abijah/pmgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replaced the hardcoded 'level' checks, and incorporated (as a first pass) the new permission mechanism

Browse Source 
git-svn-id: file:///svn-source/pmgr/branches/pre_0.1_work_20090819@802 97e9348a-65ac-dc4b-aefc-98561f571b83
This commit is contained in:
abijah
2009-08-28 07:11:14 +00:00
parent 43c957baa2
commit a3b376544c
13 changed files with 92 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
db/property_manager.sql
View File

@@ -877,6 +877,7 @@ SET character_set_client = @saved_cs_client;
LOCK TABLES `pmgr_default_permissions` WRITE; LOCK TABLES `pmgr_default_permissions` WRITE;
/*!40000 ALTER TABLE `pmgr_default_permissions` DISABLE KEYS */; /*!40000 ALTER TABLE `pmgr_default_permissions` DISABLE KEYS */;
INSERT INTO `pmgr_default_permissions` VALUES (1,1,NULL);
/*!40000 ALTER TABLE `pmgr_default_permissions` ENABLE KEYS */; /*!40000 ALTER TABLE `pmgr_default_permissions` ENABLE KEYS */;
UNLOCK TABLES; UNLOCK TABLES;
@@ -1712,6 +1713,9 @@ SET character_set_client = @saved_cs_client;
LOCK TABLES `pmgr_group_permissions` WRITE; LOCK TABLES `pmgr_group_permissions` WRITE;
/*!40000 ALTER TABLE `pmgr_group_permissions` DISABLE KEYS */; /*!40000 ALTER TABLE `pmgr_group_permissions` DISABLE KEYS */;
INSERT INTO `pmgr_group_permissions` VALUES (1,1,4,NULL);
INSERT INTO `pmgr_group_permissions` VALUES (2,2,4,NULL);
INSERT INTO `pmgr_group_permissions` VALUES (3,3,3,NULL);
/*!40000 ALTER TABLE `pmgr_group_permissions` ENABLE KEYS */; /*!40000 ALTER TABLE `pmgr_group_permissions` ENABLE KEYS */;
UNLOCK TABLES; UNLOCK TABLES;
@@ -3761,6 +3765,10 @@ SET character_set_client = @saved_cs_client;
LOCK TABLES `pmgr_permission_values` WRITE; LOCK TABLES `pmgr_permission_values` WRITE;
/*!40000 ALTER TABLE `pmgr_permission_values` DISABLE KEYS */; /*!40000 ALTER TABLE `pmgr_permission_values` DISABLE KEYS */;
INSERT INTO `pmgr_permission_values` VALUES (1,1,'DENY',NULL,NULL);
INSERT INTO `pmgr_permission_values` VALUES (2,1,'ALLOW',10,NULL);
INSERT INTO `pmgr_permission_values` VALUES (3,1,'ALLOW',5,NULL);
INSERT INTO `pmgr_permission_values` VALUES (4,1,'ALLOW',1,NULL);
/*!40000 ALTER TABLE `pmgr_permission_values` ENABLE KEYS */; /*!40000 ALTER TABLE `pmgr_permission_values` ENABLE KEYS */;
UNLOCK TABLES; UNLOCK TABLES;
@@ -3786,6 +3794,7 @@ SET character_set_client = @saved_cs_client;
LOCK TABLES `pmgr_permissions` WRITE; LOCK TABLES `pmgr_permissions` WRITE;
/*!40000 ALTER TABLE `pmgr_permissions` DISABLE KEYS */; /*!40000 ALTER TABLE `pmgr_permissions` DISABLE KEYS */;
INSERT INTO `pmgr_permissions` VALUES (1,'controller.accounts',NULL);
/*!40000 ALTER TABLE `pmgr_permissions` ENABLE KEYS */; /*!40000 ALTER TABLE `pmgr_permissions` ENABLE KEYS */;
UNLOCK TABLES; UNLOCK TABLES;

