View.php

diff --git a/View.php b/View.php
index f92f0b5..aac2636 100644 (file)
--- a/View.php
+++ b/View.php
@@ -10,8 +10,16 @@ class Pman_MTrack_View extends Pman
     }
     function get($id = '', $opts=array())
     {
-        if (empty($id))
         
+        $t = DB_DAtaObject::factory('mtrack_ticket');
+        $t->autoJoin();
+        if (empty($id) || !$t->get($id)) {
+            $this->jerr('invalid ticket');
+        }
+        if (!$t->checkPerm('S', $this->authUser)) {
+            $this->jerr("access denied");
+        }
+        $this->ticket = $t;
         
     }
 }