diff --git a/action.php b/action.php index 1c1cfb3..0a210f9 100644 --- a/action.php +++ b/action.php @@ -75,7 +75,7 @@ switch ($VARS['action']) { header('Content-Type: application/json'); exit(json_encode($out)); case "editshift": - if (account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE")) { + if (account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) { $valid_daycodes = ["Su", "Mo", "Tu", "We", "Th", "Fr", "Sa"]; $name = htmlentities($VARS['shiftname']); @@ -130,23 +130,34 @@ switch ($VARS['action']) { $already_assigned = $database->select('assigned_shifts', 'uid', ['shiftid' => $VARS['shift']]); require_once __DIR__ . "/lib/userinfo.php"; $managedusers = getManagedUsernames($_SESSION['uid']); + $manageduids = getManagedUIDs($_SESSION['uid']); foreach ($VARS['users'] as $u) { - if (!account_has_permission($_SESSION['username'], "ADMIN")) { - if (!in_array($u, $managedusers)) { - returnToSender("you_arent_my_supervisor", htmlentities($u)); - } - } if (!user_exists($u)) { returnToSender("user_not_exists", htmlentities($u)); } $uid = getUserByUsername($u)['uid']; - $database->insert('assigned_shifts', ['uid' => $uid, 'shiftid' => $VARS['shift']]); + if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) { + if (!in_array($u, $managedusers) && !in_array($uid, $already_assigned)) { + returnToSender("you_arent_my_supervisor", htmlentities($u)); + } + } + if (!in_array($uid, $already_assigned)) { + $database->insert('assigned_shifts', ['uid' => $uid, 'shiftid' => $VARS['shift']]); + } $already_assigned = array_diff($already_assigned, [$uid]); // Remove user from old list } + // $already_assigned now only has removed users + $removefailed = false; foreach ($already_assigned as $uid) { + if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_ADMIN")) { + if (!in_array($uid, $manageduids)) { + $removefailed = true; + continue; + } + } $database->delete('assigned_shifts', ["AND" => ['uid' => $uid, 'shiftid' => $VARS['shift']]]); } - returnToSender("shift_assigned"); + returnToSender($removefailed ? "shift_assigned_removefailed" : "shift_assigned"); break; case "autocomplete_user": header("Content-Type: application/json"); diff --git a/lang/en_us.php b/lang/en_us.php index 359029f..80cb082 100644 --- a/lang/en_us.php +++ b/lang/en_us.php @@ -77,6 +77,7 @@ define("STRINGS", [ "add" => "Add", "choose a shift" => "Choose a shift", "shift assigned" => "Shift assigned.", + "shift assigned but removal failed" => "Shift assigned successfully, but one or more users are not managed by you and were not removed.", "report export" => "Reports/Export", "report type" => "Report type", "format" => "Format", diff --git a/lang/messages.php b/lang/messages.php index a65340d..c5e246b 100644 --- a/lang/messages.php +++ b/lang/messages.php @@ -61,6 +61,10 @@ define("MESSAGES", [ "string" => "shift assigned", "type" => "success" ], + "shift_assigned_removefailed" => [ + "string" => "shift assigned but removal failed", + "type" => "info" + ], "not_assigned_to_work" => [ "string" => "not assigned to work now", "type" => "danger" diff --git a/pages/shifts.php b/pages/shifts.php index 684f98a..44509d8 100644 --- a/pages/shifts.php +++ b/pages/shifts.php @@ -17,9 +17,13 @@ $totalpunches = count($punches);
+