X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/f490a9f5e080c426f54502d1004f8ab444d26469..88bd95ec82e6b715f84b6bd09c04aebbdb4b5e4d:/timesheets.php diff --git a/timesheets.php b/timesheets.php index fcdd401b..cc43f0dd 100644 --- a/timesheets.php +++ b/timesheets.php @@ -28,14 +28,11 @@ require_once('initialize.php'); import('form.Form'); +import('ttGroupHelper'); import('ttTimesheetHelper'); // Access checks. -if (!(ttAccessAllowed('view_own_timesheets') || - ttAccessAllowed('manage_own_timesheets') || - ttAccessAllowed('view_timesheets') || - ttAccessAllowed('manage_timesheets') || - ttAccessAllowed('approve_timesheets'))) { +if (!(ttAccessAllowed('view_own_timesheets') || ttAccessAllowed('view_timesheets') || ttAccessAllowed('view_all_timesheets'))) { header('Location: access_denied.php'); exit(); } @@ -43,18 +40,23 @@ if (!$user->isPluginEnabled('ts')) { header('Location: feature_disabled.php'); exit(); } +if ($user->isClient()) { + header('Location: access_denied.php'); // No timesheets for clients. + exit(); +} if ($request->isPost()) { - $userChanged = $request->getParameter('user_changed'); - if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) { - header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. + $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below. + if ($userChanged && !($user->can('view_timesheets') && $user->isUserValid($request->getParameter('user')))) { + header('Location: access_denied.php'); // Group changed, but no rght or wrong user id. TODO: research relevance of this... exit(); } } // End of access checks. -// Determine user for whom we display this page. +// Determine user for which we display this page. if ($request->isPost() && $userChanged) { $user_id = $request->getParameter('user'); + $user->setOnBehalfUser($user_id); } else { $user_id = $user->getUser(); } @@ -64,12 +66,12 @@ $group_id = $user->getGroup(); // Elements of timesheetsForm. $form = new Form('timesheetsForm'); -if ($user->can('view_timesheets') || $user->can('view_all_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets')) { +if ($user->can('view_timesheets') || $user->can('view_all_timesheets')) { $rank = $user->getMaxRankForGroup($group_id); - if ($user->can('track_own_time')) - $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true); + if ($user->can('view_own_timesheets')) + $options = array('status'=>ACTIVE,'max_rank'=>$rank,'include_self'=>true,'self_first'=>true); else - $options = array('group_id'=>$group_id,'status'=>ACTIVE,'max_rank'=>$rank); + $options = array('status'=>ACTIVE,'max_rank'=>$rank); $user_list = $user->getUsers($options); if (count($user_list) >= 1) { $form->addInput(array('type'=>'combobox', @@ -84,19 +86,16 @@ if ($user->can('view_timesheets') || $user->can('view_all_timesheets') || $user- } } - - - -// TODO: fix this for client access. $active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id); $inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id); -$show_client = $user->isPluginEnabled('cl') && !$user->isClient(); + +$showClient = $user->isPluginEnabled('cl'); +$canEdit = $user->can('manage_own_timesheets') || $user->can('manage_timesheets') || $user->can('manage_all_timesheets'); $smarty->assign('active_timesheets', $active_timesheets); $smarty->assign('inactive_timesheets', $inactive_timesheets); -$smarty->assign('show_client', $show_client); -$smarty->assign('show_submit_status', !$user->isClient()); -$smarty->assign('show_approval_status', !$user->isClient()); +$smarty->assign('show_client', $showClient); +$smarty->assign('can_edit', $canEdit); $smarty->assign('forms', array($form->getName()=>$form->toArray())); $smarty->assign('title', $i18n->get('title.timesheets')); $smarty->assign('content_page_name', 'timesheets.tpl');