// +----------------------------------------------------------------------+
import('ttConfigHelper');
+import('ttGroupHelper');
class ttUser {
var $login = null; // User login.
}
// getSubgroups obtains a list of immediate subgroups.
- function getSubgroups() {
+ function getSubgroups($group_id = null) {
$mdb2 = getConnection();
- $sql = "select id, name, description from tt_groups where org_id = $this->org_id and parent_id = ".$this->getActiveGroup();;
+ if (!$group_id) $group_id = $this->getActiveGroup();
+
+ $sql = "select id, name, description from tt_groups where org_id = $this->org_id and parent_id = $group_id";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
while ($val = $res->fetchRow()) {
return true;
}
+ // isGroupValid determines if a group is valid for user.
+ function isGroupValid($group_id) {
+ if ($group_id == $this->group_id)
+ return true;
+ else
+ return $this->isSubgroupValid($group_id);
+ }
+
// isSubgroupValid determines if a subgroup is valid for user.
// A subgroup is valid if:
// - user can manage_subgroups;
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.27.449
3 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.27.449
4 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<script>
function chLocation(newLocation) { document.location = newLocation; }
</script>
-{$forms.groupsForm.open}
+{$forms.subgroupsForm.open}
<table cellspacing="1" cellpadding="3" border="0" width="720">
-{if $on_behalf_group_control}
+{if $group_dropdown}
<tr>
<td align="right">{$i18n.label.group}:</td>
- <td>{$forms.groupsForm.onBehalfGroup.control}</td>
+ <td>{$forms.subgroupsForm.group.control}</td>
</tr>
<tr><td colspan="2"> </td></tr>
{/if}
{/foreach}
{/if}
</table>
-{$forms.groupsForm.close}
+{$forms.subgroupsForm.close}
<table width="100%">
<tr>
// +----------------------------------------------------------------------+
require_once('initialize.php');
+import('ttUser');
import('form.Form');
-import('ttUserHelper');
-import('ttRoleHelper');
-import('ttConfigHelper');
// Access checks.
if (!ttAccessAllowed('manage_subgroups')) {
header('Location: access_denied.php');
exit();
}
+if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
+ header('Location: access_denied.php'); // Wrong group id in post.
+ exit();
+}
// End of access checks.
-$form = new Form('groupsForm');
+if ($request->isPost()) {
+ $group_id = $request->getParameter('group');
+} else {
+ $group_id = $user->getActiveGroup();
+}
+
+$form = new Form('subgroupsForm');
$groups = $user->getGroups();
if (count($groups) > 1) {
$form->addInput(array('type'=>'combobox',
'onchange'=>'this.form.submit();',
- 'name'=>'onBehalfGroup',
+ 'name'=>'group',
'style'=>'width: 250px;',
- 'value'=>$on_behalf_group_id,
+ 'value'=>$group_id,
'data'=>$groups,
'datakeys'=>array('id','name')));
- $smarty->assign('on_behalf_group_control', 1);
+ $smarty->assign('group_dropdown', 1);
}
-$smarty->assign('subgroups', $user->getSubgroups());
+$smarty->assign('subgroups', $user->getSubgroups($group_id));
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('label.subgroups'));
$smarty->assign('content_page_name', 'groups.tpl');
projects / timetracker.git / commitdiff