function check_workunit_permission($id_workunit) { global $config; // Delete workunit with ACL / Project manager check $workunit = get_db_row('tworkunit', 'id', $id_workunit); if ($workunit === false) { return false; } $id_user = $workunit["id_user"]; $id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $workunit["id"]); $id_project = get_db_value("id_project", "ttask", "id", $id_task); if ($id_user != $config["id_user"] && !give_acl($config["id_user"], 0, "PM") && !project_manager_check($id_project)) { return false; } return true; }
function show_workunit_user($id_workunit, $full = 0, $show_multiple = true) { global $config; $sql = "SELECT * FROM tworkunit WHERE id = {$id_workunit}"; if ($res = mysql_query($sql)) { $row = mysql_fetch_array($res); } else { return; } $timestamp = $row["timestamp"]; $duration = $row["duration"]; $id_user = $row["id_user"]; $avatar = get_db_value("avatar", "tusuario", "id_usuario", $id_user); $nota = $row["description"]; $have_cost = $row["have_cost"]; $profile = $row["id_profile"]; $public = $row["public"]; $locked = $row["locked"]; $work_home = $row["work_home"]; $id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $row["id"]); if (!$id_task) { $id_incident = get_db_value("id_incident", "tworkunit_incident", "id_workunit", $row["id"]); } $id_project = get_db_value("id_project", "ttask", "id", $id_task); $id_profile = get_db_value("id_profile", "tworkunit", "id", $id_workunit); $task_title = get_db_value("name", "ttask", "id", $id_task); if (!$id_task) { $incident_title = get_db_value("titulo", "tincidencia", "id_incidencia", $id_incident); } $project_title = get_db_value("name", "tproject", "id", $id_project); // ACL Check for visibility if (!$public && $id_user != $config["id_user"]) { if ($id_task) { $task_access = get_project_access($config["id_user"], false, $id_task, false, true); if (!$task_access["manage"]) { return; } } elseif (!give_acl($config["id_user"], 0, "TM")) { return; } } echo "<form method='post' action='index.php?sec=projects&sec2=operation/projects/task_workunit'>"; // Show data echo "<div class='notetitle'>"; // titulo echo "<table class='blank' border=0 width='100%' cellspacing=0 cellpadding=0 style='margin-left: 0px;margin-top: 0px; background: transparent;'>"; echo "<tr><td rowspan=4 width='7%'>"; print_user_avatar($id_user, true); echo "<td width='60%'><b>"; if ($id_task) { echo __('Task') . " </b> : "; echo "<a href='index.php?sec=projects&sec2=operation/projects/task_detail&id_task={$id_task}&operation=view'>{$task_title}</A>"; } else { echo __('Ticket') . " </b> : "; echo "<a href='index.php?sec=incidents&sec2=operation/incidents/incident&id={$id_incident}'>{$incident_title}</A>"; } echo "</td>"; echo "<td width='13%'>"; echo "<b>" . __('Duration') . "</b>"; echo "</td>"; echo "<td width='20%'>"; echo " : " . format_numeric($duration); echo "</td>"; echo "<td>"; // Public WU ? echo "<span style='margin-bottom:0px; padding-right:10px;'>"; if ($public == 1) { echo "<img src='images/group.png' title='" . __('Public Workunit') . "' />"; } else { echo "<img src='images/delete.png' title='" . __('Non public Workunit') . "' />"; } echo "</span>"; echo "</td></tr>"; echo "<tr>"; echo "<td><b>"; if ($id_task) { echo __('Project') . " </b> : "; echo "<a href='index.php?sec=projects&sec2=operation/projects/task&id_project={$id_project}'>{$project_title}</A>"; } else { echo __('Group') . "</b> : "; echo dame_nombre_grupo(get_db_sql("SELECT id_grupo FROM tincidencia WHERE id_incidencia = {$id_incident}")); } echo "</td>"; echo "<td><b>"; if ($have_cost != 0) { $profile_cost = get_db_value("cost", "trole", "id", $profile); $cost = format_numeric($duration * $profile_cost); $cost = $cost . " €"; } else { $cost = __('N/A'); } echo __('Cost'); echo "</b>"; echo "</td>"; echo "<td>"; echo " : " . $cost; echo "</td>"; if ($show_multiple) { echo "<td>"; echo print_checkbox_extended('op_multiple[]', $id_workunit, false, false, '', '', true); echo "</td>"; } echo "</tr>"; echo "<tr>"; echo "<td><b>"; echo __('Work from home'); echo "</b>"; if ($work_home == 0) { $wfh = __('No'); } else { $wfh = __('Yes'); } echo " : " . $wfh; echo "</td>"; echo "<td><b>"; echo __('Profile'); echo "</b></td><td>"; echo " : " . get_db_value("name", "trole", "id", $profile); echo "<tr>"; echo "<td>"; echo "<a href='index.php?sec=users&sec2=operation/users/user_edit&id={$id_user}'>"; echo "<b>" . $id_user . "</b>"; echo "</a>"; echo " " . __('said on') . ' ' . $timestamp; echo "</td></tr>"; echo "</table>"; echo "</div>"; echo "</form>"; // Body //echo "<div class='notebody'>"; echo "<div