Finish stock location refactoring

Modules are inaccessible if permissions not configured correctly
2026-04-26 10:03:11 -04:00 · 2014-10-07 21:47:07 +02:00
parent aee5f3d27e
commit bb9ab9bd9c
9 changed files with 14 additions and 21 deletions
--- a/application/controllers/employees.php
+++ b/application/controllers/employees.php
@@ -48,7 +48,6 @@ class Employees extends Person_controller
 		$data['person_info']=$this->Employee->get_info($employee_id);
 		$data['all_modules']=$this->Module->get_all_modules();
 		$data['all_subpermissions']=$this->Module->get_all_subpermissions();
-		var_dump($this->db->last_query());
 		$this->load->view("employees/form",$data);
 	}
 	
--- a/application/controllers/items.php
+++ b/application/controllers/items.php
@@ -21,7 +21,6 @@ class Items extends Secure_area implements iData_controller
 		$stock_locations=$this->Stock_locations->get_allowed_locations();
 		$data['stock_location']=$stock_location;
 		$data['stock_locations']=$stock_locations;
-		var_dump($stock_location);
 		$data['controller_name']=strtolower(get_class());
 		$data['form_width']=$this->get_form_width();
 		$data['manage_table']=get_items_manage_table( $this->Item->get_all( $stock_location, $config['per_page'], $this->uri->segment( $config['uri_segment'] ) ), $this );
--- a/application/controllers/reports.php
+++ b/application/controllers/reports.php
@@ -25,7 +25,8 @@ class Reports extends Secure_area
 	//Initial report listing screen
 	function index()
 	{
-		$this->load->view("reports/listing",array());	
+		$data['grants']=$this->Employee->get_employee_grants($this->session->userdata('person_id'));
+		$this->load->view("reports/listing",$data);	
 	}
 	
 	function _get_common_report_data()
--- a/application/controllers/secure_area.php
+++ b/application/controllers/secure_area.php
@@ -13,9 +13,9 @@ class Secure_area extends CI_Controller
 		{
 			redirect('login');
 		}
-		$submodule_id = empty($submodule_id) ? $module_id : $submodule_id;
 		$employee_id=$this->Employee->get_logged_in_employee_info()->person_id;
-		if(!$this->Employee->has_module_permission($module_id,$employee_id))
+		if(!$this->Employee->has_module_permission($module_id,$employee_id) || 
+			(isset($submodule_id) && !$this->Employee->has_module_permission($submodule_id,$employee_id)))
 		{
 			redirect('no_access/'.$module_id);
 		}
@@ -23,7 +23,6 @@ class Secure_area extends CI_Controller
 		//load up global data
 		$logged_in_employee_info=$this->Employee->get_logged_in_employee_info();
 		$data['allowed_modules']=$this->Module->get_allowed_modules($logged_in_employee_info->person_id);
-		$data['grants']=$this->Module->get_employee_grants($logged_in_employee_info->person_id);
 		$data['user_info']=$logged_in_employee_info;
 		$this->load->vars($data);
 	}
--- a/application/models/employee.php
+++ b/application/models/employee.php
@@ -342,6 +342,13 @@ class Employee extends Person
 		$query = $this->db->get_where('grants', array('person_id'=>$person_id,'permission_id'=>$permission_id), 1);
 		return ($query->num_rows() == 1); 
 	}
+	
+	function get_employee_grants($person_id)
+	{
+		$this->db->from('grants');
+		$this->db->where('person_id',$person_id);
+		return $this->db->get();
+	}

 }
 ?>
--- a/application/models/module.php
+++ b/application/models/module.php
@@ -63,12 +63,5 @@ class Module extends CI_Model
 		return $this->db->get();		
 	}
 	
-	function get_employee_grants($person_id)
-	{
-		$this->db->from('grants');
-		$this->db->where('person_id',$person_id);
-		return $this->db->get();
-	}
-	
 }
 ?>
--- a/application/models/stock_locations.php
+++ b/application/models/stock_locations.php
@@ -13,7 +13,6 @@ class Stock_locations extends CI_Model
    function get_all($limit=10000, $offset=0)
    {
        $this->db->from('stock_locations');
-		$this->db->where('deleted', 0);        
        $this->db->limit($limit);
        $this->db->offset($offset);
        return $this->db->get();
@@ -23,9 +22,6 @@ class Stock_locations extends CI_Model
    {
    	$this->db->select('location_name');
    	$this->db->from('stock_locations');
-        $this->db->join('permissions','permissions.location_id=stock_locations.location_id');
-		$this->db->join('grants','grants.permission_id=permissions.permission_id');;
-    	$this->db->where('person_id', $this->session->userdata('person_id'));
    	$this->db->where('deleted', 0);
    	return $this->db->get();
    }
--- a/application/views/employees/form.php
+++ b/application/views/employees/form.php
@@ -99,7 +99,7 @@ echo form_close();
 //validation and submit handling
 $(document).ready(function()
 {
-	$("ul#permission_list > li > input[name='permissions[]']").each(function() 
+	$("ul#permission_list > li > input[name='grants[]']").each(function() 
 	{
 	    var $this = $(this);
 	    $("ul > li > input", $this.parent()).each(function() 
@@ -161,7 +161,7 @@ $(document).ready(function()
 			{
 				equalTo: "#password"
 			},
-    		email: "email", "permissions[]" : {
+    		email: "email", "grants[]" : {
        		required : function(element) {
 					var checked = false;
            		$("ul#permission_list > li > input:checkbox").each(function() 
@@ -213,7 +213,7 @@ $(document).ready(function()
 				equalTo: "<?php echo $this->lang->line('employees_password_must_match'); ?>"
     		},
     		email: "<?php echo $this->lang->line('common_email_invalid_format'); ?>",
-     		"permissions[]": "fill in correctly!!"
+     		"grants[]": "fill in correctly!!"
 		}
 	});
 });
--- a/application/views/reports/listing.php
+++ b/application/views/reports/listing.php
@@ -1,4 +1,3 @@
-
 <?php $this->load->view("partial/header"); ?>
 <div id="page_title" style="margin-bottom:8px;"><?php echo $this->lang->line('reports_reports'); ?></div>
 <div id="welcome_message"><?php echo $this->lang->line('reports_welcome_message'); ?>