function fetchResults(&$permissions)
 {
     global $AppUI;
     $sql = $this->_buildQuery();
     $results = db_loadList($sql);
     $outstring = "<th nowrap='nowrap' STYLE='background: #08245b' >" . $AppUI->_('Projects') . "</th>\n";
     require_once $AppUI->getModuleClass("projects");
     if ($results) {
         foreach ($results as $records) {
             if ($permissions->checkModuleItem($this->table, "view", $records["project_id"])) {
                 $obj = new CProject();
                 if (!in_array($records["project_id"], $obj->getDeniedRecords($AppUI->user_id))) {
                     $outstring .= "<tr>";
                     $outstring .= "<td>";
                     $outstring .= "<a href = \"index.php?m=projects&a=view&project_id=" . $records["project_id"] . "\">" . $records["project_name"] . "</a>\n";
                     $outstring .= "</td>\n";
                 }
             }
         }
         $outstring .= "</tr>";
     } else {
         $outstring .= "<tr>" . "<td>" . $AppUI->_('Empty') . "</td>" . "</tr>";
     }
     return $outstring;
 }

 public static function getFileList(CAppUI $AppUI = null, $company_id, $project_id, $task_id, $category_id)
 {
     global $AppUI;
     $q = new DBQuery();
     $q->addQuery('f.*');
     $q->addTable('files', 'f');
     $q->addJoin('projects', 'p', 'p.project_id = file_project');
     $q->addJoin('project_departments', 'pd', 'p.project_id = pd.project_id');
     $q->addJoin('departments', '', 'pd.department_id = dept_id');
     $q->addJoin('tasks', 't', 't.task_id = file_task');
     $project = new CProject();
     $allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
     if (count($allowedProjects)) {
         $q->addWhere('( ( ' . implode(' AND ', $allowedProjects) . ') OR file_project = 0 )');
     }
     if (isset($company_id) && (int) $company_id > 0) {
         $q->addWhere('project_company = ' . (int) $company_id);
     }
     if (isset($project_id) && (int) $project_id > 0) {
         $q->addWhere('file_project = ' . (int) $project_id);
     }
     if (isset($task_id) && (int) $task_id > 0) {
         $q->addWhere('file_task = ' . (int) $task_id);
     }
     if ($category_id >= 0) {
         $q->addWhere('file_category = ' . (int) $category_id);
     }
     return $q->loadList();
 }

 public function getProjectTaskLinksByCategory($AppUI, $project_id = 0, $task_id = 0, $category_id = 0, $search = '')
 {
     // load the following classes to retrieved denied records
     $project = new CProject();
     $task = new CTask();
     // SETUP FOR LINK LIST
     $q = new DBQuery();
     $q->addQuery('links.*');
     $q->addQuery('contact_first_name, contact_last_name');
     $q->addQuery('project_name, project_color_identifier, project_status');
     $q->addQuery('task_name, task_id');
     $q->addTable('links');
     $q->leftJoin('users', 'u', 'user_id = link_owner');
     $q->leftJoin('contacts', 'c', 'user_contact = contact_id');
     if ($search != '') {
         $q->addWhere('(link_name LIKE \'%' . $search . '%\' OR link_description LIKE \'%' . $search . '%\')');
     }
     if ($project_id > 0) {
         // Project
         $q->addWhere('link_project = ' . (int) $project_id);
     }
     if ($task_id > 0) {
         // Task
         $q->addWhere('link_task = ' . (int) $task_id);
     }
     if ($category_id >= 0) {
         // Category
         $q->addWhere('link_category = ' . $category_id);
     }
     // Permissions
     $project->setAllowedSQL($AppUI->user_id, $q, 'link_project');
     $task->setAllowedSQL($AppUI->user_id, $q, 'link_task and task_project = link_project');
     $q->addOrder('project_name, link_name');
     return $q->loadList();
 }

