// getUsers obtains users in a group, as specififed by options.
function getUsers($options) {
-
$mdb2 = getConnection();
+ $group_id = $this->getActiveGroup();
+ $org_id = $this->org_id;
+
$skipClients = !isset($options['include_clients']);
$includeSelf = isset($options['include_self']);
- $group_id = isset($options['group_id']) ? $options['group_id'] : $this->group_id;
$select_part = 'select u.id, u.name';
if (isset($options['include_login'])) $select_part .= ', u.login';
if (isset($options['max_rank']) || $skipClients || isset($options['include_role']))
$left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
- $where_part = " where u.org_id = $this->org_id and u.group_id = $group_id";
+ $where_part = " where u.org_id = $org_id and u.group_id = $group_id";
if (isset($options['status']))
$where_part .= ' and u.status = '.(int)$options['status'];
else
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.28.451
2 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.28.451
3 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<tr>
<td valign="top">
{if $user->can('manage_users')}
+ {if $group_dropdown}
+{$forms.usersForm.open} {* usersForm consists only of one dropdown group control *}
+ <table width="100%">
+ <tr>
+ <td align="center">{$i18n.label.group}: {$forms.usersForm.group.control}</td>
+ </tr>
+ </table>
+{$forms.usersForm.close}
+ {/if}
+
<table cellspacing="1" cellpadding="3" border="0" width="100%">
{if $inactive_users}
<tr><td class="sectionHeaderNoBorder">{$i18n.form.users.active_users}</td></tr>
header('Location: access_denied.php');
exit();
}
+if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
+ header('Location: access_denied.php'); // Wrong group id in post.
+ exit();
+}
+// Note: we don't use "manage_subgroups" in access check, because when user cannot
+// "manage_users" or "view_users" they do not belong here.
// End of access checks.
+if ($request->isPost()) {
+ $group_id = $request->getParameter('group');
+ $user->setOnBehalfGroup($group_id);
+} else {
+ $group_id = $user->getActiveGroup();
+}
+
+$form = new Form('usersForm');
+if ($user->can('manage_subgroups')) {
+ $groups = $user->getGroupsForDropdown();
+ if (count($groups) > 1) {
+ $form->addInput(array('type'=>'combobox',
+ 'onchange'=>'this.form.submit();',
+ 'name'=>'group',
+ 'style'=>'width: 250px;',
+ 'value'=>$group_id,
+ 'data'=>$groups,
+ 'datakeys'=>array('id','name')));
+ $smarty->assign('group_dropdown', 1);
+ }
+}
+
// Prepare a list of active users.
if ($user->can('view_users'))
$options = array('status'=>ACTIVE,'include_clients'=>true,'include_login'=>true,'include_role'=>true);
}
}
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('active_users', $active_users);
$smarty->assign('inactive_users', $inactive_users);
$smarty->assign('title', $i18n->get('title.users'));
projects / timetracker.git / commitdiff