Replaced the hardcoded 'level' checks, and incorporated (as a first pass) the new permission mechanism
git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
@@ -98,9 +98,8 @@ class AccountsController extends AppController {
|
||||
$conditions[] = array('Account.type' => strtoupper($params['action']));
|
||||
}
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 10);
|
||||
$conditions[] = array('Account.level >=' =>
|
||||
$this->Permission->level('controller.accounts'));
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
@@ -181,9 +180,8 @@ class AccountsController extends AppController {
|
||||
('order' => array('CloseTransaction.stamp' => 'DESC'))),
|
||||
),
|
||||
'conditions' => array(array('Account.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
array('Account.level >=' =>
|
||||
$this->Permission->level('controller.accounts')),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
@@ -34,6 +34,9 @@ class DoubleEntriesController extends AppController {
|
||||
array('contain' => array('Ledger' => array('Account')),
|
||||
'conditions' => array('DebitEntry.id' => $entry['DebitEntry']['id']),
|
||||
));
|
||||
$entry['Ledger']['link'] =
|
||||
$entry['Ledger']['Account']['level'] >=
|
||||
$this->Permission->level('controller.accounts');
|
||||
$entry['DebitLedger'] = $entry['Ledger'];
|
||||
unset($entry['Ledger']);
|
||||
|
||||
@@ -42,6 +45,9 @@ class DoubleEntriesController extends AppController {
|
||||
array('contain' => array('Ledger' => array('Account')),
|
||||
'conditions' => array('CreditEntry.id' => $entry['CreditEntry']['id']),
|
||||
));
|
||||
$entry['Ledger']['link'] =
|
||||
$entry['Ledger']['Account']['level'] >=
|
||||
$this->Permission->level('controller.accounts');
|
||||
$entry['CreditLedger'] = $entry['Ledger'];
|
||||
unset($entry['Ledger']);
|
||||
|
||||
|
||||
@@ -117,8 +117,12 @@ class LedgerEntriesController extends AppController {
|
||||
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
|
||||
$links['LedgerEntry'] = array('id');
|
||||
$links['Transaction'] = array('id');
|
||||
$links['Ledger'] = array('id');
|
||||
$links['Account'] = array('controller' => 'accounts', 'name');
|
||||
// REVISIT <AP>: 20090827
|
||||
// Need to take 'level' into account
|
||||
if ($this->Permission->allow('controller.accounts')) {
|
||||
$links['Ledger'] = array('id');
|
||||
$links['Account'] = array('name');
|
||||
}
|
||||
$links['Tender'] = array('name');
|
||||
return parent::gridDataPostProcessLinks($params, $model, $records, $links);
|
||||
}
|
||||
@@ -144,12 +148,8 @@ class LedgerEntriesController extends AppController {
|
||||
array('fields' => array('id', 'sequence', 'name'),
|
||||
'Account' =>
|
||||
array('fields' => array('id', 'name', 'type'),
|
||||
'conditions' =>
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 5),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
|
||||
'Tender' =>
|
||||
array('fields' => array('id', 'name'),
|
||||
|
||||
@@ -86,9 +86,8 @@ class LedgersController extends AppController {
|
||||
$conditions[] = array('Ledger.close_transaction_id !=' => null);
|
||||
}
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 10);
|
||||
$conditions[] = array('Account.level >=' =>
|
||||
$this->Permission->level('controller.accounts'));
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
@@ -107,8 +106,12 @@ class LedgersController extends AppController {
|
||||
}
|
||||
|
||||
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
|
||||
$links['Ledger'] = array('name');
|
||||
$links['Account'] = array('name');
|
||||
// REVISIT <AP>: 20090827
|
||||
// Need to take 'level' into account
|
||||
if ($this->Permission->allow('controller.accounts')) {
|
||||
$links['Ledger'] = array('sequence');
|
||||
$links['Account'] = array('name');
|
||||
}
|
||||
return parent::gridDataPostProcessLinks($params, $model, $records, $links);
|
||||
}
|
||||
|
||||
@@ -128,9 +131,8 @@ class LedgersController extends AppController {
|
||||
'Account',
|
||||
),
|
||||
'conditions' => array(array('Ledger.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 10),
|
||||
array('Account.level >=' =>
|
||||
$this->Permission->level('controller.accounts')),
|
||||
),
|
||||
)
|
||||
);
|
||||
|
||||
@@ -108,11 +108,10 @@ class StatementEntriesController extends AppController {
|
||||
if (isset($customer_id))
|
||||
$conditions[] = array('StatementEntry.customer_id' => $customer_id);
