Fixed user edit to hide projects for client roles.

author Nik Okuntseff <support@anuko.com>

Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)

committer Nik Okuntseff <support@anuko.com>

Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)
author Nik Okuntseff <support@anuko.com>
Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)
committer Nik Okuntseff <support@anuko.com>
Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)
diff --git a/WEB-INF/lib/ttTimesheetHelper.class.php b/WEB-INF/lib/ttTimesheetHelper.class.php

index 1d43f1527f70f52fb760200a429d2bd47fd79c0b..3e44c8c345d69d62a2b68e32ba2a5275fd2110c7 100644 (file)
--- a/WEB-INF/lib/ttTimesheetHelper.class.php
+++ b/WEB-INF/lib/ttTimesheetHelper.class.php
@@ -209,4 +209,28 @@ class ttTimesheetHelper {
      $affected = $mdb2->exec($sql);
      return (!is_a($affected, 'PEAR_Error'));
    }
      $affected = $mdb2->exec($sql);
      return (!is_a($affected, 'PEAR_Error'));
    }
+
+  // isUserValid function is used during access checks and determines whether user id, passed in post, is valid
+  // in current context.
+  static function isUserValid($user_id) {
+    // We have to cover several situations.
+    //
+    // 1) User is a client.
+    // 2) User with view_all_timesheets rights.
+    // 3) User with view_timesheets rights.
+
+    global $user;
+
+    // Step 1.
+    // A client must have view_client_timesheets and
+    // aser must be assigned to one of client projects.
+    if ($user->isClient()) {
+      if (!$user->can('view_client_timesheets'))
+        return false;
+      $valid_users = ttGroupHelper::getUsersForClient($user->client_id);
+      $v = 2;
+    }
+
+    return true;
+  }
  }
  }
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl

index 252e32273160a0211cb180202f6e411cf47c4287..8b2787ff2ea70bf5b9e2fae74cf38ab0f216cac7 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
        <br>
        <table cellspacing="0" cellpadding="4" width="100%" border="0">
          <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.37.4741 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.37.4742 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
              <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
              <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
              <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/WEB-INF/templates/timesheets.tpl b/WEB-INF/templates/timesheets.tpl

index 45a67645dc268a2537ad2b0f06139d93996a8369..dc5c8155799cf1a4e40a9a7cf1ace4187c8424e7 100644 (file)
--- a/WEB-INF/templates/timesheets.tpl
+++ b/WEB-INF/templates/timesheets.tpl
@@ -4,7 +4,9 @@
  
  {$forms.timesheetsForm.open}
  <table cellspacing="0" cellpadding="7" border="0" width="720">
  
  {$forms.timesheetsForm.open}
  <table cellspacing="0" cellpadding="7" border="0" width="720">
+{if $show_hint}
    <tr><td align="left">{$i18n.form.timesheets.hint}<br></td></tr>
    <tr><td align="left">{$i18n.form.timesheets.hint}<br></td></tr>
+{/if}
  {if $user_dropdown}
    <tr><td align="center">{$i18n.label.user}: {$forms.timesheetsForm.user.control}</td></tr>
  {/if}
  {if $user_dropdown}
    <tr><td align="center">{$i18n.label.user}: {$forms.timesheetsForm.user.control}</td></tr>
  {/if}
diff --git a/WEB-INF/templates/user_edit.tpl b/WEB-INF/templates/user_edit.tpl

index 32947545d968e7588b1ba1047c6746c6e63cc1fe..f9ec2334792c970e30efb8cb062797a729b8a8ab 100644 (file)
--- a/WEB-INF/templates/user_edit.tpl
+++ b/WEB-INF/templates/user_edit.tpl
@@ -51,20 +51,31 @@ function setRate(element) {
    }
  }
  
