abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716/site@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-11 18:22:21 +00:00
parent b1dfe5bd50
commit 6b3266f022
5 changed files with 74 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
controllers/accounts_controller.php
View File

@@ -90,6 +90,10 @@ class AccountsController extends AppController {
$conditions[] = array('Account.type' => strtoupper($params['action'])); $conditions[] = array('Account.type' => strtoupper($params['action']));
} }
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -160,12 +164,6 @@ class AccountsController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the account and its ledgers (no ledger entries yet)
$account = $this->Account->find $account = $this->Account->find
('first', ('first',
array('contain' => array('contain' =>
@@ -177,14 +175,18 @@ class AccountsController extends AppController {
array('CloseTransaction' => array array('CloseTransaction' => array
('order' => array('CloseTransaction.stamp' => 'DESC'))), ('order' => array('CloseTransaction.stamp' => 'DESC'))),
), ),
'conditions' => array(array('Account.id' => $id)), 'conditions' => array(array('Account.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
) )
); );
// Get all ledger entries of the CURRENT ledger if (empty($account)) {
$entries = $this->Account->ledgerEntries($id); $this->Session->setFlash(__('Invalid Item.', true));
//pr(compact('entries')); $this->redirect(array('action'=>'index'));
$account['CurrentLedger']['LedgerEntry'] = $entries; }
// Obtain stats across ALL ledgers for the summary infobox // Obtain stats across ALL ledgers for the summary infobox
$stats = $this->Account->stats($id, true); $stats = $this->Account->stats($id, true);
@@ -202,8 +204,4 @@ class AccountsController extends AppController {
$this->set(compact('account', 'title', 'stats')); $this->set(compact('account', 'title', 'stats'));
} }
function tst($id) {
//$entries = $this->Account->($id);
pr($entries);
}
} }

15
controllers/ledger_entries_controller.php
View File

@@ -145,12 +145,6 @@ class LedgerEntriesController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
// Get the Entry and related fields
$entry = $this->LedgerEntry->find $entry = $this->LedgerEntry->find
('first', ('first',
array('contain' => array array('contain' => array
@@ -163,6 +157,10 @@ class LedgerEntriesController extends AppController {
array('fields' => array('id', 'sequence', 'name'), array('fields' => array('id', 'sequence', 'name'),
'Account' => 'Account' =>
array('fields' => array('id', 'name', 'type'), array('fields' => array('id', 'name', 'type'),
'conditions' =>
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
), ),
), ),
@@ -177,6 +175,11 @@ class LedgerEntriesController extends AppController {
'conditions' => array('LedgerEntry.id' => $id), 'conditions' => array('LedgerEntry.id' => $id),
)); ));
if (empty($entry) || empty($entry['Ledger']['Account'])) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
if (!empty($entry['DebitEntry']) && !empty($entry['CreditEntry'])) if (!empty($entry['DebitEntry']) && !empty($entry['CreditEntry']))
die("LedgerEntry has both a matching DebitEntry and CreditEntry"); die("LedgerEntry has both a matching DebitEntry and CreditEntry");
if (empty($entry['DebitEntry']) && empty($entry['CreditEntry'])) if (empty($entry['DebitEntry']) && empty($entry['CreditEntry']))

