Determines if the current user can edit a specific timeslice according to
the following rules: 'hermes:review' perms may edit any slice, the
current user can edit his/her own slice prior to submitting it. Otherwise
no editing allowed.
public static canEditTimeslice ( |
||
$id | ||
return |
/** * @TODO * * @param <type> $name * @param <type> $params * @return string */ public static function getTableData($name, $params) { switch ($name) { case 'hours': $time_data = $GLOBALS['injector']->getInstance('Hermes_Driver')->getHours($params); $subtotal_column = null; if ($search_mode = $GLOBALS['session']->get('hermes', 'search_mode')) { switch ($search_mode) { case 'date': $subtotal_column = 'date'; break; case 'employee': $subtotal_column = 'employee'; break; case 'client': $subtotal_column = '_client_name'; break; case 'jobtype': $subtotal_column = '_type_name'; break; case 'costobject': $subtotal_column = '_costobject_name'; break; } $clients = Hermes::listClients(); $column = array(); foreach ($time_data as $key => $row) { if (empty($row['client'])) { $time_data[$key]['_client_name'] = _("no client"); } elseif (isset($clients[$row['client']])) { $time_data[$key]['_client_name'] = $clients[$row['client']]; } else { $time_data[$key]['_client_name'] = $row['client']; } if (!is_null($subtotal_column)) { $column[$key] = $time_data[$key][$subtotal_column] . $time_data[$key]['date']; } } if (!is_null($subtotal_column)) { array_multisort($column, SORT_ASC, $time_data); } } $total_hours = 0.0; $total_billable_hours = 0.0; $subtotal_hours = 0.0; $subtotal_billable_hours = 0.0; $subtotal_control = null; $result['data'] = array(); foreach ($time_data as $k => $vals) { // Initialize subtotal break value. if (is_null($subtotal_control) && isset($vals[$subtotal_column])) { $subtotal_control = $vals[$subtotal_column]; } if (!empty($subtotal_column) && $vals[$subtotal_column] != $subtotal_control) { Hermes_Api::renderSubtotals($result['data'], $subtotal_hours, $subtotal_billable_hours, $subtotal_column == 'date' ? strftime("%m/%d/%Y", $subtotal_control) : $subtotal_control); $subtotal_hours = 0.0; $subtotal_billable_hours = 0.0; $subtotal_control = $vals[$subtotal_column]; } // Set up edit/delete icons. if (Hermes::canEditTimeslice($vals['id'])) { $edit_link = Horde::url('entry.php', true)->add(array('id' => $vals['id'], 'url' => Horde::selfUrl(true, true, true))); $vals['icons'] = Horde::link($edit_link, _("Edit Entry")) . Horde::img('edit.png', _("Edit Entry"), '') . '</a>'; if (empty($vals['submitted'])) { $vals['checkbox'] = '<input type="checkbox" name="item[' . htmlspecialchars($vals['id']) . ']" checked="checked" />'; } else { $vals['checkbox'] = ''; } } // Add to totals. $subtotal_hours += (double) $vals['hours']; $total_hours += (double) $vals['hours']; if ($vals['billable']) { $subtotal_billable_hours += (double) $vals['hours']; $total_billable_hours += (double) $vals['hours']; } // Localize hours. $vals['hours'] = sprintf('%.02f', $vals['hours']); $result['data'][] = $vals; } if (!empty($subtotal_column)) { Hermes_Api::renderSubtotals($result['data'], $subtotal_hours, $subtotal_billable_hours, $subtotal_column == 'date' ? strftime("%m/%d/%Y", $subtotal_control) : $subtotal_control); } // Avoid a divide by zero. if ($total_hours == 0.0) { $billable_pct = 0.0; } else { $billable_pct = round($total_billable_hours / $total_hours * 100.0); } $descr = _("Billable Hours") . ' (' . $billable_pct . '%)'; $result['footer'] = array(); $result['footer'][] = array('hours' => sprintf('%.02f', $total_billable_hours), 'description' => $descr); $descr = _("Non-billable Hours") . ' (' . (100.0 - $billable_pct) . '%)'; $result['footer'][] = array('hours' => sprintf('%.02f', $total_hours - $total_billable_hours), 'description' => $descr); $result['footer'][] = array('hours' => sprintf('%.02f', $total_hours), 'description' => _("Total Hours"), 'approval' => '<div id="approval">' . _("Approved By:") . ' ________________________________________ ' . ' </div>'); break; } return $result; }
