projects
/
timetracker.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Improved output of grouped subtotals on reports by including grouped values.
[timetracker.git]
/
group_delete.php
diff --git
a/group_delete.php
b/group_delete.php
index
65875fa
..
b2977ee
100644
(file)
--- a/
group_delete.php
+++ b/
group_delete.php
@@
-28,17
+28,23
@@
require_once('initialize.php');
import('form.Form');
require_once('initialize.php');
import('form.Form');
+import('ttAdmin');
// Access checks.
if (!ttAccessAllowed('delete_group')) {
header('Location: access_denied.php');
exit();
}
// Access checks.
if (!ttAccessAllowed('delete_group')) {
header('Location: access_denied.php');
exit();
}
-// End of access checks.
-
-// TODO: refactor this... and the template.
$group_id = (int)$request->getParameter('id');
$group_id = (int)$request->getParameter('id');
+if ($user->group_id != $group_id) {
+ header('Location: access_denied.php');
+ exit();
+}
+// End of access checks.
+// Note: reuse ttAdmin class here because deleting a group is a complicated task.
+// This creates an issue of using the class for not intended purpose.
+// However, otherwise we have to duplicate code, so reuse it is, for now.
$admin = new ttAdmin();
$group_details = $admin->getGroupDetails($group_id);
$group_name = $group_details['group_name'];
$admin = new ttAdmin();
$group_details = $admin->getGroupDetails($group_id);
$group_name = $group_details['group_name'];
@@
-50,16
+56,17
@@
$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get(
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
- $result = $admin->markGroupDeleted($group_id);
- if ($result) {
- header('Location: admin_groups.php');
+ if ($admin->markGroupDeleted($group_id)) {
+ $auth->doLogout();
+ session_unset();
+ header('Location: login.php');
exit();
} else
$err->add($i18n->get('error.db'));
}
if ($request->getParameter('btn_cancel')) {
exit();
} else
$err->add($i18n->get('error.db'));
}
if ($request->getParameter('btn_cancel')) {
- header('Location:
admin_groups
.php');
+ header('Location:
group_edit
.php');
exit();
}
} // isPost
exit();
}
} // isPost
@@
-67,5
+74,5
@@
if ($request->isPost()) {
$smarty->assign('group_to_delete', $group_name);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('title.delete_group'));
$smarty->assign('group_to_delete', $group_name);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('title', $i18n->get('title.delete_group'));
-$smarty->assign('content_page_name', '
admin_
group_delete.tpl');
+$smarty->assign('content_page_name', 'group_delete.tpl');
$smarty->display('index.tpl');
$smarty->display('index.tpl');