");*/
}
+ // project directory rules -- this may distrupt things.
+ $p = DB_DataObject::factory('ProjectDirectory');
+ // if project directories are set up, then we can apply project query rules..
+ if ($p->count()) {
+ $p->autoJoin();
+ $pids = $p->projects($au);
+ if (isset($q['query']['project_id'])) {
+ $pid = (int)$q['query']['project_id'];
+ if (!in_array($pid, $pids)) {
+ $roo->jerr("Project not in users valid projects");
+ }
+ $pids = array($pid);
+ }
+ // project roles..
+ //if (empty($q['_anyrole'])) { // should be project_directry_role
+ // $p->whereAdd("{$p->tableName()}.role != ''");
+ // }
+ if (!empty($q['query']['role'])) { // should be project_directry_role
+ $role = $this->escape($q['query']['role']);
+
+ $p->whereAdd("{$p->tableName()}.role LIKE '%{$role}%'");
+
+ }
+
+ if (!$roo->hasPerm('Core.Projects_All', 'S')) {
+ $peps = $p->people($pids);
+ $this->whereAddIn("{$tn}.id", $peps, 'int');
+ }
+ }
+
+ // fixme - this needs a more generic fix - it was from the mtrack_person code...
+ if (isset($q['query']['ticket_id'])) {
+ // find out what state the ticket is in.
+ $t = DB_DataObject::Factory('mtrack_ticket');
+ $t->autoJoin();
+ $t->get($q['query']['ticket_id']);
+
+ if (!$this->checkPerm('S', $au)) {
+ $roo->jerr("permssion denied to query state of ticket");
+ }
+
+ $p = DB_DataObject::factory('ProjectDirectory');
+ $pids = array($t->project_id);
+
+ $peps = $p->people($pids);
+
+ $this->whereAddIn($this->tableName().'.id', $peps, 'int');
+
+ //$this->whereAdd('join_prole != ''");
+
+ }
}
function setFromRoo($ar, $roo)
{
// determine if it's staff!!!
$owncomp = DB_DataObject::Factory('Companies');
$owncomp->get('comptype', 'OWNER');
- $isStaff = ($this->company_id == $owncomp->id);
+ $isStaff = ($au->company_id == $owncomp->id);
if (!$isStaff) {
// edit self... - what about other staff members...
- return $this->company_id == $au->company_id;
+ //return $this->company_id == $au->company_id;
}
projects / Pman.Core / blobdiff