if ($user->isClient()) $client_part = "and client_id = $user->client_id";
$sql = "select * from tt_timesheets".
- " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status = 1";
+ " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status is not null";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
if ($val = $res->fetchRow())
$affected = $mdb2->exec($sql);
return (!is_a($affected, 'PEAR_Error'));
}
+
+ // update function - updates the timesheet in database.
+ static function update($fields) {
+ global $user;
+ $mdb2 = getConnection();
+
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
+ $timesheet_id = $fields['id']; // Timesheet we are updating.
+ $name = $fields['name']; // Timesheet name.
+ $submitter_comment = $fields['submitter_comment'];
+ $status = $fields['status']; // Project status.
+
+ $sql = "update tt_timesheets set name = ".$mdb2->quote($name).", submitter_comment = ".$mdb2->quote($submitter_comment).
+ ", status = ".$mdb2->quote($status).
+ " where id = $timesheet_id and group_id = $group_id and org_id = $org_id";
+ $affected = $mdb2->exec($sql);
+ return (!is_a($affected, 'PEAR_Error'));
+ }
+
+ // isUserValid function is used during access checks and determines whether user id, passed in post, is valid
+ // in current context.
+ static function isUserValid($user_id) {
+ // We have to cover several situations.
+ //
+ // 1) User is a client.
+ // 2) User with view_all_timesheets rights.
+ // 3) User with view_timesheets rights.
+
+ global $user;
+
+ // Step 1.
+ // A client must have view_client_timesheets and
+ // aser must be assigned to one of client projects.
+ if ($user->isClient()) {
+ if (!$user->can('view_client_timesheets'))
+ return false;
+ $valid_users = ttGroupHelper::getUsersForClient($user->client_id);
+ $v = 2;
+ }
+
+ return true;
+ }
}
projects / timetracker.git / blobdiff