10
site/controllers/accounts_controller.php
View File

@@ -98,9 +98,8 @@ class AccountsController extends AppController {
$conditions[] = array('Account.type' => strtoupper($params['action'])); $conditions[] = array('Account.type' => strtoupper($params['action']));
} }
// REVISIT <AP>: 20090811 $conditions[] = array('Account.level >=' =>
// No security issues have been worked out yet $this->Permission->level('controller.accounts'));
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -181,9 +180,8 @@ class AccountsController extends AppController {
('order' => array('CloseTransaction.stamp' => 'DESC'))), ('order' => array('CloseTransaction.stamp' => 'DESC'))),
), ),
'conditions' => array(array('Account.id' => $id), 'conditions' => array(array('Account.id' => $id),
// REVISIT <AP>: 20090811 array('Account.level >=' =>
// No security issues have been worked out yet $this->Permission->level('controller.accounts')),
array('Account.level >=' => 10),
), ),
) )
); );

6
site/controllers/double_entries_controller.php
View File

@@ -34,6 +34,9 @@ class DoubleEntriesController extends AppController {
array('contain' => array('Ledger' => array('Account')), array('contain' => array('Ledger' => array('Account')),
'conditions' => array('DebitEntry.id' => $entry['DebitEntry']['id']), 'conditions' => array('DebitEntry.id' => $entry['DebitEntry']['id']),
)); ));
$entry['Ledger']['link'] =
$entry['Ledger']['Account']['level'] >=
$this->Permission->level('controller.accounts');
$entry['DebitLedger'] = $entry['Ledger']; $entry['DebitLedger'] = $entry['Ledger'];
unset($entry['Ledger']); unset($entry['Ledger']);
@@ -42,6 +45,9 @@ class DoubleEntriesController extends AppController {
array('contain' => array('Ledger' => array('Account')), array('contain' => array('Ledger' => array('Account')),
'conditions' => array('CreditEntry.id' => $entry['CreditEntry']['id']), 'conditions' => array('CreditEntry.id' => $entry['CreditEntry']['id']),
)); ));
$entry['Ledger']['link'] =
$entry['Ledger']['Account']['level'] >=
$this->Permission->level('controller.accounts');
$entry['CreditLedger'] = $entry['Ledger']; $entry['CreditLedger'] = $entry['Ledger'];
unset($entry['Ledger']); unset($entry['Ledger']);

10
site/controllers/ledger_entries_controller.php
View File

@@ -117,8 +117,12 @@ class LedgerEntriesController extends AppController {
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) { function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
$links['LedgerEntry'] = array('id'); $links['LedgerEntry'] = array('id');
$links['Transaction'] = array('id'); $links['Transaction'] = array('id');
// REVISIT <AP>: 20090827
// Need to take 'level' into account
if ($this->Permission->allow('controller.accounts')) {
$links['Ledger'] = array('id'); $links['Ledger'] = array('id');
$links['Account'] = array('controller' => 'accounts', 'name'); $links['Account'] = array('name');
}
$links['Tender'] = array('name'); $links['Tender'] = array('name');
return parent::gridDataPostProcessLinks($params, $model, $records, $links); return parent::gridDataPostProcessLinks($params, $model, $records, $links);
} }
@@ -144,10 +148,6 @@ class LedgerEntriesController extends AppController {
array('fields' => array('id', 'sequence', 'name'), array('fields' => array('id', 'sequence', 'name'),
'Account' => 'Account' =>
array('fields' => array('id', 'name', 'type'), array('fields' => array('id', 'name', 'type'),
'conditions' =>
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 5),
), ),
), ),

