+<?php
+
+
+require_once 'Pman/Roo.php';
+
+
+/**
+ * This extends the standard Roo API
+ *
+ * however it has to verify that we send data protected, as it's pretty open!!!
+ *
+ *
+ *
+ */
+
+class MTrackWeb_Roo extends Pman_Roo
+{
+ var $validTables = array(
+ 'mtrack_ticket', /// all of these MUST have applyFilters, and check authenication..
+ 'Mtrack_ticket', /// all of these MUST have applyFilters, and check authenication..
+ 'mtrack_change',
+ 'core_enum',
+ 'Person',
+ 'mtrack_milestone',
+ 'Projects',
+ 'Images',
+ 'mtrack_repos'
+
+ );
+
+ function getAuth() {
+ Pman::getAuth(); // load company!
+ $au = $this->getAuthUser();
+ $this->authUser = false;
+ if ($au) {
+ $this->authUser = $au;
+ }
+
+ return true;
+ }
+
+ function delete()
+ {
+ $this->jerr("Delete not permitted yet...");
+ // only post requests..???
+ // need perms sorting out first.
+ }
+
+ function checkPerm($obj, $lvl, $req=null)
+ {
+ if ($this->authUser) {
+ $res = parent::checkPerm($obj,$lvl,$req);
+
+ if ($res) {
+ return $res;
+ }
+ }
+ // not authenticated...
+
+
+ // these checks only apply to non-company users.
+
+ // normally allowed, but we have more restrictions...
+ switch($obj->tablename()) {
+
+ case 'core_enum':
+ if (empty($req['etype'])) {
+ return false;
+ }
+ if ($lvl != 'S') {
+ return false;
+ }
+ var_dump($req['etype']);
+ switch ($req['etype']) {
+ // case 'severity':
+ case 'classification':
+ case 'severity':
+ case 'resolution':
+ case 'priority':
+ case 'ticketstate':
+
+
+ // not a member of the company..
+ // not allowed in..
+ return true;
+ default:
+ return false;
+ }
+ break; // should not get here...
+
+ default:
+ return false;
+
+
+
+ }
+
+
+
+ }
+}