X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/840056890d9b574fcc62fdf386db346f133baa91..6e2b1ec1880cebedef5a1ca380820ad0d40d06a2:/WEB-INF/lib/ttReportHelper.class.php

diff --git a/WEB-INF/lib/ttReportHelper.class.php b/WEB-INF/lib/ttReportHelper.class.php
index 0fa00d13..0cc2702c 100644
--- a/WEB-INF/lib/ttReportHelper.class.php
+++ b/WEB-INF/lib/ttReportHelper.class.php
@@ -639,9 +639,18 @@ class ttReportHelper {
     $org_id = $user->org_id;
 
     if ($time_log_ids) {
-      if ($timesheet_id)
+      // Use inner join as a protection mechanism not to do anything with "acted upon" timesheets.
+      // Allow oprations only with pending timesheets.
+      if ($timesheet_id) {
+        // Assigning a timesheet to records.
         $inner_join = " inner join tt_timesheets ts on (ts.id = $timesheet_id".
-          " and ts.user_id = $user_id and ts.approve_status is null)";
+          " and ts.user_id = $user_id and ts.approve_status is null". // Timesheet to assign to is pending.
+          // Part below: existing timesheet either not exists or is also pending.
+          " and (l.timesheet_id is null or (l.timesheet_id = ts.id and ts.approve_status is null)))";
+      } else {
+        $inner_join = " inner join tt_timesheets ts on (ts.id = l.timesheet_id".
+          " and ts.user_id = $user_id and ts.approve_status is null)"; // Do not deassign from acted-upon timesheets.
+      }
 
       $sql = "update tt_log l $inner_join".
         " set l.timesheet_id = ".$mdb2->quote($timesheet_id).