Replaced the hardcoded 'level' checks, and incorporated (as a first pass) the new permission mechanism

git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83
2009-08-28 07:11:14 +00:00
parent 43c957baa2
commit a3b376544c
13 changed files with 92 additions and 69 deletions
--- a/site/controllers/statement_entries_controller.php
+++ b/site/controllers/statement_entries_controller.php
@@ -108,11 +108,10 @@ class StatementEntriesController extends AppController {
    if (isset($customer_id))
      $conditions[] = array('StatementEntry.customer_id' => $customer_id);

-    if (isset($statement_entry_id)) {
+    if (isset($statement_entry_id))
      $conditions[] = array('OR' =>
 			    array(array('ChargeEntry.id' => $statement_entry_id),
 				  array('DisbursementEntry.id' => $statement_entry_id)));
-    }

    if ($params['action'] === 'unreconciled') {
      $query = array('conditions' => $conditions);
@@ -132,7 +131,10 @@ class StatementEntriesController extends AppController {
  function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
    $links['StatementEntry'] = array('id');
    $links['Transaction']    = array('id');
-    $links['Account']        = array('name');
+    // REVISIT <AP>: 20090827
+    //  Need to take 'level' into account
+    if ($this->Permission->allow('controller.accounts'))
+      $links['Account']        = array('name');
    $links['Customer']       = array('name');
    $links['Lease']          = array('number');
    $links['Unit']           = array('name');
@@ -253,15 +255,12 @@ class StatementEntriesController extends AppController {
      ('first',
       array('contain' => array
 	     ('Transaction' => array('fields' => array('id', 'type', 'stamp')),
-	      'Account' => array('id', 'name', 'type'),
+	      'Account' => array('id', 'name', 'type', 'level'),
 	      'Customer' => array('fields' => array('id', 'name')),
 	      'Lease' => array('fields' => array('id', 'number')),
 	      ),

 	     'conditions' => array(array('StatementEntry.id' => $id),
-				   // REVISIT <AP>: 20090811
-				   //  No security issues have been worked out yet
-				   array('Account.level >=' => 5)
 				   ),
 	     ));

@@ -270,6 +269,10 @@ class StatementEntriesController extends AppController {
      $this->redirect(array('controller' => 'accounts', 'action'=>'index'));
    }

+    $entry['Account']['link'] =
+      $entry['Account']['level'] >=
+      $this->Permission->level('controller.accounts');
+
    $stats = $this->StatementEntry->stats($id);

    if (in_array(strtoupper($entry['StatementEntry']['type']), $this->StatementEntry->debitTypes()))