From 0863b4ebba7c0beb4a01378182b11d73174060da Mon Sep 17 00:00:00 2001
From: jekkos-t520 <jeroen.peelaerts@gmail.com>
Date: Thu, 16 Oct 2014 08:20:36 +0200
Subject: [PATCH] Add extra permissiosn checks to report methods Adapt
 no_access page to show missing grant Adapt Email library to customize
 return_path header

---
 application/config/routes.php           |  2 +-
 application/controllers/no_access.php   |  3 ++-
 application/controllers/reports.php     | 11 +++++++++++
 application/controllers/secure_area.php |  2 +-
 application/views/no_access.php         |  2 +-
 application/views/sales/register.php    |  2 +-
 system/libraries/Email.php              |  5 +++--
 7 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/application/config/routes.php b/application/config/routes.php
index f5fe358a1..1047287a4 100644
--- a/application/config/routes.php
+++ b/application/config/routes.php
@@ -39,7 +39,7 @@
 */
 
 $route['default_controller'] = "login";
-$route['no_access/(:any)'] = "no_access/index/$1";
+$route['no_access/(:any)/(:any)'] = "no_access/index/$1/$2";
 $route['reports/(summary_:any)/(:any)/(:any)'] = "reports/$1/$2/$3";
 $route['reports/summary_:any'] = "reports/date_input_excel_export";
 $route['reports/(graphical_:any)/(:any)/(:any)'] = "reports/$1/$2/$3";
diff --git a/application/controllers/no_access.php b/application/controllers/no_access.php
index eec4334ed..b64a7f6b9 100644
--- a/application/controllers/no_access.php
+++ b/application/controllers/no_access.php
@@ -6,9 +6,10 @@ class No_Access extends CI_Controller
 		parent::__construct();
 	}
 	
-	function index($module_id='',$submodule_id='')
+	function index($module_id='',$permission_id='')
 	{
 		$data['module_name']=$this->Module->get_module_name($module_id);
+		$data['permission_id']=empty($permission_id)?$module_id:$permission_id;
 		$this->load->view('no_access',$data);
 	}
 }
diff --git a/application/controllers/reports.php b/application/controllers/reports.php
index 70507a0f6..954d59e64 100644
--- a/application/controllers/reports.php
+++ b/application/controllers/reports.php
@@ -10,6 +10,17 @@ class Reports extends Secure_area
 	function __construct()
 	{
 		parent::__construct('reports');
+		$method_name = $this->uri->segment(2);
+		$exploder = explode('_', $method_name);
+		$submodule_id = preg_match("/^(inventory)|([^_.]+)(?:_graph)?$/", $method_name, $matches);
+		var_dump($matches);
+		$submodule_id = preg_replace("/^(.*?)s?$/", "$1s", $matches[1]);
+		$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
+		// check access to report submodule
+		if (sizeof($exploder) > 1 && !$this->Employee->has_grant('reports_'.$submodule_id,$employee_id))
+		{
+			//redirect('no_access/'.$submodule_id.'/reports_' . $submodule_id);
+		}
 		$this->load->helper('report');		
 	}
 	
diff --git a/application/controllers/secure_area.php b/application/controllers/secure_area.php
index 0d995247a..3a05865bc 100644
--- a/application/controllers/secure_area.php
+++ b/application/controllers/secure_area.php
@@ -17,7 +17,7 @@ class Secure_area extends CI_Controller
 		if(!$this->Employee->has_module_grant($module_id,$employee_id) || 
 			(isset($submodule_id) && !$this->Employee->has_module_grant($submodule_id,$employee_id)))
 		{
-			redirect('no_access/'.$module_id);
+			redirect('no_access/'.$module_id.'/'.$submodule_id);
 		}
 		
 		//load up global data
diff --git a/application/views/no_access.php b/application/views/no_access.php
index bd0db7601..695f0843e 100644
--- a/application/views/no_access.php
+++ b/application/views/no_access.php
@@ -1,3 +1,3 @@
 <?php
-echo $this->lang->line('error_no_permission_module').' '.$module_name; 
+echo $this->lang->line('error_no_permission_module').' '.$module_name . ' (' . $permission_id . ')'; 
 ?> 
\ No newline at end of file
diff --git a/application/views/sales/register.php b/application/views/sales/register.php
index 2ba336a83..4b93040ca 100644
--- a/application/views/sales/register.php
+++ b/application/views/sales/register.php
@@ -432,7 +432,7 @@ $(document).ready(function()
     	$(this).attr('value',"<?php echo $this->lang->line('sales_start_typing_customer_name'); ?>");
     });
 	
-	$('#comment').change(function() 
+	$('#comment').keyup(function() 
 	{
 		$.post('<?php echo site_url("sales/set_comment");?>', {comment: $('#comment').val()});
 	});
diff --git a/system/libraries/Email.php b/system/libraries/Email.php
index 10cbc346d..7c50ff16b 100644
--- a/system/libraries/Email.php
+++ b/system/libraries/Email.php
@@ -177,7 +177,7 @@ class CI_Email {
 	 * @param	string
 	 * @return	void
 	 */
-	public function from($from, $name = '')
+	public function from($from, $name = '', $return_path = NULL)
 	{
 		if (preg_match( '/\<(.*)\>/', $from, $match))
 		{
@@ -205,7 +205,8 @@ class CI_Email {
 		}
 
 		$this->_set_header('From', $name.' <'.$from.'>');
-		$this->_set_header('Return-Path', '<'.$from.'>');
+		isset($return_path) OR $return_path = $from;
+		$this->_set_header('Return-Path', '<'.$return_path.'>');
 
 		return $this;
 	}