diff --git a/action.php b/action.php
index e697b3c..1c1cfb3 100644
--- a/action.php
+++ b/action.php
@@ -39,7 +39,7 @@ switch ($VARS['action']) {
$shiftid = null;
if ($database->has('assigned_shifts', ['uid' => $_SESSION['uid']])) {
$minclockintime = strtotime("now + 5 minutes");
- $shifts = $database->select('shifts', ["[>]assigned_shifts" => ['shiftid' => 'shiftid']], ["shifts.shiftid", "start", "end", "days"], ["AND" =>['uid' => $_SESSION['uid'], 'start[<=]' => date("H:i:s", $minclockintime)]]);
+ $shifts = $database->select('shifts', ["[>]assigned_shifts" => ['shiftid' => 'shiftid']], ["shifts.shiftid", "start", "end", "days"], ["AND" => ['uid' => $_SESSION['uid'], 'start[<=]' => date("H:i:s", $minclockintime)]]);
foreach ($shifts as $shift) {
$curday = substr(date("D"), 0, 2);
if (strpos($shift['days'], $curday) === FALSE) {
@@ -167,7 +167,19 @@ switch ($VARS['action']) {
$resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") {
- exit(json_encode($resp['result']));
+ if (!account_has_permission($_SESSION['username'], "ADMIN")) {
+ require_once __DIR__ . "/lib/userinfo.php";
+ $managed = getManagedUIDs($_SESSION['uid']);
+ $result = $resp['result'];
+ for ($i = 0; $i < count($result); $i++) {
+ if (!in_array($result[$i]['uid'], $managed)) {
+ $result[$i]['managed'] = 0;
+ }
+ }
+ exit(json_encode($result));
+ } else {
+ exit(json_encode($resp['result']));
+ }
} else {
exit("[]");
}
diff --git a/api.php b/api.php
index b16a7f2..6acd53c 100644
--- a/api.php
+++ b/api.php
@@ -31,10 +31,32 @@ switch ($VARS['action']) {
$out = ["status" => "OK", "maxresults" => $max, "pong" => true];
exit(json_encode($out));
case "punchin":
- if ($database->has('punches', ['AND' => ['uid' => $userinfo['uid'], 'out' => null]])) {
+ if ($database->has('punches', ['AND' => ['uid' => $_SESSION['uid'], 'out' => null]])) {
die(json_encode(["status" => "ERROR", "msg" => lang("already punched in", false)]));
}
- $database->insert('punches', ['uid' => $userinfo['uid'], 'in' => date("Y-m-d H:i:s"), 'out' => null, 'notes' => '']);
+
+ $shiftid = null;
+ if ($database->has('assigned_shifts', ['uid' => $_SESSION['uid']])) {
+ $minclockintime = strtotime("now + 5 minutes");
+ $shifts = $database->select('shifts', ["[>]assigned_shifts" => ['shiftid' => 'shiftid']], ["shifts.shiftid", "start", "end", "days"], ["AND" =>['uid' => $_SESSION['uid'], 'start[<=]' => date("H:i:s", $minclockintime)]]);
+ foreach ($shifts as $shift) {
+ $curday = substr(date("D"), 0, 2);
+ if (strpos($shift['days'], $curday) === FALSE) {
+ continue;
+ }
+ if (strtotime($shift['end']) >= strtotime($shift['start'])) {
+ if (strtotime("now") >= strtotime($shift['end'])) {
+ continue; // shift is already over
+ }
+ }
+ $shiftid = $shift['shiftid'];
+ }
+ if (is_null($shiftid)) {
+ die(json_encode(["status" => "ERROR", "msg" => lang("not assigned to work now", false)]));
+ }
+ }
+
+ $database->insert('punches', ['uid' => $_SESSION['uid'], 'in' => date("Y-m-d H:i:s"), 'out' => null, 'notes' => '', 'shiftid' => $shiftid]);
exit(json_encode(["status" => "OK", "msg" => lang("punched in", false)]));
case "punchout":
if (!$database->has('punches', ['AND' => ['uid' => $userinfo['uid'], 'out' => null]])) {
diff --git a/database.mwb b/database.mwb
index 06f6e70..398ab2f 100644
