system/application/config/autoload.php | 2
system/application/controllers/admin/active.php | 128 --------------
system/application/controllers/admin/create.php | 9 +
system/application/controllers/admin/manage.php | 9 +
system/application/controllers/admin/setting.php | 9 +
system/application/controllers/admin/status.php | 9 +
system/application/controllers/admin/welcome.php | 16 +
system/application/controllers/group.php | 24 ++
system/application/controllers/ledger.php | 24 ++
system/application/controllers/log.php | 34 +++
system/application/controllers/report.php | 11 +
system/application/controllers/setting.php | 70 ++-----
system/application/controllers/tag.php | 26 ++
system/application/controllers/user.php | 203 +++++++++++++++++++++++
system/application/controllers/voucher.php | 48 +++++
system/application/helpers/access_helper.php | 121 +++++++++++++
system/application/libraries/Startup.php | 22 +-
system/application/views/admin/active.php | 22 --
system/application/views/admin/manage/index.php | 6
system/application/views/admin/welcome.php | 8
system/application/views/admin_template.php | 5
system/application/views/setting/change.php | 34 ---
system/application/views/template.php | 24 +-
system/application/views/user/account.php | 23 ++
system/application/views/user/login.php | 25 ++
system/application/views/user_template.php | 121 +++++++++++++
system/application/views/welcome.php | 50 ++---
27 files changed, 792 insertions(+), 291 deletions(-)
New commits:
commit 1bbd1c32b0b7b0fa5a2e3f68fa2b0ee22b7293ff
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 22:06:19 2011 +0530
Changed admin top link from Accounts to 'Back to Accounts'
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/views/admin_template.php
b/system/application/views/admin_template.php
index 44e36a8..67e360c 100644
--- a/system/application/views/admin_template.php
+++ b/system/application/views/admin_template.php
@@ -36,7 +36,7 @@ $(document).ready(function(){
<?php echo anchor('admin', 'Webzash', array('class' =>
'anchor-link-b')); ?> <span id="admin-area">Admin
area</span>
</div>
<div id="admin">
- <?php echo anchor('', 'Accounts', array('title' =>
"Back to accounts", 'class' => 'anchor-link-b')); ?> |
+ <?php echo anchor('', 'Back to Accounts', array('title'
=> "Back to accounts", 'class' => 'anchor-link-b')); ?>
|
<?php echo anchor('user/logout', 'Logout', array('title'
=> "Logout", 'class' => 'anchor-link-b')); ?>
</div>
<div id="info">
commit 4caa8967b4cf2d3c97546e578f2c8b4595db2529
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 22:04:42 2011 +0530
Removed change accounts from admin section
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/admin/active.php
b/system/application/controllers/admin/active.php
deleted file mode 100644
index 9bf812c..0000000
--- a/system/application/controllers/admin/active.php
+++ /dev/null
@@ -1,137 +0,0 @@
-<?php
-
-class Active extends Controller {
-
- function Active()
- {
- parent::Controller();
-
- /* Check access */
- if ( ! check_access('administer'))
- {
- $this->messages->add('Permission denied', 'error');
- redirect('');
- return;
- }
-
- return;
- }
-
- function index($url_label_name = NULL)
- {
- $this->template->set('page_title', 'Change Active Account');
-
- /* If label specified in URL */
- if ($url_label_name)
- {
- $url_label_name = $this->input->xss_clean($url_label_name);
- $data['account'] = $url_label_name;
- } else {
- $data['account'] = "";
- }
-
- /* Getting list of files in the config - accounts directory */
- $accounts_list = get_filenames($this->config->item('config_path') .
'accounts');
- $data['accounts'] = array();
- if ($accounts_list)
- {
- foreach ($accounts_list as $row)
- {
- /* Only include file ending with .ini */
- if (substr($row, -4) == ".ini")
- {
- $ini_label = substr($row, 0, -4);
- $data['accounts'][$ini_label] = $ini_label;
- }
- }
- }
-
- /* Form validations */
- if ( ! $url_label_name)
- {
- $this->form_validation->set_rules('account', 'Account',
'trim|required');
- }
-
- /* Repopulating form */
- if ($_POST)
- {
- /* Unsetting all database configutaion */
- $this->session->unset_userdata('active_account');
- $data['account'] = $this->input->post('account', TRUE);
- }
-
- /* Validating form : only if label name is not set from URL */
- if ($this->form_validation->run() == FALSE && ( ! $url_label_name))
- {
- $this->messages->add(validation_errors(), 'error');
- $this->template->load('admin_template', 'admin/active', $data);
- return;
- } else {
- if ($url_label_name)
- {
- $db_label = $this->input->xss_clean($url_label_name);
- } else {
- $db_label = $this->input->post('account', TRUE);
- }
- $ini_file = $this->config->item('config_path') . "accounts/" .