38
controllers/ledgers_controller.php
View File

@@ -50,24 +50,21 @@ class LedgersController extends AppController {
} }
function gridDataCountTables(&$params, &$model) { function gridDataCountTables(&$params, &$model) {
// Our count should NOT include anything extra,
// so we need the virtual function to prevent
// the base class from just calling our
// gridDataTables function.
return parent::gridDataTables($params, $model);
}
function gridDataTables(&$params, &$model) {
return array return array
('link' => ('link' =>
array(// Models array(// Models
'Account', 'Account',
'LedgerEntry',
'CloseTransaction',
), ),
); );
} }
function gridDataTables(&$params, &$model) {
$tables = $this->gridDataCountTables($params, $model);
$tables['link'][] = 'LedgerEntry';
$tables['link'][] = 'CloseTransaction';
return $tables;
}
function gridDataFields(&$params, &$model) { function gridDataFields(&$params, &$model) {
$fields = parent::gridDataFields($params, $model); $fields = parent::gridDataFields($params, $model);
$fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence'; $fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence';
@@ -85,6 +82,10 @@ class LedgersController extends AppController {
$conditions[] = array('Ledger.close_transaction_id !=' => null); $conditions[] = array('Ledger.close_transaction_id !=' => null);
} }
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -119,22 +120,25 @@ class LedgersController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the ledger itself (no entries yet)
$ledger = $this->Ledger->find $ledger = $this->Ledger->find
('first', ('first',
array('contain' => array('contain' =>
array(// Models array(// Models
'Account', 'Account',
), ),
'conditions' => array(array('Ledger.id' => $id)), 'conditions' => array(array('Ledger.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
) )
); );
if (empty($ledger)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get ledger stats for our summary box // Get ledger stats for our summary box
$stats = $this->Ledger->stats($id); $stats = $this->Ledger->stats($id);

19
controllers/statement_entries_controller.php
View File

@@ -209,12 +209,6 @@ class StatementEntriesController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
// Get the StatementEntry and related fields
$entry = $this->StatementEntry->find $entry = $this->StatementEntry->find
('first', ('first',
array('contain' => array array('contain' => array
@@ -224,10 +218,17 @@ class StatementEntriesController extends AppController {
'Lease' => array('fields' => array('id')), 'Lease' => array('fields' => array('id')),
), ),
'conditions' => array('StatementEntry.id' => $id), 'conditions' => array(array('StatementEntry.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10)
),
)); ));
$reconciled = $this->StatementEntry->reconciledEntries($id); if (empty($entry)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
$stats = $this->StatementEntry->stats($id); $stats = $this->StatementEntry->stats($id);
@@ -266,7 +267,7 @@ class StatementEntriesController extends AppController {
// Prepare to render. // Prepare to render.
$title = "Statement Entry #{$entry['StatementEntry']['id']}"; $title = "Statement Entry #{$entry['StatementEntry']['id']}";
$this->set(compact('entry', 'title', 'reconciled', 'stats')); $this->set(compact('entry', 'title', 'stats'));
} }
} }

27
controllers/transactions_controller.php
View File

@@ -54,7 +54,12 @@ class TransactionsController extends AppController {
*/ */
function gridDataCountTables(&$params, &$model) { function gridDataCountTables(&$params, &$model) {
return parent::gridDataTables($params, $model); return array
('link' =>
array(// Models
'Account' => array('fields' => array()),
),
);
} }
function gridDataTables(&$params, &$model) { function gridDataTables(&$params, &$model) {
@@ -79,6 +84,10 @@ class TransactionsController extends AppController {
if (in_array($params['action'], array('invoice', 'receipt', 'deposit'))) if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
$conditions[] = array('Transaction.type' => strtoupper($params['action'])); $conditions[] = array('Transaction.type' => strtoupper($params['action']));
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 5);
return $conditions; return $conditions;
} }
@@ -361,11 +370,6 @@ class TransactionsController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
$transaction = $this->Transaction->find $transaction = $this->Transaction->find
('first', ('first',
array('contain' => array('contain' =>
@@ -380,9 +384,18 @@ class TransactionsController extends AppController {
'Ledger.name'), 'Ledger.name'),
), ),
), ),
'conditions' => array('Transaction.id' => $id), 'conditions' => array(array('Transaction.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 5),
),
)); ));
if (empty($transaction)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
if ($transaction['Transaction']['type'] === 'DEPOSIT') { if ($transaction['Transaction']['type'] === 'DEPOSIT') {
$this->sidemenu_links[] = $this->sidemenu_links[] =
array('name' => 'Operations', 'header' => true); array('name' => 'Operations', 'header' => true);