$notification->push(_("Your time was successfully entered."), 'horde.success', array('sticky')); $GLOBALS['injector']->getInstance('Hermes_Driver')->enterTime($GLOBALS['registry']->getAuth(), $info); } } catch (Exception $e) { Horde::log($e, 'ERR'); $notification->push(sprintf(_("There was an error storing your timesheet: %s"), $e->getMessage()), 'horde.error'); header('Location: ' . $url); exit; } } break; default: if ($vars->exists('id')) { // We are updating a specific entry, load it into the form variables. $id = $vars->get('id'); if (!Hermes::canEditTimeslice($id)) { $notification->push(_("Access denied; user cannot modify this timeslice."), 'horde.error'); Horde::url('time.php')->redirect(); } $myhours = $GLOBALS['injector']->getInstance('Hermes_Driver')->getHours(array('id' => $id)); if (is_array($myhours)) { foreach ($myhours as $item) { if (isset($item['id']) && $item['id'] == $id) { foreach ($item as $key => $value) { $vars->set($key, $value); } } } } } $form = new Hermes_Form_Time_Entry($vars);
/** * Get the json representation of this slice. The resulting json contains * the following properties *<pre> * c - client id * cn - client object * co - costobject id * con - costobject name * d - date * desc - description * e - employee * h - hours * i - slice id * n - note * r - rate * s - submitted * t - type id * tn - type name * b - billable * x - can edit *</pre> * * @return array */ public function toJson() { // @TODO: DO we need the *entire* contact object? $cn = $GLOBALS['registry']->clients->getClients(array($this->_properties['client'])); $json = array('c' => $this->_properties['client'], 'cn' => current($cn), 'co' => $this->_properties['costobject'], 'con' => $this->_properties['_costobject_name'], 'd' => $this->_properties['date']->dateString(), 'desc' => $this->_properties['description'], 'e' => $this->_properties['employee'], 'h' => $this->_properties['hours'], 'i' => $this->_properties['id'], 'n' => $this->_properties['note'], 'r' => $this->_properties['rate'], 's' => $this->_properties['submitted'], 't' => $this->_properties['type'], 'tn' => $this->_properties['_type_name'], 'b' => $this->_properties['billable'], 'x' => Hermes::canEditTimeslice($this->_properties['id'])); return $json; }
/** * Update a set of billing information. * * @param array $entries The billing information to enter. Each array row * must contain the following entries: * 'id' The id of this time entry. * 'date' The day the hours were worked (ISO format) * 'client' The id of the client the work was done for. * 'type' The type of work done. * 'hours' The number of hours worked * 'rate' The hourly rate the work was done at. * 'billable' Whether or not the work is billable hours. * 'description' A short description of the work. * 'employee' The employee * * If any rows contain a 'delete' entry, those rows * will be deleted instead of updated. * * @return integer The number of successful updates. * @throws Horde_Exception_PermissionDenied * @throws Hermes_Exception */ public function updateTime($entries) { foreach ($entries as $info) { if (!Hermes::canEditTimeslice($info['id'])) { throw new Horde_Exception_PermissionDenied(_("Access denied; user cannot modify this timeslice.")); } if (!empty($info['delete'])) { try { return $this->_db->delete('DELETE FROM hermes_timeslices WHERE timeslice_id = ?', array((int) $info['id'])); } catch (Horde_Db_Exception $e) { throw new Hermes_Exception($e); } } else { if (isset($info['employee'])) { $employee_cl = ' ,employee_id = ?'; } else { $employee_cl = ''; } $dt = new Horde_Date($info['date']); $sql = 'UPDATE hermes_timeslices SET' . ' clientjob_id = ?, jobtype_id = ?,' . ' timeslice_hours = ?, timeslice_isbillable = ?,' . ' timeslice_date = ?, timeslice_description = ?,' . ' timeslice_note = ?, costobject_id = ?' . $employee_cl . ' WHERE timeslice_id = ?'; $values = array($info['client'], $info['type'], $info['hours'], isset($info['billable']) ? (int) $info['billable'] : 0, $dt->timestamp(), $this->_convertToDriver($info['description']), $this->_convertToDriver($info['note']), empty($info['costobject']) ? null : $info['costobject']); if (!empty($employee_cl)) { $values[] = $info['employee']; } $values[] = (int) $info['id']; try { return $this->_db->update($sql, $values); } catch (Horde_Db_Exception $e) { throw new Hermes_Exception($e); } } } }