Better protection against editing and deleting approved records.

diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php
index 2a47c741e0d688f4d1fddb88f5dd2c157181beae..b2bb2c076403e9cdb38fec3aaadd891b711cf0b2 100644 (file)
--- a/WEB-INF/lib/ttTimeHelper.class.php
+++ b/WEB-INF/lib/ttTimeHelper.class.php
@@ -676,7 +676,7 @@ class ttTimeHelper {
       " TIME_FORMAT(sec_to_time(time_to_sec(l.start) + time_to_sec(l.duration)), $sql_time_format) as finish,".
       " TIME_FORMAT(l.duration, '%k:%i') as duration,".
       " p.name as project_name, t.name as task_name, l.comment, l.client_id, l.project_id, l.task_id,".
-      " l.timesheet_id, l.invoice_id, l.billable, l.paid, l.date from tt_log l".
+      " l.timesheet_id, l.invoice_id, l.billable, l.approved, l.paid, l.date from tt_log l".
       " left join tt_projects p on (p.id = l.project_id)".
       " left join tt_tasks t on (t.id = l.task_id)".
       " where l.id = $id and l.user_id = $user_id and l.group_id = $group_id and l.org_id = $org_id and l.status = 1";

diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index ff57292b48e2f8bbfe5adc7dc18bb0ac10ed1955..08935c6d8129c2ea942281daf10b94e21bf2f312 100644 (file)
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4830 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.18.53.4831 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>

diff --git a/mobile/time_delete.php b/mobile/time_delete.php
index 1b122fb9edb36e01b0a4015f886fc95929ab5efc..a68da767a861e82fd48a9bfb6420f0bf51c59773 100644 (file)
--- a/mobile/time_delete.php
+++ b/mobile/time_delete.php
@@ -39,8 +39,8 @@ if (!ttAccessAllowed('track_own_time')) {
 }
 $cl_id = (int)$request->getParameter('id');
 $time_rec = ttTimeHelper::getRecord($cl_id);
-if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
-  // Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
+if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit deleting not ours, approved, assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/mobile/time_edit.php b/mobile/time_edit.php
index 1f8f7de91ccbfc0a83969503b774c2d50fb098f9..e81f693cab30641454fcd74355f8cb7410f713ea 100644 (file)
--- a/mobile/time_edit.php
+++ b/mobile/time_edit.php
@@ -41,8 +41,8 @@ if (!ttAccessAllowed('track_own_time')) {
 }
 $cl_id = (int)$request->getParameter('id');
 $time_rec = ttTimeHelper::getRecord($cl_id);
-if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
-  // Prohibit editing not ours, or assigned to timesheet, or invoiced records.
+if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit editing not ours, approved, assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_delete.php b/time_delete.php
index e83630edf52bad6f3234513c9a8f934eb8f3f341..a7b802b6033fb94eaca988fd0564bdf58d1de05b 100644 (file)
--- a/time_delete.php
+++ b/time_delete.php
@@ -39,8 +39,8 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
 }
 $cl_id = (int)$request->getParameter('id');
 $time_rec = ttTimeHelper::getRecord($cl_id);
-if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
-  // Prohibit deleting not ours, or assigned to timesheet, or invoiced records.
+if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit deleting not ours, approved, assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }

diff --git a/time_edit.php b/time_edit.php
index 23cc63d5abbf21d025499aa648eb1d6534198955..ef45226b883c0c59235c92c5f34f04b58c2e4a83 100644 (file)
--- a/time_edit.php
+++ b/time_edit.php
@@ -41,8 +41,8 @@ if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time'))) {
 }
 $cl_id = (int)$request->getParameter('id');
 $time_rec = ttTimeHelper::getRecord($cl_id);
-if (!$time_rec || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
-  // Prohibit editing not ours, or assigned to timesheet, or invoiced records.
+if (!$time_rec || $time_rec['approved'] || $time_rec['timesheet_id'] || $time_rec['invoice_id']) {
+  // Prohibit editing not ours, approved, assigned to timesheet, or invoiced records.
   header('Location: access_denied.php');
   exit();
 }