|
||||
|
||||
if (isset($statement_entry_id)) {
|
||||
if (isset($statement_entry_id))
|
||||
$conditions[] = array('OR' =>
|
||||
array(array('ChargeEntry.id' => $statement_entry_id),
|
||||
array('DisbursementEntry.id' => $statement_entry_id)));
|
||||
}
|
||||
|
||||
if ($params['action'] === 'unreconciled') {
|
||||
$query = array('conditions' => $conditions);
|
||||
@@ -132,7 +131,10 @@ class StatementEntriesController extends AppController {
|
||||
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
|
||||
$links['StatementEntry'] = array('id');
|
||||
$links['Transaction'] = array('id');
|
||||
$links['Account'] = array('name');
|
||||
// REVISIT <AP>: 20090827
|
||||
// Need to take 'level' into account
|
||||
if ($this->Permission->allow('controller.accounts'))
|
||||
$links['Account'] = array('name');
|
||||
$links['Customer'] = array('name');
|
||||
$links['Lease'] = array('number');
|
||||
$links['Unit'] = array('name');
|
||||
@@ -253,15 +255,12 @@ class StatementEntriesController extends AppController {
|
||||
('first',
|
||||
array('contain' => array
|
||||
('Transaction' => array('fields' => array('id', 'type', 'stamp')),
|
||||
'Account' => array('id', 'name', 'type'),
|
||||
'Account' => array('id', 'name', 'type', 'level'),
|
||||
'Customer' => array('fields' => array('id', 'name')),
|
||||
'Lease' => array('fields' => array('id', 'number')),
|
||||
),
|
||||
|
||||
'conditions' => array(array('StatementEntry.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('Account.level >=' => 5)
|
||||
),
|
||||
));
|
||||
|
||||
@@ -270,6 +269,10 @@ class StatementEntriesController extends AppController {
|
||||
$this->redirect(array('controller' => 'accounts', 'action'=>'index'));
|
||||
}
|
||||
|
||||
$entry['Account']['link'] =
|
||||
$entry['Account']['level'] >=
|
||||
$this->Permission->level('controller.accounts');
|
||||
|
||||
$stats = $this->StatementEntry->stats($id);
|
||||
|
||||
if (in_array(strtoupper($entry['StatementEntry']['type']), $this->StatementEntry->debitTypes()))
|
||||
|
||||
@@ -62,7 +62,7 @@ class TendersController extends AppController {
|
||||
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
|
||||
$links['Tender'] = array('name', 'id');
|
||||
$links['Customer'] = array('name');
|
||||
$links['TenderType'] = array('name');
|
||||
//$links['TenderType'] = array('name');
|
||||
return parent::gridDataPostProcessLinks($params, $model, $records, $links);
|
||||
}
|
||||
|
||||
|
||||
@@ -95,10 +95,6 @@ class TransactionsController extends AppController {
|
||||
if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
|
||||
$conditions[] = array('Transaction.type' => strtoupper($params['action']));
|
||||
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
$conditions[] = array('Account.level >=' => 5);
|
||||
|
||||
return $conditions;
|
||||
}
|
||||
|
||||
@@ -399,28 +395,23 @@ class TransactionsController extends AppController {
|
||||
('first',
|
||||
array('contain' =>
|
||||
array(// Models
|
||||
'Account(id,name)',
|
||||
'Account(id,name,level)',
|
||||
'Ledger(id,sequence)',
|
||||
'NsfTender(id,name)',
|
||||
),
|
||||
'conditions' => array(array('Transaction.id' => $id),
|
||||
// REVISIT <AP>: 20090811
|
||||
// No security issues have been worked out yet
|
||||
array('OR' =>
|
||||
array(array('Account.level >=' => 5),
|
||||
array('Account.id' => null))),
|
||||
),
|
||||
));
|
||||
|
||||
// REVISIT <AP>: 20090815
|
||||
// for debug purposes only (pr output)
|
||||
$this->Transaction->stats($id);
|
||||
|
||||
if (empty($transaction)) {
|
||||
$this->Session->setFlash(__('Invalid Item.', true));
|
||||
$this->redirect(array('action'=>'index'));
|
||||
}
|
||||
|
||||
$transaction['Account']['link'] =
|
||||
$transaction['Account']['level'] >=
|
||||
$this->Permission->level('controller.accounts');
|
||||
|
||||
if ($transaction['Transaction']['type'] === 'DEPOSIT')
|
||||
$this->addSideMenuLink('View Slip',
|
||||
array('action' => 'deposit_slip', $id), null,
|
||||
@@ -452,7 +443,7 @@ class TransactionsController extends AppController {
|
||||
// Build a container for the deposit slip data
|
||||
$deposit = array('types' => array());
|
||||
|
||||
$this->id = $id;
|
||||
$this->Transaction->id = $id;
|
||||
$deposit +=
|
||||
$this->Transaction->find('first', array('contain' => false));
|
||||
|
||||
|
||||
Reference in New Issue
Block a user