X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=user_delete.php;h=38d4f5424bc8f30efe151ad34da43ca62204a2ae;hb=HEAD;hp=aed2746adf0d434718c524370f8900fc4c3498a4;hpb=098a79f0819ebb89b7d48df4a6b154af4560f68e;p=timetracker.git diff --git a/user_delete.php b/user_delete.php index aed2746a..38d4f542 100644 --- a/user_delete.php +++ b/user_delete.php @@ -28,44 +28,32 @@ require_once('initialize.php'); import('form.Form'); -import('ttUserHelper'); +import('ttUser'); -// Access check. -if (!ttAccessCheck(right_manage_team)) { +// Access checks. +if (!ttAccessAllowed('manage_users')) { header('Location: access_denied.php'); exit(); } +$user_id = (int)$request->getParameter('id'); +$user_details = $user->getUserDetails($user_id); +if (!$user_details) { + header('Location: access_denied.php'); + exit(); +} +// End of access checks. -// Get user id we are deleting from the request. -// A cast to int is for safety against manipulation of request parameter (sql injection). -$user_id = (int) $request->getParameter('id'); - -// We need user name and login to display. -$user_details = ttUserHelper::getUserDetails($user_id); - -// Security checks. -$ok_to_go = $user->canManageTeam(); // Are we authorized for user deletes? -if ($ok_to_go) $ok_to_go = $ok_to_go && $user_details; // Are we deleting a real user? -if ($ok_to_go) $ok_to_go = $ok_to_go && ($user->team_id == $user_details['team_id']); // User belongs to our team? -if ($ok_to_go && $user->isCoManager() && (ROLE_COMANAGER == $user_details['role'])) - $ok_to_go = ($user->id == $user_details['id']); // Comanager is not allowed to delete other comanagers. -if ($ok_to_go && $user->isCoManager() && (ROLE_MANAGER == $user_details['role'])) - $ok_to_go = false; // Comanager is not allowed to delete a manager. - -if (!$ok_to_go) - die ($i18n->getKey('error.sys')); -else - $smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")"); +$smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")"); // Create confirmation form. $form = new Form('userDeleteForm'); $form->addInput(array('type'=>'hidden','name'=>'id','value'=>$user_id)); -$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->getKey('label.delete'))); -$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->getKey('button.cancel'))); - -if ($request->getMethod() == 'POST') { +$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete'))); +$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel'))); + +if ($request->isPost()) { if ($request->getParameter('btn_delete')) { - if (ttUserHelper::markDeleted($user_id)) { + if ($user->markUserDeleted($user_id)) { // If we deleted the "on behalf" user reset its info in session. if ($user_id == $user->behalf_id) { unset($_SESSION['behalf_id']); @@ -73,28 +61,27 @@ if ($request->getMethod() == 'POST') { } // If we deleted our own account, do housekeeping and logout. if ($user->id == $user_id) { - // Remove tt_login cookie that stores login name. - unset($_COOKIE['tt_login']); - setcookie('tt_login', NULL, -1); - + // Remove tt_login cookie that stores login name. + unset($_COOKIE['tt_login']); + setcookie('tt_login', NULL, -1); + $auth->doLogout(); header('Location: login.php'); } else { - header('Location: users.php'); + header('Location: users.php'); } exit(); } else { - $errors->add($i18n->getKey('error.db')); + $err->add($i18n->get('error.db')); } } if ($request->getParameter('btn_cancel')) { header('Location: users.php'); exit(); } -} +} // isPost $smarty->assign('forms', array($form->getName()=>$form->toArray())); -$smarty->assign('title', $i18n->getKey('title.delete_user')); +$smarty->assign('title', $i18n->get('title.delete_user')); $smarty->assign('content_page_name', 'user_delete.tpl'); $smarty->display('index.tpl'); -?> \ No newline at end of file