More work in progress on timesheets, simplifying access rights.

diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php
index e65a621..2568548 100644 (file)
--- a/WEB-INF/lib/ttTimesheetHelper.class.php
+++ b/WEB-INF/lib/ttTimesheetHelper.class.php
@@ -170,16 +170,12 @@ class ttTimesheetHelper {
     global $user;
     $mdb2 = getConnection();
 
+    $user_id = $user->getUser();
     $group_id = $user->getGroup();
     $org_id = $user->org_id;
 
-    if ($user->isClient()) $client_part = "and ts.client_id = $user->client_id";
-
-    $sql = "select ts.id, ts.user_id, u.name as user_name, ts.client_id, c.name as client_name,".
-      " ts.name, ts.submitter_comment, ts.submit_status, ts.approval_status, ts.manager_comment from tt_timesheets ts".
-      " left join tt_users u on (u.id = ts.user_id)".
-      " left join tt_clients c on (c.id = ts.client_id)".
-      " where ts.id = $timesheet_id and ts.group_id = $group_id and ts.org_id = $org_id $client_part and ts.status is not null";
+    $sql = "select * from tt_timesheets".
+      " where id = $timesheet_id and user_id = $user_id and group_id = $group_id and org_id = $org_id and status is not null";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       if ($val = $res->fetchRow())

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 5499b12..e23882a 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.46.4794 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.46.4795 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/WEB-INF/templates/timesheet_view.tpl b/WEB-INF/templates/timesheet_view.tpl
index 97591fe..e698825 100644 (file)
--- a/WEB-INF/templates/timesheet_view.tpl
+++ b/WEB-INF/templates/timesheet_view.tpl
@@ -11,17 +11,15 @@
 {if $timesheet['client_id']}
         <tr><td align="left"><b>{$i18n.label.client}:</b> {$timesheet['client_name']|escape}</td></tr>
 {/if}
-{if $not_client}
         <tr><td align="left"><b>{$i18n.label.submitted}:</b> {if $timesheet.submit_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td></tr>
-  {if $timesheet['submitter_comment']}
+{if $timesheet['submitter_comment']}
         <tr><td align="left"><b>{$i18n.label.comment}:</b> {$timesheet['submitter_comment']|escape}</td></tr>
-  {/if}
-  {if $timesheet['submit_status']}
+{/if}
+{if $timesheet['submit_status']}
         <tr><td align="left"><b>{$i18n.label.approved}:</b> {if $timesheet.approval_status != null}{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td></tr>{/if}
-  {/if}
-  {if $timesheet['manager_comment']}
+{/if}
+{if $timesheet['manager_comment']}
         <tr><td align="left"><b>{$i18n.label.note}:</b> {$timesheet['manager_comment']|escape}</td></tr>
-  {/if}
 {/if}
       </table>
     </td>

diff --git a/WEB-INF/templates/timesheets.tpl b/WEB-INF/templates/timesheets.tpl
index df4782b..907f415 100644 (file)
--- a/WEB-INF/templates/timesheets.tpl
+++ b/WEB-INF/templates/timesheets.tpl
@@ -21,9 +21,7 @@
           <td class="tableHeader">{$i18n.label.submitted}</td>
           <td class="tableHeader">{$i18n.label.approved}</td>
           <td class="tableHeader">{$i18n.label.view}</td>
-{if $can_edit}
           <td class="tableHeader">{$i18n.label.edit}</td>
-{/if}
         </tr>
 {foreach $active_timesheets as $timesheet}
         <tr valign="top" bgcolor="{cycle values="#f5f5f5,#ffffff"}">
@@ -38,9 +36,7 @@
           <td>{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td>
   {/if}
           <td><a href="timesheet_view.php?id={$timesheet.id}">{$i18n.label.view}</a></td>
-  {if $can_edit}
           <td><a href="timesheet_edit.php?id={$timesheet.id}">{$i18n.label.edit}</a></td>
-  {/if}
         </tr>
 {/foreach}
       </table>
@@ -61,9 +57,7 @@
           <td class="tableHeader">{$i18n.label.submitted}</td>
           <td class="tableHeader">{$i18n.label.approved}</td>
           <td class="tableHeader">{$i18n.label.view}</td>
-  {if $can_edit}
           <td class="tableHeader">{$i18n.label.edit}</td>
-  {/if}
         </tr>
   {foreach $inactive_timesheets as $timesheet}
         <tr valign="top" bgcolor="{cycle values="#f5f5f5,#ffffff"}">
@@ -78,9 +72,7 @@
           <td>{if $timesheet.approval_status}{$i18n.label.yes}{else}{$i18n.label.no}{/if}</td>
     {/if}
           <td><a href="timesheet_view.php?id={$timesheet.id}">{$i18n.label.view}</a></td>
-    {if $can_edit}
           <td><a href="timesheet_edit.php?id={$timesheet.id}">{$i18n.label.edit}</a></td>
-    {/if}
         </tr>
   {/foreach}
       </table>

