Added user access level restriction to viewing emails

controllers/app_controller.php

@@ -43,6 +43,18 @@ class AppController extends Controller {
 	}
     }
 
+
+     function isManager() {
+	$currentuser = $this->getCurrentUser();
+	if($currentuser['access_level'] == 'manager') {
+	    return true;
+	}
+	else {
+	    return false;
+	}
+    }
+
+
     /**
      * Read the current logged in user.
      * @return array - the currently logged in user.

controllers/emails_controller.php

@@ -94,6 +94,16 @@ class EmailsController extends AppController {
 	    return;
 	}
 	else {
+
+	    $user = $this->Email->User->find('first', array('conditions'=>array('User.id'=>$id), 'fields'=>array('User.id','User.access_level'), 'recursive'=>0));
+	    
+	    if($user['User']['access_level'] == 'manager' || $user['User']['access_level'] == 'admin') {
+		if( (!$this->isAdmin()) && (!$this->isManager()) ) {
+		   echo "Unable to view Emails for this User. You have insufficient privileges.";
+		   return;
+		}
+	    }
+
 	    //$this->set('emails', $this->paginate());
 	    $fromMailIDs = $this->Email->find('list', array('conditions'=>array('Email.user_id'=>$id)));
 	    $recMailIDs = $this->Email->EmailRecipient->find('list', array('conditions'=>array('EmailRecipient.user_id'=>$id),

controllers/users_controller.php

@@ -56,6 +56,7 @@ class UsersController extends AppController {
 
 
     function logout() {
+	 $this->Cookie->del('Auth.User');
 	$this->redirect($this->Auth->logout());
     }
 

views/users/view_contact.ctp

@@ -81,5 +81,3 @@
     <div id="emailTable">
     </div>
 </div>
-
-<?php     debug($user);?>