diff --git a/application/controllers/receivings.php b/application/controllers/receivings.php index 1dff8ad55..d4ae1eb05 100644 --- a/application/controllers/receivings.php +++ b/application/controllers/receivings.php @@ -4,7 +4,7 @@ class Receivings extends Secure_area { function __construct() { - parent::__construct('receivings'); + parent::__construct('receivings','items'); $this->load->library('receiving_lib'); } diff --git a/application/controllers/sales.php b/application/controllers/sales.php index c6eeddb17..55b6edd3c 100644 --- a/application/controllers/sales.php +++ b/application/controllers/sales.php @@ -4,7 +4,7 @@ class Sales extends Secure_area { function __construct() { - parent::__construct('sales'); + parent::__construct('sales','items'); $this->load->library('sale_lib'); } diff --git a/application/controllers/secure_area.php b/application/controllers/secure_area.php index 5e0f86637..dbdd750bc 100644 --- a/application/controllers/secure_area.php +++ b/application/controllers/secure_area.php @@ -5,7 +5,7 @@ class Secure_area extends CI_Controller Controllers that are considered secure extend Secure_area, optionally a $module_id can be set to also check if a user can access a particular module in the system. */ - function __construct($module_id=null) + function __construct($module_id=null,$submodule_id=null) { parent::__construct(); $this->load->model('Employee'); @@ -13,8 +13,9 @@ class Secure_area extends CI_Controller { redirect('login'); } - - if(!$this->Employee->has_permission($module_id,$this->Employee->get_logged_in_employee_info()->person_id)) + $submodule_id = empty($submodule_id) ? $module_id : $submodule_id; + $employee_id=$this->Employee->get_logged_in_employee_info()->person_id; + if(!$this->Employee->has_permission($module_id,$employee_id) || !$this->Employee->has_subpermission($submodule_id,$employee_id)) { redirect('no_access/'.$module_id); } @@ -22,7 +23,6 @@ class Secure_area extends CI_Controller //load up global data $logged_in_employee_info=$this->Employee->get_logged_in_employee_info(); $data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id); - // TODO check access for at least one submodule (if available) $data['user_info']=$logged_in_employee_info; $this->load->vars($data); } diff --git a/application/models/employee.php b/application/models/employee.php index e0d0b3606..0608c8540 100644 --- a/application/models/employee.php +++ b/application/models/employee.php @@ -303,6 +303,25 @@ class Employee extends Person return false; } + /* + * Determines whether the employee has access to at least one submodule + */ + function has_subpermission($submodule_id,$person_id) + { + $this->db->from('modules'); + $this->db->where('module_id like concat("' . $submodule_id . '", "_%")'); + $result = $this->db->get(); + if ($result->num_rows() > 0) + { + $this->db->from('permissions'); + $this->db->where('permissions.module_id like concat("' . $submodule_id . '", "_%")'); + $this->db->where("permissions.person_id",$person_id); + $result = $this->db->get(); + return $result->num_rows() > 0; + } + return true; + } + /* Determins whether the employee specified employee has access the specific module. */ @@ -315,10 +334,7 @@ class Employee extends Person } $query = $this->db->get_where('permissions', array('person_id' => $person_id,'module_id'=>$module_id), 1); - return $query->num_rows() == 1; - - - return false; + return ($query->num_rows() == 1); } } diff --git a/application/models/module.php b/application/models/module.php index 1e14c6d85..4f5ff99c8 100644 --- a/application/models/module.php +++ b/application/models/module.php @@ -46,5 +46,6 @@ class Module extends CI_Model $this->db->order_by("sort", "asc"); return $this->db->get(); } + } ?> diff --git a/database/2.3_to_2.3.1.sql b/database/2.3_to_2.3.1.sql index 38a6eb50f..46375dbc2 100644 --- a/database/2.3_to_2.3.1.sql +++ b/database/2.3_to_2.3.1.sql @@ -21,4 +21,4 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_suppl INSERT INTO `ospos_permissions` (`module_id`, `person_id`) SELECT 'reports_sales', person_id from ospos_employees; -- add config options for tax inclusive sales -INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', 'false'); +INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('tax_included', '0'); diff --git a/database/database.sql b/database/database.sql index e9035f254..c75b13601 100644 --- a/database/database.sql +++ b/database/database.sql @@ -37,7 +37,7 @@ INSERT INTO `ospos_app_config` (`key`, `value`) VALUES ('return_policy', 'Test'), ('timezone', 'America/New_York'), ('website', ''), -('tax_included', 'false'); +('tax_included', '0'); -- -------------------------------------------------------- @@ -95,7 +95,7 @@ CREATE TABLE `ospos_giftcards` ( `person_id` INT NOT NULL, PRIMARY KEY (`giftcard_id`), UNIQUE KEY `giftcard_number` (`giftcard_number`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=48 ; +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ; -- -- Dumping data for table `ospos_giftcards` @@ -329,7 +329,8 @@ INSERT INTO `ospos_permissions` (`module_id`, `person_id`) VALUES ('reports_inventory', 1), ('reports_employees', 1), ('reports_suppliers', 1), -('reports_sales', 1), +('reports_sales', 1), +('items_stock0', 1), ('customers', 1), ('employees', 1), ('giftcards', 1),