$this->masterTemplate = 'milestone.html';
$this->id = $pi ? $pi: (isset($_GET['id']) ? $_GET['id'] : 0);
$this->id = (int) $this->id;
-
+
+ if (empty($this->id)) { // new!!
+ return;
+ }
+ $m = DB_DataObject::factory('mtrack_milestone');
+ if (!$m->get($this->id) || $m->project_id != $this->currentProject()) {
+ $this->jerr("invalid milestone id");
+ }
+ $this->milestone = $m;
}
function post($pi)
{
$m = DB_DataObject::factory('mtrack_milestone');
if (!empty($pi)) {
- if (!$m->get($pi) || $m->project_id != $m->currentProject()) {
+ if (!$m->get($pi) || $m->project_id != $this->currentProject()) {
$this->jerr("invalid milestone id");
}
-
+ $old = clone($m);
}
$m->setFrom($_POST);
// alwasy for force this..
- $m->project_id = $m->currentProject();
+ $m->project_id = $this->currentProject();
// before we insert / update... - check perms..
- //
+ // - we probably need finer grained control here..
+ // - we are piggy backing of issue permission at present..
+
if (!$m->id && !$this->hasPerm('MTrack.Issue','A')) {
$this->jerr('Permission denied = no rights to create milestones', array('noperm' => true));
//return HTML_FlexyFramework::run('Noperm');
}
- if ($m->id && !$m->hasPerm('MTrack.Issue','E') )) {
+ if ($m->id && !$this->hasPerm('MTrack.Issue','E') ) {
$this->jerr('Permission denied = no rights to edit milestones', array('noperm' => true));
return HTML_FlexyFramework::run('Noperm');
}
+ if ($m->id) {
+ $m->update($old);
+ } else {
+ $m->insert();
+ }
+ $this->jok("added");
-
-
-
-
+
projects / web.mtrack / blobdiff