$db_label . ".ini";
-
- /* Check if database ini file exists */
- if ( ! get_file_info($ini_file))
- {
- $this->messages->add('Account settings file is missing.',
'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
-
- /* Parsing database ini file */
- $active_accounts = parse_ini_file($ini_file);
- if ( ! $active_accounts)
- {
- $this->messages->add('Invalid account settings file.',
'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
-
- /* Check if all needed variables are set in ini file */
- if ( ! isset($active_accounts['db_hostname']))
- {
- $this->messages->add('Hostname missing from account settings file.',
'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
- if ( ! isset($active_accounts['db_port']))
- {
- $this->messages->add('Port missing from account settings file. Default
MySQL port is 3306.', 'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
- if ( ! isset($active_accounts['db_name']))
- {
- $this->messages->add('Database name missing from account settings
file.', 'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
- if ( ! isset($active_accounts['db_username']))
- {
- $this->messages->add('Database username missing from account settings
file.', 'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
- if ( ! isset($active_accounts['db_password']))
- {
- $this->messages->add('Database password missing from account settings
file.', 'error');
- $this->template->load('admin_template', 'admin/active',
$data);
- return;
- }
-
- /* Setting new account database details in session */
- $this->session->set_userdata('active_account', $db_label);
- $this->messages->add('Active account settings changed.',
'success');
- redirect('admin');
- }
- return;
- }
-}
-
-/* End of file active.php */
-/* Location: ./system/application/controllers/admin/active.php */
diff --git a/system/application/controllers/admin/welcome.php
b/system/application/controllers/admin/welcome.php
index b6a767e..eda73ab 100644
--- a/system/application/controllers/admin/welcome.php
+++ b/system/application/controllers/admin/welcome.php
@@ -94,7 +94,6 @@ class Welcome extends Controller {
}
} else {
$is_label_set = FALSE;
- $this->messages->add('Select a valid account.', 'error');
}
if ($is_label_set)
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
index 3164b40..67cf567 100644
--- a/system/application/controllers/user.php
+++ b/system/application/controllers/user.php
@@ -92,7 +92,7 @@ class User extends Controller {
/* Show manage accounts links if user has permission */
if (check_access('administer'))
{
- $this->template->set('nav_links', array('admin/manage' =>
'Manage accounts'));
+ $this->template->set('nav_links', array('admin/create' =>
'Create account', 'admin/manage' => 'Manage accounts'));
}
/* Check access */
diff --git a/system/application/views/admin/active.php
b/system/application/views/admin/active.php
deleted file mode 100644
index 0b84d55..0000000
--- a/system/application/views/admin/active.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php
- echo form_open('admin/active');
-
- echo "<p>";
- echo "<b>Currently active account : </b>";
- echo $this->session->userdata('active_account');
- echo "</p>";
-
- echo "<p>";
- echo "Currently available accounts";
- echo "<br />";
- echo form_dropdown('account', $accounts, $account);
- echo "</p>";
-
- echo "<p>";
- echo form_submit('submit', 'Change');
- echo " ";
- echo anchor('admin', 'Back', array('title' => 'Back to
admin'));
- echo "</p>";
-
- echo form_close();
-
diff --git a/system/application/views/admin/welcome.php
b/system/application/views/admin/welcome.php
index 625ac24..77253a5 100644
--- a/system/application/views/admin/welcome.php
+++ b/system/application/views/admin/welcome.php
@@ -14,14 +14,6 @@
</div>
<div class="settings-container">
<div class="settings-title">
- <?php echo anchor('admin/active', 'Change Active Account',
array('title' => 'Change active account')); ?>
- </div>
- <div class="settings-desc">
- Change existing active account
- </div>
- </div>
- <div class="settings-container">
- <div class="settings-title">
<?php echo anchor('admin/manage', 'Manage Accounts',
array('title' => 'Manage existing accounts')); ?>
</div>
<div class="settings-desc">
diff --git a/system/application/views/admin_template.php
b/system/application/views/admin_template.php
index dab5ef0..44e36a8 100644
--- a/system/application/views/admin_template.php
+++ b/system/application/views/admin_template.php
@@ -33,7 +33,7 @@ $(document).ready(function(){
<div id="container">
<div id="header">
<div id="logo">
- Webzash <span id="admin-area">Admin area</span>
+ <?php echo anchor('admin', 'Webzash', array('class' =>
'anchor-link-b')); ?> <span id="admin-area">Admin
area</span>
</div>
<div id="admin">
