abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented very crude attempt at security privleges. This is not really intended to be security, just a quick and dirty mechanism to avoid prying eyes. More robust security is left to future implementation.

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/yafr_20090716@538 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-11 18:22:21 +00:00
parent 6f2038f7b0
commit 9c55a047a8
6 changed files with 97 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
db/schema.sql
View File

@@ -872,47 +872,45 @@ CREATE TABLE `pmgr_accounts` (
) ENGINE=MyISAM DEFAULT CHARSET=utf8; ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
LOCK TABLES `pmgr_accounts` WRITE; LOCK TABLES `pmgr_accounts` WRITE;
INSERT INTO `pmgr_accounts` (`type`, `name`, `level`)
VALUES
('EQUITY', 'Equity', 1),
('LIABILITY', 'Loan', 1);
INSERT INTO `pmgr_accounts` (`type`, `name`) INSERT INTO `pmgr_accounts` (`type`, `name`)
VALUES VALUES
('ASSET', 'A/R' ), ('ASSET', 'A/R' ),
-- REVISIT <AP>: 20090710 : We don't really need NSF, as it
-- will always run a zero balance. However, it will help
-- us identify how serious the NSF situation is.
('ASSET', 'NSF' ),
('LIABILITY', 'A/P' ); ('LIABILITY', 'A/P' );
INSERT INTO `pmgr_accounts` (`type`, `name`, `receipts`, `refunds`) INSERT INTO `pmgr_accounts` (`type`, `name`, `receipts`)
VALUES VALUES
('ASSET', 'Cash', 1, 0), ('ASSET', 'Cash', 1),
('ASSET', 'Check', 1, 0), ('ASSET', 'Check', 1),
('ASSET', 'Money Order', 1, 0), ('ASSET', 'Money Order', 1),
('ASSET', 'ACH', 1, 0), ('ASSET', 'ACH', 1),
('ASSET', 'Closing', 0, 0), -- REVISIT <AP>: Temporary ('EXPENSE', 'Concession', 1);
('EXPENSE', 'Concession', 1, 0), INSERT INTO `pmgr_accounts` (`type`, `name`)
('EXPENSE', 'Waiver', 0, 0);
INSERT INTO `pmgr_accounts` (`type`, `name`, `refunds`, `deposits`)
VALUES VALUES
-- REVISIT <AP>: 20090710 : We probably don't really want petty cash depositable. ('ASSET', 'NSF' ),
-- This is just for testing our deposit code ('EXPENSE', 'Waiver' ),
('ASSET', 'Petty Cash', 1, 1); ('EXPENSE', 'Bad Debt' );
INSERT INTO `pmgr_accounts` (`type`, `name`, `invoices`) INSERT INTO `pmgr_accounts` (`type`, `name`, `invoices`)
VALUES VALUES
('LIABILITY', 'Tax', 1), ('LIABILITY', 'Tax', 0),
('LIABILITY', 'Security Deposit', 1), ('LIABILITY', 'Security Deposit', 1),
('INCOME', 'Rent', 1), ('INCOME', 'Rent', 1),
('INCOME', 'Late Charge', 1), ('INCOME', 'Late Charge', 1),
('INCOME', 'NSF Charge', 1), ('INCOME', 'NSF Charge', 1),
('INCOME', 'Cleaning', 1),
('INCOME', 'Damage', 1); ('INCOME', 'Damage', 1);
INSERT INTO `pmgr_accounts` (`type`, `name`, `deposits`, `refunds`)
VALUES
('ASSET', 'Bank', 1, 1);
INSERT INTO `pmgr_accounts` (`type`, `name`) INSERT INTO `pmgr_accounts` (`type`, `name`)
VALUES VALUES
('EXPENSE', 'Bad Debt' ),
('EXPENSE', 'Maintenance' ); ('EXPENSE', 'Maintenance' );
INSERT INTO `pmgr_accounts` (`type`, `name`, `refunds`)
VALUES
('ASSET', 'Petty Cash', 1);
INSERT INTO `pmgr_accounts` (`type`, `name`, `level`, `deposits`, `refunds`)
VALUES
('ASSET', 'Bank', 6, 1, 1);
INSERT INTO `pmgr_accounts` (`type`, `name`, `level`)
VALUES
('ASSET', 'Closing', 6),
('LIABILITY', 'Loan', 1),
('EQUITY', 'Equity', 1);
UNLOCK TABLES; UNLOCK TABLES;