Binary files a/database.mwb and b/database.mwb differ
diff --git a/database.sql b/database.sql
index ca96393..7df9f63 100644
--- a/database.sql
+++ b/database.sql
@@ -1,5 +1,5 @@
-- MySQL Script generated by MySQL Workbench
--- Mon 20 Nov 2017 04:45:50 PM MST
+-- Mon 20 Nov 2017 08:04:01 PM MST
-- Model: New Model Version: 1.0
-- MySQL Workbench Forward Engineering
@@ -84,6 +84,7 @@ CREATE TABLE IF NOT EXISTS `qwikclock`.`report_access_codes` (
`id` INT NOT NULL,
`code` VARCHAR(45) NULL,
`expires` DATETIME NULL,
+ `uid` INT NOT NULL DEFAULT -1,
PRIMARY KEY (`id`))
ENGINE = InnoDB;
diff --git a/lang/en_us.php b/lang/en_us.php
index 51cef41..359029f 100644
--- a/lang/en_us.php
+++ b/lang/en_us.php
@@ -88,7 +88,7 @@ define("STRINGS", [
"report filtered to user" => "Report filtered to {name} ({username})",
"report filtered to start date" => "Only showing entries later than {date}",
"report filtered to end date" => "Only showing entries earlier than {date}",
- "all users" => "All users",
+ "all managed users" => "All managed users",
"one user" => "One user",
"choose user" => "Type to choose user",
"filter" => "Filter",
@@ -97,5 +97,6 @@ define("STRINGS", [
"shiftid" => "Shift ID",
"shiftname" => "Shift Name",
"punches" => "Punches",
- "not assigned to work now" => "You are not assigned to work right now."
+ "not assigned to work now" => "You are not assigned to work right now.",
+ "not a managed user" => "Not a managed user",
]);
\ No newline at end of file
diff --git a/lib/reports.php b/lib/reports.php
index f5f3a21..a2f531c 100644
--- a/lib/reports.php
+++ b/lib/reports.php
@@ -19,14 +19,35 @@ use odsPhpGenerator\odsTableCellString;
use odsPhpGenerator\odsStyleTableColumn;
use odsPhpGenerator\odsStyleTableCell;
+require_once __DIR__ . "/userinfo.php";
+require_once __DIR__ . "/login.php";
+
// Allow access with a download code, for mobile app and stuff
$date = date("Y-m-d H:i:s");
+$allowed_users = [];
+$requester = -1;
if (isset($VARS['code']) && LOADED) {
if (!$database->has('report_access_codes', ["AND" => ['code' => $VARS['code'], 'expires[>]' => $date]])) {
dieifnotloggedin();
+ $requester = $_SESSION['uid'];
+ } else {
+ $requester = $database->get('report_access_codes', 'uid', ['code' => $VARS['code']]);
}
} else {
dieifnotloggedin();
+ $requester = $_SESSION['uid'];
+}
+
+if (account_has_permission($_SESSION['username'], "ADMIN")) {
+ $allowed_users = true;
+} else {
+ if (account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE")) {
+ $allowed_users = getManagedUIDs($requester);
+ }
+
+ if (account_has_permission($_SESSION['username'], "QWIKCLOCK_EDITSELF")) {
+ $allowed_users[] = $_SESSION['uid'];
+ }
}
// Delete old DB entries
@@ -34,8 +55,6 @@ $database->delete('report_access_codes', ['expires[<=]' => $date]);
if (LOADED) {
$user = null;
- require_once __DIR__ . "/userinfo.php";
- require_once __DIR__ . "/login.php";
if ($VARS['users'] != "all" && !is_empty($VARS['user']) && user_exists($VARS['user'])) {
$user = getUserByUsername($VARS['user']);
}
@@ -50,14 +69,19 @@ if (LOADED) {
function getShiftReport($user = null) {
global $database;
+ global $allowed_users;
if ($user != null && array_key_exists('uid', $user)) {
+ $uid = -1;
+ if ($allowed_users === true || in_array($user['uid'], $allowed_users)) {