function setComplete($id)
{
    global $AppUI;
    $task = new CTask();
    if ($task->load($id)) {
        $q = new DBQuery();
        $q->addTable('user_tasks');
        $q->addQuery('user_id');
        $q->addWhere('task_id = ' . $id);
        $q->addWhere('user_id = ' . $AppUI->user_id);
        $r = $q->loadResult();
        if ($r != $AppUI->user_id) {
            $p = new CProject($task->task_project);
            if (!$p->project_id || $p->getManager() != $AppUI->user_id) {
                return 'Error';
            }
        }
        $q->addTable('tasks');
        $q->addUpdate('task_percent_complete', '100');
        $q->addWhere('task_id = ' . $id);
        $q->exec();
        return 'OK';
    }
    return 'Error';
}

function getAllowedProjects()
{
    global $AppUI, $HELPDESK_CONFIG;
    //if helpdeskUseProjectPerms is true, get a list of Projects based on the users standard project permissions
    if ($HELPDESK_CONFIG['helpdeskUseProjectPerms']) {
        require_once $AppUI->getModuleClass('projects');
        $project = new CProject();
        $allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name', 'project_name');
        //echo "!".implode(" AND ",$rowproject>getAllowedSQL( $AppUI->user_id))."!";
        return $allowedProjects;
    } else {
        //otherwise, get a list of all projects associated with the user's permitted companies.
        //the use case here would be that the person assigning or updating the Helpdesk item may not have access to all Projects.  They might just be traffic control.  This will minimise perm maintenance.
        $sql = "SELECT project_id, project_name FROM projects WHERE project_company in (" . implode(",", array_keys(getAllowedCompanies())) . ") ORDER BY project_name";
        return db_loadList($sql);
    }
}

 public function getProjectTaskLinksByCategory($notUsed = null, $project_id = 0, $task_id = 0, $category_id = 0, $search = '')
 {
     // load the following classes to retrieved denied records
     $project = new CProject();
     $project->overrideDatabase($this->_query);
     $task = new CTask();
     $task->overrideDatabase($this->_query);
     // SETUP FOR LINK LIST
     $q = $this->_getQuery();
     $q->addQuery('links.*');
     $q->addTable('links');
     $q->leftJoin('projects', 'pr', 'project_id = link_project');
     $q->leftJoin('tasks', 't', 'task_id = link_task');
     if ($search != '') {
         $q->addWhere('(link_name LIKE \'%' . $search . '%\' OR link_description LIKE \'%' . $search . '%\')');
     }
     if ($project_id > 0) {
         // Project
         $q->addQuery('project_name, project_color_identifier, project_status');
         $q->addWhere('link_project = ' . (int) $project_id);
     }
     if ($task_id > 0) {
         // Task
         $q->addQuery('task_name, task_id');
         $q->addWhere('link_task = ' . (int) $task_id);
     }
     if ($category_id >= 0) {
         // Category
         $q->addWhere('link_category = ' . $category_id);
     }
     // Permissions
     $q = $project->setAllowedSQL($this->_AppUI->user_id, $q, 'link_project');
     $q = $task->setAllowedSQL($this->_AppUI->user_id, $q, 'link_task and task_project = link_project');
     $q->addOrder('project_name, link_name');
     return $q->loadList();
 }

        exit;
    }
}
$AppUI =& $_SESSION['AppUI'];
require_once DP_BASE_DIR . '/includes/permissions.php';
$perms =& $AppUI->acl();
$canRead = $perms->checkModule('files', 'view');
if (!$canRead) {
    $AppUI->redirect('m=public&a=access_denied');
}
$file_id = isset($_GET['file_id']) ? (int) $_GET['file_id'] : 0;
if ($file_id) {
    // projects tat are denied access
    require_once $AppUI->getModuleClass('projects');
    require_once $AppUI->getModuleClass('files');
    $project = new CProject();
    $allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name');
    $fileclass = new CFile();
    $fileclass->load($file_id);
    $allowedFiles = $fileclass->getAllowedRecords($AppUI->user_id, 'file_id, file_name');
    if (count($allowedFiles) && !array_key_exists($file_id, $allowedFiles)) {
        $AppUI->redirect('m=public&a=access_denied');
    }
    $q = new DBQuery();
    $q->addTable('files');
    if ($fileclass->file_project) {
        $project->setAllowedSQL($AppUI->user_id, $q, 'file_project');
    }
    $q->addWhere('file_id = ' . $file_id);
    $sql = $q->prepare();
    if (!db_loadHash($sql, $file)) {