16
site/controllers/ledgers_controller.php
View File

@@ -86,9 +86,8 @@ class LedgersController extends AppController {
$conditions[] = array('Ledger.close_transaction_id !=' => null); $conditions[] = array('Ledger.close_transaction_id !=' => null);
} }
// REVISIT <AP>: 20090811 $conditions[] = array('Account.level >=' =>
// No security issues have been worked out yet $this->Permission->level('controller.accounts'));
$conditions[] = array('Account.level >=' => 10);
return $conditions; return $conditions;
} }
@@ -107,8 +106,12 @@ class LedgersController extends AppController {
} }
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) { function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
$links['Ledger'] = array('name'); // REVISIT <AP>: 20090827
// Need to take 'level' into account
if ($this->Permission->allow('controller.accounts')) {
$links['Ledger'] = array('sequence');
$links['Account'] = array('name'); $links['Account'] = array('name');
}
return parent::gridDataPostProcessLinks($params, $model, $records, $links); return parent::gridDataPostProcessLinks($params, $model, $records, $links);
} }
@@ -128,9 +131,8 @@ class LedgersController extends AppController {
'Account', 'Account',
), ),
'conditions' => array(array('Ledger.id' => $id), 'conditions' => array(array('Ledger.id' => $id),
// REVISIT <AP>: 20090811 array('Account.level >=' =>
// No security issues have been worked out yet $this->Permission->level('controller.accounts')),
array('Account.level >=' => 10),
), ),
) )
); );

15
site/controllers/statement_entries_controller.php
View File

@@ -108,11 +108,10 @@ class StatementEntriesController extends AppController {
if (isset($customer_id)) if (isset($customer_id))
$conditions[] = array('StatementEntry.customer_id' => $customer_id); $conditions[] = array('StatementEntry.customer_id' => $customer_id);
if (isset($statement_entry_id)) { if (isset($statement_entry_id))
$conditions[] = array('OR' => $conditions[] = array('OR' =>
array(array('ChargeEntry.id' => $statement_entry_id), array(array('ChargeEntry.id' => $statement_entry_id),
array('DisbursementEntry.id' => $statement_entry_id))); array('DisbursementEntry.id' => $statement_entry_id)));
}
if ($params['action'] === 'unreconciled') { if ($params['action'] === 'unreconciled') {
$query = array('conditions' => $conditions); $query = array('conditions' => $conditions);
@@ -132,6 +131,9 @@ class StatementEntriesController extends AppController {
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) { function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
$links['StatementEntry'] = array('id'); $links['StatementEntry'] = array('id');
$links['Transaction'] = array('id'); $links['Transaction'] = array('id');
// REVISIT <AP>: 20090827
// Need to take 'level' into account
if ($this->Permission->allow('controller.accounts'))
$links['Account'] = array('name'); $links['Account'] = array('name');
$links['Customer'] = array('name'); $links['Customer'] = array('name');
$links['Lease'] = array('number'); $links['Lease'] = array('number');
@@ -253,15 +255,12 @@ class StatementEntriesController extends AppController {
('first', ('first',
array('contain' => array array('contain' => array
('Transaction' => array('fields' => array('id', 'type', 'stamp')), ('Transaction' => array('fields' => array('id', 'type', 'stamp')),
'Account' => array('id', 'name', 'type'), 'Account' => array('id', 'name', 'type', 'level'),
'Customer' => array('fields' => array('id', 'name')), 'Customer' => array('fields' => array('id', 'name')),
'Lease' => array('fields' => array('id', 'number')), 'Lease' => array('fields' => array('id', 'number')),
), ),
'conditions' => array(array('StatementEntry.id' => $id), 'conditions' => array(array('StatementEntry.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('Account.level >=' => 5)
), ),
)); ));
@@ -270,6 +269,10 @@ class StatementEntriesController extends AppController {
$this->redirect(array('controller' => 'accounts', 'action'=>'index')); $this->redirect(array('controller' => 'accounts', 'action'=>'index'));
} }
$entry['Account']['link'] =
$entry['Account']['level'] >=
$this->Permission->level('controller.accounts');
$stats = $this->StatementEntry->stats($id); $stats = $this->StatementEntry->stats($id);
if (in_array(strtoupper($entry['StatementEntry']['type']), $this->StatementEntry->debitTypes())) if (in_array(strtoupper($entry['StatementEntry']['type']), $this->StatementEntry->debitTypes()))

2
site/controllers/tenders_controller.php
View File

@@ -62,7 +62,7 @@ class TendersController extends AppController {
function gridDataPostProcessLinks(&$params, &$model, &$records, $links) { function gridDataPostProcessLinks(&$params, &$model, &$records, $links) {
$links['Tender'] = array('name', 'id'); $links['Tender'] = array('name', 'id');
$links['Customer'] = array('name'); $links['Customer'] = array('name');
$links['TenderType'] = array('name'); //$links['TenderType'] = array('name');
return parent::gridDataPostProcessLinks($params, $model, $records, $links); return parent::gridDataPostProcessLinks($params, $model, $records, $links);
} }

