Modules are not accessible if employee has no permissions on at least one of it's submodules

Some more db script modifications
2026-05-07 07:17:43 -04:00 · 2014-09-23 19:14:25 +02:00
parent 4b16b68f24
commit 5cf73130c5
7 changed files with 32 additions and 14 deletions
--- a/application/controllers/receivings.php
+++ b/application/controllers/receivings.php
@@ -4,7 +4,7 @@ class Receivings extends Secure_area
 {
 	function __construct()
 	{
-		parent::__construct('receivings');
+		parent::__construct('receivings','items');
 		$this->load->library('receiving_lib');
 	}

--- a/application/controllers/sales.php
+++ b/application/controllers/sales.php
@@ -4,7 +4,7 @@ class Sales extends Secure_area
 {
 	function __construct()
 	{
-		parent::__construct('sales');
+		parent::__construct('sales','items');
 		$this->load->library('sale_lib');
 	}

--- a/application/controllers/secure_area.php
+++ b/application/controllers/secure_area.php
@@ -5,7 +5,7 @@ class Secure_area extends CI_Controller
 	Controllers that are considered secure extend Secure_area, optionally a $module_id can
 	be set to also check if a user can access a particular module in the system.
 	*/
-	function __construct($module_id=null)
+	function __construct($module_id=null,$submodule_id=null)
 	{
 		parent::__construct();	
 		$this->load->model('Employee');
@@ -13,8 +13,9 @@ class Secure_area extends CI_Controller
 		{
 			redirect('login');
 		}
-		
-		if(!$this->Employee->has_permission($module_id,$this->Employee->get_logged_in_employee_info()->person_id))
+		$submodule_id = empty($submodule_id) ? $module_id : $submodule_id;
+		$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
+		if(!$this->Employee->has_permission($module_id,$employee_id) || !$this->Employee->has_subpermission($submodule_id,$employee_id))
 		{
 			redirect('no_access/'.$module_id);
 		}
@@ -22,7 +23,6 @@ class Secure_area extends CI_Controller
 		//load up global data
 		$logged_in_employee_info=$this->Employee->get_logged_in_employee_info();
 		$data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id);
-		// TODO check access for at least one submodule (if available)
 		$data['user_info']=$logged_in_employee_info;
 		$this->load->vars($data);
 	}
--- a/application/models/employee.php
+++ b/application/models/employee.php
@@ -303,6 +303,25 @@ class Employee extends Person
 		return false;
 	}
 	
+	/*
+	 * Determines whether the employee has access to at least one submodule
+	 */
+	function has_subpermission($submodule_id,$person_id)
+	{
+		$this->db->from('modules');
+		$this->db->where('module_id like concat("' . $submodule_id . '", "_%")');
+		$result = $this->db->get();
+		if ($result->num_rows() > 0)
+		{
+			$this->db->from('permissions');
+			$this->db->where('permissions.module_id like concat("' . $submodule_id . '", "_%")');
+			$this->db->where("permissions.person_id",$person_id);
+			$result = $this->db->get();
+			return $result->num_rows() > 0;
+		}
+		return true;
+	}
+	
 	/*
 	Determins whether the employee specified employee has access the specific module.
 	*/
@@ -315,10 +334,7 @@ class Employee extends Person
 		}
 		
 		$query = $this->db->get_where('permissions', array('person_id' => $person_id,'module_id'=>$module_id), 1);
-		return $query->num_rows() == 1;
-		
-		
-		return false;
+		return ($query->num_rows() == 1); 
 	}

 }
--- a/application/models/module.php
+++ b/application/models/module.php
@@ -46,5 +46,6 @@ class Module extends CI_Model
 		$this->db->order_by("sort", "asc");
 		return $this->db->get();		
 	}
+	
 }
 ?>
--- a/database/2.3_to_2.3.1.sql
+++ b/database/2.3_to_2.3.1.sql
@@ -21,4 +21,4 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_suppl
 INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_sales', person_id from ospos_employees;

 -- add config options for tax inclusive sales
-INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', 'false');
+INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', '0');
--- a/database/database.sql
+++ b/database/database.sql
@@ -37,7 +37,7 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES
 ('return_policy', 'Test'),
 ('timezone', 'America/New_York'),
 ('website', ''),
-('tax_included', 'false');
+('tax_included', '0');

 -- --------------------------------------------------------

@@ -95,7 +95,7 @@ CREATE TABLE `ospos_giftcards` (
  `person_id` INT NOT NULL,
  PRIMARY KEY (`giftcard_id`),
  UNIQUE KEY `giftcard_number` (`giftcard_number`)
-) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=48 ;
+) ENGINE=InnoDB  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ;

 --
 -- Dumping data for table `ospos_giftcards`
@@ -329,7 +329,8 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES
 ('reports_inventory', 1),
 ('reports_employees', 1),
 ('reports_suppliers', 1),
-('reports_sales', 1), 
+('reports_sales', 1),
+('items_stock0', 1),  
 ('customers', 1),
 ('employees', 1),
 ('giftcards', 1),