X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/3c959f0cd6c32bcfa962480ebd87e7ee4ae6d5c1..3d9beabc77b40f26d2ae76269d03ca1c379f0bd0:/WEB-INF/lib/ttReportHelper.class.php diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php index 624ea8f3..acf33681 100644 --- a/WEB-INF/lib/ttReportHelper.class.php +++ b/WEB-INF/lib/ttReportHelper.class.php @@ -50,32 +50,34 @@ class ttReportHelper { if ($options['cf_1_option_id']) $dropdown_parts .= ' and l.id in(select log_id from tt_custom_field_log where status = 1 and option_id = '.$options['cf_1_option_id'].')'; if ($options['project_id']) $dropdown_parts .= ' and l.project_id = '.$options['project_id']; if ($options['task_id']) $dropdown_parts .= ' and l.task_id = '.$options['task_id']; - if ($bean->getAttribute('include_records')=='1') $dropdown_parts .= ' and l.billable = 1'; - if ($bean->getAttribute('include_records')=='2') $dropdown_parts .= ' and l.billable = 0'; - if ($bean->getAttribute('invoice')=='1') $dropdown_parts .= ' and l.invoice_id is not NULL'; - if ($bean->getAttribute('invoice')=='2') $dropdown_parts .= ' and l.invoice_id is NULL'; - if ($bean->getAttribute('paid_status')=='1') $dropdown_parts .= ' and l.paid = 1'; - if ($bean->getAttribute('paid_status')=='2') $dropdown_parts .= ' and l.paid = 0'; + if ($options['billable']=='1') $dropdown_parts .= ' and l.billable = 1'; + if ($options['billable']=='2') $dropdown_parts .= ' and l.billable = 0'; + if ($options['invoice']=='1') $dropdown_parts .= ' and l.invoice_id is not NULL'; + if ($options['invoice']=='2') $dropdown_parts .= ' and l.invoice_id is NULL'; + if ($options['paid_status']=='1') $dropdown_parts .= ' and l.paid = 1'; + if ($options['paid_status']=='2') $dropdown_parts .= ' and l.paid = 0'; + + // Note: "Prepare sql query part for user list" is different in getFavWhere because of + // special meaning of NULL value (all "active" users). + // + // If we are merging into one function, one needs to take care of this, perhaps, with redesign. - // Prepare user list part. - $userlist = -1; - if (($user->can('view_reports') || $user->isClient()) && is_array($bean->getAttribute('users'))) - $userlist = join(',', $bean->getAttribute('users')); // Prepare sql query part for user list. + $userlist = $options['users'] ? $options['users'] : '-1'; $user_list_part = null; - if ($user->can('view_reports') || $user->isClient()) + if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $user_list_part = " and l.user_id in ($userlist)"; else $user_list_part = " and l.user_id = ".$user->id; // Prepare sql query part for where. - if ($bean->getAttribute('period')) - $period = new Period($bean->getAttribute('period'), new DateAndTime($user->date_format)); + if ($options['period']) + $period = new Period($options['period'], new DateAndTime($user->date_format)); else { $period = new Period(); $period->setPeriod( - new DateAndTime($user->date_format, $bean->getAttribute('start_date')), - new DateAndTime($user->date_format, $bean->getAttribute('end_date'))); + new DateAndTime($user->date_format, $options['period_start']), + new DateAndTime($user->date_format, $options['period_end'])); } $where = " where l.status = 1 and l.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and l.date <= '".$period->getEndDate(DB_DATEFORMAT)."'". " $user_list_part $dropdown_parts"; @@ -146,30 +148,27 @@ class ttReportHelper { elseif ($user->isClient() && $user->client_id) $dropdown_parts .= ' and ei.client_id = '.$user->client_id; if ($options['project_id']) $dropdown_parts .= ' and ei.project_id = '.$options['project_id']; - if ($bean->getAttribute('invoice')=='1') $dropdown_parts .= ' and ei.invoice_id is not NULL'; - if ($bean->getAttribute('invoice')=='2') $dropdown_parts .= ' and ei.invoice_id is NULL'; - if ($bean->getAttribute('paid_status')=='1') $dropdown_parts .= ' and ei.paid = 1'; - if ($bean->getAttribute('paid_status')=='2') $dropdown_parts .