function LcmExpenseAccess($id_expense, $id_case = 0, $obj_exp = null)
{
// Basic rights
$this->users = array();
$this->allow = array('r' => false, 'w' => false, 'e' => false, 'a' => false);
// If attached to case (or trying to attach), check case AC
if ($id_case) {
$case_ac = new LcmCaseAccess($this->getDataInt('id_case'));
lcm_panic("TODO");
}
if (!$obj_exp) {
$obj_exp = new LcmExpense($id_expense, $id_case);
}
$this->pub_read = $obj_exp->getDataInt('pub_read');
$this->pub_write = $obj_exp->getDataInt('pub_write');
//
// Permissions for the creator of the request
//
$p = array('r' => true, 'a' => false);
if ($obj_exp->getDataString('status') == 'pending') {
$p['e'] = true;
$p['w'] = true;
}
$this->users[$obj_exp->getDataInt('id_author')] = $p;
}
}
$id_expense = _request('id_expense', 0);
$id_comment = _request('id_comment', 0);
$edit_comment = _request('edit_comment', 0);
$ref_url = "edit_exp.php?expense={$id_expense}&edit_comment={$edit_comment}&c={$id_comment}";
if ($_SERVER['HTTP_REFERER']) {
$ref_url = $_SERVER['HTTP_REFERER'];
}
//
// Update data
//
if ($id_comment || $edit_comment) {
$obj = new LcmExpenseComment($id_expense, $id_comment);
$errs = $obj->save($true);
if (!count($errs) && _request('new_exp_status')) {
$obj = new LcmExpense($id_expense);
$errs = $obj->setStatus(_request('new_exp_status'));
}
} else {
$obj = new LcmExpense($id_expense);
$errs = $obj->save();
}
if (count($errs)) {
$_SESSION['errors'] = array_merge($_SESSION['errors'], $errs);
lcm_header("Location: " . $ref_url);
exit;
}
//
// Go to the 'view details' page
//
lcm_header('Location: exp_det.php?expense=' . $obj->getDataInt('id_expense', '__ASSERT__'));