Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-expenses
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-expenses
Commits
9db56994
Commit
9db56994
authored
Apr 15, 2017
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Fixed expense permission issue
parent
57625d51
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
120 additions
and
18 deletions
+120
-18
intranet-expenses-procs.tcl
tcl/intranet-expenses-procs.tcl
+32
-0
bundle-create.tcl
www/bundle-create.tcl
+25
-2
classify-costs-2.tcl
www/classify-costs-2.tcl
+24
-0
classify-costs.tcl
www/classify-costs.tcl
+16
-0
expense-del.tcl
www/expense-del.tcl
+22
-8
index.tcl
www/index.tcl
+1
-8
No files found.
tcl/intranet-expenses-procs.tcl
View file @
9db56994
...
...
@@ -52,6 +52,37 @@ ad_proc -public im_expense_bundle_permissions {user_id bundle_id view_var read_v
im_cost_permissions
$user
_id
$bundle
_id view read write admin
}
ad_proc -public im_expense_permissions
{
user_id expense_id view_var read_var write_var admin_var
}
{
Fill the
"by-reference"
variables read, write and admin
with the permissions of
$user
_id on
$expense
_id.<br>
Basically, users can only see and modify their own expenses.
}
{
upvar
$view
_var view
upvar
$read
_var read
upvar
$write
_var write
upvar
$admin
_var admin
set user_admin_p
[
im_is_user_site_wide_or_intranet_admin
$user
_id
]
# Get expense information
set provider_id
[
util_memoize
[
list
db_string expense_info
"select provider_id from im_costs where cost_id=
$expense
_id"
-default 0
]
3600
]
if
{
$user
_admin_p ||
(
$user
_id eq
$provider
_id
)}
{
set view_p 1
set read_p 1
set write_p 1
set admin_p 1
}
else
{
set view_p 0
set read_p 0
set write_p 0
set admin_p 0
}
}
# ----------------------------------------------------------------------
# Sum up multiple Expense Items for a single Bundle
# ----------------------------------------------------------------------
...
...
@@ -221,6 +252,7 @@ ad_proc im_expense_bundle_new_page_wf_perm_modify_included_expenses {
set perm_set
[
im_workflow_object_permissions -object_id
$bundle
_id -perm_table
$perm
_table
]
return
[
expr
{[
lsearch
$perm
_set
"w"
]
> -1
}]
}
ad_proc im_expense_bundle_new_page_wf_perm_edit_button
{
-bundle_id:required
}
{
...
...
www/bundle-create.tcl
View file @
9db56994
...
...
@@ -19,6 +19,7 @@ ad_page_contract {
{
user_id_from_search
""
}
}
# ---------------------------------------------------------------
# Defaults & Security
# ---------------------------------------------------------------
...
...
@@ -41,13 +42,35 @@ if {"" == $user_id_from_search || !$add_hours_all_p} { set user_id_from_search $
# ad_script_abort
#
}
# Add a "0" expense to avoid syntax error if the list was empty.
lappend
epense_id 0
# ---------------------------------------------------------------
# Check security
# ---------------------------------------------------------------
set
debug_html
""
foreach
id
$expense
_id
{
set view_p 0
set read_p 0
set write_p 0
set admin_p 0
im_expense_permissions
$current
_user_id
$id
view_p read_p write_p admin_p
if
{
!$write_p
}
{
append debug_html
"<li>You don't have permissions to bundle expense item #
$id
"
}
}
if
{
""
ne
$debug
_html
}
{
ad_return_complaint 1
"<b>Creating Expense Bundles</b>:<br><ul>
$debug
_html</ul>"
ad_script_abort
}
# ---------------------------------------------------------------
# Sum up the expenses
# ---------------------------------------------------------------
# Add a "0" expense to avoid syntax error if the list was empty.
lappend
expense_id 0
array
set hash
[
im_expense_bundle_item_sum -user_id_from_search
$user
_id_from_search -expense_ids
$expense
_id
]
set
common_project_id
$hash
(
common_project_id
)
...
...
www/classify-costs-2.tcl
View file @
9db56994
...
...
@@ -42,6 +42,30 @@ if {!$add_expense_bundles_p} {
lappend
epense_ids 0
# ---------------------------------------------------------------
# Check security
# ---------------------------------------------------------------
set
debug_html
""
foreach
id
$expense
_ids
{
set view_p 0
set read_p 0
set write_p 0
set admin_p 0
im_expense_permissions
$current
_user_id
$id
view_p read_p write_p admin_p
if
{
!$write_p
}
{
append debug_html
"<li>You don't have permissions to modify expense item #
$id
"
}
}
if
{
""
ne
$debug
_html
}
{
ad_return_complaint 1
"<b>Classifying Expenses</b>:<br><ul>
$debug
_html</ul>"
ad_script_abort
}
# ---------------------------------------------------------------
# assign items to project
# ---------------------------------------------------------------
...