<?php echo anchor('', 'Accounts', array('title' =>
"Back to accounts", 'class' => 'anchor-link-b')); ?> |
diff --git a/system/application/views/template.php
b/system/application/views/template.php
index adcb620..554ea63 100644
--- a/system/application/views/template.php
+++ b/system/application/views/template.php
@@ -65,7 +65,7 @@ $(document).ready(function() {
<div id="container">
<div id="header">
<div id="logo">
- Webzash <span id="beta-area">(beta)</span>
+ <?php echo anchor('', 'Webzash', array('class' =>
'anchor-link-b')); ?> <span id="beta-area">(beta)</span>
</div>
<?php
if ($this->session->userdata('user_name')) {
diff --git a/system/application/views/user_template.php
b/system/application/views/user_template.php
index 2b676f4..31dda8e 100644
--- a/system/application/views/user_template.php
+++ b/system/application/views/user_template.php
@@ -25,7 +25,7 @@
<div id="container">
<div id="header">
<div id="logo">
- Webzash <span id="beta-area">(beta)</span>
+ <?php echo anchor('', 'Webzash', array('class' =>
'anchor-link-b')); ?> <span id="beta-area">(beta)</span>
</div>
<?php
if ($this->session->userdata('user_name')) {
commit cf91d87d0da860fdc23ecc705398787e248c88dc
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 21:47:14 2011 +0530
Show manage accounts link
- If user has 'administer' permissions
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
index 69f0d9c..3164b40 100644
--- a/system/application/controllers/user.php
+++ b/system/application/controllers/user.php
@@ -89,6 +89,12 @@ class User extends Controller {
{
$this->template->set('page_title', 'Change Account');
+ /* Show manage accounts links if user has permission */
+ if (check_access('administer'))
+ {
+ $this->template->set('nav_links', array('admin/manage' =>
'Manage accounts'));
+ }
+
/* Check access */
if ( ! ($this->session->userdata('user_name')))
{
commit f5903079e622b9fe0c59ad4ccfd5b6f0390bd8a2
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 21:35:53 2011 +0530
Use the new account change form
- Removed the jQuery popup to change account
- All change account go to the new account change form
- Show the page top Logout link only if user is logged in
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/setting.php
b/system/application/controllers/setting.php
index c26a81f..0dc5788 100644
--- a/system/application/controllers/setting.php
+++ b/system/application/controllers/setting.php
@@ -914,50 +914,6 @@ class Setting extends Controller {
}
return;
}
-
- /* Change Active Account */
- function change()
- {
- /* Form validations */
- $this->form_validation->set_rules('select_account', 'Select
Account', 'trim|required');
-
- /* Validating form : only if label name is not set from URL */
- if ($this->form_validation->run() == FALSE)
- {
- $this->messages->add(validation_errors(), 'error');
- redirect('');
- return;
- } else {
- /* Unsetting all database configutaion */
- $this->session->unset_userdata('active_account');
-
- $data_select_account = $this->input->post('select_account', TRUE);
- $ini_file = $this->config->item('config_path') . "accounts/" .
$data_select_account . ".ini";
-
- /* Check if database ini file exists */
- if ( ! get_file_info($ini_file))
- {
- $this->messages->add('Account setting file is missing.',
'error');
- redirect('');
- return;
- }
-
- /* Parsing database ini file */
- $active_accounts = parse_ini_file($ini_file);
- if ( ! $active_accounts)
- {
- $this->messages->add('Invalid account setting file.',
'error');
- redirect('');
- return;
- }
-
- /* Setting new account database details in session */
- $this->session->set_userdata('active_account', $data_select_account);
- $this->messages->add('Active account changed.', 'success');
- redirect('');
- }
- return;
- }
}
/* End of file setting.php */
diff --git a/system/application/libraries/Startup.php
b/system/application/libraries/Startup.php
index 2cf6b2a..a751f73 100644
--- a/system/application/libraries/Startup.php
+++ b/system/application/libraries/Startup.php
@@ -102,8 +102,9 @@ class Startup
$db_config['dbcollat'] = "utf8_general_ci";
$CI->load->database($db_config, FALSE, TRUE);
} else {
- $CI->messages->add('Select a valid account.', 'error');
- redirect('admin');
+ $CI->messages->add('Select a account.', 'error');
+ redirect('user/account');
+ return;
}
/* Checking for valid database connection */
diff --git a/system/application/views/setting/change.php
b/system/application/views/setting/change.php
deleted file mode 100644
index 63e9eda..0000000
--- a/system/application/views/setting/change.php
+++ /dev/null
@@ -1,34 +0,0 @@
-<?php
- /* Getting list of files in the config - accounts directory */
- $accounts_list = get_filenames($this->config->item('config_path') .
