X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/1a1ae10cf832a697192fc5e1e84debe930ce3c9f..7bc3223af35eeceb1e63daf3ae3cb66739337696:/WEB-INF/lib/ttUser.class.php

diff --git a/WEB-INF/lib/ttUser.class.php b/WEB-INF/lib/ttUser.class.php
index 859d0881..8c4595db 100644
--- a/WEB-INF/lib/ttUser.class.php
+++ b/WEB-INF/lib/ttUser.class.php
@@ -306,12 +306,13 @@ class ttUser {
 
   // getUsers obtains users in a group, as specififed by options.
   function getUsers($options) {
-
     $mdb2 = getConnection();
 
+    $group_id = $this->getActiveGroup();
+    $org_id = $this->org_id;
+
     $skipClients = !isset($options['include_clients']);
     $includeSelf = isset($options['include_self']);
-    $group_id = isset($options['group_id']) ? $options['group_id'] : $this->group_id;
 
     $select_part = 'select u.id, u.name';
     if (isset($options['include_login'])) $select_part .= ', u.login';
@@ -324,7 +325,7 @@ class ttUser {
     if (isset($options['max_rank']) || $skipClients || isset($options['include_role']))
         $left_joins .= ' left join tt_roles r on (u.role_id = r.id)';
 
-    $where_part = " where u.org_id = $this->org_id and u.group_id = $group_id";
+    $where_part = " where u.org_id = $org_id and u.group_id = $group_id";
     if (isset($options['status']))
       $where_part .= ' and u.status = '.(int)$options['status'];
     else
@@ -439,11 +440,13 @@ class ttUser {
     if (!$this->can('manage_users')) return false;
 
     $mdb2 = getConnection();
+    $group_id = $this->getActiveGroup();
+    $org_id = $this->org_id;
 
     $sql =  "select u.id, u.name, u.login, u.role_id, u.client_id, u.status, u.rate, u.email from tt_users u".
-            " left join tt_roles r on (u.role_id = r.id)".
-            " where u.id = $user_id and u.group_id = $this->group_id and u.status is not null".
-            " and (r.rank < $this->rank or (r.rank = $this->rank and u.id = $this->id))"; // Users with lesser roles or self.
+      " left join tt_roles r on (u.role_id = r.id)".
+      " where u.id = $user_id and u.group_id = $group_id and u.org_id = $org_id and u.status is not null".
+      " and (r.rank < $this->rank or (r.rank = $this->rank and u.id = $this->id))"; // Users with lesser roles or self.
     $res = $mdb2->query($sql);
     if (!is_a($res, 'PEAR_Error')) {
       $val = $res->fetchRow();
@@ -564,21 +567,26 @@ class ttUser {
     if (!$user_details) return false;
 
     $mdb2 = getConnection();
+    $group_id = $this->getActiveGroup();
+    $org_id = $this->org_id;
 
     // Mark user to project binds as deleted.
-    $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id";
+    $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
     // Mark user favorite reports as deleted.
-    $sql = "update tt_fav_reports set status = NULL where user_id = $user_id";
+    $sql = "update tt_fav_reports set status = NULL where user_id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
 
     // Mark user as deleted.
-    $sql = "update tt_users set status = NULL where id = $user_id and group_id = ".$this->group_id;
+    $sql = "update tt_users set status = NULL where id = $user_id".
+      " and group_id = $group_id and org_id = $org_id";
     $affected = $mdb2->exec($sql);
     if (is_a($affected, 'PEAR_Error'))
       return false;
@@ -683,8 +691,12 @@ class ttUser {
     // Unset things first.
     $this->behalf_group_id = null;
     $this->behalf_group_name = null;
+    $this->behalf_id = null;
+    $this->behalf_name = null;
     unset($_SESSION['behalf_group_id']);
     unset($_SESSION['behalf_group_name']);
+    unset($_SESSION['behalf_id']);
+    unset($_SESSION['behalf_name']);
 
     // Do not do anything if we don't have rights.
     if (!$this->can('manage_subgroups')) return;
@@ -702,10 +714,7 @@ class ttUser {
     $this->behalf_group_id = $group_id;
     $this->behalf_group_name = $onBehalfGroupName;
 
-    // Question remains whether or not we need to adjust on behalf user.
-    // Adjusting for now. Test it and redesign if necessary.
-    unset($_SESSION['behalf_id']);
-    unset($_SESSION['behalf_name']);
+    // Adjust on behalf user.
     $this->adjustBehalfId();
     return;
   }