X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/45c855269d952873285f7a835e82fc2b3eff3971..047bc803a5228a0a786462cabdfa5fdd9be762a4:/report.php

diff --git a/report.php b/report.php
index d712968d..3f207449 100644
--- a/report.php
+++ b/report.php
@@ -33,7 +33,7 @@ import('ttReportHelper');
 import('ttTeamHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -70,11 +70,12 @@ $client_id = $bean->getAttribute('client');
 // Do we need to show checkboxes?
 if ($bean->getAttribute('chpaid') ||
    ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
-  $smarty->assign('use_checkboxes', true);
+  if ($user->can('manage_invoices'))
+    $smarty->assign('use_checkboxes', true);
 }
 
 // Controls for "Mark paid" block.
-if ($bean->getAttribute('chpaid')) {
+if ($user->can('manage_invoices') && $bean->getAttribute('chpaid')) {
   $mark_paid_select_options = array('1'=>$i18n->get('dropdown.all'),'2'=>$i18n->get('dropdown.select'));
   $form->addInput(array('type'=>'combobox',
     'name'=>'mark_paid_select_options',
@@ -90,7 +91,8 @@ if ($bean->getAttribute('chpaid')) {
 }
 
 // Controls for "Assign to invoice" block.
-if ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient()) {
+if ($user->can('manage_invoices') &&
+  ($client_id && $bean->getAttribute('chinvoice') && ('no_grouping' == $bean->getAttribute('group_by')) && !$user->isClient())) {
   // Client is selected and we are displaying the invoice column.
   $recent_invoices = ttTeamHelper::getRecentInvoices($user->group_id, $client_id);
   if ($recent_invoices) {