// ---------------- authentication / passwords and keys stuff ----------------
function isAuth()
{
+
+ @session_start();
+
+
$db = $this->getDatabaseConnection();
// we combine db + project names,
// otherwise if projects use different 'auth' objects
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- @session_start();
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
// in session...
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- $u = DB_DataObject::factory('Person');
+
+ $u = DB_DataObject::factory($this->tableName());
if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
return $u->verifyAuth();
-
- return true;
+
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- var_dump(array(get_class($this),$sesPrefix .'-auth'));
-
+ //var_dump(array(get_class($this),$sesPrefix .'-auth'));
+
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- $u = DB_DataObject::factory($this->getTableName()); // allow extending this ...
- if ($u->get($a->id)) { /// && strlen($u->passwd)) {
+
+ $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
+ $u->autoJoin();
+ if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really..
return clone($u);
}
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
function login()
{
$this->isAuth(); // force session start..
- if (!$this->verifyAuth()) {
+ if (!$this->verifyAuth()) { // check for company valid..
return false;
}
$db = $this->getDatabaseConnection();
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- @session_start();
+
+ // we should not store the whole data in the session - otherwise it get's huge.
+ $p = DB_DAtaObject::Factory($this->tableName());
+ $p->get($this->pid());
+
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($this);
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$p->toArray());
+ // ensure it's written so that ajax calls can fetch it..
+
+
}
function logout()
$db = $this->getDatabaseConnection();
$ff= HTML_FlexyFramework::get();
$sesPrefix = $ff->appNameShort .'-' .get_class($this) .'-'.$db->dsn['database'] ;
- @session_start();
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
-
+ $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
+
}
function genPassKey ($t)
{
{
if (substr($this->passwd,0,1) == '$') {
+
return crypt($val,$this->passwd) == $this->passwd ;
}
// old style md5 passwords...- cant be used with courier....
return md5($val) == $this->passwd;
}
+
function setPassword($value)
{
$salt='';
if(!empty($q['query']['name'])){
$this->whereAdd("
- Person.name LIKE '%{$this->escape($q['query']['name'])}%'
+ {$this->tableName()}.name LIKE '%{$this->escape($q['query']['name'])}%'
");
}
");*/
}
+ // project directory rules -- this may distrupt things.
+ $p = DB_DataObject::factory('ProjectDirectory');
+ // if project directories are set up, then we can apply project query rules..
+ if ($p->count()) {
+ $p->autoJoin();
+ $pids = $p->projects($au);
+ if (isset($q['query']['project_id'])) {
+ $pid = (int)$q['query']['project_id'];
+ if (!in_array($pid, $pids)) {
+ $roo->jerr("Project not in users valid projects");
+ }
+ $pids = array($pid);
+ }
+ // project roles..
+ //if (empty($q['_anyrole'])) { // should be project_directry_role
+ // $p->whereAdd("{$p->tableName()}.role != ''");
+ // }
+ if (!empty($q['query']['role'])) { // should be project_directry_role
+ $role = $this->escape($q['query']['role']);
+
+ $p->whereAdd("{$p->tableName()}.role LIKE '%{$role}%'");
+
+ }
+
+ if (!$roo->hasPerm('Core.Projects_All', 'S')) {
+ $peps = $p->people($pids);
+ $this->whereAddIn("{$tn}.id", $peps, 'int');
+ }
+ }
+
+ // fixme - this needs a more generic fix - it was from the mtrack_person code...
+ if (isset($q['query']['ticket_id'])) {
+ // find out what state the ticket is in.
+ $t = DB_DataObject::Factory('mtrack_ticket');
+ $t->autoJoin();
+ $t->get($q['query']['ticket_id']);
+
+ if (!$this->checkPerm('S', $au)) {
+ $roo->jerr("permssion denied to query state of ticket");
+ }
+
+ $p = DB_DataObject::factory('ProjectDirectory');
+ $pids = array($t->project_id);
+
+ $peps = $p->people($pids);
+
+ $this->whereAddIn($this->tableName().'.id', $peps, 'int');
+
+ //$this->whereAdd('join_prole != ''");
+
+ }
}
function setFromRoo($ar, $roo)
{
if ($au && $au->id == -1) {
return true;
}
+ // if not authenticated... do not allow in???
+ if (!$au ) {
+ return false;
+ }
// determine if it's staff!!!
-
- if ($au->company()->comptype != 'OWNER') {
+ $owncomp = DB_DataObject::Factory('Companies');
+ $owncomp->get('comptype', 'OWNER');
+ $isStaff = ($au->company_id == $owncomp->id);
+
+
+ if (!$isStaff) {
// - can not change company!!!
if ($changes &&
return false;
}
+
+ // mtrack had the idea that all 'S' should be allowed.. - but filtered later..
+ // ???? do we want this?
+
// edit self... - what about other staff members...
- return $this->company_id == $au->company_id;
+ //return $this->company_id == $au->company_id;
}
-
+
// yes, only owner company can mess with this...
- $owncomp = DB_DataObject::Factory('Companies');
- $owncomp->get('comptype', 'OWNER');
- $isStaff = ($this->company_id == $owncomp->id);
+
switch ($lvl) {