'accounts');
- $select_account_options = array();
- if ($accounts_list)
- {
- foreach ($accounts_list as $row)
- {
- /* Only include file ending with .ini */
- if (substr($row, -4) == ".ini")
- {
- $ini_label = substr($row, 0, -4);
- $select_account_options[$ini_label] = $ini_label;
- }
- }
- }
-
- echo form_open('setting/change');
-
- echo "<p>";
- echo form_label('Select account', 'select_account');
- echo "<br />";
- echo form_dropdown('select_account', $select_account_options);
- echo "</p>";
-
- echo "<p>";
- echo form_submit('submit', 'Change');
- echo "</p>";
- echo "<p>";
- echo anchor('admin/manage', 'Manage Accounts', 'Manage
Accounts');
- echo "</p>";
-
- echo form_close();
-
diff --git a/system/application/views/template.php
b/system/application/views/template.php
index 460acb1..adcb620 100644
--- a/system/application/views/template.php
+++ b/system/application/views/template.php
@@ -67,22 +67,23 @@ $(document).ready(function() {
<div id="logo">
Webzash <span id="beta-area">(beta)</span>
</div>
- <div id="admin">
- <?php
+ <?php
+ if ($this->session->userdata('user_name')) {
+ echo "<div id=\"admin\">";
/* Check if allowed administer rights */
- if (check_access('administer'))
- {
+ if (check_access('administer')) {
echo anchor('admin', 'Administer', array('title' =>
"Administer", 'class' => 'anchor-link-b'));
echo " | ";
}
- ?>
- <?php echo anchor('user/logout', 'Logout', array('title'
=> "Logout", 'class' => 'anchor-link-b')); ?>
- </div>
+ echo anchor('user/logout', 'Logout', array('title' =>
"Logout", 'class' => 'anchor-link-b'));
+ echo "</div>";
+ }
+ ?>
<div id="info">
<?php
echo $this->config->item('account_name');
echo " (";
- echo "<a
href=\"#TB_inline?height=300&width=300&inlineId=changeActiveAccount\"
class=\"thickbox anchor-link-a\" title=\"Change Active
Account\">change</a>";
+ echo anchor('user/account', 'change', array('title' =>
'Change active account', 'class' => 'anchor-link-a'));
echo ")<br />";
echo "FY : ";
echo
date_mysql_to_php_display($this->config->item('account_fy_start'));
@@ -198,10 +199,5 @@ $(document).ready(function() {
<?php if (isset($page_footer)) echo $page_footer ?>
<a href="http://webzash.wordpress.com"
target="_blank">Webzash<a/> is licensed under <a
href="http://www.gnu.org/licenses/agpl-3.0.txt" target="_blank">GNU
Affero General Public License, version 3</a> as published by the Free Software
Foundation.
</div>
-<div id="account_change" class="hidden-element">
- <div id="changeActiveAccount">
- <?php $this->load->view("setting/change"); ?>
- </div>
-</div>
</body>
</html>
diff --git a/system/application/views/user_template.php
b/system/application/views/user_template.php
index 9fd47a4..2b676f4 100644
--- a/system/application/views/user_template.php
+++ b/system/application/views/user_template.php
@@ -27,6 +27,18 @@
<div id="logo">
Webzash <span id="beta-area">(beta)</span>
</div>
+ <?php
+ if ($this->session->userdata('user_name')) {
+ echo "<div id=\"admin\">";
+ /* Check if allowed administer rights */
+ if (check_access('administer')) {
+ echo anchor('admin', 'Administer', array('title' =>
"Administer", 'class' => 'anchor-link-b'));
+ echo " | ";
+ }
+ echo anchor('user/logout', 'Logout', array('title' =>
"Logout", 'class' => 'anchor-link-b'));
+ echo "</div>";
+ }
+ ?>
</div>
<div id="menu">
<ul class="sf-menu">
@@ -105,10 +117,5 @@
<?php if (isset($page_footer)) echo $page_footer ?>
<a href="http://webzash.wordpress.com"
target="_blank">Webzash<a/> is licensed under <a
href="http://www.gnu.org/licenses/agpl-3.0.txt" target="_blank">GNU
Affero General Public License, version 3</a> as published by the Free Software
Foundation.