21
site/controllers/transactions_controller.php
View File

@@ -95,10 +95,6 @@ class TransactionsController extends AppController {
if (in_array($params['action'], array('invoice', 'receipt', 'deposit'))) if (in_array($params['action'], array('invoice', 'receipt', 'deposit')))
$conditions[] = array('Transaction.type' => strtoupper($params['action'])); $conditions[] = array('Transaction.type' => strtoupper($params['action']));
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
$conditions[] = array('Account.level >=' => 5);
return $conditions; return $conditions;
} }
@@ -399,28 +395,23 @@ class TransactionsController extends AppController {
('first', ('first',
array('contain' => array('contain' =>
array(// Models array(// Models
'Account(id,name)', 'Account(id,name,level)',
'Ledger(id,sequence)', 'Ledger(id,sequence)',
'NsfTender(id,name)', 'NsfTender(id,name)',
), ),
'conditions' => array(array('Transaction.id' => $id), 'conditions' => array(array('Transaction.id' => $id),
// REVISIT <AP>: 20090811
// No security issues have been worked out yet
array('OR' =>
array(array('Account.level >=' => 5),
array('Account.id' => null))),
), ),
)); ));
// REVISIT <AP>: 20090815
// for debug purposes only (pr output)
$this->Transaction->stats($id);
if (empty($transaction)) { if (empty($transaction)) {
$this->Session->setFlash(__('Invalid Item.', true)); $this->Session->setFlash(__('Invalid Item.', true));
$this->redirect(array('action'=>'index')); $this->redirect(array('action'=>'index'));
} }
$transaction['Account']['link'] =
$transaction['Account']['level'] >=
$this->Permission->level('controller.accounts');
if ($transaction['Transaction']['type'] === 'DEPOSIT') if ($transaction['Transaction']['type'] === 'DEPOSIT')
$this->addSideMenuLink('View Slip', $this->addSideMenuLink('View Slip',
array('action' => 'deposit_slip', $id), null, array('action' => 'deposit_slip', $id), null,
@@ -452,7 +443,7 @@ class TransactionsController extends AppController {
// Build a container for the deposit slip data // Build a container for the deposit slip data
$deposit = array('types' => array()); $deposit = array('types' => array());
$this->id = $id; $this->Transaction->id = $id;
$deposit += $deposit +=
$this->Transaction->find('first', array('contain' => false)); $this->Transaction->find('first', array('contain' => false));

3
site/models/permission.php
View File

@@ -79,6 +79,9 @@ class Permission extends AppModel {
if (empty($result['level']) || (!empty($value['level']) && $value['level'] < $result['level'])) if (empty($result['level']) || (!empty($value['level']) && $value['level'] < $result['level']))
$result['level'] = $value['level']; $result['level'] = $value['level'];
if ($result['access'] !== 'ALLOW')
$result['level'] = 9999999;
return $this->prReturn($result); return $this->prReturn($result);
} }

12
site/views/double_entries/view.ctp
View File

@@ -56,14 +56,18 @@ foreach ($ledgers AS $type => $ledger) {
/* array('controller' => 'entries', */ /* array('controller' => 'entries', */
/* 'action' => 'view', */ /* 'action' => 'view', */
/* $entries[$type]['id']))); */ /* $entries[$type]['id']))); */
$rows[] = array('Account', $html->link($ledger['Account']['name'], $rows[] = array('Account', ($ledger['link']
? $html->link($ledger['Account']['name'],
array('controller' => 'accounts', array('controller' => 'accounts',
'action' => 'view', 'action' => 'view',
$ledger['Account']['id']))); $ledger['Account']['id']))
$rows[] = array('Ledger', $html->link('#' . $ledger['sequence'], : $ledger['Account']['name']));
$rows[] = array('Ledger', ($ledger['link']
? $html->link('#' . $ledger['sequence'],
array('controller' => 'ledgers', array('controller' => 'ledgers',
'action' => 'view', 'action' => 'view',
$ledger['id']))); $ledger['id']))
: '#' . $ledger['sequence']));
$rows[] = array('Amount', FormatHelper::currency($entries[$type]['amount'])); $rows[] = array('Amount', FormatHelper::currency($entries[$type]['amount']));
//$rows[] = array('Effect', $ledger['Account']['ftype'] == $type ? 'INCREASE' : 'DECREASE'); //$rows[] = array('Effect', $ledger['Account']['ftype'] == $type ? 'INCREASE' : 'DECREASE');

