Replaced the hardcoded 'level' checks, and incorporated (as a first pass) the new permission mechanism

git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83

site/controllers/ledger_entries_controller.php

@@ -117,8 +117,12 @@ class LedgerEntriesController extends AppController {
   function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
     $links['LedgerEntry']    = array('id');
     $links['Transaction']    = array('id');
-    $links['Ledger']         = array('id');
-    $links['Account']        = array('controller' => 'accounts', 'name');
+    // REVISIT <AP>: 20090827
+    //  Need to take 'level' into account
+    if ($this->Permission->allow('controller.accounts')) {
+      $links['Ledger']         = array('id');
+      $links['Account']        = array('name');
+    }
     $links['Tender']         = array('name');
     return parent::gridDataPostProcessLinks($params, $model, $records, $links);
   }
@@ -144,12 +148,8 @@ class LedgerEntriesController extends AppController {
 	      array('fields' => array('id', 'sequence', 'name'),
 		    'Account' => 
 		    array('fields' => array('id', 'name', 'type'),
-			  'conditions' =>
-			  // REVISIT <AP>: 20090811
-			  //  No security issues have been worked out yet
-			  array('Account.level >=' => 5),
-			),
-		  ),
+			  ),
+		    ),
 
 	      'Tender' =>
 	      array('fields' => array('id', 'name'),