$this->jok(array('id' => 0)); // not logged in..
exit;
}
+
+ $ff= HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+ $this->jerr("Login not permited to outside companies");
+ }
+
+
$au = $u->getAuthUser();
$aur = $au->authUserArray();
function switchUser($id)
{
+ $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+ $u = DB_DataObject::factory($tbl);
+ if (!$u->isAuth()) {
+ $this->err("not logged in");
+ }
+
+ $au = $u->getAuthUser();
+
+
// first check they have perms to do this..
- if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+ if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
$this->jerr("User switching not permitted");
}
- $old = clone($this->authUser);
- $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+
+
$u = DB_DataObject::factory($tbl);
$u->get($id);
if (!$u->active()) {
}
$u->login();
// we might need this later..
- $this->addEvent("SWITCH USER", false, $old->name . ' TO ' . $u->name);
+ $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
$this->jok("SWITCH");
}
$this->jerr('Account disabled');
}
+ // check if config allows non-owner passwords.
+ // auth_company = "OWNER" // auth_company = "CLIENT" or blank for all?
+ // perhaps it should support arrays..
+ $ff= HTML_FlexyFramework::get();
+ if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+ $this->jerr("Login not permited to outside companies");
+ }
+
+
+
if ($u->checkPassword($_REQUEST['password'])) {
$u->login();
// we might need this later..
projects / Pman.Base / blobdiff