function check_permissions() { if (user_permissions_get("projects_timegroup")) { // accept user if they have access to all staff if (user_permissions_get("timekeeping_all_view")) { return 1; } // select the IDs that the user does have access to if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) { return 1; } } }
function check_permissions() { if (user_permissions_get("projects_view")) { // accept user if they have access to all staff if (user_permissions_get("timekeeping_all_view")) { return 1; } // select the IDs that the user does have access to if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) { return 1; } else { log_render("error", "page", "Before you can view project hours, your administrator must configure the staff accounts you may access, or set the timekeeping_all_view permission."); } } }
function check_permissions() { if (user_permissions_get("timekeeping")) { // check if user has permissions to write as the selected employee if ($this->employeeid) { if (!user_permissions_staff_get("timereg_write", $this->employeeid)) { log_write("error", "page_output", "Sorry, you do not have permissions to adjust the timesheet for the selected employee"); return 0; } } // accept user if they have write access to all staff if (user_permissions_get("timekeeping_all_write")) { return 1; } // select the IDs that the user does have write access to if ($this->access_staff_ids_write = user_permissions_staff_getarray("timereg_write")) { return 1; } else { log_render("error", "page", "Before you can add or edit timesheet hours, your administrator must configure the staff accounts you may access, or set the timekeeping_all_write permission."); } } }
function check_permissions() { if (user_permissions_get("timekeeping")) { // check if user has permissions to view the selected employee if ($this->employeeid) { if (!user_permissions_staff_get("timereg_view", $this->employeeid)) { log_write("error", "page_output", "Sorry, you do not have permissions to view the timesheet for the selected employee"); // we unset the session variable, this prevents issues when the admin has disabled access to an employee // for a specific user, and the session keeping the older user number stuck in memory forces // the user to have to logout. $_SESSION["form"]["timereg"]["employeeid"] = 0; return 0; } } // accept user if they have access to all staff if (user_permissions_get("timekeeping_all_view")) { return 1; } // select the IDs that the user does have access to if ($this->access_staff_ids = user_permissions_staff_getarray("timereg_view")) { return 1; } } }
/* projects/timebilled-edit-process.php access: projects_timegroup Allows the creation of new time groups, or adjustments to existing ones. */ // includes include_once "../include/config.php"; include_once "../include/amberphplib/main.php"; if (user_permissions_get('projects_timegroup')) { // select the IDs that the user does have access to, unless if they // have full access if (!user_permissions_get("timekeeping_all_view")) { if (!($access_staff_ids = user_permissions_staff_getarray("timereg_view"))) { log_write("error", "process", "Unable to create time group, as you have no access permissions to any staff."); } } ///////////////////////// $projectid = @security_form_input_predefined("int", "projectid", 1, ""); $groupid = @security_form_input_predefined("int", "groupid", 0, ""); $data["name_group"] = @security_form_input_predefined("any", "name_group", 1, ""); $data["customerid"] = @security_form_input_predefined("int", "customerid", 1, ""); $data["code_invoice"] = @security_form_input_predefined("any", "code_invoice", 0, ""); $data["description"] = @security_form_input_predefined("any", "description", 0, ""); //// VERIFY PROJECT/TIME GROUP IDS ///////////// // check that the specified project actually exists $sql_obj = new sql_query(); $sql_obj->string = "SELECT id FROM `projects` WHERE id='{$projectid}' LIMIT 1"; $sql_obj->execute();