Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index e3f02d1..d5e0849 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -125,10 +125,30 @@ class Pman_Login extends Pman
     
     function switchUser($id)
     {
+        $tbl = empty($ff->Pman['authTable']) ? 'Person' : $ff->Pman['authTable'];
+        $u = DB_DataObject::factory($tbl);
+        if (!$u->isAuth()) {
+            $this->err("not logged in");
+        }
+        
+        $au = $u->getAuthUser();
+        
+        
         // first check they have perms to do this..
-        if (!$this->authUser || ($this->authUser->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
-            $this->jerr(
-           }
+        if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+            $this->jerr("User switching not permitted");
+        }
+        
+        
+        $u = DB_DataObject::factory($tbl);
+        $u->get($id);
+        if (!$u->active()) {
+            $this->jerr('Account disabled');
+        }
+        $u->login();
+            // we might need this later..
+        $this->addEvent("SWITCH USER", false, $au->name . ' TO ' . $u->name);
+        $this->jok("SWITCH");
         
     }
     
@@ -180,6 +200,15 @@ class Pman_Login extends Pman
             $this->jerr('Account disabled');
         }
         
+        // check if config allows non-owner passwords.
+        // auth_company = "OWNER" auth_company = "CLIENT"
+        $ff= HTML_FlexyFramework::get();
+        if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+            $this->jerr("Login not permited to outside companies");
+        }
+        
+        
+        
         if ($u->checkPassword($_REQUEST['password'])) {
             $u->login();
             // we might need this later..