Prohibited editing approved expense items.

author Nik Okuntseff <support@anuko.com>

Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)

committer Nik Okuntseff <support@anuko.com>

Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
author Nik Okuntseff <support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
committer Nik Okuntseff <support@anuko.com>
Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
diff --git a/WEB-INF/lib/ttExpenseHelper.class.php b/WEB-INF/lib/ttExpenseHelper.class.php

index 40a3e88..e7da92c 100644 (file)
--- a/WEB-INF/lib/ttExpenseHelper.class.php
+++ b/WEB-INF/lib/ttExpenseHelper.class.php
@@ -140,7 +140,8 @@ class ttExpenseHelper {
      if ($user->isPluginEnabled('cl'))
        $left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
  
-    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.paid $client_field, p.name as project_name".
+    $sql = "select ei.id, ei.date, ei.client_id, ei.project_id, ei.name, ei.cost, ei.invoice_id, ei.approved,".
+      " ei.paid $client_field, p.name as project_name".
        " from tt_expense_items ei $left_joins".
        " where ei.id = $id and ei.group_id = $group_id and ei.org_id = $org_id and ei.user_id = $user_id and ei.status = 1";
      $res = $mdb2->query($sql);
@@ -177,7 +178,7 @@ class ttExpenseHelper {
        $left_joins .= " left join tt_clients c on (ei.client_id = c.id)";
  
      $sql = "select ei.id as id $client_field, p.name as project, ei.name as item, ei.cost as cost,".
-      " ei.invoice_id from tt_expense_items ei $left_joins".
+      " ei.invoice_id, ei.approved from tt_expense_items ei $left_joins".
        " where ei.date = ".$mdb2->quote($date)." and ei.user_id = $user_id".
        " and ei.group_id = $group_id and ei.org_id = $org_id and ei.status = 1 order by ei.id";
  
diff --git a/WEB-INF/templates/expenses.tpl b/WEB-INF/templates/expenses.tpl

index 45a8ef2..11b4fb8 100644 (file)
--- a/WEB-INF/templates/expenses.tpl
+++ b/WEB-INF/templates/expenses.tpl
@@ -195,7 +195,13 @@ function recalculateCost() {
      {/if}
          <td valign="top">{$item.item|escape}</td>
          <td valign="top" align="right">{$item.cost}</td>
-        <td valign="top" align="center">{if $item.invoice_id}&nbsp;{else}<a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>{/if}</td>
+        <td valign="top" align="center">
+    {if $item.approved || $item.invoice_id}
+          &nbsp;
+    {else}
+          <a href='expense_edit.php?id={$item.id}'>{$i18n.label.edit}</a>
+    {/if}
+        </td>
        </tr>
    {/foreach}
      </table>
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl

index 180b9a8..2c36762 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4832 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4833 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/mobile/expenses.tpl b/WEB-INF/templates/mobile/expenses.tpl

index a6aa66d..7afde73 100644 (file)
--- a/WEB-INF/templates/mobile/expenses.tpl
+++ b/WEB-INF/templates/mobile/expenses.tpl
@@ -203,7 +203,13 @@ function recalculateCost() {
      {if $show_project}
          <td valign="top">{$item.project|escape}</td>
      {/if}
-        <td valign="top">{if $item.invoice_id} {$item.item|escape} {else}<a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>{/if}</td>
+        <td valign="top">
+    {if $item.approved || $item.invoice_id}
+          {$item.item|escape}
+    {else}
+          <a href="expense_edit.php?id={$item.id}">{$item.item|escape}</a>
+    {/if}
+        </td>
          <td valign="top" align="right">{$item.cost}</td>
        </tr>
    {/foreach}
diff --git a/expense_delete.php b/expense_delete.php

index c703176..788fb59 100644 (file)
--- a/expense_delete.php
+++ b/expense_delete.php
@@ -43,8 +43,8 @@ if (!$user->isPluginEnabled('ex')) {
  $cl_id = (int)$request->getParameter('id');
  // Get the expense item we are deleting.
  $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
    header('Location: access_denied.php');
    exit();
  }
diff --git a/expense_edit.php b/expense_edit.php

index b1115f1..877ec66 100644 (file)
--- a/expense_edit.php
+++ b/expense_edit.php
@@ -45,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
  $cl_id = (int)$request->getParameter('id');
  // Get the expense item we are editing.
  $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
    header('Location: access_denied.php');
    exit();
  }
diff --git a/mobile/expense_delete.php b/mobile/expense_delete.php

index 3bdc179..48e74dc 100644 (file)
--- a/mobile/expense_delete.php
+++ b/mobile/expense_delete.php
@@ -43,8 +43,8 @@ if (!$user->isPluginEnabled('ex')) {
  $cl_id = (int)$request->getParameter('id');
  // Get the expense item we are deleting.
  $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit deleting not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit deleting not ours, approved, or invoiced items.
    header('Location: access_denied.php');
    exit();
  }
diff --git a/mobile/expense_edit.php b/mobile/expense_edit.php

index e9e1ca6..10035a9 100644 (file)
--- a/mobile/expense_edit.php
+++ b/mobile/expense_edit.php
@@ -45,8 +45,8 @@ if (!$user->isPluginEnabled('ex')) {
  $cl_id = (int)$request->getParameter('id');
  // Get the expense item we are editing.
  $expense_item = ttExpenseHelper::getItem($cl_id);
-if (!$expense_item || $expense_item['invoice_id']) {
-  // Prohibit editing not ours or invoiced items.
+if (!$expense_item || $expense_item['approved'] || $expense_item['invoice_id']) {
+  // Prohibit editing not ours, approved, or invoiced items.
    header('Location: access_denied.php');
    exit();
  }
author	Nik Okuntseff <support@anuko.com>
	Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
committer	Nik Okuntseff <support@anuko.com>
	Thu, 7 Mar 2019 16:50:07 +0000 (16:50 +0000)
WEB-INF/lib/ttExpenseHelper.class.php		patch \| blob \| history
WEB-INF/templates/expenses.tpl		patch \| blob \| history
WEB-INF/templates/footer.tpl		patch \| blob \| history
WEB-INF/templates/mobile/expenses.tpl		patch \| blob \| history
expense_delete.php		patch \| blob \| history
expense_edit.php		patch \| blob \| history
mobile/expense_delete.php		patch \| blob \| history
mobile/expense_edit.php		patch \| blob \| history