public function action_save() { // set redirect url $redirect = $this->getAndSetSubmitRedirection(); // check permission if (\Model_AccountLevelPermission::checkAdminPermission('acperm_perm', 'acperm_manage_level_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect($redirect); } // if form submitted if (\Input::method() == 'POST') { if (\Extension\NoCsrf::check()) { $data['permission_core'] = (int) trim(\Input::post('permission_core')); if ($data['permission_core'] != '1') { $data['permission_core'] = '0'; } $data['module_system_name'] = \Security::strip_tags(trim(\Input::post('module_system_name'))); if ($data['module_system_name'] == null || $data['permission_core'] == '1') { $data['module_system_name'] = null; } $data['level_group_id'] = \Input::post('level_group_id'); $data['permission_page'] = \Input::post('permission_page'); $data['permission_action'] = \Input::post('permission_action'); \Model_AccountLevelPermission::savePermissions($data); // set success message \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); } else { // nocsrf error, set error msg. \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('fslang_invalid_csrf_token'))); } } // go back \Response::redirect($redirect); }