springup/cmc-sales
2
0
Fork 0
Code Issues 49 Pull requests Actions Packages Projects Releases Wiki Activity

Added user access level restriction to viewing emails

Browse source
This commit is contained in:
Karl Cordes 2011-03-21 17:58:21 +11:00
parent a270f31009
commit ed0ec443a3
4 changed files with 32 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
controllers/app_controller.php
View file

@ -43,6 +43,18 @@ class AppController extends Controller {
} }
} }
function isManager() {
$currentuser = $this->getCurrentUser();
if($currentuser['access_level'] == 'manager') {
return true;
}
else {
return false;
}
}
/** /**
* Read the current logged in user. * Read the current logged in user.
* @return array - the currently logged in user. * @return array - the currently logged in user.

22
controllers/emails_controller.php
View file

@ -94,12 +94,22 @@ class EmailsController extends AppController {
return; return;
} }
else { else {
$user = $this->Email->User->find('first', array('conditions'=>array('User.id'=>$id), 'fields'=>array('User.id','User.access_level'), 'recursive'=>0));
if($user['User']['access_level'] == 'manager' || $user['User']['access_level'] == 'admin') {
if( (!$this->isAdmin()) && (!$this->isManager()) ) {
echo "Unable to view Emails for this User. You have insufficient privileges.";
return;
}
}
//$this->set('emails', $this->paginate()); //$this->set('emails', $this->paginate());
$fromMailIDs = $this->Email->find('list', array('conditions'=>array('Email.user_id'=>$id))); $fromMailIDs = $this->Email->find('list', array('conditions'=>array('Email.user_id'=>$id)));
$recMailIDs = $this->Email->EmailRecipient->find('list', array('conditions'=>array('EmailRecipient.user_id'=>$id), $recMailIDs = $this->Email->EmailRecipient->find('list', array('conditions'=>array('EmailRecipient.user_id'=>$id),
'fields'=>array('EmailRecipient.email_id', 'EmailRecipient.email_id'))); 'fields'=>array('EmailRecipient.email_id', 'EmailRecipient.email_id')));
// print_r($recMailIDs); // print_r($recMailIDs);
// print_r($fromMailIDs); // print_r($fromMailIDs);
$allIDs = $fromMailIDs + $recMailIDs; $allIDs = $fromMailIDs + $recMailIDs;
@ -111,10 +121,10 @@ class EmailsController extends AppController {
$this->paginate['Email'] = array( $this->paginate['Email'] = array(
'conditions' => array('Email.id'=>$allIDs), 'conditions' => array('Email.id'=>$allIDs),
'order'=>array('Email.udate DESC'), 'order'=>array('Email.udate DESC'),
'contain' => array('EmailRecipient', 'User'), 'contain' => array('EmailRecipient', 'User'),
'limit' => 100, 'limit' => 100,
); );

1
controllers/users_controller.php
View file

@ -56,6 +56,7 @@ class UsersController extends AppController {
function logout() { function logout() {
$this->Cookie->del('Auth.User');
$this->redirect($this->Auth->logout()); $this->redirect($this->Auth->logout());
} }

2
views/users/view_contact.ctp
View file

@ -81,5 +81,3 @@
<div id="emailTable"> <div id="emailTable">
</div> </div>
</div> </div>
<?php debug($user);?>