    }
  }
  
-// handleClientControl - controls visibility of the client dropdown depending on the selected user role.
-// We need to show it only when the "Client" user role is selected.
+// handleClientControl - controls visibility of the client dropdown depending on the selected user role,
+// also hides and unselects projects when "Client" user role is selected.
  function handleClientControl() {
    var selectedRoleId = document.getElementById("role").value;
    var clientControl = document.getElementById("client");
  function handleClientControl() {
    var selectedRoleId = document.getElementById("role").value;
    var clientControl = document.getElementById("client");
+  var projectsControl = document.getElementById("projects_control");
+
    var len = roles.length;
    for (var i = 0; i < len; i++) {
      if (selectedRoleId == roles[i][0]) {
        var isClient = roles[i][1];
    var len = roles.length;
    for (var i = 0; i < len; i++) {
      if (selectedRoleId == roles[i][0]) {
        var isClient = roles[i][1];
-      if (isClient == 1)
+      if (isClient == 1) {
          clientControl.style.visibility = "visible";
          clientControl.style.visibility = "visible";
-      else {
-        clientControl.value = '';
+        projectsControl.style.display = "none";
+
+        // Uncheck all project checkboxes.
+        var checkboxes = document.getElementsByName("projects[]");
+        var j;
+        for (j = 0; j < checkboxes.length; j++) {
+          checkboxes[j].checked = false;
+        }
+      } else {
+        clientControl.value = "";
          clientControl.style.visibility = "hidden";
          clientControl.style.visibility = "hidden";
+        projectsControl.style.display = "";
        }
        break;
      }
        }
        break;
      }
@@ -125,10 +136,12 @@ function handleClientControl() {
  {/if}
  {if $show_projects}
      <tr><td>&nbsp;</td></tr>
  {/if}
  {if $show_projects}
      <tr><td>&nbsp;</td></tr>
+<tbody id="projects_control">
      <tr valign="top">
        <td align="right">{$i18n.label.projects}:</td>
        <td>{$forms.userForm.projects.control}</td>
      </tr>
      <tr valign="top">
        <td align="right">{$i18n.label.projects}:</td>
        <td>{$forms.userForm.projects.control}</td>
      </tr>
+</tbody>
  {/if}
      <tr>
        <td colspan="2" align="center">{$i18n.label.required_fields}</td>
  {/if}
      <tr>
        <td colspan="2" align="center">{$i18n.label.required_fields}</td>
diff --git a/timesheets.php b/timesheets.php

index 9dc0d2c891d1c1ed89b22203045c40de2a18d945..82a8307450088494d2024a8c8f8ae955c3ea9b25 100644 (file)
--- a/timesheets.php
+++ b/timesheets.php
@@ -28,6 +28,7 @@
  
  require_once('initialize.php');
  import('form.Form');
  
  require_once('initialize.php');
  import('form.Form');
+import('ttGroupHelper');
  import('ttTimesheetHelper');
  
  // Access checks.
  import('ttTimesheetHelper');
  
  // Access checks.
@@ -39,22 +40,34 @@ if (!$user->isPluginEnabled('ts')) {
    header('Location: feature_disabled.php');
    exit();
  }
    header('Location: feature_disabled.php');
    exit();
  }
+if ($user->isClient()) {
+  $users_for_client = ttGroupHelper::getUsersForClient($user->client_id);
+  if (count($users_for_client) == 0) {
+    header('Location: access_denied.php'); // There are no users for client.
+    exit();
+  }
+}
  if ($request->isPost()) {
    $userChanged = $request->getParameter('user_changed');
  if ($request->isPost()) {
    $userChanged = $request->getParameter('user_changed');
-  if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
-    header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
+  if ($userChanged && !(ttTimesheetHelper::isUserValid($request->getParameter('user')))) {
+    header('Location: access_denied.php'); // Wrong user id.
      exit();
    }
  }
  // End of access checks.
  
  // Determine user for whom we display this page.
      exit();
    }
  }
  // End of access checks.
  
