projects / web.mtrack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
MTrackWeb/Roo.php
[web.mtrack] / MTrackWeb / Roo.php
diff --git a/MTrackWeb/Roo.php b/MTrackWeb/Roo.php
index e00a78b..82155ab 100644 (file)
--- a/MTrackWeb/Roo.php
+++ b/MTrackWeb/Roo.php
@@ -15,29 +15,97 @@ require_once 'Pman/Roo.php';
 
 class MTrackWeb_Roo extends Pman_Roo
 {
-    var $validTables = array('mtrack_ticket');
-    
-    function getAuth()
-    {
-        return true;
+    var $validTables = array(
+        'mtrack_ticket', /// all of these MUST have applyFilters, and check authenication..
+        'Mtrack_ticket', /// all of these MUST have applyFilters, and check authenication..
+        'mtrack_change',
+        'core_enum',
+        //'Person',  // fixme - need to verify this is protected..
+        'mtrack_milestone',
+        'Projects',  // fixme - we should remove code from projects....
+        'Images',   // not sure about this...
+        'mtrack_repos'   // not sure about this...
         
+    );
+    
+    function getAuth() {
+        Pman::getAuth(); // load company!
+        $au = $this->getAuthUser();
+        $this->authUser =  false;
+        if ($au) {
+           $this->authUser = $au;
+        }
         
+        return true;
     }
     
-    function get($tbl)
+    function delete()
     {
-        if (!in_array($tbl,$this->validTables)) {
-            $this->jerr("Invalid url");
-        }
-        return parent::get($tbl);
+        $this->jerr("Delete not permitted yet...");
+        // only post requests..???
+        // need perms sorting out first.
     }
-    function post($table)
+    
+    function checkPerm($obj, $lvl, $req=null)
     {
-        if (!in_array($tbl,$this->validTables)) {
-            $this->jerr("Invalid url");
+        //if ($this->authUser) {
+            $res = parent::checkPerm($obj,$lvl,$req);
+            
+            if ($res) {
+                return $res;
+            }
+        //}
+        // not authenticated...
+         
+        // these checks only apply to non-company users.
+        
+        // normally allowed, but we have more restrictions...
+        switch($obj->tablename()) {
+            
+            case 'core_enum':
+                if (empty($req['etype'])) {
+                    return false;
+                }
+                if ($lvl != 'S') {
+                    return false;
+                }
+                
+                switch ($req['etype']) {
+                     case 'classification':
+                    //case 'severity':
+                    case 'resolution':
+                    case 'priority':
+                    case 'ticketstate':                    
+                     
+                    
+                    // not a member of the company..
+                    // not allowed in..
+                        return true;
+                    default:
+                        return false;
+                }
+                break; // should not get here...
+            
+            default:
+                return false;
+                
+            
+            
         }
-        return parent::post($tbl);
+        
+    }
     
+    function setFilters($x, $q) {
+        $ret = parent::setFilters($x,$q);
+        
+        
+        
+        
+        
+        
+        
+        
+        return $ret;
     }
     
-}
\ No newline at end of file
+}
Copy of Wez's mtrack