abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716/site@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-11 18:22:21 +00:00
parent b1dfe5bd50
commit 6b3266f022
5 changed files with 74 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
controllers/transactions_controller.php
View File

@@ -54,7 +54,12 @@ class TransactionsController extends AppController {
*/
function gridDataCountTables(&$params, &$model) {
return parent::gridDataTables($params, $model);
return array
('link' =>
array(// Models
'Account' => array('fields' => array()),
),
);
}
function gridDataTables(&$params, &$model) {
@@ -79,6 +84,10 @@ class TransactionsController extends AppController {
if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
$conditions[] = array('Transaction.type' => strtoupper($params['action']));
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 5);
return $conditions;
}
@@ -361,11 +370,6 @@ class TransactionsController extends AppController {
*/
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
$transaction = $this->Transaction->find
('first',
array('contain' =>
@@ -380,9 +384,18 @@ class TransactionsController extends AppController {
'Ledger.name'),
),
),
'conditions' => array('Transaction.id' => $id),
'conditions' => array(array('Transaction.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 5),
),
));
if (empty($transaction)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
if ($transaction['Transaction']['type'] === 'DEPOSIT') {
$this->sidemenu_links[] =
array('name' => 'Operations', 'header' => true);