new Form('projectDeleteForm');
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
- if(ttProjectHelper::get($cl_project_id)) {
- if (ttProjectHelper::delete($cl_project_id)) {
- header('Location: projects.php');
- exit();
- } else
- $err->add($i18n->get('error.db'));
+ if (ttProjectHelper::delete($cl_project_id)) {
+ header('Location: projects.php');
+ exit();
} else
$err->add($i18n->get('error.db'));
} elseif ($request->getParameter('btn_cancel')) {
header('Location: feature_disabled.php');
exit();
}
-
$cl_project_id = (int)$request->getParameter('id');
+$project = ttProjectHelper::get($cl_project_id);
+if (!$project) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
$users = ttTeamHelper::getActiveUsers();
foreach ($users as $user_item)
$cl_users = $request->getParameter('users', array());
$cl_tasks = $request->getParameter('tasks', array());
} else {
- $project = ttProjectHelper::get($cl_project_id);
$cl_name = $project['name'];
$cl_description = $project['description'];
$cl_status = $project['status'];
import('ttTeamHelper');
// Access checks.
-if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
+// TODO: introduce view_projects right to keep access checks simple.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) {
header('Location: access_denied.php');
exit();
}
exit();
}
-if($user->canManageTeam()) {
+if($user->can('manage_projects')) {
$active_projects = ttTeamHelper::getActiveProjects($user->team_id);
$inactive_projects = ttTeamHelper::getInactiveProjects($user->team_id);
} else
header('Location: feature_disabled.php');
exit();
}
-
$cl_project_id = (int)$request->getParameter('id');
$project = ttProjectHelper::get($cl_project_id);
+if (!$project) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+
$project_to_delete = $project['name'];
$form = new Form('projectDeleteForm');
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
- if(ttProjectHelper::get($cl_project_id)) {
- if (ttProjectHelper::delete($cl_project_id)) {
- header('Location: projects.php');
- exit();
- } else
- $err->add($i18n->get('error.db'));
+ if (ttProjectHelper::delete($cl_project_id)) {
+ header('Location: projects.php');
+ exit();
} else
$err->add($i18n->get('error.db'));
} elseif ($request->getParameter('btn_cancel')) {
header('Location: feature_disabled.php');
exit();
}
-
$cl_project_id = (int)$request->getParameter('id');
+$project = ttProjectHelper::get($cl_project_id);
+if (!$project) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
$users = ttTeamHelper::getActiveUsers();
foreach ($users as $user_item)
$cl_users = $request->getParameter('users', array());
$cl_tasks = $request->getParameter('tasks', array());
} else {
- $project = ttProjectHelper::get($cl_project_id);
$cl_name = $project['name'];
$cl_description = $project['description'];
$cl_status = $project['status'];
import('ttTeamHelper');
// Access checks.
-if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
+// TODO: introduce view_projects right to keep access checks simple.
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time') || ttAccessAllowed('manage_projects'))) {
header('Location: access_denied.php');
exit();
}
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
-if($user->canManageTeam()) {
+if($user->can('manage_projects')) {
$active_projects = ttTeamHelper::getActiveProjects($user->team_id);
$inactive_projects = ttTeamHelper::getInactiveProjects($user->team_id);
} else
projects / timetracker.git / commitdiff