class='notebody' id='wu_{$id_workunit}'>"; echo "<table width='100%' class='blank'>"; echo "<tr><td valign='top'>"; if (strlen($nota) > 1024 and $full == 0) { echo topi_richtext(clean_output_breaks(substr($nota, 0, 1024))); echo "<br><br>"; echo "<a href='index.php?sec=users&sec2=operation/users/user_workunit_report&id_workunit=" . $id_workunit . "&title={$task_title}'>"; echo __('Read more...'); echo "</a>"; } else { echo topi_richtext(clean_output_breaks($nota)); } echo "<td valign='top'>"; echo "<table width='100%' class='blank'>"; if ($_GET["sec2"] == "operation/users/user_workunit_report") { $myurl = "index.php?sec=users&sec2=operation/users/user_workunit_report&id={$id_user}"; } else { if ($id_project > 0) { $myurl = "index.php?sec=projects&sec2=operation/users/user_spare_workunit&id_project={$id_project}&id_task={$id_task}"; } else { $myurl = "index.php?sec=users&sec2=operation/users/user_workunit_report&id={$id_user}"; } } if (project_manager_check($id_project) == 1 or $id_user == $config["id_user"] or give_acl($config["id_user"], 0, "TM")) { echo "<tr><td align='right'>"; echo "<br>"; echo "<a class='delete-workunit' id='delete-{$id_workunit}' href='{$myurl}&id_workunit={$id_workunit}&operation=delete' onclick='if (!confirm(\"" . __('Are you sure?') . "\")) return false;'><img src='images/cross.png' title='" . __('Delete workunit') . "'/></a>"; } // Edit workunit if ((project_manager_check($id_project) == 1 or give_acl($config["id_user"], 0, "TM") or $id_user == $config["id_user"]) and ($locked == "" or give_acl($config["id_user"], 0, "UM"))) { echo "<tr><td align='right'>"; echo "<br>"; echo "<a class='edit-workunit' id='edit-{$id_workunit}' href='index.php?sec=projects&sec2=operation/users/user_spare_workunit&id_project={$id_project}&id_task={$id_task}&id_workunit={$id_workunit}&id_profile={$id_profile}'><img border=0 src='images/page_white_text.png' title='" . __('Edit workunit') . "'></a>"; echo "</td>"; } // Lock workunit if ((project_manager_check($id_project) == 1 or give_acl($config["id_user"], 0, "TM") or $id_user == $config["id_user"]) and $locked == "") { echo "<tr><td align='right'>"; echo "<br>"; echo "<a class='lock_workunit' id='lock-{$id_workunit}' href='{$myurl}&id_workunit={$id_workunit}&operation=lock'><img src='images/lock.png' title='" . __('Lock workunit') . "'></a>"; echo "</td>"; } else { echo "<tr><td align='right'>"; echo "<br><img src='images/rosette.png' title='" . __('Locked by') . " {$locked}'"; echo print_user_avatar($locked, true); echo "</td>"; } echo "</tr></table>"; echo "</tr></table>"; echo "</div>"; }
// $id_task = $workunit['id_task']; // $id_project = get_db_value ('id_project', 'ttask', 'id', $id_task); $id_user = $workunit['id_user']; $wu_user = $id_user; $duration = $workunit['duration']; $description = $workunit['description']; $have_cost = $workunit['have_cost']; $id_profile = $workunit['id_profile']; $now = $workunit['timestamp']; $public = (bool) $workunit['public']; $now_date = substr ($now, 0, 10); $now_time = substr ($now, 10, 8); $work_home = $workunit['work_home']; if ($id_user != $config["id_user"] && ! project_manager_check ($id_project) ) { if (!give_acl($config["id_user"], 0, "UM")){ audit_db ($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access non owned workunit"); require ("general/noaccess.php"); return; } } } else { $id_user = $config["id_user"]; $wu_user = $id_user; $duration = $config["pwu_defaultime"]; $description = ""; $id_inventory = array(); $have_cost = false;
// --------------- // DELETE Workunit // --------------- if ($operation == "delete"){ // Delete workunit with ACL / Project manager check $id_workunit = get_parameter ("id_workunit"); $sql = "SELECT * FROM tworkunit WHERE id = $id_workunit"; if ($res = mysql_query($sql)) $row=mysql_fetch_array($res); else return; $id_user_wu = $row["id_user"]; if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){ mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'"); if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){ $result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true); audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user"); } else { $result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true); } } else { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths"); include ("general/noaccess.php"); exit; } } // --------------------
