X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=group_delete.php;h=b2977ee44f4c150d1b0b7d2713ebcca6666a0f22;hb=9eb2c5f542ed33fc1aba2e7392a5a29181cbfd1a;hp=65875fad1f0726306ac711ca5fcac062beb3df15;hpb=83987222fbafb8d6dbbbd9578ed2f949f65004d3;p=timetracker.git

diff --git a/group_delete.php b/group_delete.php
index 65875fad..b2977ee4 100644
--- a/group_delete.php
+++ b/group_delete.php
@@ -28,17 +28,23 @@
 
 require_once('initialize.php');
 import('form.Form');
+import('ttAdmin');
 
 // Access checks.
 if (!ttAccessAllowed('delete_group')) {
   header('Location: access_denied.php');
   exit();
 }
-// End of access checks.
-
-// TODO: refactor this... and the template.
 $group_id = (int)$request->getParameter('id');
+if ($user->group_id != $group_id) {
+  header('Location: access_denied.php');
+  exit();
+}
+// End of access checks.
 
+// Note: reuse ttAdmin class here because deleting a group is a complicated task.
+// This creates an issue of using the class for not intended purpose.
+// However, otherwise we have to duplicate code, so reuse it is, for now.
 $admin = new ttAdmin();
 $group_details = $admin->getGroupDetails($group_id);
 $group_name = $group_details['group_name'];
@@ -50,16 +56,17 @@ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get(
 
 if ($request->isPost()) {
   if ($request->getParameter('btn_delete')) {
-    $result = $admin->markGroupDeleted($group_id);
-    if ($result) {
-      header('Location: admin_groups.php');
+    if ($admin->markGroupDeleted($group_id)) {
+      $auth->doLogout();
+      session_unset();
+      header('Location: login.php');
       exit();
     } else
       $err->add($i18n->get('error.db'));
   }
 
   if ($request->getParameter('btn_cancel')) {
-    header('Location: admin_groups.php');
+    header('Location: group_edit.php');
     exit();
   }
 } // isPost
@@ -67,5 +74,5 @@ if ($request->isPost()) {
 $smarty->assign('group_to_delete', $group_name);
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('title', $i18n->get('title.delete_group'));
-$smarty->assign('content_page_name', 'admin_group_delete.tpl');
+$smarty->assign('content_page_name', 'group_delete.tpl');
 $smarty->display('index.tpl');