Security fix - improved access checks for task edit and deletes.

[timetracker.git] / users.php

diff --git a/users.php b/users.php
index 8787844..af53890 100644 (file)
--- a/users.php
+++ b/users.php
@@ -32,11 +32,12 @@ import('ttTeamHelper');
 import('ttTimeHelper');
 import('ttRoleHelper');
 
-// Access check.
+// Access checks.
 if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
 
 // Prepare a list of active users.
 if ($user->can('view_users'))