+ $uid = $user['uid'];
+ }
$shifts = $database->select(
"shifts", [
"[>]assigned_shifts" => ["shiftid" => "shiftid"]
], [
"shifts.shiftid", "shiftname", "start", "end", "days"
], [
- "uid" => $user['uid']
+ "uid" => $uid
]
);
} else {
@@ -92,6 +116,7 @@ function getShiftReport($user = null) {
function getPunchReport($user = null, $start = null, $end = null) {
global $database;
+ global $allowed_users;
$where = [];
if ((bool) strtotime($start) == TRUE) {
$where["OR #start"] = [
@@ -103,8 +128,14 @@ function getPunchReport($user = null, $start = null, $end = null) {
// Make the date be the end of the day, not the start
$where["in[<=]"] = date("Y-m-d", strtotime($end)) . " 23:59:59";
}
- if ($user != null && array_key_exists('uid', $user)) {
+ if ($user != null && array_key_exists('uid', $user) && ($allowed_users === true || in_array($user['uid'], $allowed_users))) {
$where["uid"] = $user['uid'];
+ } else if ($user != null && array_key_exists('uid', $user) && $allowed_users !== true && !in_array($user['uid'], $allowed_users)) {
+ $where["uid"] = -1;
+ } else {
+ if ($allowed_users !== true) {
+ $where["uid"] = $allowed_users;
+ }
}
if (count($where) > 1) {
$where = ["AND" => $where];
diff --git a/pages/export.php b/pages/export.php
index f9fd44c..789beb8 100644
--- a/pages/export.php
+++ b/pages/export.php
@@ -51,14 +51,17 @@ if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE")) {
@@ -75,7 +78,7 @@ if (!account_has_permission($_SESSION['username'], "QWIKCLOCK_MANAGE")) {
insert('report_access_codes', ['code' => $code, 'expires' => date("Y-m-d H:i:s", strtotime("+5 minutes"))]);
+ $database->insert('report_access_codes', ['code' => $code, 'expires' => date("Y-m-d H:i:s", strtotime("+5 minutes")), 'uid' => $_SESSION['uid']]);
?>
diff --git a/static/css/app.css b/static/css/app.css
index ba45b88..738ab97 100644
--- a/static/css/app.css
+++ b/static/css/app.css
@@ -82,6 +82,10 @@
display: inline-block;
}
+.red {
+ color: red;
+}
+
/*
==============================
THEMING
diff --git a/static/js/export.js b/static/js/export.js
index 2055041..1710249 100644
--- a/static/js/export.js
+++ b/static/js/export.js
@@ -18,18 +18,34 @@ var options = {
return data;
},
getValue: function (element) {
+ if (element.managed == 0) {
+ $('#user-selection').addClass('has-error');
+ $('#user-not-managed-text').css('visibility', '');
+ } else {
+ $('#user-selection').removeClass('has-error');
+ $('#user-not-managed-text').css('visibility', 'hidden');
+ }
return element.username;
},
template: {
type: "custom",
method: function (value, item) {
- return item.name + " " + item.username + "";
+ if (item.managed == 0) {
+ return "" + item.name + " " + item.username + "";
+ } else {
+ return item.name + " " + item.username + "";
+ }
}
}
};
$("#user-box").easyAutocomplete(options);
+$('#user-box').on("keypress", function () {
+ $('#user-not-managed-text').css('visibility', 'hidden');
+ $('#user-selection').removeClass('has-error');
+});
+
$(function () {
$('#startdate').datetimepicker({
format: "MMM D YYYY",
@@ -39,4 +55,6 @@ $(function () {
format: "MMM D YYYY"/*"YYYY-M-DTH:m"*/,
useCurrent: true
});
-});
\ No newline at end of file
+});
+
+$('#user-not-managed-text').css('visibility', 'hidden');
\ No newline at end of file