MTrackWeb/Roo.php

[web.mtrack] / MTrackWeb / Roo.php

diff --git a/MTrackWeb/Roo.php b/MTrackWeb/Roo.php
index cd5c213..715cf29 100644 (file)
--- a/MTrackWeb/Roo.php
+++ b/MTrackWeb/Roo.php
@@ -48,20 +48,21 @@ class MTrackWeb_Roo extends Pman_Roo
     
     function checkPerm($obj, $lvl, $req=null)
     {
-        
-        $res = parent::checkPerm($obj,$lvl,$req);
-        if ($res) {
-            return $res;
+        if ($this->authUser) {
+            $res = parent::checkPerm($obj,$lvl,$req);
+            
+            if ($res) {
+                return $res;
+            }
         }
+        // not authenticated...
         
         
-        if ($this->authUser && $this->authUser->company()->comptype == 'OWNER') {
-            return true;
-        }
         // these checks only apply to non-company users.
         
         // normally allowed, but we have more restrictions...
         switch($obj->tablename()) {
+            
             case 'core_enum':
                 if (empty($req['etype'])) {
                     return false;
@@ -69,9 +70,9 @@ class MTrackWeb_Roo extends Pman_Roo
                 if ($lvl != 'S') {
                     return false;
                 }
-                
+                var_dump($req['etype']);
                 switch ($req['etype']) {
-                    case 'severity':
+                   // case 'severity':
                     case 'classification':
                     case 'severity':
                     case 'resolution':
@@ -81,9 +82,11 @@ class MTrackWeb_Roo extends Pman_Roo
                     
                     // not a member of the company..
                     // not allowed in..
-                    return true;
+                        return true;
+                    default:
+                        return false;
                 }
-                return false;
+                break; // should not get here...
             
             default:
                 return false;