Added user access level restriction to viewing emails

2011-03-21 17:58:21 +11:00 · 2011-03-21 17:58:21 +11:00 · ed0ec443a3
parent a270f31009
commit ed0ec443a3
4 changed files with 32 additions and 11 deletions
--- a/controllers/app_controller.php
+++ b/controllers/app_controller.php
@ -43,6 +43,18 @@ class AppController extends Controller {
 	}
    }

+
+     function isManager() {
+	$currentuser = $this->getCurrentUser();
+	if($currentuser['access_level'] == 'manager') {
+	    return true;
+	}
+	else {
+	    return false;
+	}
+    }
+
+
    /**
     * Read the current logged in user.
     * @return array - the currently logged in user.
--- a/controllers/emails_controller.php
+++ b/controllers/emails_controller.php
@ -94,12 +94,22 @@ class EmailsController extends AppController {
 	    return;
 	}
 	else {
+
+	    $user = $this->Email->User->find('first', array('conditions'=>array('User.id'=>$id), 'fields'=>array('User.id','User.access_level'), 'recursive'=>0));
+	    
+	    if($user['User']['access_level'] == 'manager' || $user['User']['access_level'] == 'admin') {
+		if( (!$this->isAdmin()) && (!$this->isManager()) ) {
+		   echo "Unable to view Emails for this User. You have insufficient privileges.";
+		   return;
+		}
+	    }
+
 	    //$this->set('emails', $this->paginate());
 	    $fromMailIDs = $this->Email->find('list', array('conditions'=>array('Email.user_id'=>$id)));
 	    $recMailIDs = $this->Email->EmailRecipient->find('list', array('conditions'=>array('EmailRecipient.user_id'=>$id),
-		'fields'=>array('EmailRecipient.email_id', 'EmailRecipient.email_id')));
+		    'fields'=>array('EmailRecipient.email_id', 'EmailRecipient.email_id')));

-	   // print_r($recMailIDs);
+	    // print_r($recMailIDs);

 //	    print_r($fromMailIDs);
 	    $allIDs = $fromMailIDs + $recMailIDs;
@ -111,10 +121,10 @@ class EmailsController extends AppController {


 	    $this->paginate['Email'] = array(
-		'conditions' => array('Email.id'=>$allIDs),
-		'order'=>array('Email.udate DESC'),
-		'contain' => array('EmailRecipient', 'User'),
-		'limit' => 100,
+		    'conditions' => array('Email.id'=>$allIDs),
+		    'order'=>array('Email.udate DESC'),
+		    'contain' => array('EmailRecipient', 'User'),
+		    'limit' => 100,
 	    );


--- a/controllers/users_controller.php
+++ b/controllers/users_controller.php
@ -56,6 +56,7 @@ class UsersController extends AppController {


    function logout() {
+	 $this->Cookie->del('Auth.User');
 	$this->redirect($this->Auth->logout());
    }

--- a/views/users/view_contact.ctp
+++ b/views/users/view_contact.ctp
@ -81,5 +81,3 @@
    <div id="emailTable">
    </div>
 </div>
-
-<?php     debug($user);?>