diff --git a/timesheet_add.php b/timesheet_add.php
index c450695..294886b 100644 (file)
--- a/timesheet_add.php
+++ b/timesheet_add.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets') || ttAccessAllowed('manage_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/timesheet_delete.php b/timesheet_delete.php
index e4bf453..5e98a6c 100644 (file)
--- a/timesheet_delete.php
+++ b/timesheet_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/timesheet_edit.php b/timesheet_edit.php
index 1708bdf..d275ce5 100644 (file)
--- a/timesheet_edit.php
+++ b/timesheet_edit.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('manage_own_timesheets') || ttAccessAllowed('manage_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }

diff --git a/timesheet_view.php b/timesheet_view.php
index e86b2df..df28e30 100644 (file)
--- a/timesheet_view.php
+++ b/timesheet_view.php
@@ -30,7 +30,7 @@ require_once('initialize.php');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -38,8 +38,8 @@ if (!$user->isPluginEnabled('ts')) {
   header('Location: feature_disabled.php');
   exit();
 }
-$timesheet_id = (int)$request->getParameter('id');
-$timesheet = ttTimesheetHelper::getTimesheet($timesheet_id);
+$cl_timesheet_id = (int)$request->getParameter('id');
+$timesheet = ttTimesheetHelper::getTimesheet($cl_timesheet_id);
 if (!$timesheet) {
   header('Location: access_denied.php');
   exit();
@@ -55,13 +55,12 @@ if ($request->isPost()) {
 $options = ttTimesheetHelper::getReportOptions($timesheet);
 $subtotals = ttReportHelper::getSubtotals($options);
 $totals = ttReportHelper::getTotals($options);
-$notClient = !$user->isClient();
 
 // Determine which controls to show and obtain date for them.
-$showSubmit = $notClient && !$timesheet['submit_status'];
+$showSubmit = !$timesheet['submit_status'];
 if ($showSubmit) $approvers = ttTimesheetHelper::getApprovers($timesheet['user_id']);
 $canApprove = $user->can('approve_timesheets') || $user->can('approve_all_timesheets');
-$showApprove = $notClient && $timesheet['submit_status'] && $timesheet['approval_status'] == null;
+$showApprove = $timesheet['submit_status'] && $timesheet['approval_status'] == null;
 
 // Add a form with controls.
 $form = new Form('timesheetForm');

diff --git a/timesheets.php b/timesheets.php
index cc43f0d..650575e 100644 (file)
--- a/timesheets.php
+++ b/timesheets.php
@@ -32,22 +32,26 @@ import('ttGroupHelper');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
-if (!$user->isPluginEnabled('ts')) {
-  header('Location: feature_disabled.php');
+if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) {
+  header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+  exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) {
+  header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
   exit();
 }
-if ($user->isClient()) {
-  header('Location: access_denied.php'); // No timesheets for clients.
+if (!$user->isPluginEnabled('ts')) {
+  header('Location: feature_disabled.php');
   exit();
 }
 if ($request->isPost()) {
   $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below.
-  if ($userChanged && !($user->can('view_timesheets') && $user->isUserValid($request->getParameter('user')))) {
-    header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. TODO: research relevance of this...
+  if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
+    header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
     exit();
   }
 }
@@ -66,9 +70,9 @@ $group_id = $user->getGroup();
 // Elements of timesheetsForm.
 $form = new Form('timesheetsForm');
 
-if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) {
+if ($user->can('track_time')) {
   $rank = $user->getMaxRankForGroup($group_id);
-  if ($user->can('view_own_timesheets'))
+  if ($user->can('track_own_time'))
     $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true);
   else
     $options = array('status'=>ACTIVE,'max_rank'=>$rank);
@@ -90,12 +94,10 @@ $active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id);
 $inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
 
 $showClient = $user->isPluginEnabled('cl');
-$canEdit = $user->can('manage_own_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets');
 
 $smarty->assign('active_timesheets', $active_timesheets);
 $smarty->assign('inactive_timesheets', $inactive_timesheets);
 $smarty->assign('show_client', $showClient);
-$smarty->assign('can_edit', $canEdit);
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('title', $i18n->get('title.timesheets'));
 $smarty->assign('content_page_name', 'timesheets.tpl');