function check_workunit_permission($id_workunit)
{
global $config;
// Delete workunit with ACL / Project manager check
$workunit = get_db_row('tworkunit', 'id', $id_workunit);
if ($workunit === false) {
return false;
}
$id_user = $workunit["id_user"];
$id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $workunit["id"]);
$id_project = get_db_value("id_project", "ttask", "id", $id_task);
if ($id_user != $config["id_user"] && !give_acl($config["id_user"], 0, "PM") && !project_manager_check($id_project)) {
return false;
}
return true;
}
function show_workunit_user($id_workunit, $full = 0, $show_multiple = true)
{
global $config;
$sql = "SELECT * FROM tworkunit WHERE id = {$id_workunit}";
if ($res = mysql_query($sql)) {
$row = mysql_fetch_array($res);
} else {
return;
}
$timestamp = $row["timestamp"];
$duration = $row["duration"];
$id_user = $row["id_user"];
$avatar = get_db_value("avatar", "tusuario", "id_usuario", $id_user);
$nota = $row["description"];
$have_cost = $row["have_cost"];
$profile = $row["id_profile"];
$public = $row["public"];
$locked = $row["locked"];
$work_home = $row["work_home"];
$id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $row["id"]);
if (!$id_task) {
$id_incident = get_db_value("id_incident", "tworkunit_incident", "id_workunit", $row["id"]);
}
$id_project = get_db_value("id_project", "ttask", "id", $id_task);
$id_profile = get_db_value("id_profile", "tworkunit", "id", $id_workunit);
$task_title = get_db_value("name", "ttask", "id", $id_task);
if (!$id_task) {
$incident_title = get_db_value("titulo", "tincidencia", "id_incidencia", $id_incident);
}
$project_title = get_db_value("name", "tproject", "id", $id_project);
// ACL Check for visibility
if (!$public && $id_user != $config["id_user"]) {
if ($id_task) {
$task_access = get_project_access($config["id_user"], false, $id_task, false, true);
if (!$task_access["manage"]) {
return;
}
} elseif (!give_acl($config["id_user"], 0, "TM")) {
return;
}
}
echo "<form method='post' action='index.php?sec=projects&sec2=operation/projects/task_workunit'>";
// Show data
echo "<div class='notetitle'>";
// titulo
echo "<table class='blank' border=0 width='100%' cellspacing=0 cellpadding=0 style='margin-left: 0px;margin-top: 0px; background: transparent;'>";
echo "<tr><td rowspan=4 width='7%'>";
print_user_avatar($id_user, true);
echo "<td width='60%'><b>";
if ($id_task) {
echo __('Task') . " </b> : ";
echo "<a href='index.php?sec=projects&sec2=operation/projects/task_detail&id_task={$id_task}&operation=view'>{$task_title}</A>";
} else {
echo __('Ticket') . " </b> : ";
echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident&id={$id_incident}'>{$incident_title}</A>";
}
echo "</td>";
echo "<td width='13%'>";
echo "<b>" . __('Duration') . "</b>";
echo "</td>";
echo "<td width='20%'>";
echo " : " . format_numeric($duration);
echo "</td>";
echo "<td>";
// Public WU ?
echo "<span style='margin-bottom:0px; padding-right:10px;'>";
if ($public == 1) {
echo "<img src='images/group.png' title='" . __('Public Workunit') . "' />";
} else {
echo "<img src='images/delete.png' title='" . __('Non public Workunit') . "' />";
}
echo "</span>";
echo "</td></tr>";
echo "<tr>";
echo "<td><b>";
if ($id_task) {
echo __('Project') . " </b> : ";
echo "<a href='index.php?sec=projects&sec2=operation/projects/task&id_project={$id_project}'>{$project_title}</A>";
} else {
echo __('Group') . "</b> : ";
echo dame_nombre_grupo(get_db_sql("SELECT id_grupo FROM tincidencia WHERE id_incidencia = {$id_incident}"));
}
echo "</td>";
echo "<td><b>";
if ($have_cost != 0) {
$profile_cost = get_db_value("cost", "trole", "id", $profile);
$cost = format_numeric($duration * $profile_cost);
$cost = $cost . " €";
} else {
$cost = __('N/A');
}
echo __('Cost');
echo "</b>";
echo "</td>";
echo "<td>";
echo " : " . $cost;
echo "</td>";
if ($show_multiple) {
echo "<td>";
echo print_checkbox_extended('op_multiple[]', $id_workunit, false, false, '', '', true);
echo "</td>";
}
echo "</tr>";
echo "<tr>";
echo "<td><b>";
echo __('Work from home');
echo "</b>";
if ($work_home == 0) {
$wfh = __('No');
} else {
$wfh = __('Yes');
}
echo " : " . $wfh;
echo "</td>";
echo "<td><b>";
echo __('Profile');
echo "</b></td><td>";
echo " : " . get_db_value("name", "trole", "id", $profile);
echo "<tr>";
echo "<td>";
echo "<a href='index.php?sec=users&sec2=operation/users/user_edit&id={$id_user}'>";
echo "<b>" . $id_user . "</b>";
echo "</a>";
echo " " . __('said on') . ' ' . $timestamp;
echo "</td></tr>";
echo "</table>";
echo "</div>";
echo "</form>";
// Body
//echo "<div class='notebody'>";
