masterTemplate = 'milestone.html'; $this->id = $pi ? $pi: (isset($_GET['id']) ? $_GET['id'] : 0); $this->id = (int) $this->id; if (empty($this->id)) { // new!! return; } $m = DB_DataObject::factory('mtrack_milestone'); if (!$m->get($this->id) || $m->project_id != $this->currentProject()) { $this->jerr("invalid milestone id"); } $this->milestone = $m; } function post($pi) { $m = DB_DataObject::factory('mtrack_milestone'); if (!empty($pi)) { if (!$m->get($pi) || $m->project_id != $this->currentProject()) { $this->jerr("invalid milestone id"); } $old = clone($m); } $m->setFrom($_POST); // alwasy for force this.. $m->project_id = $this->currentProject(); // before we insert / update... - check perms.. // - we probably need finer grained control here.. // - we are piggy backing of issue permission at present.. if (!$m->id && !$this->hasPerm('MTrack.Issue','A')) { $this->jerr('Permission denied = no rights to create milestones', array('noperm' => true)); //return HTML_FlexyFramework::run('Noperm'); } if ($m->id && !$this->hasPerm('MTrack.Issue','E') ) { $this->jerr('Permission denied = no rights to edit milestones', array('noperm' => true)); return HTML_FlexyFramework::run('Noperm'); } if ($m->id) { $m->update($old); } else { $m->insert(); } $this->jok("added"); } }