Added a check for timesheet delete operation possibility.

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index fea07f5..b1be81d 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.52.4821 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.52.4822 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/WEB-INF/templates/timesheet_edit.tpl b/WEB-INF/templates/timesheet_edit.tpl
index 5848c57..ec11236 100644 (file)
--- a/WEB-INF/templates/timesheet_edit.tpl
+++ b/WEB-INF/templates/timesheet_edit.tpl
@@ -25,7 +25,7 @@
         </tr>
         <tr>
           <td></td>
-          <td align="left" height="50">{$forms.timesheetForm.btn_save.control} {$forms.timesheetForm.btn_delete.control}</td>
+          <td align="center" height="50">{$forms.timesheetForm.btn_save.control} {if $can_delete}{$forms.timesheetForm.btn_delete.control}{/if}</td>
         </tr>
       </table>
     </td>

diff --git a/timesheet_edit.php b/timesheet_edit.php
index 7919125..b883b20 100644 (file)
--- a/timesheet_edit.php
+++ b/timesheet_edit.php
@@ -57,6 +57,11 @@ if ($request->isPost()) {
   $cl_status = $timesheet['status'];
 }
 
+// Can we delete this timesheet?
+$canDelete = $timesheet['approve_status'] != 1
+  || (($user->id == $timesheet['user_id'] && $user->can('approve_own_timesheets'))
+  || ($user->id != $timesheet['user_id'] && $user->can('approve_timesheets')));
+
 $form = new Form('timesheetForm');
 $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_timesheet_id));
 $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'timesheet_name','style'=>'width: 250px;','value'=>$cl_name));
@@ -64,7 +69,7 @@ $form->addInput(array('type'=>'textarea','name'=>'comment','style'=>'width: 250p
 $form->addInput(array('type'=>'combobox','name'=>'status','value'=>$cl_status,
   'data'=>array(ACTIVE=>$i18n->get('dropdown.status_active'),INACTIVE=>$i18n->get('dropdown.status_inactive'))));
 $form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
-$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
+if ($canDelete) $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
 
 if ($request->isPost()) {
   // Validate user input.
@@ -90,7 +95,7 @@ if ($request->isPost()) {
     }
   }
 
-  if ($request->getParameter('btn_delete')) {
+  if ($request->getParameter('btn_delete') && $canDelete) {
     header("Location: timesheet_delete.php?id=$cl_timesheet_id");
     exit();
   }
@@ -98,8 +103,7 @@ if ($request->isPost()) {
 
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('onload', 'onLoad="document.timesheetForm.timesheet_name.focus()"');
-$smarty->assign('show_users', count($users) > 0);
-$smarty->assign('show_tasks', $show_tasks);
+$smarty->assign('can_delete', $canDelete);
 $smarty->assign('title', $i18n->get('title.edit_timesheet'));
 $smarty->assign('content_page_name', 'timesheet_edit.tpl');
 $smarty->display('index.tpl');