 public function getAllTasksForPeriod($start_date, $end_date, $company_id = 0, $user_id = null)
 {
     global $AppUI;
     $q = new w2p_Database_Query();
     // convert to default db time stamp
     $db_start = $start_date->format(FMT_DATETIME_MYSQL);
     $db_end = $end_date->format(FMT_DATETIME_MYSQL);
     // Allow for possible passing of user_id 0 to stop user filtering
     if (!isset($user_id)) {
         $user_id = $AppUI->user_id;
     }
     // check permissions on projects
     $proj = new CProject();
     $task_filter_where = $proj->getAllowedSQL($AppUI->user_id, 't.task_project');
     // exclude read denied projects
     $deny = $proj->getDeniedRecords($AppUI->user_id);
     // check permissions on tasks
     $obj = new CTask();
     $allow = $obj->getAllowedSQL($AppUI->user_id, 't.task_id');
     $q->addTable('tasks', 't');
     if ($user_id) {
         $q->innerJoin('user_tasks', 'ut', 't.task_id=ut.task_id');
     }
     $q->innerJoin('projects', 'projects', 't.task_project = projects.project_id');
     $q->innerJoin('companies', 'companies', 'projects.project_company = companies.company_id');
     $q->leftJoin('project_departments', '', 'projects.project_id = project_departments.project_id');
     $q->leftJoin('departments', '', 'departments.dept_id = project_departments.department_id');
     $q->addQuery('DISTINCT t.task_id, t.task_name, t.task_start_date, t.task_end_date, t.task_percent_complete, t.task_duration' . ', t.task_duration_type, projects.project_color_identifier AS color, projects.project_name, t.task_milestone, task_description, task_type, company_name, task_access, task_owner');
     $q->addWhere('task_status > -1' . ' AND (task_start_date <= \'' . $db_end . '\'  AND t.task_percent_complete<100  OR task_end_date = \'0000-00-00 00:00:00\' OR task_end_date = NULL )');
     $q->addWhere('project_active = 1');
     if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
         $q->addWhere('project_status <> ' . $template_status);
     }
     if ($user_id) {
         $q->addWhere('ut.user_id = ' . (int) $user_id);
     }
     if ($company_id) {
         $q->addWhere('projects.project_company = ' . (int) $company_id);
     }
     if (count($task_filter_where) > 0) {
         $q->addWhere('(' . implode(' AND ', $task_filter_where) . ')');
     }
     if (count($deny) > 0) {
         $q->addWhere('(t.task_project NOT IN (' . implode(', ', $deny) . '))');
     }
     if (count($allow) > 0) {
         $q->addWhere('(' . implode(' AND ', $allow) . ')');
     }
     $q->addOrder('t.task_start_date');
     // assemble query
     $tasks = $q->loadList(-1, 'task_id');
     // check tasks access
     $result = array();
     foreach ($tasks as $key => $row) {
         $obj->load($row['task_id']);
         $canAccess = $obj->canAccess();
         if (!$canAccess) {
             continue;
         }
         $result[$key] = $row;
     }
     // execute and return
     return $result;
 }

