X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/2908e17af44b65d6a97e299edd03293ddd802802..39bde74f3805057f70c81494e04e460f9b3b59dd:/users.php

diff --git a/users.php b/users.php
index b7a6606c..4afd5521 100644
--- a/users.php
+++ b/users.php
@@ -36,8 +36,36 @@ if (!(ttAccessAllowed('view_users') || ttAccessAllowed('manage_users'))) {
   header('Location: access_denied.php');
   exit();
 }
+if ($request->isPost() && !$user->isGroupValid($request->getParameter('group'))) {
+  header('Location: access_denied.php'); // Wrong group id in post.
+  exit();
+}
+// Note: we don't use "manage_subgroups" in access check, because when user cannot
+// "manage_users" or "view_users" they do not belong here.
 // End of access checks.
 
+if ($request->isPost()) {
+  $group_id = $request->getParameter('group');
+  $user->setOnBehalfGroup($group_id);
+} else {
+  $group_id = $user->getActiveGroup();
+}
+
+$form = new Form('usersForm');
+if ($user->can('manage_subgroups')) {
+  $groups = $user->getGroupsForDropdown();
+  if (count($groups) > 1) {
+    $form->addInput(array('type'=>'combobox',
+      'onchange'=>'this.form.submit();',
+      'name'=>'group',
+      'style'=>'width: 250px;',
+      'value'=>$group_id,
+      'data'=>$groups,
+      'datakeys'=>array('id','name')));
+    $smarty->assign('group_dropdown', 1);
+  }
+}
+
 // Prepare a list of active users.
 if ($user->can('view_users'))
   $options = array('status'=>ACTIVE,'include_clients'=>true,'include_login'=>true,'include_role'=>true);
@@ -59,6 +87,7 @@ if ($user->uncompleted_indicators) {
   }
 }
 
+$smarty->assign('forms', array($form->getName()=>$form->toArray()));
 $smarty->assign('active_users', $active_users);
 $smarty->assign('inactive_users', $inactive_users);
 $smarty->assign('title', $i18n->get('title.users'));