$table->head[0] = __('Description'); $table->head[1] = __('Amount'); $table->head[2] = __('Filename'); $table->head[3] = __('Delete'); foreach ($costs as $cost) { $data = array (); $data[0] = $cost["description"]; $data[1] = get_invoice_amount($cost["id"]);// Check $id_invoice = $cost["id"]; $filename = get_db_sql ("SELECT filename FROM tattachment WHERE id_attachment = ". $cost["id_attachment"]); $data[2] = "<a href='".$config["base_url"]."/attachment/".$cost["id_attachment"]."_".$filename."'>$filename</a>"; if (($config["id_user"] = $cost["id_user"]) OR (project_manager_check ($id_project))){ $data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task=$id_task&id_project=$id_project&operation=delete&id_invoice=$id_invoice '><img src='images/cross.png'></a>"; } array_push ($table->data, $data); } print_table ($table); } else { echo ui_print_error_message(__('No data found'), '', true, 'h3', true); } echo "</div>"; echo "</div>"; } if ($operation == ""){
function user_belong_task($id_user, $id_task, $real = 0) { global $config; if ($real == 0) { if (dame_admin($id_user) != 0) { return 1; } } $id_project = get_db_sql("SELECT id_project FROM ttask WHERE id = {$id_task}"); // Project manager always has access to all tasks of his project if (project_manager_check($id_project) == 1) { return 1; } $query1 = "SELECT COUNT(*) from trole_people_task WHERE id_task = {$id_task} AND id_user = '******'"; $resq1 = mysql_query($query1); $rowdup = mysql_fetch_array($resq1); if ($rowdup[0] == 0) { return 0; } else { return 1; } // There is at least one role for this person in that project }
$id_task = (int) get_parameter ('id'); $operation = (string) get_parameter ('operation'); if ($operation == 'move') { // ACL $task_access = get_project_access ($config["id_user"], $id_project, $id_task, false, true); if (! $task_access["manage"]) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to move a task without permission"); no_permission (); } $target_project = get_parameter ("target_project"); $id_task = get_parameter ("id_task"); if ((dame_admin($config['id_user'])==1) OR (project_manager_check ($id_project) == 1)){ $sql = sprintf ('UPDATE ttask SET id_project = %d, id_parent_task = 0 WHERE id = %d', $target_project, $id_task); process_sql ($sql); // Move subtasks of this task $sql = sprintf ('UPDATE ttask SET id_project = %d WHERE id_parent_task = %d', $target_project, $id_task); process_sql ($sql); task_tracking ($id_task, TASK_MOVED); } else {
$table->width = '90%'; $table->data = array(); $table->head = array(); $table->head[0] = __('Description'); $table->head[1] = __('Amount'); $table->head[2] = __('Filename'); $table->head[3] = __('Delete'); foreach ($costs as $cost) { $data = array(); $data[0] = $cost["description"]; $data[1] = get_invoice_amount($cost["id"]); // Check $id_invoice = $cost["id"]; $filename = get_db_sql("SELECT filename FROM tattachment WHERE id_attachment = " . $cost["id_attachment"]); $data[2] = "<a href='" . $config["base_url"] . "/attachment/" . $cost["id_attachment"] . "_" . $filename . "'>{$filename}</a>"; if ($config["id_user"] = $cost["id_user"] or project_manager_check($id_project)) { $data[3] = "<a href='index.php?sec=projects&sec2=operation/projects/task_cost&id_task={$id_task}&id_project={$id_project}&operation=delete&id_invoice={$id_invoice} '><img src='images/cross.png'></a>"; } array_push($table->data, $data); } print_table($table); } if ($operation == "") { echo "<h3>"; echo __('Add cost unit') . " - {$task_name}</A></h3>"; echo "<div id='upload_control'>"; $action = "index.php?sec=projects&sec2=operation/projects/task_cost&id_task={$id_task}&id_project={$id_project}"; $table->id = 'cost_form'; $table->width = '90%'; $table->class = 'listing'; $table->size = array();
} } // --------------- // DELETE Workunit // --------------- if ($operation == "delete") { // Delete workunit with ACL / Project manager check $id_workunit = get_parameter("id_workunit"); $sql = "SELECT * FROM tworkunit WHERE id = {$id_workunit}"; if ($res = mysql_query($sql)) { $row = mysql_fetch_array($res); } else { return; } $id_user_wu = $row["id_user"]; if ($id_user_wu == $config["id_user"] or give_acl($config["id_user"], 0, "PM") == 1 or project_manager_check($id_project) == 1) { mysql_query("DELETE FROM tworkunit where id = '{$id_workunit}'"); if (mysql_query("DELETE FROM tworkunit_task where id_workunit = '{$id_workunit}'")) { $result_output = "<h3 class='suc'>" . __('Successfully deleted') . "</h3>"; audit_db($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for {$id_user}"); } else { $result_output = "<h3 class='error'>" . __('Not deleted. Error deleting data') . "</h3>"; } } else { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to delete WU {$id_workunit} without rigths"); include "general/noaccess.php"; exit; } } // -------------------- // Workunit report