Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
@@ -90,6 +90,10 @@ class AccountsController extends AppController {
|
||||
$conditions[] = array('Account.type' => strtoupper($params['action']));
|
||||
}
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 10);
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
@@ -160,12 +164,6 @@ class AccountsController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Get details about the account and its ledgers (no ledger entries yet)
|
||||
$account = $this->Account->find
|
||||
('first',
|
||||
array('contain' =>
|
||||
@@ -177,14 +175,18 @@ class AccountsController extends AppController {
|
||||
array('CloseTransaction' => array
|
||||
('order' => array('CloseTransaction.stamp' => 'DESC'))),
|
||||
),
|
||||
'conditions' => array(array('Account.id' => $id)),
|
||||
'conditions' => array(array('Account.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
// Get all ledger entries of the CURRENT ledger
|
||||
$entries = $this->Account->ledgerEntries($id);
|
||||
//pr(compact('entries'));
|
||||
$account['CurrentLedger']['LedgerEntry'] = $entries;
|
||||
if (empty($account)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Obtain stats across ALL ledgers for the summary infobox
|
||||
$stats = $this->Account->stats($id, true);
|
||||
@@ -202,8 +204,4 @@ class AccountsController extends AppController {
|
||||
$this->set(compact('account', 'title', 'stats'));
|
||||
}
|
||||
|
||||
function tst($id) {
|
||||
//$entries = $this->Account->($id);
|
||||
pr($entries);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -145,12 +145,6 @@ class LedgerEntriesController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
|
||||
}
|
||||
|
||||
// Get the Entry and related fields
|
||||
$entry = $this->LedgerEntry->find
|
||||
('first',
|
||||
array('contain' => array
|
||||
@@ -163,6 +157,10 @@ class LedgerEntriesController extends AppController {
|
||||
array('fields' => array('id', 'sequence', 'name'),
|
||||
'Account' =>
|
||||
array('fields' => array('id', 'name', 'type'),
|
||||
'conditions' =>
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
),
|
||||
),
|
||||
|
||||
@@ -177,6 +175,11 @@ class LedgerEntriesController extends AppController {
|
||||
'conditions' => array('LedgerEntry.id' => $id),
|
||||
));
|
||||
|
||||
if (empty($entry) || empty($entry['Ledger']['Account'])) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
|
||||
}
|
||||
|
||||
if (!empty($entry['DebitEntry']) && !empty($entry['CreditEntry']))
|
||||
die("LedgerEntry has both a matching DebitEntry and CreditEntry");
|
||||
if (empty($entry['DebitEntry']) && empty($entry['CreditEntry']))
|
||||
|
||||
@@ -50,24 +50,21 @@ class LedgersController extends AppController {
|
||||
}
|
||||
|
||||
function gridDataCountTables(&$params, &$model) {
|
||||
// Our count should NOT include anything extra,
|
||||
// so we need the virtual function to prevent
|
||||
// the base class from just calling our
|
||||
// gridDataTables function.
|
||||
return parent::gridDataTables($params, $model);
|
||||
}
|
||||
|
||||
function gridDataTables(&$params, &$model) {
|
||||
return array
|
||||
('link' =>
|
||||
array(// Models
|
||||
'Account',
|
||||
'LedgerEntry',
|
||||
'CloseTransaction',
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
function gridDataTables(&$params, &$model) {
|
||||
$tables = $this->gridDataCountTables($params, $model);
|
||||
$tables['link'][] = 'LedgerEntry';
|
||||
$tables['link'][] = 'CloseTransaction';
|
||||
return $tables;
|
||||
}
|
||||
|
||||
function gridDataFields(&$params, &$model) {
|
||||
$fields = parent::gridDataFields($params, $model);
|
||||
$fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence';
|
||||
@@ -85,6 +82,10 @@ class LedgersController extends AppController {
|
||||
$conditions[] = array('Ledger.close_transaction_id !=' => null);
|
||||
}
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 10);
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
@@ -119,22 +120,25 @@ class LedgersController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Get details about the ledger itself (no entries yet)
|
||||
$ledger = $this->Ledger->find
|
||||
('first',
|
||||
array('contain' =>
|
||||
array(// Models
|
||||
'Account',
|
||||
),
|
||||
'conditions' => array(array('Ledger.id' => $id)),
|
||||
'conditions' => array(array('Ledger.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
if (empty($ledger)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
// Get ledger stats for our summary box
|
||||
$stats = $this->Ledger->stats($id);
|
||||
|
||||
|
||||
@@ -209,12 +209,6 @@ class StatementEntriesController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
|
||||
}
|
||||
|
||||
// Get the StatementEntry and related fields
|
||||
$entry = $this->StatementEntry->find
|
||||
('first',
|
||||
array('contain' => array
|
||||
@@ -224,10 +218,17 @@ class StatementEntriesController extends AppController {
|
||||
'Lease' => array('fields' => array('id')),
|
||||
),
|
||||
|
||||
'conditions' => array('StatementEntry.id' => $id),
|
||||
'conditions' => array(array('StatementEntry.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10)
|
||||
),
|
||||
));
|
||||
|
||||
$reconciled = $this->StatementEntry->reconciledEntries($id);
|
||||
|
||||
if (empty($entry)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
|
||||
}
|
||||
|
||||
$stats = $this->StatementEntry->stats($id);
|
||||
|
||||
@@ -266,7 +267,7 @@ class StatementEntriesController extends AppController {
|
||||
|
||||
// Prepare to render.
|
||||
$title = "Statement Entry #{$entry['StatementEntry']['id']}";
|
||||
$this->set(compact('entry', 'title', 'reconciled', 'stats'));
|
||||
$this->set(compact('entry', 'title', 'stats'));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -54,7 +54,12 @@ class TransactionsController extends AppController {
|
||||
*/
|
||||
|
||||
function gridDataCountTables(&$params, &$model) {
|
||||
return parent::gridDataTables($params, $model);
|
||||
return array
|
||||
('link' =>
|
||||
array(// Models
|
||||
'Account' => array('fields' => array()),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
function gridDataTables(&$params, &$model) {
|
||||
@@ -79,6 +84,10 @@ class TransactionsController extends AppController {
|
||||
if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
|
||||
$conditions[] = array('Transaction.type' => strtoupper($params['action']));
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 5);
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
@@ -361,11 +370,6 @@ class TransactionsController extends AppController {
|
||||
*/
|
||||
|
||||
function view($id = null) {
|
||||
if (!$id) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
$transaction = $this->Transaction->find
|
||||
('first',
|
||||
array('contain' =>
|
||||
@@ -380,9 +384,18 @@ class TransactionsController extends AppController {
|
||||
'Ledger.name'),
|
||||
),
|
||||
),
|
||||
'conditions' => array('Transaction.id' => $id),
|
||||
'conditions' => array(array('Transaction.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 5),
|
||||
),
|
||||
));
|
||||
|
||||
if (empty($transaction)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
if ($transaction['Transaction']['type'] === 'DEPOSIT') {
|
||||
$this->sidemenu_links[] =
|
||||
array('name' => 'Operations', 'header' => true);
|
||||
|
||||
Reference in New Issue
Block a user