+if ($user->behalf_id && (!$user->can('track_time') || !$user->checkBehalfId())) {
+ header('Location: access_denied.php'); // Trying on behalf, but no right or wrong user.
+ exit();
+}
+if (!$user->behalf_id && !$user->can('track_own_time') && !$user->adjustBehalfId()) {
+ header('Location: access_denied.php'); // Trying as self, but no right for self, and noone to work on behalf.
+ exit();
+}
+if ($request->isPost()) {
+ $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below.
+ if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
+ header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
+ exit();
+ }
+}
+$debug->println('after all access checks');
+// End of access checks.
+
+// Determine user for whom we display this page.
+if ($request->isPost() && $userChanged) {
+ $user_id = $request->getParameter('user');
+ $user->setOnBehalfUser($user_id);
+} else {
+ $user_id = $user->getUser();
+}
+
+$group_id = $user->getGroup();
+$debug->println("user_id: $user_id group_id: $group_id");
+
+$showClient = $user->isPluginEnabled('cl');
+$trackingMode = $user->getTrackingMode();
+$showProject = MODE_PROJECTS == $trackingMode || MODE_PROJECTS_AND_TASKS == $trackingMode;
+$showTask = MODE_PROJECTS_AND_TASKS == $trackingMode;
+$recordType = $user->getRecordType();
+$showStart = TYPE_START_FINISH == $recordType || TYPE_ALL == $recordType;
+$showFinish = $showStart;
+$showDuration = TYPE_DURATION == $recordType || TYPE_ALL == $recordType;
+$showFiles = $user->isPluginEnabled('at');