...
www/classify-costs.tcl
View file @
9db56994
...
...
@@ -40,11 +40,27 @@ set percent_format "FM999"
# List of expense_ids
# ---------------------------------------------------------------
set
debug_html
""
set
expense_ids_html
""
foreach
id
$expense
_id
{
append expense_ids_html
"<input type=hidden name=expense_ids value=
$id
>
\n
"
set view_p 0
set read_p 0
set write_p 0
set admin_p 0
im_expense_permissions
$current
_user_id
$id
view_p read_p write_p admin_p
if
{
!$write_p
}
{
append debug_html
"<li>You don't have permissions to modify expense item #
$id
"
}
}
if
{
""
ne
$debug
_html
}
{
ad_return_complaint 1
"<b>Classifying Expense Items</b>:<br><ul>
$debug
_html</ul>"
ad_script_abort
}
# ---------------------------------------------------------------
# Expenses info
...
...
www/expense-del.tcl
View file @
9db56994
...
...
@@ -29,15 +29,29 @@ set user_id [auth::require_login]
set
current_user_id
$user
_id
set
user_admin_p
[
im_is_user_site_wide_or_intranet_admin
$current
_user_id
]
set
debug_html
""
foreach
id
$expense
_id
{
# Audit the action
im_audit -object_type im_expense -action before_nuke -object_id
$id
# delete expense
db_transaction
{
db_string del_expense
{}
set view_p 0
set read_p 0
set write_p 0
set admin_p 0
im_expense_permissions
$current
_user_id
$id
view_p read_p write_p admin_p
if
{
$write
_p
}
{
# Audit the action
im_audit -object_type im_expense -action before_nuke -object_id
$id
# delete expense
db_transaction
{
db_string del_expense
{}
}
}
else
{
append debug_html
"<li>You don't have permissions to delete expense item #
$id
"
}
}
ad_returnredirect
$return
_url
if
{
""
ne
$debug
_html
}
{
ad_return_complaint 1
"<b>Deleting Expenses</b>:<br><ul>
$debug
_html</ul>"
}
else
{
ad_returnredirect
$return
_url
}
www/index.tcl
View file @
9db56994
...
...
@@ -127,16 +127,9 @@ set bulk_action_list [list]
if
{
$add
_expense_p
}
{
append admin_links
"<li><a href=
\"
[
export_vars -base new
{
project_id user_id_from_search return_url
}]
\"
>
[
lang::message::lookup
""
intranet-expenses.Add_a_new_Expense_Item
"Add new Expense Item"
]
</a></li>
\n
"
# lappend action_list
[
lang::message::lookup
""
intranet-expenses.Add_one_new_Expense_Item
"Add one new Expense Item"
]
# lappend action_list
[
export_vars -base
"/intranet-expenses/new"
{
return_url user_id_from_search project_id
}]
# lappend action_list
[
lang::message::lookup
""
intranet-expenses.Add_one_new_Expense_Item
"Add one new Expense Item"
]
if
{
$multiple
_expense_items_enabled_p
}
{
#lappend action_list
[
lang::message::lookup
""
intranet-expenses.Add_multiple_new_Expense_Items
"Add multiple new Expense Items"
]
#lappend action_list
[
export_vars -base
"/intranet-expenses/new-multiple"
{
return_url user_id_from_search project_id
}]
#lappend action_list
[
lang::message::lookup
""
intranet-expenses.Add_multiple_new_Expense_Items
"Add multiplen new Expense Item"
]
append admin_links
"<li><a href=
\"
/intranet-expenses/new-multiple
\"
>
[
lang::message::lookup
""
intranet-expenses.Add_multiple_new_Expense_Items
"Add multiple new Expense Items"
]
</a></li>
\n
"
append admin_links
"<li><a href=
\"
[
export_vars -base
"/intranet-expenses/new-multiple"
{
project_id user_id_from_search return_url
}]
\"
>
[
lang::message::lookup
""
intranet-expenses.Add_multiple_new_Expense_Items
"Add multiple new Expense Items"
]
</a></li>
\n
"
}
lappend bulk_action_list
"
[
_ intranet-expenses.Delete
]
"
"expense-del"
"
[
_ intranet-expenses.Delete
]
"
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment