+if ($request->isPost()) {
+ $groupChanged = $request->getParameter('group_changed'); // Reused in multiple places below.
+ if ($groupChanged && !($user->can('manage_subgroups') && $user->isGroupValid($request->getParameter('group')))) {
+ header('Location: access_denied.php'); // Group changed, but no rght or wrong group id.
+ exit();
+ }
+ $userChanged = $request->getParameter('user_changed'); // Reused in multiple places below.
+ if ($userChanged && !($user->can('track_time') && $user->isUserValid($request->getParameter('user')))) {
+ header('Location: access_denied.php'); // Group changed, but no rght or wrong user id.
+ exit();
+ }
+}
+// End of access checks.
+
+// Determine group for which we display this page.
+if ($request->isPost() && $groupChanged) {
+ $group_id = $request->getParameter('group');
+ $user->setOnBehalfGroup($group_id);
+} else {
+ $group_id = $user->getGroup();
+}
+// Determine user for which we display this page.
+if ($request->isPost() && $userChanged) {
+ $user_id = $request->getParameter('user');
+ $user->setOnBehalfUser($user_id);
+} else {
+ $user_id = $user->getUser();
+}