</div>
-<div id="account_change" class="hidden-element">
- <div id="changeActiveAccount">
- <?php $this->load->view("setting/change"); ?>
- </div>
-</div>
</body>
</html>
commit 289dab84209174b66a50b576da7aa98029b86ee2
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 21:14:52 2011 +0530
Renamed db_active_label session variable to active_account
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/admin/active.php
b/system/application/controllers/admin/active.php
index 7415326..9bf812c 100644
--- a/system/application/controllers/admin/active.php
+++ b/system/application/controllers/admin/active.php
@@ -56,7 +56,7 @@ class Active extends Controller {
if ($_POST)
{
/* Unsetting all database configutaion */
- $this->session->unset_userdata('db_active_label');
+ $this->session->unset_userdata('active_account');
$data['account'] = $this->input->post('account', TRUE);
}
@@ -125,7 +125,7 @@ class Active extends Controller {
}
/* Setting new account database details in session */
- $this->session->set_userdata('db_active_label', $db_label);
+ $this->session->set_userdata('active_account', $db_label);
$this->messages->add('Active account settings changed.',
'success');
redirect('admin');
}
diff --git a/system/application/controllers/admin/welcome.php
b/system/application/controllers/admin/welcome.php
index 6a6263e..b6a767e 100644
--- a/system/application/controllers/admin/welcome.php
+++ b/system/application/controllers/admin/welcome.php
@@ -25,13 +25,13 @@ class Welcome extends Controller {
/* Reading database settings ini file */
$is_label_set = FALSE;
- if ($this->session->userdata('db_active_label'))
+ if ($this->session->userdata('active_account'))
{
$is_label_set = TRUE;
/* Fetching database label details from session */
- $db_active_label = $this->session->userdata('db_active_label');
- $ini_file = $this->config->item('config_path') . "accounts/" .
$db_active_label . ".ini";
+ $current_account = $this->session->userdata('active_account');
+ $ini_file = $this->config->item('config_path') . "accounts/" .
$current_account . ".ini";
/* Check if database ini file exists */
if ( ! get_file_info($ini_file))
diff --git a/system/application/controllers/setting.php
b/system/application/controllers/setting.php
index 0ac8bf8..c26a81f 100644
--- a/system/application/controllers/setting.php
+++ b/system/application/controllers/setting.php
@@ -929,7 +929,7 @@ class Setting extends Controller {
return;
} else {
/* Unsetting all database configutaion */
- $this->session->unset_userdata('db_active_label');
+ $this->session->unset_userdata('active_account');
$data_select_account = $this->input->post('select_account', TRUE);
$ini_file = $this->config->item('config_path') . "accounts/" .
$data_select_account . ".ini";
@@ -952,7 +952,7 @@ class Setting extends Controller {
}
/* Setting new account database details in session */
- $this->session->set_userdata('db_active_label', $data_select_account);
+ $this->session->set_userdata('active_account', $data_select_account);
$this->messages->add('Active account changed.', 'success');
redirect('');
}
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
index 062f7fd..69f0d9c 100644
--- a/system/application/controllers/user.php
+++ b/system/application/controllers/user.php
@@ -67,7 +67,7 @@ class User extends Controller {
} else {
$this->session->unset_userdata('user_name');
$this->session->unset_userdata('user_role');
- $this->session->unset_userdata('db_active_label');
+ $this->session->unset_userdata('active_account');
$this->messages->add('Invalid User name or Password.',
'error');
$this->template->load('user_template', 'user/login', $data);
return;
@@ -79,7 +79,7 @@ class User extends Controller {
{
$this->session->unset_userdata('user_name');
$this->session->unset_userdata('user_role');
- $this->session->unset_userdata('db_active_label');
+ $this->session->unset_userdata('active_account');
$this->session->sess_destroy();
$this->messages->add('Logged out.', 'success');
redirect('user/login');
@@ -98,7 +98,7 @@ class User extends Controller {
}
/* Currently active account */
- $data['active_account'] =
$this->session->userdata('db_active_label');
+ $data['active_account'] =
$this->session->userdata('active_account');
/* Getting list of files in the config - accounts directory */
$accounts_list = get_filenames($this->config->item('config_path') .
'accounts');
@@ -185,7 +185,7 @@ class User extends Controller {
}
/* Setting new account database details in session */
- $this->session->set_userdata('db_active_label', $data_active_account);
+ $this->session->set_userdata('active_account', $data_active_account);
$this->messages->add('Active account changed.', 'success');
redirect('');
}
diff --git a/system/application/libraries/Startup.php
b/system/application/libraries/Startup.php
index 26d6f2b..2cf6b2a 100644
--- a/system/application/libraries/Startup.php
+++ b/system/application/libraries/Startup.php
@@ -31,11 +31,11 @@ class Startup
}
/* Reading database settings ini file */
- if ($CI->session->userdata('db_active_label'))
+ if ($CI->session->userdata('active_account'))
{
/* Fetching database label details from session */
- $db_active_label = $CI->session->userdata('db_active_label');
- $ini_file = $CI->config->item('config_path') . "accounts/" .
$db_active_label . ".ini";
+ $current_account = $CI->session->userdata('active_account');
+ $ini_file = $CI->config->item('config_path') . "accounts/" .