 $q->addTable('tasks', 't');
 $q->addQuery('t.*');
 $q->addJoin('projects', '', 'projects.project_id = task_project', 'inner');
 $q->addJoin('project_departments', '', 'project_departments.project_id = projects.project_id');
 $q->addJoin('departments', '', 'department_id = dept_id');
 $q->addWhere('project_active = 1');
 if (($template_status = w2PgetConfig('template_projects_status_id')) != '') {
     $q->addWhere('project_status <> ' . (int) $template_status);
 }
 if ($use_period) {
     $q->addWhere('( (task_start_date >= ' . $ss . ' AND task_start_date <= ' . $se . ') OR ' . '(task_end_date <= ' . $se . ' AND task_end_date >= ' . $ss . ') )');
 }
 if ($project_id != 0) {
     $q->addWhere('task_project=' . $project_id);
 }
 $proj = new CProject();
 $obj = new CTask();
 $allowedProjects = $proj->getAllowedSQL($AppUI->user_id, 'task_project');
 $allowedTasks = $obj->getAllowedSQL($AppUI->user_id);
 if (count($allowedProjects)) {
     $q->addWhere(implode(' AND ', $allowedProjects));
 }
 if (count($allowedTasks)) {
     $q->addWhere(implode(' AND ', $allowedTasks));
 }
 $q->addOrder('task_end_date');
 $task_list_hash = $q->loadHashList('task_id');
 $q->clear();
 $task_list = array();
 $task_assigned_users = array();
 $i = 0;

<?php

/* PROJECTS $Id: reports.php,v 1.12.2.3 2007/01/31 09:36:52 ajdonnison Exp $ */
define("MANAGER", 5);
//error_reporting( E_ALL );
if (!defined('DP_BASE_DIR')) {
    die('You should not access this file directly');
}
$project_id = intval(dPgetParam($_REQUEST, "project_id", 0));
$report_type = dPgetParam($_REQUEST, "report_type", '');
// check permissions for this record
$perms =& $AppUI->acl();
$obj = new CProject();
$obj->load($project_id);
$canRead = $perms->checkModuleItem($m, 'view', $project_id) && ($AppUI->user_id == $obj->project_owner || $AppUI->user_type <= MANAGER);
if (!$canRead) {
    $AppUI->setMsg('Access denied', UI_MSG_ERROR);
    $AppUI->redirect();
}
$display_project_name = $obj->project_name;
if (!$suppressHeaders) {
    ?>
<script language="javascript">

function changeIt() {
        var f=document.changeMe;
        f.submit();
}
</script>

<?php 

$tab = $AppUI->getState('FileIdxTab', 0);
$active = intval(!$AppUI->getState('FileIdxTab'));
// to pass to "new file" button
$folder = intval(dPgetParam($_GET, 'folder', 0));
// "Project" filters info
require_once $AppUI->getModuleClass('projects');
// retrieve any state parameters
if (isset($_REQUEST['project_id'])) {
    $AppUI->setState('FileIdxProject', $_REQUEST['project_id']);
}
$project_id = $AppUI->getState('FileIdxProject', 0);
/*
 * get "Allowed" projects for filter list 
 * ("All" is always allowed when basing permission on projects)
 */
$project = new CProject();
$extra = array('from' => 'files', 'where' => 'project_id = file_project');
$projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra);
$projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects);
// get SQL for allowed projects/tasks and folders
$task = new CTask();
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'file_task');
$cfObj = new CFileFolder();
$allowedFolders = $cfObj->getAllowedSQL($AppUI->user_id, 'file_folder');
//get permissions for folder tab
$canAccess_folders = getPermission('file_folders', 'access');
// setup the title block
$titleBlock = new CTitleBlock('Files', 'folder5.png', $m, $m . '.' . $a);
$titleBlock->addCell($AppUI->_('Filter') . ':');
$titleBlock->addCell(arraySelect($projects, 'project_id', 'onchange="javascript:document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=files" method="post">', '</form>');

	</table>
<?php 
} else {
    // check permissions for this record
    $canReadProject = $perms->checkModuleItem('projects', 'view', $project_id);
    $canEditProject = $perms->checkModuleItem('projects', 'edit', $project_id);
    $canViewTasks = $perms->checkModule('tasks', 'view');
    $canAddTasks = $perms->checkModule('tasks', 'add');
    $canEditTasks = $perms->checkModule('tasks', 'edit');
    $canDeleteTasks = $perms->checkModule('tasks', 'delete');
    if (!$canReadProject) {
        $AppUI->redirect('m=public&a=access_denied');
    }
    // check if this record has dependencies to prevent deletion
    $msg = '';
    $obj = new CProject();
    // Now check if the project is editable/viewable.
    $denied = $obj->getDeniedRecords($AppUI->user_id);
    if (in_array($project_id, $denied)) {
        $AppUI->redirect('m=public&a=access_denied');
    }
    $canDeleteProject = $obj->canDelete($msg, $project_id);
    // get critical tasks (criteria: task_end_date)
    $criticalTasks = $project_id > 0 ? $obj->getCriticalTasks($project_id) : null;
    // get ProjectPriority from sysvals
    $projectPriority = w2PgetSysVal('ProjectPriority');
    $projectPriorityColor = w2PgetSysVal('ProjectPriorityColor');
    $pstatus = w2PgetSysVal('ProjectStatus');
    $ptype = w2PgetSysVal('ProjectType');
    // load the record data
    $obj->loadFull($AppUI, $project_id);

 /**
  * Put Request Handler
  *
  * This method is called when a request is a PUT
  *
  * @return array
  */
 public function executePut()
 {
     $valid = $this->hasRequiredParameters($this->requiredParams);
     if ($valid instanceof Frapi_Error) {
         return $valid;
     }
     $username = $this->getParam('username');
     $password = $this->getParam('password');
     // Attempt to login as user, a little bit of a hack as we currently
     // require the $_POST['login'] var to be set as well as a global AppUI
     $AppUI = new CAppUI();
     $GLOBALS['AppUI'] = $AppUI;
     $_POST['login'] = 'login';
     if (!$AppUI->login($username, $password)) {
         throw new Frapi_Error('INVALID_LOGIN');
     }
     $post_data = array('project_id' => 0, 'project_creator' => $AppUI->user_id, 'project_contacts' => $this->getParam('project_contacts'), 'project_name' => $this->getParam('project_name'), 'project_parent' => $this->getParam('project_parent'), 'project_owner' => $this->getParam('project_owner'), 'project_company' => $this->getParam('project_company'), 'project_location' => $this->getParam('project_location'), 'project_start_date' => $this->getParam('project_start_date'), 'project_end_date' => $this->getParam('project_end_date'), 'project_target_budget' => $this->getParam('project_target_budget'), 'project_actual_budget' => $this->getParam('project_actual_budget'), 'project_url' => $this->getParam('project_url'), 'project_demo_url' => $this->getParam('project_demo_url'), 'project_priority' => $this->getParam('project_priority'), 'project_short_name' => $this->getParam('project_short_name'), 'project_color_identifier' => $this->getParam('project_color_identifier'), 'project_type' => $this->getParam('project_type'), 'project_status' => $this->getParam('project_status'), 'project_description' => $this->getParam('project_description'), 'project_departments' => $this->getParam('project_departments', self::TYPE_ARRAY), 'project_active' => $this->getParam('project_active'));
     $project = new CProject();
     $project->bind($post_data);
     $error_array = $project->store($AppUI);
     // Return all the validation messages
     if ($error_array !== true) {
         $error_message = '';
         foreach ($error_array as $error) {
             $error_message .= $error . '. ';
         }
         throw new Frapi_Error('SAVE_ERROR', $error_message);
     }
     $project = (array) $project;
     $pd = CProject::getDepartments($AppUI, $project['project_id']);
     $project_departments = array();
     foreach ($pd as $key => $value) {
         $project_departments[] = $value['dept_id'];
     }
     $project['project_departments'] = $project_departments;
     // Remove the data that is not for display
     unset($project['_tbl_prefix'], $project['_tbl'], $project['_tbl_key'], $project['_error'], $project['_query'], $project['_tbl_module']);
     $this->data['project'] = $project;
     $this->data['success'] = true;
     return new Frapi_Response(array('code' => 201, 'data' => $this->data));
 }

 /**
  * Tests deleting a task with children
  */
 public function testDeleteWithChildren()
 {
     $this->obj->load(15);
     $children = $this->obj->getDeepChildren();
     $this->obj->delete();
     foreach ($children as $child) {
         $this->assertFalse($this->obj->load($child));
         $this->assertEquals(0, count($this->obj->getAssignedUsers($child)));
         $this->assertEquals(0, count($this->obj->getTaskLogs($child)));
         $this->assertEquals(0, count($this->obj->getAssignedUsers($child)));
         $this->assertEquals(0, count($this->obj->getDependencyList($child)));
         $this->assertEquals(0, count($this->obj->getDependentTaskList($child)));
     }
     /**
      * Test to make sure project task count was updated
      */
     $project = new CProject();
     $project->load(1);
     $this->assertEquals(27, $project->project_task_count);
 }

}
$AppUI->savePlace();
// retrieve any state parameters
if (isset($_REQUEST['project_id'])) {
    $AppUI->setState('LinkIdxProject', intval($_REQUEST['project_id']));
}
$project_id = $AppUI->getState('LinkIdxProject') !== NULL ? $AppUI->getState('LinkIdxProject') : 0;
if (dPgetParam($_GET, 'tab', -1) != -1) {
    $AppUI->setState('LinkIdxTab', intval(dPgetParam($_GET, 'tab')));
}
$tab = $AppUI->getState('LinkIdxTab') !== NULL ? $AppUI->getState('LinkIdxTab') : 0;
$active = intval(!$AppUI->getState('LinkIdxTab'));
require_once $AppUI->getModuleClass('projects');
// get the list of visible companies
$extra = array('from' => 'links', 'where' => 'project_id = link_project');
$project = new CProject();
$projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra);
$projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_JS)), $projects);
// setup the title block
$titleBlock = new CTitleBlock('Links', 'folder5.png', $m, "{$m}.{$a}");
$titleBlock->addCell($AppUI->_('Search') . ':');
$titleBlock->addCell('<input type="text" class="text" size="10" name="search" onchange="javascript:document.searchfilter.submit();" value=' . "'{$search}'" . 'title="' . $AppUI->_('Search in name and description fields', UI_OUTPUT_JS) . '"/>', '', '<form action="?m=links" method="post" id="searchfilter">', '</form>');
$titleBlock->addCell($AppUI->_('Filter') . ':');
$titleBlock->addCell(arraySelect($projects, 'project_id', 'onchange="javascript:document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=links" method="post">', '</form>');
if ($canEdit) {
    $titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new link') . '" />', '', '<form action="?m=links&amp;a=addedit" method="post">', '</form>');
}
$titleBlock->show();
$link_types = dPgetSysVal('LinkType');
if ($tab != -1) {
    array_unshift($link_types, 'All Links');

/**
 * TODO:  Remove for v4.0 - caseydk 20 September 2012
 *
 * @deprecated
 */
function getProjects()
{
    trigger_error("getProjects() has been deprecated in v3.0 and will be removed in v4.0. Please use CProject->getProjects() instead.", E_USER_NOTICE);
    $project = new CProject();
    return $project->getProjects();
}

    $AppUI->setState('ProjIdxType', intval($_POST['project_type']));
}
$project_type = $AppUI->getState('ProjIdxType') !== null ? $AppUI->getState('ProjIdxType') : -1;
// prepare the users filter
if (isset($_POST['project_owner'])) {
    $AppUI->setState('ProjIdxowner', intval($_POST['project_owner']));
}
$owner = $AppUI->getState('ProjIdxowner') !== null ? $AppUI->getState('ProjIdxowner') : 0;
$proFilter = w2PgetParam($_REQUEST, 'proFilter', '-1');
$company_id = w2PgetParam($_REQUEST, 'company_id', 0);
$department = w2PgetParam($_REQUEST, 'department', 0);
$showLabels = w2PgetParam($_REQUEST, 'showLabels', 0);
$showInactive = w2PgetParam($_REQUEST, 'showInactive', 0);
$sortTasksByName = w2PgetParam($_REQUEST, 'sortTasksByName', 0);
$addPwOiD = w2PgetParam($_REQUEST, 'addPwOiD', 0);
$pjobj = new CProject();
/*
** Load department info for the case where one
** wants to see the ProjectsWithOwnerInDeparment (PwOiD)
** instead of the projects related to the given department.
*/
if ($addPwOiD && $department > 0) {
    $owner_ids = array();
    $q = new w2p_Database_Query();
    $q->addTable('users');
    $q->addQuery('user_id');
    $q->addJoin('contacts', 'c', 'c.contact_id = user_contact', 'inner');
    $q->addWhere('c.contact_department = ' . (int) $department);
    $owner_ids = $q->loadColumn();
    $q->clear();
}

