X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/a64a8d017c37bec34585e0c345a0c139ac3b43a0..3ad837214ca361fdaac5363d9e702d3d40d04b17:/WEB-INF/lib/ttTimesheetHelper.class.php

diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php
index df654e07..3e44c8c3 100644
--- a/WEB-INF/lib/ttTimesheetHelper.class.php
+++ b/WEB-INF/lib/ttTimesheetHelper.class.php
@@ -154,7 +154,7 @@ class ttTimesheetHelper {
     if ($user->isClient()) $client_part = "and client_id = $user->client_id";
 
     $sql = "select * from tt_timesheets".
-      " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status = 1";
+      " where id = $timesheet_id and group_id = $group_id and org_id = $org_id $client_part and status is not null";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       if ($val = $res->fetchRow())
@@ -189,4 +189,48 @@ class ttTimesheetHelper {
     $affected = $mdb2->exec($sql);
     return (!is_a($affected, 'PEAR_Error'));
   }
+
+  // update function - updates the timesheet in database.
+  static function update($fields) {
+    global $user;
+    $mdb2 = getConnection();
+
+    $group_id = $user->getGroup();
+    $org_id = $user->org_id;
+
+    $timesheet_id = $fields['id']; // Timesheet we are updating.
+    $name = $fields['name']; // Timesheet name.
+    $submitter_comment = $fields['submitter_comment'];
+    $status = $fields['status']; // Project status.
+
+    $sql = "update tt_timesheets set name = ".$mdb2->quote($name).", submitter_comment = ".$mdb2->quote($submitter_comment).
+      ", status = ".$mdb2->quote($status).
+      " where id = $timesheet_id and group_id = $group_id and org_id = $org_id";
+    $affected = $mdb2->exec($sql);
+    return (!is_a($affected, 'PEAR_Error'));
+  }
+
+  // isUserValid function is used during access checks and determines whether user id, passed in post, is valid
+  // in current context.
+  static function isUserValid($user_id) {
+    // We have to cover several situations.
+    //
+    // 1) User is a client.
+    // 2) User with view_all_timesheets rights.
+    // 3) User with view_timesheets rights.
+
+    global $user;
+
+    // Step 1.
+    // A client must have view_client_timesheets and
+    // aser must be assigned to one of client projects.
+    if ($user->isClient()) {
+      if (!$user->can('view_client_timesheets'))
+        return false;
+      $valid_users = ttGroupHelper::getUsersForClient($user->client_id);
+      $v = 2;
+    }
+
+    return true;
+  }
 }