X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=swap_roles.php;h=1652ae2a8d09cec7d2af5a624994e15a888a67af;hb=e3cdaaf8e6b4e5433ec620396e562de1a5dcec10;hp=5ee47248629ca60d8a9e06be9c3da95be66f26fa;hpb=18e4849ef89b32f8aad1d42f5284bf60d5dc853d;p=timetracker.git

diff --git a/swap_roles.php b/swap_roles.php
index 5ee47248..1652ae2a 100644
--- a/swap_roles.php
+++ b/swap_roles.php
@@ -30,31 +30,48 @@ require_once('initialize.php');
 import('form.Form');
 import('ttUserHelper');
 
-// Access check.
+// Access checks.
 if (!ttAccessAllowed('swap_roles')) {
   header('Location: access_denied.php');
   exit();
 }
-
-$users = ttTeamHelper::getUsersForSwap();
-
+$users_for_swap = ttTeamHelper::getUsersForSwap();
+if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) {
+  header('Location: access_denied.php');
+  exit();
+}
 if ($request->isPost()) {
-  $cl_id = $request->getParameter('swap_with');
+  $user_id = (int)$request->getParameter('swap_with');
+  $user_details = $user->getUserDetails($user_id);
+  if (!$user_details) {
+    header('Location: access_denied.php');
+    exit();
+  }
 }
+// End of access checks.
 
 $form = new Form('swapForm');
-$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name')));
-$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->getKey('button.submit')));
+$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
+$form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit')));
+$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
 
 if ($request->isPost()) {
-  if (ttTeamHelper::swapRolesWith($cl_id)) {
+  if ($request->getParameter('btn_submit')) {
+    if (ttTeamHelper::swapRolesWith($user_id)) {
+      header('Location: users.php');
+      exit();
+    } else
+      $err->add($i18n->get('error.db'));
+  }
+
+  if ($request->getParameter('btn_cancel')) {
     header('Location: users.php');
     exit();
-  } else
-    $err->add($i18n->getKey('error.db'));
+  }
 }
 
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));
-$smarty->assign('title', $i18n->getKey('title.swap_roles'));
+$smarty->assign('onload', 'onLoad="document.swapForm.btn_cancel.focus()"');
+$smarty->assign('title', $i18n->get('title.swap_roles'));
 $smarty->assign('content_page_name', 'swap_roles.tpl');
 $smarty->display('index.tpl');