$current_account . ".ini";
/* Check if database ini file exists */
if ( ! get_file_info($ini_file))
diff --git a/system/application/views/admin/active.php
b/system/application/views/admin/active.php
index efea0c5..0b84d55 100644
--- a/system/application/views/admin/active.php
+++ b/system/application/views/admin/active.php
@@ -3,7 +3,7 @@
echo "<p>";
echo "<b>Currently active account : </b>";
- echo $this->session->userdata('db_active_label');
+ echo $this->session->userdata('active_account');
echo "</p>";
echo "<p>";
diff --git a/system/application/views/admin/manage/index.php
b/system/application/views/admin/manage/index.php
index 8c7561e..43471ac 100644
--- a/system/application/views/admin/manage/index.php
+++ b/system/application/views/admin/manage/index.php
@@ -1,7 +1,7 @@
<?php
echo "<p>";
echo "<b>Currently active account : </b>";
-echo $this->session->userdata('db_active_label');
+echo $this->session->userdata('active_account');
echo "</p>";
echo "<table border=0 cellpadding=5 class=\"simple-table
manage-account-table\">";
@@ -27,7 +27,7 @@ foreach ($accounts as $label)
}
echo "<tr class=\"tr-" . $odd_even;
- if ($this->session->userdata('db_active_label') == $label)
+ if ($this->session->userdata('active_account') == $label)
echo " tr-draft";
echo "\">";
echo "<td>";
@@ -39,7 +39,7 @@ foreach ($accounts as $label)
echo "<td>" . $db_user . "</td>";
echo "<td>";
- if ($this->session->userdata('db_active_label') == $label)
+ if ($this->session->userdata('active_account') == $label)
echo "Active";
else
echo anchor("admin/active/index/" . $label, "Activate",
array('title' => 'Activate ' . ucfirst($label) . ' Account',
'class' => 'red-link'));
diff --git a/system/application/views/user/account.php
b/system/application/views/user/account.php
index 25c777f..7d56297 100644
--- a/system/application/views/user/account.php
+++ b/system/application/views/user/account.php
@@ -3,7 +3,7 @@
echo "<p>";
echo "<b>Currently active account : </b>";
- $current_active_account = $this->session->userdata('db_active_label');
+ $current_active_account = $this->session->userdata('active_account');
echo ($current_active_account) ? $current_active_account : "(None)";
echo "</p>";
commit 4ec0a44db39763c12e18eb10daf05d20ac46e221
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 21:06:20 2011 +0530
Added change active account action
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
index bc4c1c5..062f7fd 100644
--- a/system/application/controllers/user.php
+++ b/system/application/controllers/user.php
@@ -84,6 +84,113 @@ class User extends Controller {
$this->messages->add('Logged out.', 'success');
redirect('user/login');
}
+
+ function account()
+ {
+ $this->template->set('page_title', 'Change Account');
+
+ /* Check access */
+ if ( ! ($this->session->userdata('user_name')))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
+ /* Currently active account */
+ $data['active_account'] =
$this->session->userdata('db_active_label');
+
+ /* Getting list of files in the config - accounts directory */
+ $accounts_list = get_filenames($this->config->item('config_path') .
'accounts');
+ $data['accounts'] = array();
+ if ($accounts_list)
+ {
+ foreach ($accounts_list as $row)
+ {
+ /* Only include file ending with .ini */
+ if (substr($row, -4) == ".ini")
+ {
+ $ini_label = substr($row, 0, -4);
+ $data['accounts'][$ini_label] = $ini_label;
+ }
+ }
+ }
+
+ /* Form validations */
+ $this->form_validation->set_rules('account', 'Account',
'trim|required');
+
+ /* Repopulating form */
+ if ($_POST)
+ {
+ $data['active_account'] = $this->input->post('account', TRUE);
+ }
+
+ /* Validating form : only if label name is not set from URL */
+ if ($this->form_validation->run() == FALSE)
+ {
+ $this->messages->add(validation_errors(), 'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ } else {
+ $data_active_account = $this->input->post('account', TRUE);
+ $ini_file = $this->config->item('config_path') . "accounts/" .
