abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-11 18:22:21 +00:00
parent 6f2038f7b0
commit 9c55a047a8
6 changed files with 97 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
site/controllers/accounts_controller.php
View File

@@ -90,6 +90,10 @@ class AccountsController extends AppController {
$conditions[] = array('Account.type' => strtoupper($params['action']));
}
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions;
}
@@ -160,12 +164,6 @@ class AccountsController extends AppController {
*/
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the account and its ledgers (no ledger entries yet)
$account = $this->Account->find
('first',
array('contain' =>
@@ -177,14 +175,18 @@ class AccountsController extends AppController {
array('CloseTransaction' => array
('order' => array('CloseTransaction.stamp' => 'DESC'))),
),
'conditions' => array(array('Account.id' => $id)),
'conditions' => array(array('Account.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
)
);
// Get all ledger entries of the CURRENT ledger
$entries = $this->Account->ledgerEntries($id);
//pr(compact('entries'));
$account['CurrentLedger']['LedgerEntry'] = $entries;
if (empty($account)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Obtain stats across ALL ledgers for the summary infobox
$stats = $this->Account->stats($id, true);
@@ -202,8 +204,4 @@ class AccountsController extends AppController {
$this->set(compact('account', 'title', 'stats'));
}
function tst($id) {
//$entries = $this->Account->($id);
pr($entries);
}
}