echo "<div class='notebody' id='wu_{$id_workunit}'>";
echo "<table width='100%' class='blank'>";
echo "<tr><td valign='top'>";
if (strlen($nota) > 1024 and $full == 0) {
echo topi_richtext(clean_output_breaks(substr($nota, 0, 1024)));
echo "<br><br>";
echo "<a href='index.php?sec=users&sec2=operation/users/user_workunit_report&id_workunit=" . $id_workunit . "&title={$task_title}'>";
echo __('Read more...');
echo "</a>";
} else {
echo topi_richtext(clean_output_breaks($nota));
}
echo "<td valign='top'>";
echo "<table width='100%' class='blank'>";
if ($_GET["sec2"] == "operation/users/user_workunit_report") {
$myurl = "index.php?sec=users&sec2=operation/users/user_workunit_report&id={$id_user}";
} else {
if ($id_project > 0) {
$myurl = "index.php?sec=projects&sec2=operation/users/user_spare_workunit&id_project={$id_project}&id_task={$id_task}";
} else {
$myurl = "index.php?sec=users&sec2=operation/users/user_workunit_report&id={$id_user}";
}
}
if (project_manager_check($id_project) == 1 or $id_user == $config["id_user"] or give_acl($config["id_user"], 0, "TM")) {
echo "<tr><td align='right'>";
echo "<br>";
echo "<a class='delete-workunit' id='delete-{$id_workunit}' href='{$myurl}&id_workunit={$id_workunit}&operation=delete' onclick='if (!confirm(\"" . __('Are you sure?') . "\")) return false;'><img src='images/cross.png' title='" . __('Delete workunit') . "'/></a>";
}
// Edit workunit
if ((project_manager_check($id_project) == 1 or give_acl($config["id_user"], 0, "TM") or $id_user == $config["id_user"]) and ($locked == "" or give_acl($config["id_user"], 0, "UM"))) {
echo "<tr><td align='right'>";
echo "<br>";
echo "<a class='edit-workunit' id='edit-{$id_workunit}' href='index.php?sec=projects&sec2=operation/users/user_spare_workunit&id_project={$id_project}&id_task={$id_task}&id_workunit={$id_workunit}&id_profile={$id_profile}'><img border=0 src='images/page_white_text.png' title='" . __('Edit workunit') . "'></a>";
echo "</td>";
}
// Lock workunit
if ((project_manager_check($id_project) == 1 or give_acl($config["id_user"], 0, "TM") or $id_user == $config["id_user"]) and $locked == "") {
echo "<tr><td align='right'>";
echo "<br>";
echo "<a class='lock_workunit' id='lock-{$id_workunit}' href='{$myurl}&id_workunit={$id_workunit}&operation=lock'><img src='images/lock.png' title='" . __('Lock workunit') . "'></a>";
echo "</td>";
} else {
echo "<tr><td align='right'>";
echo "<br><img src='images/rosette.png' title='" . __('Locked by') . " {$locked}'";
echo print_user_avatar($locked, true);
echo "</td>";
}
echo "</tr></table>";
echo "</tr></table>";
echo "</div>";
}
// $id_task = $workunit['id_task'];
// $id_project = get_db_value ('id_project', 'ttask', 'id', $id_task);
$id_user = $workunit['id_user'];
$wu_user = $id_user;
$duration = $workunit['duration'];
$description = $workunit['description'];
$have_cost = $workunit['have_cost'];
$id_profile = $workunit['id_profile'];
$now = $workunit['timestamp'];
$public = (bool) $workunit['public'];
$now_date = substr ($now, 0, 10);
$now_time = substr ($now, 10, 8);
$work_home = $workunit['work_home'];
if ($id_user != $config["id_user"] && ! project_manager_check ($id_project) ) {
if (!give_acl($config["id_user"], 0, "UM")){
audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation",
"Trying to access non owned workunit");
require ("general/noaccess.php");
return;
}
}
}
else {
$id_user = $config["id_user"];
$wu_user = $id_user;
$duration = $config["pwu_defaultime"];
$description = "";
$id_inventory = array();
$have_cost = false;
// ---------------
// DELETE Workunit
// ---------------
if ($operation == "delete"){
// Delete workunit with ACL / Project manager check
$id_workunit = get_parameter ("id_workunit");
$sql = "SELECT * FROM tworkunit WHERE id = $id_workunit";
if ($res = mysql_query($sql))
$row=mysql_fetch_array($res);
else
return;
$id_user_wu = $row["id_user"];
if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){
mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'");
if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){
$result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true);
audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user");
} else {
$result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true);
}
} else {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths");
include ("general/noaccess.php");
exit;
}
}
// --------------------
$table->head[0] = __('Description');
$table->head[1] = __('Amount');
$table->head[2] = __('Filename');
$table->head[3] = __('Delete');
foreach ($costs as $cost) {
$data = array ();
$data[0] = $cost["description"];
