+if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
+ header('Location: access_denied.php'); // Wrong group id in post.
+ exit();
+}
+// Note: we don't use "manage_subgroups" in access check, because when user cannot
+// "manage_users" or "view_users" they do not belong here.
+// End of access checks.
+
+if ($request->isPost()) {
+ $group_id = $request->getParameter('group');
+ $user->setOnBehalfGroup($group_id);
+} else {
+ $group_id = $user->getGroup();
+}
+$uncompleted_indicators = $user->getConfigOption('uncompleted_indicators');