8
site/views/elements/ledgers.ctp
View File

@@ -15,8 +15,8 @@ $cols['Balance'] = array('index' => 'balance', 'formatter' => 'c
// Render the grid // Render the grid
$grid $grid
->columns($cols) ->columns($cols)
->sortField('Account') ->sortField('Sequence')
->defaultFields(array('Account', 'Sequence')) ->defaultFields(array('Sequence'))
->searchFields(array('Account', 'Comment')) ->searchFields(array('Comment'))
->render($this, isset($config) ? $config : null, ->render($this, isset($config) ? $config : null,
array_diff(array_keys($cols), array('Open Date', 'Comment'))); array_diff(array_keys($cols), array('Account', 'Open Date', 'Comment')));

6
site/views/statement_entries/view.ctp
View File

@@ -29,10 +29,12 @@ if (in_array($entry['type'], array('CHARGE', 'PAYMENT')))
$rows[] = array('Through', FormatHelper::date($entry['through_date'])); $rows[] = array('Through', FormatHelper::date($entry['through_date']));
$rows[] = array('Type', $entry['type']); $rows[] = array('Type', $entry['type']);
$rows[] = array('Amount', FormatHelper::currency($entry['amount'])); $rows[] = array('Amount', FormatHelper::currency($entry['amount']));
$rows[] = array('Account', $html->link($account['name'], $rows[] = array('Account', ($account['link']
? $html->link($account['name'],
array('controller' => 'accounts', array('controller' => 'accounts',
'action' => 'view', 'action' => 'view',
$account['id']))); $account['id']))
: $account['name']));
$rows[] = array('Customer', (isset($customer['name']) $rows[] = array('Customer', (isset($customer['name'])
? $html->link($customer['name'], ? $html->link($customer['name'],
array('controller' => 'customers', array('controller' => 'customers',

13
site/views/transactions/view.ctp
View File

@@ -21,14 +21,19 @@ $rows[] = array('ID', $transaction['id']);
$rows[] = array('Type', str_replace('_', ' ', $transaction['type'])); $rows[] = array('Type', str_replace('_', ' ', $transaction['type']));
$rows[] = array('Timestamp', FormatHelper::datetime($transaction['stamp'])); $rows[] = array('Timestamp', FormatHelper::datetime($transaction['stamp']));
$rows[] = array('Amount', FormatHelper::currency($transaction['amount'])); $rows[] = array('Amount', FormatHelper::currency($transaction['amount']));
$rows[] = array('Account', $html->link($account['name'], $rows[] = array('Account', ($account['link']
? $html->link($account['name'],
array('controller' => 'accounts', array('controller' => 'accounts',
'action' => 'view', 'action' => 'view',
$account['id']))); $account['id']))
$rows[] = array('Ledger', $html->link('#' . $ledger['sequence'], : $account['name']));
$rows[] = array('Ledger', ($account['link']
? $html->link('#' . $ledger['sequence'],
array('controller' => 'ledgers', array('controller' => 'ledgers',
'action' => 'view', 'action' => 'view',
$ledger['id']))); $ledger['id']))
: '#' . $ledger['sequence']));
if (!empty($nsf_tender['id'])) if (!empty($nsf_tender['id']))
$rows[] = array('NSF Tender', $html->link($nsf_tender['name'], $rows[] = array('NSF Tender', $html->link($nsf_tender['name'],
array('controller' => 'tenders', array('controller' => 'tenders',