Disallowed editing records assigned to timesheets.

diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php
index a66652b70a2edd0c8d45e0a55f0621ae3e5004ba..bdec1a5f7e489c514cdc8d84b45d7fb729c5e359 100644 (file)
--- a/WEB-INF/lib/ttTimeHelper.class.php
+++ b/WEB-INF/lib/ttTimeHelper.class.php
@@ -667,14 +667,14 @@ class ttTimeHelper {
 
     $mdb2 = getConnection();
 
-    $sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,
-      TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,
-      TIME_FORMAT(l.duration, '%k:%i') as duration,
-      p.name as project_name, t.name as task_name, l.comment, l.client_id, l.project_id, l.task_id, l.invoice_id, l.billable, l.paid, l.date
-      from tt_log l
-      left join tt_projects p on (p.id = l.project_id)
-      left join tt_tasks t on (t.id = l.task_id)
-      where l.id = $id and l.user_id = $user_id and l.status = 1";
+    $sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,".
+      " TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
+      " TIME_FORMAT(l.duration, '%k:%i') as duration,".
+      " p.name as project_name, t.name as task_name, l.comment, l.client_id, l.project_id, l.task_id,".
+      " l.timesheet_id, l.invoice_id, l.billable, l.paid, l.date from tt_log l".
+      " left join tt_projects p on (p.id = l.project_id)".
+      " left join tt_tasks t on (t.id = l.task_id)".
+      " where l.id = $id and l.user_id = $user_id and l.status = 1";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       if (!$res->numRows()) {
@@ -730,13 +730,12 @@ class ttTimeHelper {
       $left_joins .= " left join tt_clients c on (l.client_id = c.id)";
 
     $result = array();
-    $sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,
-      TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,
-      TIME_FORMAT(l.duration, '%k:%i') as duration, p.name as project, t.name as task, l.comment, l.billable, l.invoice_id $client_field
-      from tt_log l
-      $left_joins
-      where l.date = '$date' and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1
-      order by l.start, l.id";
+    $sql = "select l.id as id, TIME_FORMAT(l.start, $sql_time_format) as start,".
+      " TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
+      " TIME_FORMAT(l.duration, '%k:%i') as duration, p.name as project, t.name as task, l.comment,".
+      " l.billable, l.timesheet_id, l.invoice_id $client_field from tt_log l $left_joins".
+      " where l.date = '$date' and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1".
+      " order by l.start, l.id";
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       while ($val = $res->fetchRow()) {

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index e23882ac82778baa655502a5f01d4c7db111ff45..b5578c431fab9c16cf6f611f968d161438ea3943 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.46.4795 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.46.4796 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/WEB-INF/templates/mobile/time.tpl b/WEB-INF/templates/mobile/time.tpl
index 35242e2f38505557083145a64c1445154750eeb2..cde0b5ef1b34d69cabcfda67405335e615f26ce8 100644 (file)
--- a/WEB-INF/templates/mobile/time.tpl
+++ b/WEB-INF/templates/mobile/time.tpl
@@ -25,7 +25,7 @@
         <td valign="top">{$record.project|escape}</td>
 {/if}
         <td align="right" valign="top">{if ($record.duration == '0:00' && $record.start <> '')}<font color="#ff0000">{/if}{$record.duration}{if ($record.duration == '0:00' && $record.start <> '')}</font>{/if}</td>
-        <td align="center">{if $record.invoice_id}&nbsp;{else}<a href="time_edit.php?id={$record.id}">{$i18n.label.edit}</a>{/if}</td>
+        <td align="center">{if $record.timesheet_id|| $record.invoice_id}&nbsp;{else}<a href="time_edit.php?id={$record.id}">{$i18n.label.edit}</a>{/if}</td>
       </tr>
       {/foreach}
     </table>

diff --git a/WEB-INF/templates/time.tpl b/WEB-INF/templates/time.tpl
index bf28c509135b23af57e73badb34d83f77fbd39df..f82897d2a9f285a565951c28998fb7d201931dac 100644 (file)
--- a/WEB-INF/templates/time.tpl
+++ b/WEB-INF/templates/time.tpl
@@ -130,7 +130,7 @@
         <td align="right" valign="top">{if ($record.duration == '0:00' && $record.start <> '')}<font color="#ff0000">{$i18n.form.time.uncompleted}</font>{else}{$record.duration}{/if}</td>
         <td valign="top">{if $record.comment}{$record.comment|escape}{else}&nbsp;{/if}</td>
         <td valign="top" align="center">
-    {if $record.invoice_id}
+    {if $record.timesheet_id || $record.invoice_id}
           &nbsp;
     {else}
           <a href="time_edit.php?id={$record.id}">{$i18n.label.edit}</a>

diff --git a/mobile/time_delete.php b/mobile/time_delete.php
index 10473260161d76f45b3361e8b903584233f18826..8ebb98a88f1f9b2a2b454efac6220fced2efb4e2 100644 (file)
--- a/mobile/time_delete.php
+++ b/mobile/time_delete.php
@@ -40,8 +40,8 @@ if (!ttAccessAllowed('track_own_time')) {
 $cl_id = (int)$request->getParameter('id');
 $user_id = $user->getUser();
 $time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
-if (!$time_rec || $time_rec['invoice_id']) {
-  // Prohibit deleting not ours or invoiced records.
+if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_edit.php b/mobile/time_edit.php
index 803ca4e4f5597506087fe6ec743f542b528bf4e3..0b5b090e38f50dc2bcb055868abeffd935c660f5 100644 (file)
--- a/mobile/time_edit.php
+++ b/mobile/time_edit.php
@@ -42,8 +42,8 @@ if (!ttAccessAllowed('track_own_time')) {
 $cl_id = (int)$request->getParameter('id');
 $user_id = $user->getUser();
 $time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
-if (!$time_rec || $time_rec['invoice_id']) {
-  // Prohibit editing not ours or invoiced records.
+if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit editing not ours, or assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_delete.php b/time_delete.php
index 5d6e572981b5575e99e87238c4f7f5b27ec5e899..1b6f5c2984bb48f9e82ee4e21c4df38f7249f82e 100644 (file)
--- a/time_delete.php
+++ b/time_delete.php
@@ -40,8 +40,8 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
 $cl_id = (int)$request->getParameter('id');
 $user_id = $user->getUser();
 $time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
-if (!$time_rec || $time_rec['invoice_id']) {
-  // Prohibit deleting not ours or invoiced records.
+if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_edit.php b/time_edit.php
index 3bd52e6f50e1f1f9492f6c5bdb797307b1819fde..48db27ea747f90eef1048d5129050922099f32ea 100644 (file)
--- a/time_edit.php
+++ b/time_edit.php
@@ -42,8 +42,8 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
 $cl_id = (int)$request->getParameter('id');
 $user_id = $user->getUser();
 $time_rec = ttTimeHelper::getRecord($cl_id, $user_id);
-if (!$time_rec || $time_rec['invoice_id']) {
-  // Prohibit editing not ours or invoiced records.
+if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit editing not ours, or assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }