abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replaced the hardcoded 'level' checks, and incorporated (as a first pass) the new permission mechanism

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-28 07:11:14 +00:00
parent 43c957baa2
commit a3b376544c
13 changed files with 92 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
site/controllers/transactions_controller.php
View File

@@ -95,10 +95,6 @@ class TransactionsController extends AppController {
if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
$conditions[] = array('Transaction.type' => strtoupper($params['action']));
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 5);
return $conditions;
}
@@ -399,28 +395,23 @@ class TransactionsController extends AppController {
('first',
array('contain' =>
array(// Models
'Account(id,name)',
'Account(id,name,level)',
'Ledger(id,sequence)',
'NsfTender(id,name)',
),
'conditions' => array(array('Transaction.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('OR' =>
array(array('Account.level >=' => 5),
array('Account.id' => null))),
),
));
// REVISIT <AP>: 20090815
// for debug purposes only (pr output)
$this->Transaction->stats($id);
if (empty($transaction)) {
$this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index'));
}
$transaction['Account']['link'] =
$transaction['Account']['level'] >=
$this->Permission->level('controller.accounts');
if ($transaction['Transaction']['type'] === 'DEPOSIT')
$this->addSideMenuLink('View Slip',
array('action' => 'deposit_slip', $id), null,
@@ -452,7 +443,7 @@ class TransactionsController extends AppController {
// Build a container for the deposit slip data
$deposit = array('types' => array());
$this->id = $id;
$this->Transaction->id = $id;
$deposit +=
$this->Transaction->find('first', array('contain' => false));