function edit_POST(Web $w) { $p = $w->pathMatch("id"); $report = !empty($p['id']) ? $w->Report->getReport($p['id']) : new Report($w); if (!empty($p['id']) && empty($report->id)) { $w->error("Report not found", "/report"); } // Check access rights // If user is editing, we need to check multiple things, detailed in the helper function if (!empty($report->id)) { // Get the report member object for the logged in user $member = $w->Report->getReportMember($report->id, $w->Auth->user()->id); // Check if user can edit this report if (!$w->Report->canUserEditReport($report, $member)) { $w->error("You do not have access to this report", "/report"); } } else { // If we're creating a report, check that the user has rights if ($w->Auth->user()->is_admin == 0 and !$w->Auth->user()->hasAnyRole(array('report_admin', 'report_editor'))) { $w->error("You do not have create report permissions", "/report"); } } // Insert or Update $report->fill($_POST); // Force select statements only $report->sqltype = "select"; $report_connection_id = $w->request("report_connection_id"); $report->report_connection_id = intval($report_connection_id); $response = $report->insertOrUpdate(); // Handle the response if ($response === true) { // Add user to report members as owner if this is a new report if (empty($p['id'])) { $report_member = new ReportMember($w); $report_member->report_id = $report->id; $report_member->user_id = $w->Auth->user()->id; $report_member->role = "OWNER"; $report_member->insert(); } $w->msg("Report " . ($p['id'] ? "updated" : "created"), "/report/edit/{$report->id}"); } else { $w->errorMessage($report, "Report", $response, $p['id'] ? true : false, "/report" . (!empty($account->id) ? "/edit/{$account->id}" : "")); } // OLD CODE - REDUNDANT, KEEPING FOR FEED REFERENCE /* if (!array_key_exists("is_approved",$_REQUEST)) $_REQUEST['is_approved'] = 0; // if there is a report ID in the URL ... if ($p['id']) { // get report details $rep = $w->Report->getReportInfo($p['id']); // if report exists, update it if ($rep) { $_POST['sqltype'] = $w->Report->getSQLStatementType($_POST['report_code']); $rep->fill($_POST); $rep->report_connection_id = intval($_POST["report_connection_id"]); $rep->update(); $repmsg = "Report updated."; // check if there is a feed associated with this report $feed = $w->Report->getFeedInfobyReportId($rep->id); if ($feed) { // if feed exists, need to reevaluate the URL in case of changes in the report parameters $elements = $rep->getReportCriteria(); if ($elements) { foreach ($elements as $element) { if (($element[0] != "Description") && ($element[2] != "")) $query .= $element[2] . "=<value>&"; } } $query = rtrim($query,"&"); // use existing key to reevaluate feed URL $feedurl = $w->localUrl("/report/feed/?key=" . $feed->key . "&" . $query); // update feed URL $feed->url = $feedurl; $feed->update(); } } else { $repmsg = "Report does not exist"; } } else { $repmsg = "Report does not exist"; } // return $w->msg($repmsg,"/report/viewreport/".$rep->id); */ }