static function getWhere($options) {
global $user;
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
// Prepare dropdown parts.
$dropdown_parts = '';
if ($options['client_id'])
if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient())
$user_list_part = " and l.user_id in ($userlist)";
else
- $user_list_part = " and l.user_id = ".$user->id;
- $user_list_part .= " and l.group_id = ".$user->getGroup();
+ $user_list_part = " and l.user_id = ".$user->getUser();
+ $user_list_part .= " and l.group_id = $group_id and l.org_id = $org_id";
// Prepare sql query part for where.
+ $dateFormat = $user->getDateFormat();
if ($options['period'])
- $period = new Period($options['period'], new DateAndTime($user->date_format));
+ $period = new Period($options['period'], new DateAndTime($dateFormat));
else {
$period = new Period();
$period->setPeriod(
- new DateAndTime($user->date_format, $options['period_start']),
- new DateAndTime($user->date_format, $options['period_end']));
+ new DateAndTime($dateFormat, $options['period_start']),
+ new DateAndTime($dateFormat, $options['period_end']));
}
$where = " where l.status = 1 and l.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and l.date <= '".$period->getEndDate(DB_DATEFORMAT)."'".
" $user_list_part $dropdown_parts";
}
// The assignToInvoice assigns a set of records to a specific invoice.
- static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids)
- {
+ static function assignToInvoice($invoice_id, $time_log_ids, $expense_item_ids) {
+ global $user;
$mdb2 = getConnection();
+
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
if ($time_log_ids) {
$sql = "update tt_log set invoice_id = ".$mdb2->quote($invoice_id).
- " where id in(".join(', ', $time_log_ids).")";
+ " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
$sql = "update tt_expense_items set invoice_id = ".$mdb2->quote($invoice_id).
- " where id in(".join(', ', $expense_item_ids).")";
+ " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
}
// The markPaid marks a set of records as either paid or unpaid.
- static function markPaid($time_log_ids, $expense_item_ids, $paid = true)
- {
+ static function markPaid($time_log_ids, $expense_item_ids, $paid = true) {
+ global $user;
$mdb2 = getConnection();
+
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
$paid_val = (int) $paid;
if ($time_log_ids) {
- $sql = "update tt_log set paid = $paid_val where id in(".join(', ', $time_log_ids).")";
+ $sql = "update tt_log set paid = $paid_val".
+ " where id in(".join(', ', $time_log_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
if ($expense_item_ids) {
- $sql = "update tt_expense_items set paid = $paid_val where id in(".join(', ', $expense_item_ids).")";
+ $sql = "update tt_expense_items set paid = $paid_val".
+ " where id in(".join(', ', $expense_item_ids).") and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) die($affected->getMessage());
}
projects / timetracker.git / blobdiff