From 4c864aec35bff47e9f5fe75eb2343932c1c4b92d Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Nov 2014 14:29:15 -0500 Subject: [PATCH] fix saving groups --- web/includes/actions.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/web/includes/actions.php b/web/includes/actions.php index 437a4d9fd..bfe62190f 100644 --- a/web/includes/actions.php +++ b/web/includes/actions.php @@ -854,11 +854,14 @@ if ( !empty($action) ) } elseif ( $action == "group" ) { - if ( !empty($_POST['gid']) ) { - dbQuery( "UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $_POST['newGroup']['MonitorIds'], $_POST['gid']) ); - } else { - dbQuery( "INSERT INTO Groups SET Name=?, MonitorIds=?", array( $_POST['newGroup']['Name'], empty($_POST['newGroup']['MonitorIds']) ? array() : $_POST['newGroup']['MonitorIds'] ) ); - } + # Should probably verfy that each monitor id is a valid monitor, that we have access to. HOwever at the moment, you have to have System permissions to do this + $monitors = empty( $_POST['newGroup']['MonitorIds'] ) ? NULL : implode(',', $_POST['newGroup']['MonitorIds']); + if ( !empty($_POST['gid']) ) { + dbQuery( "UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid']) ); + } else { + dbQuery( "INSERT INTO Groups SET Name=?, MonitorIds=?", array( $_POST['newGroup']['Name'], $monitors ) ); + } + $refreshParent = true; $view = 'none'; }