28
site/controllers/accounts_controller.php
View File

@@ -90,6 +90,10 @@ class AccountsController extends AppController {
$conditions[] = array('Account.type' => strtoupper($params['action'])); $conditions[] = array('Account.type' => strtoupper($params['action']));
} }
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -160,12 +164,6 @@ class AccountsController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the account and its ledgers (no ledger entries yet)
$account = $this->Account->find $account = $this->Account->find
('first', ('first',
array('contain' => array('contain' =>
@@ -177,14 +175,18 @@ class AccountsController extends AppController {
array('CloseTransaction' => array array('CloseTransaction' => array
('order' => array('CloseTransaction.stamp' => 'DESC'))), ('order' => array('CloseTransaction.stamp' => 'DESC'))),
), ),
'conditions' => array(array('Account.id' => $id)), 'conditions' => array(array('Account.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
) )
); );
// Get all ledger entries of the CURRENT ledger if (empty($account)) {
$entries = $this->Account->ledgerEntries($id); $this->Session->setFlash(__('Invalid Item.', true));
//pr(compact('entries')); $this->redirect(array('action'=>'index'));
$account['CurrentLedger']['LedgerEntry'] = $entries; }
// Obtain stats across ALL ledgers for the summary infobox // Obtain stats across ALL ledgers for the summary infobox
$stats = $this->Account->stats($id, true); $stats = $this->Account->stats($id, true);
@@ -202,8 +204,4 @@ class AccountsController extends AppController {
$this->set(compact('account', 'title', 'stats')); $this->set(compact('account', 'title', 'stats'));
} }
function tst($id) {
//$entries = $this->Account->($id);
pr($entries);
}
} }

15
site/controllers/ledger_entries_controller.php
View File

@@ -145,12 +145,6 @@ class LedgerEntriesController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
// Get the Entry and related fields
$entry = $this->LedgerEntry->find $entry = $this->LedgerEntry->find
('first', ('first',
array('contain' => array array('contain' => array
@@ -163,6 +157,10 @@ class LedgerEntriesController extends AppController {
array('fields' => array('id', 'sequence', 'name'), array('fields' => array('id', 'sequence', 'name'),
'Account' => 'Account' =>
array('fields' => array('id', 'name', 'type'), array('fields' => array('id', 'name', 'type'),
'conditions' =>
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
), ),
), ),
@@ -177,6 +175,11 @@ class LedgerEntriesController extends AppController {
'conditions' => array('LedgerEntry.id' => $id), 'conditions' => array('LedgerEntry.id' => $id),
)); ));
if (empty($entry) || empty($entry['Ledger']['Account'])) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
if (!empty($entry['DebitEntry']) && !empty($entry['CreditEntry'])) if (!empty($entry['DebitEntry']) && !empty($entry['CreditEntry']))
die("LedgerEntry has both a matching DebitEntry and CreditEntry"); die("LedgerEntry has both a matching DebitEntry and CreditEntry");
if (empty($entry['DebitEntry']) && empty($entry['CreditEntry'])) if (empty($entry['DebitEntry']) && empty($entry['CreditEntry']))

