Work in progress added more checks for access control.

[timetracker.git] / client_delete.php

diff --git a/client_delete.php b/client_delete.php
index e22704fad3f577d81abe35fb7469a692a73e1e2d..767a919e9c0a7442239abf231c374b69691749e3 100644 (file)
--- a/client_delete.php
+++ b/client_delete.php
@@ -31,7 +31,7 @@ import('form.Form');
 import('ttClientHelper');
 
 // Access check.
-if (!ttAccessCheck(right_manage_team)) {
+if (!ttAccessCheck(right_manage_team) || !$user->isPluginEnabled('cl')) {
   header('Location: access_denied.php');
   exit();
 }
@@ -57,14 +57,14 @@ if ($request->isPost()) {
       } else
         $err->add($i18n->getKey('error.db'));
     }
-  } else 
-      $err->add($i18n->getKey('error.db'));
+  } else
+    $err->add($i18n->getKey('error.db'));
 
   if ($request->getParameter('btn_cancel')) {
     header('Location: clients.php');
     exit();
   }
-} // POST
+} // isPost
 
 $smarty->assign('client_to_delete', $client_to_delete);
 $smarty->assign('forms', array($form->getName()=>$form->toArray()));