if (!$id_project) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task manager without project"); no_permission(); } $project_access = get_project_access($config["id_user"], $id_project); if (!$project_access["read"]) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task manager of unauthorized project"); no_permission(); } $project = get_db_row('tproject', 'id', $id_project); $update = get_parameter("update"); $create = get_parameter("create"); $delete = get_parameter("delete"); if (!$update && !$create && !$delete) { if (!manage_any_task($config["id_user"], $id_project)) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task manager of unauthorized project"); no_permission(); } } //Delete task if ($delete) { $task_access = get_project_access($config["id_user"], $id_project, $delete); //Check if admin or project manager before delete the task if (!$task_access["manage"]) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete a task without permission"); no_permission(); } delete_task($delete); echo '<h3 class="suc">' . __('Successfully deleted') . '</h3>'; project_tracking($id_project, PROJECT_TASK_DELETED);
global $show_setup; global $show_wiki; // PROJECTS if ($sec == "projects" && give_acl($config["id_user"], 0, "PR") && $show_projects != MENU_HIDDEN) { $id_project = get_parameter('id_project', -1); $id_task = get_parameter('id_task', -1); // Get id_task but not id_project if ($id_task != -1 and $id_project == -1) { $id_project = get_db_value("id_project", "ttask", "id", $id_task); } // ACL Permissions $section_permission = get_project_access($config["id_user"]); $manage_any_task = manage_any_task($config["id_user"]); if ($id_project > 0) { $project_permission = get_project_access($config["id_user"], $id_project); $manage_any_task_in_project = manage_any_task($config["id_user"], $id_project); } if ($id_task > 0) { $task_permission = get_project_access($config["id_user"], $id_project, $id_task, false, true); } echo "<div class='portlet' style='border:padding: 0px; margin: 0px;'>"; //echo '<a href="javascript:;" onclick="$(\'#projects\').slideToggle (); return false">'; echo "<h3>" . __('Projects') . "</h3>"; //echo "</a>"; echo "<div id=projects style='padding: 0px; margin: 0px'>"; echo "<ul class='sidemenu'>"; // Project overview if ($sec2 == "operation/projects/project_overview") { echo "<li id='sidesel'>"; } else { echo "<li>";
global $show_kb; global $show_file_releases; global $show_people; global $show_todo; global $show_agenda; global $show_setup; global $show_wiki; // PROJECTS echo "<nav id='menu_nav'>"; echo "<ul id='menu_slide'>"; if ($sec == "projects" && give_acl ($config["id_user"], 0, "PR") && $show_projects != MENU_HIDDEN) { $section_permission = get_project_access ($config["id_user"]); $manage_any_task = manage_any_task ($config["id_user"]); // if for active li project if (($sec2 == "operation/projects/project_overview") || ($sec2 == "operation/projects/user_project_timegraph") || ($sec2 == "operation/projects/project_detail") || ($sec2 == "operation/projects/role_user_global") || ($sec2 == "operation/projects/project") || ($sec2 == "operation/projects/project_detail") || ($sec2 == "operation/projects/task_planning") || ($sec2 == "operation/projects/project_timegraph") || ($sec2 == "operation/projects/project_tracking") || ($sec2 == "operation/projects/task") || ($sec2 == "operation/projects/project_report") || ($sec2 == "operation/projects/task_detail") || ($sec2 == "operation/projects/gantt") ||
include_once "include/functions_tasks.php"; // Get our main stuff $id_project = get_parameter('id_project', -1); $id_task = get_parameter('id_task', -1); $operation = (string) get_parameter('operation'); $gantt_editor = (int) get_parameter("gantt_editor"); $hours = 0; $estimated_cost = 0; // ACL Check for this task $project_permission = get_project_access($config["id_user"], $id_project); $task_permission = get_project_access($config["id_user"], $id_project, $id_task, false, true); if ($operation == "") { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to task detail without operation"); no_permission(); } elseif ($operation == "create" && !manage_any_task($config['id_user'], $id_project)) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to create a task without access"); no_permission(); } elseif ($operation == "insert") { $id_parent = (int) get_parameter('parent'); if ($id_parent == 0) { if (!$project_permission['manage']) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to insert a task without access"); no_permission(); } } $task_permission = get_project_access($config["id_user"], $id_project, $id_parent, false, true); if (!$task_permission['manage']) { // Doesn't have access to this page
