Refactor header to use user rights. (#57)

[timetracker.git] / swap_roles.php

diff --git a/swap_roles.php b/swap_roles.php
index 09178cd..59a726c 100644 (file)
--- a/swap_roles.php
+++ b/swap_roles.php
@@ -30,20 +30,23 @@ require_once('initialize.php');
 import('form.Form');
 import('ttUserHelper');
 
-// Access check.
+// Access checks.
 if (!ttAccessAllowed('swap_roles')) {
   header('Location: access_denied.php');
   exit();
 }
-
-$users = ttTeamHelper::getUsersForSwap();
+$users_for_swap = ttTeamHelper::getUsersForSwap();
+if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
+  header('Location: access_denied.php');
+  exit();
+}
 
 if ($request->isPost()) {
   $cl_id = $request->getParameter('swap_with');
 }
 
 $form = new Form('swapForm');
-$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
 $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
 $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));