Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-timesheet2
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
1
Merge Requests
1
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-timesheet2
Commits
a40fa4f7
Commit
a40fa4f7
authored
Oct 08, 2007
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- fixed security for showing timesheet information on projects
parent
6388f7d1
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
31 additions
and
8 deletions
+31
-8
intranet-timesheet2-procs.tcl
tcl/intranet-timesheet2-procs.tcl
+3
-1
full.tcl
www/hours/full.tcl
+16
-7
one-project.tcl
www/hours/one-project.tcl
+12
-0
No files found.
tcl/intranet-timesheet2-procs.tcl
View file @
a40fa4f7
...
...
@@ -258,6 +258,8 @@ ad_proc -public im_timesheet_project_component {user_id project_id} {
set return_url
"
[
ad_conn url
]
?
[
ad_conn query
]
"
}
set view_ours_all_p
[
im_permission
$user
_id
"view_hours_all"
]
# disable the component for users who can neither see stuff nor add stuff
set add_hours
[
im_permission
$user
_id
"add_hours"
]
set view_hours_all
[
im_permission
$user
_id
"add_hours"
]
...
...
@@ -267,7 +269,7 @@ ad_proc -public im_timesheet_project_component {user_id project_id} {
set info_html
""
# fraber 2007-01-31: Admin doesn't make sense.
if
{
$
write
}
{
if
{
$
read
&&
$view
_ours_all_p
}
{
set total_hours
[
im_timesheet_hours_sum -project_id
$project
_id
]
set total_hours_str
"
[
util_commify_number
$total
_hours
]
"
set info_html
"
[
_ intranet-timesheet2.lt_A_total_of_total_hour
]
"
...
...
www/hours/full.tcl
View file @
a40fa4f7
...
...
@@ -29,18 +29,27 @@ ad_page_contract {
{
item
""
}
}
set
caller_id
[
ad_maybe_redirect_for_registration
]
set
return_url
[
im_url_with_query
]
set
current_user_id
[
ad_maybe_redirect_for_registration
]
# Has the current user the right to edit all timesheet information?
set
edit_timesheet_p
[
im_permission
$caller
_id
"edit_hours_all"
]
set
edit_timesheet_p
[
im_permission
$current
_user_id
"edit_hours_all"
]
set
view_ours_all_p
[
im_permission
$current
_user_id
"view_hours_all"
]
set
view_finance_p
[
im_permission
$current
_user_id
"view_finance"
]
if
{
!$view_ours_all_p
}
{
ad_return_complaint 1
"<li>
[
_ intranet-core.lt_You_have_insufficient_6
]
"
ad_script_abort
}
set
return_url
[
im_url_with_query
]
if
{
[
empty_string_p
$user
_id
]
&&
(
$c
all
er
_id != 0
)
}
{
if
{
[
empty_string_p
$user
_id
]
&&
(
$c
urrent
_us
er_id != 0
)
}
{
set looking_at_self_p 1
set user_id
$c
all
er
_id
set user_id
$c
urrent
_us
er_id
}
else
{
if
{
$c
all
er
_id ==
$user
_id
}
{
if
{
$c
urrent
_us
er_id ==
$user
_id
}
{
set looking_at_self_p 1
}
else
{
set looking_at_self_p 0
...
...
@@ -108,7 +117,7 @@ db_foreach hours_on_project $sql {
set total_hours_on_project
[
expr
$total
_hours_on_project +
$hours
]
if
!
[
empty_string_p
$amount
_earned
]
{
if
{
$view
_finance_p && !
[
empty_string_p
$amount
_earned
]}
{
append page_body
" (@
\$
[
format
%4.2f
$billing
_rate
]
/hour =
\$
[
format
%4.2f
$amount
_earned
]
)"
set hourly_bill
[
expr
$hourly
_bill +
$amount
_earned
]
set total_hours_billed_hourly
[
expr
$total
_hours_billed_hourly +
$hours
]
...
...
www/hours/one-project.tcl
View file @
a40fa4f7
...
...
@@ -28,6 +28,14 @@ ad_page_contract {
}
set
current_user_id
[
ad_maybe_redirect_for_registration
]
set
view_ours_all_p
[
im_permission
$current
_user_id
"view_hours_all"
]
if
{
!$view_ours_all_p
}
{
ad_return_complaint 1
"<li>
[
_ intranet-core.lt_You_have_insufficient_6
]
"
ad_script_abort
}
set
show_notes_p 1
set
page_title
"
[
_ intranet-timesheet2.Units
]
"
...
...
@@ -41,6 +49,10 @@ set page_body "
<ul>
"
set
sql
"
select
u.user_id,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment