+if (!$user->exists()) {
+ header('Location: access_denied.php'); // Nobody to enter expenses for.
+ exit();
+}
+if ($user->behalf_id && (!$user->can('track_expenses') || !$user->checkBehalfId())) {
+ header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+ exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_expenses') && !$user->adjustBehalfId()) {
+ header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
+ exit();
+}
+if ($request->isPost() && $request->getParameter('user')) {
+ if (!$user->isUserValid($request->getParameter('user'))) {
+ header('Location: access_denied.php'); // Wrong user id on post.
+ exit();
+ }
+}
+// End of access checks.
+
+// Determine user for which we display this page.
+$userChanged = $request->getParameter('user_changed');
+if ($request->isPost() && $userChanged) {
+ $user_id = $request->getParameter('user');
+ $user->setOnBehalfUser($user_id);
+} else {
+ $user_id = $user->getUser();
+}