X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/45c855269d952873285f7a835e82fc2b3eff3971..53171dda875db008bc0ce6da98115dff6b3232e8:/reports.php

diff --git a/reports.php b/reports.php
index 99683c1a..11d1434d 100644
--- a/reports.php
+++ b/reports.php
@@ -37,7 +37,7 @@ import('ttFavReportHelper');
 import('ttClientHelper');
 
 // Access check.
-if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports'))) {
+if (!(ttAccessAllowed('view_own_reports') || ttAccessAllowed('view_reports') || ttAccessAllowed('view_all_reports'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -66,10 +66,11 @@ $form->addInput(array('type'=>'submit','name'=>'btn_generate','value'=>$i18n->ge
 $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'),'onclick'=>"return confirm('".$i18n->get('form.reports.confirm_delete')."')"));
 
 // Dropdown for clients if the clients plugin is enabled.
-if ($user->isPluginEnabled('cl') && !($user->isClient() && $user->client_id)) {
-  if ($user->canManageTeam() || ($user->isClient() && !$user->client_id))
-    $client_list = ttClientHelper::getClients();
-  else
+if ($user->isPluginEnabled('cl') && !$user->isClient()) {
+  if ($user->can('view_reports') || $user->can('view_all_reports')) {
+    $client_list = ttClientHelper::getClients(); // TODO: improve getClients for "view_reports"
+                                                 // by filtering out not relevant clients.
+  } else
     $client_list = ttClientHelper::getClientsForUser();
   $form->addInput(array('type'=>'combobox',
     'name'=>'client',
@@ -141,13 +142,15 @@ if ($user->canManageTeam() && $user->isPluginEnabled('ps')) {
 }
 
 $user_list = array();
-if ($user->can('view_reports') || $user->isClient()) {
+if ($user->can('view_reports') || $user->can('view_all_reports') || $user->isClient()) {
   // Prepare user and assigned projects arrays.
-  if ($user->can('view_reports')) {
+  if ($user->can('view_reports') || $user->can('view_all_reports')) {
+    $max_rank = $user->rank-1;
+    if ($user->can('view_all_reports')) $max_rank = 512;
     if ($user->can('view_own_reports'))
-      $options = array('max_rank'=>$user->rank-1,'include_self'=>true);
+      $options = array('max_rank'=>$max_rank,'include_self'=>true);
     else
-      $options = array('max_rank'=>$user->rank-1);
+      $options = array('max_rank'=>$max_rank);
     $users = $user->getUsers($options); // Active and inactive users.
   }
   elseif ($user->isClient())