$data_active_account . ".ini";
+
+ /* Check if database ini file exists */
+ if ( ! get_file_info($ini_file))
+ {
+ $this->messages->add('Account settings file is missing.',
'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+
+ /* Parsing database ini file */
+ $current_account = parse_ini_file($ini_file);
+ if ( ! $current_account)
+ {
+ $this->messages->add('Invalid account settings file.',
'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+
+ /* Check if all needed variables are set in ini file */
+ if ( ! isset($current_account['db_hostname']))
+ {
+ $this->messages->add('Hostname missing from account settings file.',
'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+ if ( ! isset($current_account['db_port']))
+ {
+ $this->messages->add('Port missing from account settings file. Default
MySQL port is 3306.', 'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+ if ( ! isset($current_account['db_name']))
+ {
+ $this->messages->add('Database name missing from account settings
file.', 'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+ if ( ! isset($current_account['db_username']))
+ {
+ $this->messages->add('Database username missing from account settings
file.', 'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+ if ( ! isset($current_account['db_password']))
+ {
+ $this->messages->add('Database password missing from account settings
file.', 'error');
+ $this->template->load('user_template', 'user/account', $data);
+ return;
+ }
+
+ /* Setting new account database details in session */
+ $this->session->set_userdata('db_active_label', $data_active_account);
+ $this->messages->add('Active account changed.', 'success');
+ redirect('');
+ }
+ return;
+ }
}
/* End of file user.php */
diff --git a/system/application/views/user/account.php
b/system/application/views/user/account.php
new file mode 100644
index 0000000..25c777f
--- /dev/null
+++ b/system/application/views/user/account.php
@@ -0,0 +1,23 @@
+<?php
+ echo form_open('user/account');
+
+ echo "<p>";
+ echo "<b>Currently active account : </b>";
+ $current_active_account = $this->session->userdata('db_active_label');
+ echo ($current_active_account) ? $current_active_account : "(None)";
+ echo "</p>";
+
+ echo "<p>";
+ echo "Select account";
+ echo "<br />";
+ echo form_dropdown('account', $accounts, $active_account);
+ echo "</p>";
+
+ echo "<p>";
+ echo form_submit('submit', 'Activate');
+ echo " ";
+ echo anchor('', 'Back', array('title' => 'Back to
accounts'));
+ echo "</p>";
+
+ echo form_close();
+
commit 568da17b9330bdcd8bce5857d4696d2b53529121
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 15:42:18 2011 +0530
Unset all session variables explicitly on logout
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
index 262bb50..bc4c1c5 100644
--- a/system/application/controllers/user.php
+++ b/system/application/controllers/user.php
@@ -65,7 +65,9 @@ class User extends Controller {
redirect('');
return;
} else {
- $this->session->sess_destroy();
+ $this->session->unset_userdata('user_name');
+ $this->session->unset_userdata('user_role');
+ $this->session->unset_userdata('db_active_label');
$this->messages->add('Invalid User name or Password.',
'error');
$this->template->load('user_template', 'user/login', $data);
return;
@@ -75,6 +77,9 @@ class User extends Controller {
function logout()
{
+ $this->session->unset_userdata('user_name');
+ $this->session->unset_userdata('user_role');
+ $this->session->unset_userdata('db_active_label');
$this->session->sess_destroy();
$this->messages->add('Logged out.', 'success');
redirect('user/login');
commit cc61b7011671c8de0c0ef77a9265bc48aa42fa25
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 15:35:34 2011 +0530
Added list of valid permissions strings
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/admin/welcome.php
b/system/application/controllers/admin/welcome.php
index 14e99c0..6a6263e 100644
--- a/system/application/controllers/admin/welcome.php
+++ b/system/application/controllers/admin/welcome.php
@@ -5,6 +5,15 @@ class Welcome extends Controller {
function Welcome()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index 2d011af..09ba678 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -3,6 +3,32 @@
/*
* Check if the currently logger in user has the necessary permissions
* to permform the given action
+ *
+ * Valid permissions strings are given below :
+ *
+ * 'view voucher'
+ * 'create voucher'
+ * 'edit voucher'
+ * 'delete voucher'
+ * 'print voucher'
+ * 'email voucher'
+ * 'download voucher'
+ * 'create ledger'
+ * 'edit ledger'
+ * 'delete ledger'
+ * 'create group'
+ * 'edit group'
+ * 'delete group'
+ * 'create tag'
+ * 'edit tag'
+ * 'delete tag'
+ * 'view reports'
+ * 'view log'
+ * 'clear log'
+ * 'change account settings'
+ * 'cf account'
+ * 'backup account'
+ * 'administer'
*/
if ( ! function_exists('check_access'))
diff --git a/system/application/views/admin_template.php
b/system/application/views/admin_template.php
index ecaa4ab..dab5ef0 100644
--- a/system/application/views/admin_template.php
+++ b/system/application/views/admin_template.php
@@ -36,7 +36,8 @@ $(document).ready(function(){
Webzash <span id="admin-area">Admin area</span>
