propagate canEditGroup permission

web/includes/actions.php

@@ -625,14 +625,29 @@ if ( !empty($action) )
     }
 
     // Group view actions
-	if ( canView( 'Groups' ) && $action == "setgroup" ) {
-		if ( !empty($_REQUEST['gid']) ) {
-			setcookie( "zmGroup", validInt($_REQUEST['gid']), time()+3600*24*30*12*10 );
-		} else {
-			setcookie( "zmGroup", "", time()-3600*24*2 );
-		}
-		$refreshParent = true;
-	}
+    if ( canView( 'Groups' ) && $action == "setgroup" ) {
+        if ( !empty($_REQUEST['gid']) ) {
+            setcookie( "zmGroup", validInt($_REQUEST['gid']), time()+3600*24*30*12*10 );
+        } else {
+            setcookie( "zmGroup", "", time()-3600*24*2 );
+        }
+            $refreshParent = true;
+    }
+
+    // Group edit actions
+    if ( canEdit( 'Groups' ) && $action == "group" )
+    {
+        # Should probably verfy that each monitor id is a valid monitor, that we have access to. HOwever at the moment, you have to have System permissions to do this
+        $monitors = empty( $_POST['newGroup']['MonitorIds'] ) ? NULL : implode(',', $_POST['newGroup']['MonitorIds']);
+        if ( !empty($_POST['gid']) ) {
+            dbQuery( "UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid']) );
+        } else {
+            dbQuery( "INSERT INTO Groups SET Name=?, MonitorIds=?", array( $_POST['newGroup']['Name'], $monitors ) );
+        }
+
+        $refreshParent = true;
+        $view = 'none';
+    }
 
     // System edit actions
     if ( canEdit( 'System' ) )
@@ -851,19 +866,6 @@ if ( !empty($action) )
                 dbQuery( "replace into States set Name=?, Definition=?", array( $_REQUEST['runState'],$definition) );
             }
         }
-        elseif ( $action == "group" )
-        {
-			# Should probably verfy that each monitor id is a valid monitor, that we have access to. HOwever at the moment, you have to have System permissions to do this
-			$monitors = empty( $_POST['newGroup']['MonitorIds'] ) ? NULL : implode(',', $_POST['newGroup']['MonitorIds']);
-			if ( !empty($_POST['gid']) ) {
-				dbQuery( "UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid']) );
-			} else {
-				dbQuery( "INSERT INTO Groups SET Name=?, MonitorIds=?", array( $_POST['newGroup']['Name'], $monitors ) );
-			}
-
-            $refreshParent = true;
-            $view = 'none';
-        }
         elseif ( $action == "delete" )
         {
             if ( isset($_REQUEST['runState']) )

web/skins/classic/js/skin.js.php

@@ -33,6 +33,8 @@ var skinPath = "<?php echo ZM_SKIN_PATH ?>";
 var canEditSystem = <?php echo canEdit('System' )?'true':'false' ?>;
 var canViewSystem = <?php echo canView('System' )?'true':'false' ?>;
 
+var canEditGroups = <?php echo canEdit('Groups' )?'true':'false' ?>;
+
 var refreshParent = <?php echo !empty($refreshParent)?'true':'false' ?>;
 
 var focusWindow = <?php echo !empty($focusWindow)?'true':'false' ?>;

web/skins/classic/views/js/groups.js

@@ -33,7 +33,7 @@ function deleteGroup( element )
 
 function configureButtons( element )
 {
-    if ( canEditSystem )
+    if ( canEditGroups )
     {
         var form = element.form;
         if ( element.checked )