$data[1] = get_invoice_amount($cost["id"]);// Check
$id_invoice = $cost["id"];
$filename = get_db_sql ("SELECT filename FROM tattachment WHERE id_attachment = ". $cost["id_attachment"]);
$data[2] = "<a href='".$config["base_url"]."/attachment/".$cost["id_attachment"]."_".$filename."'>$filename</a>";
if (($config["id_user"] = $cost["id_user"]) OR (project_manager_check ($id_project))){
$data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project&operation=delete&id_invoice=$id_invoice '><img src='images/cross.png'></a>";
}
array_push ($table->data, $data);
}
print_table ($table);
} else {
echo ui_print_error_message(__('No data found'), '', true, 'h3', true);
}
echo "</div>";
echo "</div>";
}
if ($operation == ""){
function user_belong_task($id_user, $id_task, $real = 0)
{
global $config;
if ($real == 0) {
if (dame_admin($id_user) != 0) {
return 1;
}
}
$id_project = get_db_sql("SELECT id_project FROM ttask WHERE id = {$id_task}");
// Project manager always has access to all tasks of his project
if (project_manager_check($id_project) == 1) {
return 1;
}
$query1 = "SELECT COUNT(*) from trole_people_task WHERE id_task = {$id_task} AND id_user = '******'";
$resq1 = mysql_query($query1);
$rowdup = mysql_fetch_array($resq1);
if ($rowdup[0] == 0) {
return 0;
} else {
return 1;
}
// There is at least one role for this person in that project
}
$id_task = (int) get_parameter ('id');
$operation = (string) get_parameter ('operation');
if ($operation == 'move') {
// ACL
$task_access = get_project_access ($config["id_user"], $id_project, $id_task, false, true);
if (! $task_access["manage"]) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to move a task without permission");
no_permission ();
}
$target_project = get_parameter ("target_project");
$id_task = get_parameter ("id_task");
if ((dame_admin($config['id_user'])==1) OR (project_manager_check ($id_project) == 1)){
$sql = sprintf ('UPDATE ttask
SET id_project = %d,
id_parent_task = 0
WHERE id = %d', $target_project, $id_task);
process_sql ($sql);
// Move subtasks of this task
$sql = sprintf ('UPDATE ttask
SET id_project = %d WHERE id_parent_task = %d', $target_project, $id_task);
process_sql ($sql);
task_tracking ($id_task, TASK_MOVED);
}
else {
$table->width = '90%';
$table->data = array();
$table->head = array();
$table->head[0] = __('Description');
$table->head[1] = __('Amount');
$table->head[2] = __('Filename');
$table->head[3] = __('Delete');
foreach ($costs as $cost) {
$data = array();
$data[0] = $cost["description"];
$data[1] = get_invoice_amount($cost["id"]);
// Check
$id_invoice = $cost["id"];
$filename = get_db_sql("SELECT filename FROM tattachment WHERE id_attachment = " . $cost["id_attachment"]);
$data[2] = "<a href='" . $config["base_url"] . "/attachment/" . $cost["id_attachment"] . "_" . $filename . "'>{$filename}</a>";
if ($config["id_user"] = $cost["id_user"] or project_manager_check($id_project)) {
$data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task={$id_task}&id_project={$id_project}&operation=delete&id_invoice={$id_invoice} '><img src='images/cross.png'></a>";
}
array_push($table->data, $data);
}
print_table($table);
}
if ($operation == "") {
echo "<h3>";
echo __('Add cost unit') . " - {$task_name}</A></h3>";
echo "<div id='upload_control'>";
$action = "index.php?sec=projects&sec2=operation/projects/task_cost&id_task={$id_task}&id_project={$id_project}";
$table->id = 'cost_form';
$table->width = '90%';
$table->class = 'listing';
$table->size = array();
}
}
// ---------------
// DELETE Workunit
// ---------------
if ($operation == "delete") {
// Delete workunit with ACL / Project manager check
$id_workunit = get_parameter("id_workunit");
$sql = "SELECT * FROM tworkunit WHERE id = {$id_workunit}";
if ($res = mysql_query($sql)) {
$row = mysql_fetch_array($res);
} else {
return;
}
$id_user_wu = $row["id_user"];
if ($id_user_wu == $config["id_user"] or give_acl($config["id_user"], 0, "PM") == 1 or project_manager_check($id_project) == 1) {
mysql_query("DELETE FROM tworkunit where id = '{$id_workunit}'");
if (mysql_query("DELETE FROM tworkunit_task where id_workunit = '{$id_workunit}'")) {
$result_output = "<h3 class='suc'>" . __('Successfully deleted') . "</h3>";
audit_db($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for {$id_user}");
} else {
$result_output = "<h3 class='error'>" . __('Not deleted. Error deleting data') . "</h3>";
}
} else {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete WU {$id_workunit} without rigths");
include "general/noaccess.php";
exit;
}
}
// --------------------
// Workunit report
