projects / timetracker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
posaune
[timetracker.git] / role_edit.php
diff --git a/role_edit.php b/role_edit.php
index 3eb7696..972d454 100644 (file)
--- a/role_edit.php
+++ b/role_edit.php
@@ -28,11 +28,9 @@
 
 require_once('initialize.php');
 import('form.Form');
-import('ttTeamHelper'); // TODO: remove this?
-import('ttTaskHelper'); // TODO: remove this?
 import('ttRoleHelper');
 
-// Access check.
+// Access checks.
 if (!ttAccessAllowed('manage_roles')) {
   header('Location: access_denied.php');
   exit();
@@ -43,6 +41,8 @@ if (!$role) {
   header('Location: access_denied.php');
   exit();
 }
+// End of access checks.
+
 $assigned_rights = explode(',', $role['rights']);
 $available_rights = array_diff($user->rights, $assigned_rights);
 
@@ -81,6 +81,7 @@ if ($request->isPost()) {
     // Validate user input.
     if (!ttValidString($cl_name)) $err->add($i18n->get('error.field'), $i18n->get('label.thing_name'));
     if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
+    if ($cl_rank >= $user->rank || $cl_rank < 0) $err->add($i18n->get('error.field'), $i18n->get('form.roles.rank'));
 
     if ($err->no()) {
       $existing_role = ttRoleHelper::getRoleByName($cl_name);
Unnamed repository; edit this file 'description' to name the repository.