function print_project_tabs($selected_tab = '') { global $config; $id_project = get_parameter('id_project', -1); $id_task = get_parameter('id_task', -1); // Get id_task but not id_project if ($id_task != -1 and $id_project == -1) { $id_project = get_db_value("id_project", "ttask", "id", $id_task); } // ACL Permissions $section_permission = get_project_access($config["id_user"]); $manage_any_task = manage_any_task($config["id_user"]); if ($id_project > 0) { $project_permission = get_project_access($config["id_user"], $id_project); $manage_any_task_in_project = manage_any_task($config["id_user"], $id_project); } $p_menu = array(); $p_menu['overview'] = array('title' => __('Project overview'), 'link' => "operation/projects/project_detail&id_project=" . $id_project, 'img' => "images/eye.png"); if ($manage_any_task_in_project) { $p_menu['task_plan'] = array('title' => __('Task planning'), 'link' => "operation/projects/task_planning&id_project=" . $id_project, 'img' => "images/task_planning.png"); } $p_menu['time'] = array('title' => __('Time graph'), 'link' => "operation/projects/project_timegraph&id_project=" . $id_project, 'img' => "images/chart_pie.png"); $p_menu['tracking'] = array('title' => __('Project traking'), 'link' => "operation/projects/project_tracking&id_project=" . $id_project, 'img' => "images/clock_tab.png"); $task_number = get_tasks_count_in_project($id_project); if ($task_number > 0) { $p_menu['task_list'] = array('title' => __('Task list') . " (" . $task_number . ")", 'link' => "operation/projects/task&id_project=" . $id_project, 'img' => "images/tree_list.png"); } else { $p_menu['task_list'] = array('title' => __('Task list') . " (" . __("Empty") . ")", 'img' => "images/tree_list_disabled.png"); } if ($manage_any_task_in_project) { $p_menu['task_new'] = array('title' => __('New task'), 'link' => "operation/projects/task_detail&operation=create&id_project=" . $id_project, 'img' => "images/new_tab.png"); } $p_menu['gantt'] = array('title' => __('Gantt chart'), 'link' => "operation/projects/gantt&id_project=" . $id_project, 'img' => "images/gantt.png"); $p_menu['milestones'] = array('title' => __('Milestones'), 'link' => "operation/projects/milestones&id_project=" . $id_project, 'img' => "images/milestone.png"); if ($project_permission['manage']) { $p_menu['people'] = array('title' => __('People'), 'link' => "operation/projects/people_manager&id_project=" . $id_project, 'img' => "images/contacts.png"); } $totalhours = get_project_workunit_hours($id_project); $totalwu = get_project_count_workunits($id_project); if ($totalwu > 0) { $p_menu['workunits'] = array('title' => __('Workunits') . " (" . $totalhours . " " . __("Hours") . ")", 'link' => "operation/projects/task_workunit&id_project=" . $id_project, 'img' => "images/workunit_tab.png"); } else { $p_menu['workunits'] = array('title' => __('Workunit') . " (" . __("Empty") . ")", 'img' => "images/workunit_disabled.png"); } $numberfiles = give_number_files_project($id_project); if ($numberfiles > 0) { $p_menu['files'] = array('title' => __('Files') . "(" . $numberfiles . ")", 'link' => "operation/projects/task_files&id_project=" . $id_project, 'img' => "images/products/folder.png"); } else { $p_menu['files'] = array('title' => __('Files') . "(" . __("Empty") . ")", 'img' => "images/folder_disabled.png"); } if ($selected_tab == 'overview') { $p_menu['report'] = array('title' => __('Project report'), 'link' => "operation/projects/project_report&id_project=" . $id_project, 'img' => "images/chart_bar_dark.png"); } if ($selected_tab == 'task_list') { $p_menu['report_task'] = array('title' => __('Tasks report'), 'link' => "operation/projects/task&id_project=" . $id_project . "&pure=1", 'img' => "images/chart_bar_dark.png"); } if ($selected_tab == 'gantt') { $p_menu['report_gant'] = array('title' => __('Full screen Gantt'), 'link' => "operation/projects/gantt&id_project=" . $id_project . "&clean_output=1", 'img' => "images/chart_bar_dark.png", 'target' => "top"); } if ($selected_tab == 'workunits') { $p_menu['report_gant'] = array('title' => __('Tasks report'), 'link' => "operation/projects/task_workunit&id_project=" . $id_project . "&pure=1", 'img' => "images/chart_bar_dark.png"); } return $p_menu; }