+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
+$notification_id = (int)$request->getParameter('id');
+$notification = ttNotificationHelper::get($notification_id);
+if (!$notification) {
+ header('Location: access_denied.php'); // Wrong notification id.
+ exit();
+}
+if ($request->isPost()) {
+ // TODO: improve this, perhaps by refactoring elsewhere.
+ $cl_fav_report = (int) $request->getParameter('fav_report');
+ $fav_report = ttFavReportHelper::getReport($cl_fav_report);
+ if ($user->getUser() != $fav_report['user_id']) {
+ header('Location: access_denied.php'); // Invalid fav report id in post.
+ exit();
+ }
+}
+// End of access checks.