Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716/site@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
@@ -50,24 +50,21 @@ class LedgersController extends AppController {
|
||||
}
|
||||
|
||||
function gridDataCountTables(&$params, &$model) {
|
||||
// Our count should NOT include anything extra,
|
||||
// so we need the virtual function to prevent
|
||||
// the base class from just calling our
|
||||
// gridDataTables function.
|
||||
return parent::gridDataTables($params, $model);
|
||||
}
|
||||
|
||||
function gridDataTables(&$params, &$model) {
|
||||
return array
|
||||
('link' =>
|
||||
array(// Models
|
||||
'Account',
|
||||
'LedgerEntry',
|
||||
'CloseTransaction',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
function gridDataTables(&$params, &$model) {
|
||||
$tables = $this->gridDataCountTables($params, $model);
|
||||
$tables['link'][] = 'LedgerEntry';
|
||||
$tables['link'][] = 'CloseTransaction';
|
||||
return $tables;
|
||||
}
|
||||
|
||||
function gridDataFields(&$params, &$model) {
|
||||
$fields = parent::gridDataFields($params, $model);
|
||||
$fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence';
|
||||
@@ -85,6 +82,10 @@ class LedgersController extends AppController {
|
||||
$conditions[] = array('Ledger.close_transaction_id !=' => null);
|
||||
}
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 10);
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
@@ -119,22 +120,25 @@ class LedgersController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Get details about the ledger itself (no entries yet)
|
||||
$ledger = $this->Ledger->find
|
||||
('first',
|
||||
array('contain' =>
|
||||
array(// Models
|
||||
'Account',
|
||||
),
|
||||
'conditions' => array(array('Ledger.id' => $id)),
|
||||
'conditions' => array(array('Ledger.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
if (empty($ledger)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Get ledger stats for our summary box
|
||||
$stats = $this->Ledger->stats($id);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user