getAuthUser(); $this->authUser = false; if ($au) { $this->authUser = $au; } return true; } function delete() { $this->jerr("Delete not permitted yet..."); // only post requests..??? // need perms sorting out first. } function checkPerm($obj, $lvl, $req=null) { $res = parent::checkPerm($obj,$lvl,$req); if ($res) { return $res; } if ($this->authUser && $this->authUser->company()->comptype == 'OWNER') { return true; } // these checks only apply to non-company users. // normally allowed, but we have more restrictions... switch($obj->tablename()) { case 'core_enum': if (empty($req['etype'])) { return false; } if ($lvl != 'S') { return false; } switch ($req['etype']) { case 'severity': case 'classification': case 'severity': case 'resolution': case 'priority': case 'ticketstate': // not a member of the company.. // not allowed in.. return true; } return false; default: return false; } } }