projects
/
timetracker.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Introduced rights for remote work plugin.
[timetracker.git]
/
swap_roles.php
diff --git
a/swap_roles.php
b/swap_roles.php
index
0c52570
..
1652ae2
100644
(file)
--- a/
swap_roles.php
+++ b/
swap_roles.php
@@
-30,31
+30,48
@@
require_once('initialize.php');
import('form.Form');
import('ttUserHelper');
import('form.Form');
import('ttUserHelper');
-// Access check.
+// Access check
s
.
if (!ttAccessAllowed('swap_roles')) {
header('Location: access_denied.php');
exit();
}
if (!ttAccessAllowed('swap_roles')) {
header('Location: access_denied.php');
exit();
}
-
-$users = ttTeamHelper::getUsersForSwap();
-
+$users_for_swap = ttTeamHelper::getUsersForSwap();
+if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
+ header('Location: access_denied.php');
+ exit();
+}
if ($request->isPost()) {
if ($request->isPost()) {
- $cl_id = $request->getParameter('swap_with');
+ $user_id = (int)$request->getParameter('swap_with');
+ $user_details = $user->getUserDetails($user_id);
+ if (!$user_details) {
+ header('Location: access_denied.php');
+ exit();
+ }
}
}
+// End of access checks.
$form = new Form('swapForm');
$form = new Form('swapForm');
-$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users
_for_swap
,'datakeys'=>array('id','name')));
$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
+$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
if ($request->isPost()) {
if ($request->isPost()) {
- if (ttTeamHelper::swapRolesWith($cl_id)) {
+ if ($request->getParameter('btn_submit')) {
+ if (ttTeamHelper::swapRolesWith($user_id)) {
+ header('Location: users.php');
+ exit();
+ } else
+ $err->add($i18n->get('error.db'));
+ }
+
+ if ($request->getParameter('btn_cancel')) {
header('Location: users.php');
exit();
header('Location: users.php');
exit();
- } else
- $err->add($i18n->get('error.db'));
+ }
}
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
}
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
+$smarty->assign('onload', 'onLoad="document.swapForm.btn_cancel.focus()"');
$smarty->assign('title', $i18n->get('title.swap_roles'));
$smarty->assign('content_page_name', 'swap_roles.tpl');
$smarty->display('index.tpl');
$smarty->assign('title', $i18n->get('title.swap_roles'));
$smarty->assign('content_page_name', 'swap_roles.tpl');
$smarty->display('index.tpl');