 function canUserEditTimeInformation()
 {
     global $AppUI;
     $project = new CProject();
     $project->load($this->task_project);
     // Code to see if the current user is
     // enabled to change time information related to task
     $can_edit_time_information = false;
     // Let's see if all users are able to edit task time information
     if (dPgetConfig('restrict_task_time_editing') == true && $this->task_id > 0) {
         // Am I the task owner?
         if ($this->task_owner == $AppUI->user_id) {
             $can_edit_time_information = true;
         }
         // Am I the project owner?
         if ($project->project_owner == $AppUI->user_id) {
             $can_edit_time_information = true;
         }
         // Am I sys admin?
         if (getPermission('admin', 'edit')) {
             $can_edit_time_information = true;
         }
     } else {
         if (dPgetConfig('restrict_task_time_editing') == false || $this->task_id == 0) {
             // If all users are able, then don't check anything
             $can_edit_time_information = true;
         }
     }
     return $can_edit_time_information;
 }

/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
    die('You should not access this file directly.');
}
global $caller, $locale_char_set, $showWork, $sortByName, $showLabels;
global $gantt_arr, $showPinned, $showArcProjs, $showHoldProjs, $showDynTasks;
global $showLowTasks, $user_id, $w2Pconfig;
w2PsetExecutionConditions($w2Pconfig);
$showLabels = w2PgetParam($_REQUEST, 'showLabels', false);
$sortByName = w2PgetParam($_REQUEST, 'sortByName', false);
$project_id = w2PgetParam($_REQUEST, 'project_id', 0);
$f = w2PgetParam($_REQUEST, 'f', 0);
// get the prefered date format
$df = $AppUI->getPref('SHDATEFORMAT');
$project = new CProject();
$criticalTasks = $project_id > 0 ? $project->getCriticalTasks($project_id) : null;
// pull valid projects and their percent complete information
$projects = $project->getAllowedProjects($AppUI->user_id, false);
##############################################
/* gantt is called now by the todo page, too.
** there is a different filter approach in todo
** so we have to tweak a little bit,
** also we do not have a special project available
*/
$caller = w2PgetParam($_REQUEST, 'caller', null);
if ($caller == 'todo') {
    $user_id = w2PgetParam($_REQUEST, 'user_id', $AppUI->user_id);
    $projects[$project_id]['project_name'] = $AppUI->_('Todo for') . ' ' . CContact::getContactByUserid($user_id);
    $projects[$project_id]['project_color_identifier'] = 'ff6000';
    $showLabels = w2PgetParam($_REQUEST, 'showLabels', false);

if (!$canEdit || !$canAuthor) {
    $AppUI->redirect("m=public&a=access_denied");
}
// load the companies class to retrieved denied projects
require_once $AppUI->getModuleClass('projects');
$forum_id = intval(dPgetParam($_GET, 'forum_id', 0));
//Pull forum information
$q = new DBQuery();
$q->addTable('forums');
$q->addWhere("forums.forum_id = {$forum_id}");
$res = $q->exec();
echo db_error();
$forum_info = db_fetch_assoc($res);
$status = isset($forum_info["forum_status"]) ? $forum_info["forum_status"] : -1;
// get any project records denied from viewing
$projObj = new CProject();
//Pull project Information
$q = new DBQuery();
$q->addTable('projects');
$q->addQuery('project_id, project_name');
$q->addWhere('project_status <> 7');
$q->addOrder('project_name');
$projObj->setAllowedSQL($AppUI->user_id, $q);
if (isset($company_id)) {
    $q->addWhere("project_company = {$company_id}");
}
$projects = array('0' => '') + $q->loadHashList();
echo db_error();
if (!in_array($forum_project, array_keys($projects))) {
    $forum_project = 0;
}