  // Determine user for whom we display this page.
+$notClient = !$user->isClient();
  if ($request->isPost() && $userChanged) {
    $user_id = $request->getParameter('user');
  } else {
  if ($request->isPost() && $userChanged) {
    $user_id = $request->getParameter('user');
  } else {
-  $user_id = $user->getUser();
+  if ($notClient)
+    $user_id = $user->getUser();
+  else
+    $user_id = $users_for_client[0]['id']; // First found user for a client.
  }
  
  }
  
+
  $group_id = $user->getGroup();
  
  // Elements of timesheetsForm.
  $group_id = $user->getGroup();
  
  // Elements of timesheetsForm.
@@ -86,13 +99,14 @@ if ($user->can('view_timesheets') || $user->can('view_all_timesheets') || $user-
  // TODO: fix this for client access.
  $active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id);
  $inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
  // TODO: fix this for client access.
  $active_timesheets = ttTimesheetHelper::getActiveTimesheets($user_id);
  $inactive_timesheets = ttTimesheetHelper::getInactiveTimesheets($user_id);
-$show_client = $user->isPluginEnabled('cl') && !$user->isClient();
+$show_client = $user->isPluginEnabled('cl') && $notClient;
  
  $smarty->assign('active_timesheets', $active_timesheets);
  $smarty->assign('inactive_timesheets', $inactive_timesheets);
  $smarty->assign('show_client', $show_client);
  
  $smarty->assign('active_timesheets', $active_timesheets);
  $smarty->assign('inactive_timesheets', $inactive_timesheets);
  $smarty->assign('show_client', $show_client);
-$smarty->assign('show_submit_status', !$user->isClient());
-$smarty->assign('show_approval_status', !$user->isClient());
+$smarty->assign('show_hint', $notClient);
+$smarty->assign('show_submit_status', $notClient);
+$smarty->assign('show_approval_status', $notClient);
  $smarty->assign('forms', array($form->getName()=>$form->toArray()));
  $smarty->assign('title', $i18n->get('title.timesheets'));
  $smarty->assign('content_page_name', 'timesheets.tpl');
  $smarty->assign('forms', array($form->getName()=>$form->toArray()));
  $smarty->assign('title', $i18n->get('title.timesheets'));
  $smarty->assign('content_page_name', 'timesheets.tpl');
diff --git a/user_edit.php b/user_edit.php

index 582452d9a13f981e86aeae8b542cd9eb099a6d73..cda9ab2d0088c7f0448620159ca12d98fffb9649 100644 (file)
--- a/user_edit.php
+++ b/user_edit.php
@@ -147,7 +147,7 @@ class RateCellRenderer extends DefaultCellRenderer {
  // Create projects table.
  $table = new Table('projects');
  $table->setIAScript('setRate');
  // Create projects table.
  $table = new Table('projects');
  $table->setIAScript('setRate');
-$table->setTableOptions(array('width'=>'100%','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
+$table->setTableOptions(array('width'=>'300','cellspacing'=>'1','cellpadding'=>'3','border'=>'0'));
  $table->setRowOptions(array('valign'=>'top','class'=>'tableHeader'));
  $table->setData($projects);
  $table->setKeyField('id');
  $table->setRowOptions(array('valign'=>'top','class'=>'tableHeader'));
  $table->setData($projects);
  $table->setKeyField('id');
author	Nik Okuntseff <support@anuko.com>
	Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)
committer	Nik Okuntseff <support@anuko.com>
	Wed, 20 Feb 2019 15:37:47 +0000 (15:37 +0000)
WEB-INF/lib/ttTimesheetHelper.class.php		patch \| blob \| history
WEB-INF/templates/footer.tpl		patch \| blob \| history
WEB-INF/templates/timesheets.tpl		patch \| blob \| history
WEB-INF/templates/user_edit.tpl		patch \| blob \| history
timesheets.php		patch \| blob \| history
user_edit.php		patch \| blob \| history