abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-11 18:22:21 +00:00
parent 6f2038f7b0
commit 9c55a047a8
6 changed files with 97 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
site/controllers/ledgers_controller.php
View File

@@ -50,24 +50,21 @@ class LedgersController extends AppController {
}
function gridDataCountTables(&$params, &$model) {
// Our count should NOT include anything extra,
// so we need the virtual function to prevent
// the base class from just calling our
// gridDataTables function.
return parent::gridDataTables($params, $model);
}
function gridDataTables(&$params, &$model) {
return array
('link' =>
array(// Models
'Account',
'LedgerEntry',
'CloseTransaction',
),
);
}
function gridDataTables(&$params, &$model) {
$tables = $this->gridDataCountTables($params, $model);
$tables['link'][] = 'LedgerEntry';
$tables['link'][] = 'CloseTransaction';
return $tables;
}
function gridDataFields(&$params, &$model) {
$fields = parent::gridDataFields($params, $model);
$fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence';
@@ -85,6 +82,10 @@ class LedgersController extends AppController {
$conditions[] = array('Ledger.close_transaction_id !=' => null);
}
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions;
}
@@ -119,22 +120,25 @@ class LedgersController extends AppController {
*/
function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the ledger itself (no entries yet)
$ledger = $this->Ledger->find
('first',
array('contain' =>
array(// Models
'Account',
),
'conditions' => array(array('Ledger.id' => $id)),
'conditions' => array(array('Ledger.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
)
);
if (empty($ledger)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get ledger stats for our summary box
$stats = $this->Ledger->stats($id);