38
site/controllers/ledgers_controller.php
View File

@@ -50,24 +50,21 @@ class LedgersController extends AppController {
} }
function gridDataCountTables(&$params, &$model) { function gridDataCountTables(&$params, &$model) {
// Our count should NOT include anything extra,
// so we need the virtual function to prevent
// the base class from just calling our
// gridDataTables function.
return parent::gridDataTables($params, $model);
}
function gridDataTables(&$params, &$model) {
return array return array
('link' => ('link' =>
array(// Models array(// Models
'Account', 'Account',
'LedgerEntry',
'CloseTransaction',
), ),
); );
} }
function gridDataTables(&$params, &$model) {
$tables = $this->gridDataCountTables($params, $model);
$tables['link'][] = 'LedgerEntry';
$tables['link'][] = 'CloseTransaction';
return $tables;
}
function gridDataFields(&$params, &$model) { function gridDataFields(&$params, &$model) {
$fields = parent::gridDataFields($params, $model); $fields = parent::gridDataFields($params, $model);
$fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence'; $fields[] = 'CONCAT(Account.id, "-", Ledger.sequence) AS id_sequence';
@@ -85,6 +82,10 @@ class LedgersController extends AppController {
$conditions[] = array('Ledger.close_transaction_id !=' => null); $conditions[] = array('Ledger.close_transaction_id !=' => null);
} }
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -119,22 +120,25 @@ class LedgersController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get details about the ledger itself (no entries yet)
$ledger = $this->Ledger->find $ledger = $this->Ledger->find
('first', ('first',
array('contain' => array('contain' =>
array(// Models array(// Models
'Account', 'Account',
), ),
'conditions' => array(array('Ledger.id' => $id)), 'conditions' => array(array('Ledger.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10),
),
) )
); );
if (empty($ledger)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
// Get ledger stats for our summary box // Get ledger stats for our summary box
$stats = $this->Ledger->stats($id); $stats = $this->Ledger->stats($id);

21
site/controllers/statement_entries_controller.php
View File

@@ -209,12 +209,6 @@ class StatementEntriesController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
// Get the StatementEntry and related fields
$entry = $this->StatementEntry->find $entry = $this->StatementEntry->find
('first', ('first',
array('contain' => array array('contain' => array
@@ -224,10 +218,17 @@ class StatementEntriesController extends AppController {
'Lease' => array('fields' => array('id')), 'Lease' => array('fields' => array('id')),
), ),
'conditions' => array('StatementEntry.id' => $id), 'conditions' => array(array('StatementEntry.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 10)
),
)); ));
$reconciled = $this->StatementEntry->reconciledEntries($id); if (empty($entry)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
}
$stats = $this->StatementEntry->stats($id); $stats = $this->StatementEntry->stats($id);
@@ -266,7 +267,7 @@ class StatementEntriesController extends AppController {
// Prepare to render. // Prepare to render.
$title = "Statement Entry #{$entry['StatementEntry']['id']}"; $title = "Statement Entry #{$entry['StatementEntry']['id']}";
$this->set(compact('entry', 'title', 'reconciled', 'stats')); $this->set(compact('entry', 'title', 'stats'));
} }
} }

27
site/controllers/transactions_controller.php
View File

@@ -54,7 +54,12 @@ class TransactionsController extends AppController {
*/ */
function gridDataCountTables(&$params, &$model) { function gridDataCountTables(&$params, &$model) {
return parent::gridDataTables($params, $model); return array
('link' =>
array(// Models
'Account' => array('fields' => array()),
),
);
} }
function gridDataTables(&$params, &$model) { function gridDataTables(&$params, &$model) {
@@ -79,6 +84,10 @@ class TransactionsController extends AppController {
if (in_array($params['action'], array('invoice', 'receipt', 'deposit'))) if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
$conditions[] = array('Transaction.type' => strtoupper($params['action'])); $conditions[] = array('Transaction.type' => strtoupper($params['action']));
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 5);
return $conditions; return $conditions;
} }
@@ -361,11 +370,6 @@ class TransactionsController extends AppController {
*/ */
function view($id = null) { function view($id = null) {
if (!$id) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
$transaction = $this->Transaction->find $transaction = $this->Transaction->find
('first', ('first',
array('contain' => array('contain' =>
@@ -380,9 +384,18 @@ class TransactionsController extends AppController {
'Ledger.name'), 'Ledger.name'),
), ),
), ),
'conditions' => array('Transaction.id' => $id), 'conditions' => array(array('Transaction.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 5),
),
)); ));
if (empty($transaction)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
if ($transaction['Transaction']['type'] === 'DEPOSIT') { if ($transaction['Transaction']['type'] === 'DEPOSIT') {
$this->sidemenu_links[] = $this->sidemenu_links[] =
array('name' => 'Operations', 'header' => true); array('name' => 'Operations', 'header' => true);