= ' and ei.paid = 0'; + if ($options['invoice']=='1') $dropdown_parts .= ' and ei.invoice_id is not NULL'; + if ($options['invoice']=='2') $dropdown_parts .= ' and ei.invoice_id is NULL'; + if ($options['paid_status']=='1') $dropdown_parts .= ' and ei.paid = 1'; + if ($options['paid_status']=='2') $dropdown_parts .= ' and ei.paid = 0'; - // Prepare user list part. - $userlist = -1; - if (($user->can('view_reports') || $user->isClient()) && is_array($bean->getAttribute('users'))) - $userlist = join(',', $bean->getAttribute('users')); // Prepare sql query part for user list. + $userlist = $options['users'] ? $options['users'] : '-1'; $user_list_part = null; - if ($user->can('view_reports') || $user->isClient()) + if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) $user_list_part = " and ei.user_id in ($userlist)"; else $user_list_part = " and ei.user_id = ".$user->id; // Prepare sql query part for where. - if ($bean->getAttribute('period')) - $period = new Period($bean->getAttribute('period'), new DateAndTime($user->date_format)); + if ($options['period']) + $period = new Period($options['period'], new DateAndTime($user->date_format)); else { $period = new Period(); $period->setPeriod( - new DateAndTime($user->date_format, $bean->getAttribute('start_date')), - new DateAndTime($user->date_format, $bean->getAttribute('end_date'))); + new DateAndTime($user->date_format, $options['period_start']), + new DateAndTime($user->date_format, $options['period_end'])); } $where = " where ei.status = 1 and ei.date >= '".$period->getStartDate(DB_DATEFORMAT)."' and ei.date <= '".$period->getEndDate(DB_DATEFORMAT)."'". " $user_list_part $dropdown_parts"; @@ -1906,16 +1905,16 @@ class ttReportHelper { $options['cf_1_option_id'] = $bean->getAttribute('option'); $options['project_id'] = $bean->getAttribute('project'); $options['task_id'] = $bean->getAttribute('task'); + $options['billable'] = $bean->getAttribute('include_records'); + $options['invoice'] = $bean->getAttribute('invoice'); + $options['paid_status'] = $bean->getAttribute('paid_status'); + if (is_array($bean->getAttribute('users'))) $options['users'] = join(',', $bean->getAttribute('users')); + $options['period'] = $bean->getAttribute('period'); + $options['period_start'] = $bean->getAttribute('start_date'); + $options['period_end'] = $bean->getAttribute('end_date'); /* * TODO: remaining fields to fill in... - `billable` tinyint(4) default NULL, # whether to include billable, not billable, or all records - `invoice` tinyint(4) default NULL, # whether to include invoiced, not invoiced, or all records - `paid_status` tinyint(4) default NULL, # whether to include paid, not paid, or all records - `users` text default NULL, # Comma-separated list of user ids. Nothing here means "all" users. - `period` tinyint(4) default NULL, # selected period type for report - `period_start` date default NULL, # period start - `period_end` date default NULL, # period end `show_client` tinyint(4) NOT NULL default 0, # whether to show client column `show_invoice` tinyint(4) NOT NULL default 0, # whether to show invoice column `show_paid` tinyint(4) NOT NULL default 0, # whether to show paid column @@ -1937,4 +1936,26 @@ class ttReportHelper { */ return $options; } + + // verifyBean is a security function to make sure data in bean makes sense for a group. + static function verifyBean($bean) { + global $user; + + // Check users. + $users_in_bean = $bean->getAttribute('users'); + if (is_array($users_in_bean)) { + $users_in_group = ttTeamHelper::getUsers(); + foreach ($users_in_group as $user_in_group) { + $valid_ids[] = $user_in_group['id']; + } + foreach ($users_in_bean as $user_in_bean) { + if (!in_array($user_in_bean, $valid_ids)) { + return false; + } + } + } + + // TODO: add additional checks here. Perhaps do it before saving the bean for consistency. + return true; + } }