Add extra permissiosn checks to report methods

Adapt no_access page to show missing grant Adapt Email library to customize return_path header
2026-05-24 16:28:40 -04:00 · 2014-10-16 08:20:36 +02:00
parent 20fed1d457
commit 0863b4ebba
7 changed files with 20 additions and 7 deletions
--- a/application/config/routes.php
+++ b/application/config/routes.php
@@ -39,7 +39,7 @@
 */

 $route['default_controller'] = "login";
-$route['no_access/(:any)'] = "no_access/index/$1";
+$route['no_access/(:any)/(:any)'] = "no_access/index/$1/$2";
 $route['reports/(summary_:any)/(:any)/(:any)'] = "reports/$1/$2/$3";
 $route['reports/summary_:any'] = "reports/date_input_excel_export";
 $route['reports/(graphical_:any)/(:any)/(:any)'] = "reports/$1/$2/$3";
--- a/application/controllers/no_access.php
+++ b/application/controllers/no_access.php
@@ -6,9 +6,10 @@ class No_Access extends CI_Controller
 		parent::__construct();
 	}
 	
-	function index($module_id='',$submodule_id='')
+	function index($module_id='',$permission_id='')
 	{
 		$data['module_name']=$this->Module->get_module_name($module_id);
+		$data['permission_id']=empty($permission_id)?$module_id:$permission_id;
 		$this->load->view('no_access',$data);
 	}
 }
--- a/application/controllers/reports.php
+++ b/application/controllers/reports.php
@@ -10,6 +10,17 @@ class Reports extends Secure_area
 	function __construct()
 	{
 		parent::__construct('reports');
+		$method_name = $this->uri->segment(2);
+		$exploder = explode('_', $method_name);
+		$submodule_id = preg_match("/^(inventory)|([^_.]+)(?:_graph)?$/", $method_name, $matches);
+		var_dump($matches);
+		$submodule_id = preg_replace("/^(.*?)s?$/", "$1s", $matches[1]);
+		$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
+		// check access to report submodule
+		if (sizeof($exploder) > 1 && !$this->Employee->has_grant('reports_'.$submodule_id,$employee_id))
+		{
+			//redirect('no_access/'.$submodule_id.'/reports_' . $submodule_id);
+		}
 		$this->load->helper('report');		
 	}
 	
--- a/application/controllers/secure_area.php
+++ b/application/controllers/secure_area.php
@@ -17,7 +17,7 @@ class Secure_area extends CI_Controller
 		if(!$this->Employee->has_module_grant($module_id,$employee_id) || 
 			(isset($submodule_id) && !$this->Employee->has_module_grant($submodule_id,$employee_id)))
 		{
-			redirect('no_access/'.$module_id);
+			redirect('no_access/'.$module_id.'/'.$submodule_id);
 		}
 		
 		//load up global data
--- a/application/views/no_access.php
+++ b/application/views/no_access.php
@@ -1,3 +1,3 @@
 <?php
-echo $this->lang->line('error_no_permission_module').' '.$module_name; 
+echo $this->lang->line('error_no_permission_module').' '.$module_name . ' (' . $permission_id . ')'; 
 ?> 
--- a/application/views/sales/register.php
+++ b/application/views/sales/register.php
@@ -432,7 +432,7 @@ $(document).ready(function()
    	$(this).attr('value',"<?php echo $this->lang->line('sales_start_typing_customer_name'); ?>");
    });
 	
-	$('#comment').change(function() 
+	$('#comment').keyup(function() 
 	{
 		$.post('<?php echo site_url("sales/set_comment");?>', {comment: $('#comment').val()});
 	});
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -177,7 +177,7 @@ class CI_Email {
 	 * @param	string
 	 * @return	void
 	 */
-	public function from($from, $name = '')
+	public function from($from, $name = '', $return_path = NULL)
 	{
 		if (preg_match( '/\<(.*)\>/', $from, $match))
 		{
@@ -205,7 +205,8 @@ class CI_Email {
 		}

 		$this->_set_header('From', $name.' <'.$from.'>');
-		$this->_set_header('Return-Path', '<'.$from.'>');
+		isset($return_path) OR $return_path = $from;
+		$this->_set_header('Return-Path', '<'.$return_path.'>');

 		return $this;
 	}