X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=group_delete.php;h=2865351a48940c31157510982b6ea427b4edef82;hb=HEAD;hp=db24a44818cf368eb881ff59bcac10097f04eb4a;hpb=7961e2909a8c8c456c1b0d6bee2944cabde592c0;p=timetracker.git

diff --git a/group_delete.php b/group_delete.php
index db24a448..2865351a 100644
--- a/group_delete.php
+++ b/group_delete.php
@@ -31,17 +31,21 @@ import('form.Form');
 import('ttGroupHelper');
 
 // Access checks.
-if (!ttAccessAllowed('delete_group')) {
+if (!(ttAccessAllowed('delete_group') || ttAccessAllowed('manage_subgroups'))) {
   header('Location: access_denied.php'); // No rights.
   exit();
 }
-if (!$user->isGroupValid($request->getParameter('id'))) {
+$group_id = (int)$request->getParameter('id');
+if (!$user->isGroupValid($group_id)) {
   header('Location: access_denied.php'); // Wrong group id.
   exit();
 }
+if ($group_id == $user->group_id && !$user->can('delete_group')) {
+  header('Location: access_denied.php'); // Trying to delete home group without right.
+  exit();
+}
 // End of access checks.
 
-$group_id = (int)$request->getParameter('id');
 $group_name = ttGroupHelper::getGroupName($group_id);
 
 $form = new Form('groupForm');
@@ -53,7 +57,6 @@ if ($request->isPost()) {
   if ($request->getParameter('btn_delete')) {
     $markedDeleted = ttGroupHelper::markGroupDeleted($group_id);
     if ($markedDeleted) {
-      // TODO: conditional redirects don't look nice. Any better ideas?
       if ($group_id == $user->group_id) {
         // We marked deleted our own group. Logout and redirect to login page.
         $auth->doLogout();
@@ -61,8 +64,10 @@ if ($request->isPost()) {
         header('Location: login.php');
         exit();
       } else {
-        // We marked deleted a subgroup. Redirect to groups.pgp.
-        header('Location: groups.php');
+        // We marked deleted a subgroup.
+        if ($user->behalfGroup && $user->behalfGroup->id == $group_id)
+          $user->setOnBehalfGroup($user->group_id); // Remove on behalf group from session.
+        header('Location: success.php');
         exit();
       }
     } else
@@ -70,7 +75,6 @@ if ($request->isPost()) {
   }
 
   if ($request->getParameter('btn_cancel')) {
-    // TODO: conditional redirects don't look nice. Any better ideas?
     if ($group_id == $user->group_id) {
       header('Location: group_edit.php');
       exit();