X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/8fd871c1242b3309b8a374a97969ab74d5375069..a4697cccdffc187c38d6560c5824fe344e59f5be:/timesheet_view.php

diff --git a/timesheet_view.php b/timesheet_view.php
index 0e9a7ea9..9b5b4cdf 100644
--- a/timesheet_view.php
+++ b/timesheet_view.php
@@ -30,7 +30,7 @@ require_once('initialize.php');
 import('ttTimesheetHelper');
 
 // Access checks.
-if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets') || ttAccessAllowed('view_client_timesheets'))) {
+if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
   header('Location: access_denied.php');
   exit();
 }
@@ -38,26 +38,29 @@ if (!$user->isPluginEnabled('ts')) {
   header('Location: feature_disabled.php');
   exit();
 }
-$timesheet_id = (int)$request->getParameter('id');
-$timesheet = ttTimesheetHelper::getTimesheet($timesheet_id);
+$cl_timesheet_id = (int)$request->getParameter('id');
+$timesheet = ttTimesheetHelper::getTimesheet($cl_timesheet_id);
 if (!$timesheet) {
   header('Location: access_denied.php');
   exit();
 }
 // TODO: add other checks here for timesheet being appropriate for user role.
-// TODO: if this is a timeheet submit, validate approver id, too.
+// TODO: if this is a timesheet submit, validate approver id, too.
 // End of access checks.
 
+if ($request->isPost()) {
+  $cl_comment = trim($request->getParameter('comment'));
+}
+
 $options = ttTimesheetHelper::getReportOptions($timesheet);
 $subtotals = ttReportHelper::getSubtotals($options);
 $totals = ttReportHelper::getTotals($options);
-$notClient = !$user->isClient();
 
 // Determine which controls to show and obtain date for them.
-$showSubmit = $notClient && !$timesheet['submit_status'];
+$showSubmit = !$timesheet['submit_status'];
 if ($showSubmit) $approvers = ttTimesheetHelper::getApprovers($timesheet['user_id']);
-$canApprove = $user->can('approve_timesheets') || $user_>can('approve_all_timesheets');
-$showApprove = $notClient && $timesheet['submit_status'] && !$timesheet['approval_status'];
+$canApprove = $user->can('approve_timesheets') || $user->can('approve_own_timesheets');
+$showApprove = $timesheet['submit_status'] && $timesheet['approval_status'] == null;
 
 // Add a form with controls.
 $form = new Form('timesheetForm');
@@ -75,6 +78,7 @@ if ($showSubmit) {
 }
 
 if ($showApprove) {
+  $form->addInput(array('type'=>'textarea','name'=>'comment','maxlength'=>'250','style'=>'width: 300px; height: 60px;'));
   $form->addInput(array('type'=>'submit','name'=>'btn_approve','value'=>$i18n->get('button.approve')));
   $form->addInput(array('type'=>'submit','name'=>'btn_disapprove','value'=>$i18n->get('button.disapprove')));
 }
@@ -91,6 +95,28 @@ if ($request->isPost()) {
     } else
       $err->add($i18n->get('error.db'));
   }
+
+  if ($request->getParameter('btn_approve')) {
+    $fields = array('timesheet_id' => $timesheet['id'],
+      'comment' => $cl_comment);
+    if (ttTimesheetHelper::approveTimesheet($fields)) {
+      // Redirect to self.
+      header('Location: timesheet_view.php?id='.$timesheet['id']);
+      exit();
+    } else
+      $err->add($i18n->get('error.db'));
+  }
+
+  if ($request->getParameter('btn_disapprove')) {
+    $fields = array('timesheet_id' => $timesheet['id'],
+      'comment' => $cl_comment);
+    if (ttTimesheetHelper::disapproveTimesheet($fields)) {
+      // Redirect to self.
+      header('Location: timesheet_view.php?id='.$timesheet['id']);
+      exit();
+    } else
+      $err->add($i18n->get('error.db'));
+  }
 }
 
 $smarty->assign('not_client', $notClient);