+if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
+ header('Location: access_denied.php'); // Wrong group id in post.
+ exit();
+}
+// Note: we don't use "manage_subgroups" in access check, because when user cannot
+// "manage_users" or "view_users" they do not belong here.
+// End of access checks.
+
+if ($request->isPost()) {
+ $group_id = $request->getParameter('group');
+ $user->setOnBehalfGroup($group_id);
+} else {
+ $group_id = $user->getGroup();
+}
+
+$form = new Form('usersForm');
+if ($user->can('manage_subgroups')) {
+ $groups = $user->getGroupsForDropdown();
+ if (count($groups) > 1) {
+ $form->addInput(array('type'=>'combobox',
+ 'onchange'=>'this.form.submit();',
+ 'name'=>'group',
+ 'style'=>'width: 250px;',
+ 'value'=>$group_id,
+ 'data'=>$groups,
+ 'datakeys'=>array('id','name')));
+ $smarty->assign('group_dropdown', 1);
+ }
+}
+
+// Prepare a list of active users.
+if ($user->can('view_users'))
+ $options = array('status'=>ACTIVE,'include_clients'=>true,'include_login'=>true,'include_role'=>true);
+else /* if ($user->can('manage_users')) */
+ $options = array('status'=>ACTIVE,'max_rank'=>$user->rank-1,'include_clients'=>true,'include_self'=>true,'include_login'=>true,'include_role'=>true);
+$active_users = $user->getUsers($options);