X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/a62e4bdd1bc89ea4f3cf29507399b5b8f229597a..35af76f7c66ba10e2e1279f2e9afbdb2b09a141d:/expense_edit.php diff --git a/expense_edit.php b/expense_edit.php index 9ea7c649..a4bb6a4f 100644 --- a/expense_edit.php +++ b/expense_edit.php @@ -32,21 +32,26 @@ import('ttTeamHelper'); import('DateAndTime'); import('ttExpenseHelper'); -// Access check. -if (!ttAccessAllowed('track_own_expenses') || !$user->isPluginEnabled('ex')) { +// Access checks. +if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses'))) { header('Location: access_denied.php'); exit(); } - -$cl_id = $request->getParameter('id'); - +if (!$user->isPluginEnabled('ex')) { + header('Location: feature_disabled.php'); + exit(); +} +$cl_id = (int)$request->getParameter('id'); // Get the expense item we are editing. -$expense_item = ttExpenseHelper::getItem($cl_id, $user->getActiveUser()); - -// Prohibit editing invoiced items. -if ($expense_item['invoice_id']) die($i18n->get('error.sys')); +$expense_item = ttExpenseHelper::getItem($cl_id, $user->getUser()); +if (!$expense_item || $expense_item['invoice_id']) { + // Prohibit editing not ours or invoiced items. + header('Location: access_denied.php'); + exit(); +} $item_date = new DateAndTime(DB_DATEFORMAT, $expense_item['date']); +$confirm_save = $user->getConfirmSave(); // Initialize variables. $cl_date = $cl_client = $cl_project = $cl_item_name = $cl_cost = null; @@ -72,7 +77,7 @@ $form = new Form('expenseItemForm'); // Dropdown for clients in MODE_TIME. Use all active clients. if (MODE_TIME == $user->tracking_mode && $user->isPluginEnabled('cl')) { - $active_clients = ttTeamHelper::getActiveClients($user->team_id, true); + $active_clients = ttTeamHelper::getActiveClients($user->group_id, true); $form->addInput(array('type'=>'combobox', 'onchange'=>'fillProjectDropdown(this.value);', 'name'=>'client', @@ -97,7 +102,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t // Dropdown for clients if the clients plugin is enabled. if ($user->isPluginEnabled('cl')) { - $active_clients = ttTeamHelper::getActiveClients($user->team_id, true); + $active_clients = ttTeamHelper::getActiveClients($user->group_id, true); // We need an array of assigned project ids to do some trimming. foreach($project_list as $project) $projects_assigned_to_user[] = $project['id']; @@ -123,7 +128,7 @@ if (MODE_PROJECTS == $user->tracking_mode || MODE_PROJECTS_AND_TASKS == $user->t } } // If predefined expenses are configured, add controls to select an expense and quantity. -$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->team_id); +$predefined_expenses = ttTeamHelper::getPredefinedExpenses($user->group_id); if ($predefined_expenses) { $form->addInput(array('type'=>'combobox', 'onchange'=>'recalculateCost();', @@ -137,14 +142,16 @@ if ($predefined_expenses) { } $form->addInput(array('type'=>'textarea','maxlength'=>'800','name'=>'item_name','style'=>'width: 250px; height:'.NOTE_INPUT_HEIGHT.'px;','value'=>$cl_item_name)); $form->addInput(array('type'=>'text','maxlength'=>'40','name'=>'cost','style'=>'width: 100px;','value'=>$cl_cost)); -if ($user->canManageTeam() && $user->isPluginEnabled('ps')) +if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) $form->addInput(array('type'=>'checkbox','name'=>'paid','value'=>$cl_paid)); $form->addInput(array('type'=>'datefield','name'=>'date','maxlength'=>'20','value'=>$cl_date)); // Hidden control for record id. $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_id)); $form->addInput(array('type'=>'hidden','name'=>'browser_today','value'=>'')); // User current date, which gets filled in on btn_save or btn_copy click. -$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.save'))); -$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>'browser_today.value=get_date()','value'=>$i18n->get('button.copy'))); +$on_click_action = 'browser_today.value=get_date();'; +$form->addInput(array('type'=>'submit','name'=>'btn_copy','onclick'=>$on_click_action,'value'=>$i18n->get('button.copy'))); +if ($confirm_save) $on_click_action .= 'return(confirmSave());'; +$form->addInput(array('type'=>'submit','name'=>'btn_save','onclick'=>$on_click_action,'value'=>$i18n->get('button.save'))); $form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); if ($request->isPost()) { @@ -185,7 +192,7 @@ if ($request->isPost()) { // Now, an update. if ($err->no()) { - if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(), + if (ttExpenseHelper::update(array('id'=>$cl_id,'date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getUser(), 'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'paid'=>$cl_paid))) { header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT)); exit(); @@ -201,8 +208,8 @@ if ($request->isPost()) { // Now, a new insert. if ($err->no()) { - if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'user_id'=>$user->getActiveUser(), - 'client_id'=>$cl_client,'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) { + if (ttExpenseHelper::insert(array('date'=>$new_date->toString(DB_DATEFORMAT),'client_id'=>$cl_client, + 'project_id'=>$cl_project,'name'=>$cl_item_name,'cost'=>$cl_cost,'status'=>1))) { header('Location: expenses.php?date='.$new_date->toString(DB_DATEFORMAT)); exit(); } else @@ -216,6 +223,10 @@ if ($request->isPost()) { } } // isPost +if ($confirm_save) { + $smarty->assign('confirm_save', true); + $smarty->assign('entry_date', $cl_date); +} $smarty->assign('predefined_expenses', $predefined_expenses); $smarty->assign('client_list', $client_list); $smarty->assign('project_list', $project_list);