getAuthUser(); $this->authUser = false; if ($au) { $this->authUser = $au; } return true; } function delete() { $this->jerr("Delete not permitted yet..."); // only post requests..??? // need perms sorting out first. } function checkPerm($obj, $lvl, $req=null) { $res = parent::checkPerm($obj,$lvl,$req); if (!$res) { return $res; } // normally allowed, but we have more restrictions... switch($obj->tablename()) { case 'core_enum': if (empty($req['etype']) { return false; } switch ($req['etype']) { if ($perm == 'S') { return true; } if (!$au) { return false; } if ($au->company()->comptype == 'OWNER') { return true; } // not a member of the company.. // not allowed in.. return false; } return $res; } }