Fixed user edit to hide projects for client roles.

[timetracker.git] / WEB-INF / lib / ttTimesheetHelper.class.php

diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php
index 64c73741c22ab562d6fd6a82e7b3334d7c3e93c6..3e44c8c345d69d62a2b68e32ba2a5275fd2110c7 100644 (file)
--- a/WEB-INF/lib/ttTimesheetHelper.class.php
+++ b/WEB-INF/lib/ttTimesheetHelper.class.php
@@ -154,7 +154,7 @@ class ttTimesheetHelper {
     if ($user->isClient()) $client_part = "and client_id = $user->client_id";
 
     $sql = "select * from tt_timesheets".
-      " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status = 1";
+      " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status is not null";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       if ($val = $res->fetchRow())
@@ -209,4 +209,28 @@ class ttTimesheetHelper {
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
   }
+
+  // isUserValid function is used during access checks and determines whether user id, passed in post, is valid
+  // in current context.
+  static function isUserValid($user_id) {
+    // We have to cover several situations.
+    //
+    // 1) User is a client.
+    // 2) User with view_all_timesheets rights.
+    // 3) User with view_timesheets rights.
+
+    global $user;
+
+    // Step 1.
+    // A client must have view_client_timesheets and
+    // aser must be assigned to one of client projects.
+    if ($user->isClient()) {
+      if (!$user->can('view_client_timesheets'))
+        return false;
+      $valid_users = ttGroupHelper::getUsersForClient($user->client_id);
+      $v = 2;
+    }
+
+    return true;
+  }
 }