</div>
<div id="admin">
- <?php echo anchor('', 'Back to accounts', array('title'
=> "Back to accounts", 'class' => 'anchor-link-b'));
?>
+ <?php echo anchor('', 'Accounts', array('title' =>
"Back to accounts", 'class' => 'anchor-link-b')); ?> |
+ <?php echo anchor('user/logout', 'Logout', array('title'
=> "Logout", 'class' => 'anchor-link-b')); ?>
</div>
<div id="info">
</div>
diff --git a/system/application/views/welcome.php b/system/application/views/welcome.php
index 9c0f59b..b87769a 100644
--- a/system/application/views/welcome.php
+++ b/system/application/views/welcome.php
@@ -161,34 +161,36 @@ jQuery(document).ready(function () {
</table>
</div>
</div>
-<div id="dashboard-log">
- <div id="dashboard-recent-log" class="dashboard-log-item">
- <div class="dashboard-log-title">Recent Activity <span
class="float-right"><?php echo anchor('log/feed',
img(array('src'=> asset_url() . "images/icons/rss.png",
'border' => '0', 'alt' => 'Log Feed',
'width' => '16px',))); ?></span></div>
- <div class="dashboard-log-content">
+<?php if (check_access('view log')) { ?>
+ <div id="dashboard-log">
+ <div id="dashboard-recent-log" class="dashboard-log-item">
+ <div class="dashboard-log-title">Recent Activity <span
class="float-right"><?php echo anchor('log/feed',
img(array('src'=> asset_url() . "images/icons/rss.png",
'border' => '0', 'alt' => 'Log Feed',
'width' => '16px',))); ?></span></div>
+ <div class="dashboard-log-content">
+ <?php
+ if ($logs)
+ {
+ echo "<ul id=\"recent-activity-list\">";
+ foreach ($logs->result() as $row)
+ {
+ echo "<li>" . $row->message_title . "</li>";
+ }
+ echo "</ul>";
+ } else {
+ echo "No Recent Activity";
+ }
+ ?>
+ </div>
<?php
- if ($logs)
- {
- echo "<ul id=\"recent-activity-list\">";
- foreach ($logs->result() as $row)
+ if ($logs)
{
- echo "<li>" . $row->message_title . "</li>";
+ echo "<div class=\"dashboard-log-footer\">";
+ echo "<span>";
+ echo anchor("log", "more...", array('class' =>
'anchor-link-a'));
+ echo "</span>";
}
- echo "</ul>";
- } else {
- echo "No Recent Activity";
- }
?>
- </div>
- <?php
- if ($logs)
- {
- echo "<div class=\"dashboard-log-footer\">";
- echo "<span>";
- echo anchor("log", "more...", array('class' =>
'anchor-link-a'));
- echo "</span>";
- }
- ?>
+ </div>
</div>
</div>
-</div>
+<?php } ?>
<div class="clear"></div>
commit ad5f2d0d19193abea4d6b0d0698fdb1f54d40f8a
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 15:25:11 2011 +0530
Added User login and logout actions
- Check on startup is user is logged in
- Added check_access to Admin section
- Added User controller and user_template template
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/admin/active.php
b/system/application/controllers/admin/active.php
index 01a6267..7415326 100644
--- a/system/application/controllers/admin/active.php
+++ b/system/application/controllers/admin/active.php
@@ -5,6 +5,15 @@ class Active extends Controller {
function Active()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/controllers/admin/create.php
b/system/application/controllers/admin/create.php
index 7b864aa..d6b5f53 100644
--- a/system/application/controllers/admin/create.php
+++ b/system/application/controllers/admin/create.php
@@ -5,6 +5,15 @@ class Create extends Controller {
function Create()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/controllers/admin/manage.php
b/system/application/controllers/admin/manage.php
index 550fd5e..1c62ba8 100644
--- a/system/application/controllers/admin/manage.php
+++ b/system/application/controllers/admin/manage.php
@@ -5,6 +5,15 @@ class Manage extends Controller {
function Manage()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/controllers/admin/setting.php
b/system/application/controllers/admin/setting.php
index c1a0070..329b594 100644
--- a/system/application/controllers/admin/setting.php
+++ b/system/application/controllers/admin/setting.php
@@ -5,6 +5,15 @@ class Setting extends Controller {
function Setting()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/controllers/admin/status.php
b/system/application/controllers/admin/status.php
index 5485bcb..cdf1da7 100644
--- a/system/application/controllers/admin/status.php
+++ b/system/application/controllers/admin/status.php
@@ -5,6 +5,15 @@ class Status extends Controller {
function Status()
{
parent::Controller();
+
+ /* Check access */
+ if ( ! check_access('administer'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
diff --git a/system/application/controllers/user.php
b/system/application/controllers/user.php
new file mode 100644
index 0000000..262bb50
--- /dev/null
+++ b/system/application/controllers/user.php
@@ -0,0 +1,85 @@
+<?php
+
+class User extends Controller {
+ function index()
+ {
+ redirect('user/login');
+ return;
+ }
+
+ function login()
+ {
+ $this->template->set('page_title', 'Login');
+
+ /* Form fields */
+ $data['user_name'] = array(
+ 'name' => 'user_name',
+ 'id' => 'user_name',
+ 'maxlength' => '100',
+ 'size' => '40',
+ 'value' => '',
+ );
+ $data['user_password'] = array(
+ 'name' => 'user_password',
+ 'id' => 'user_password',
+ 'maxlength' => '100',
+ 'size' => '40',
+ 'value' => '',
+ );
+
+ /* Form validations */
+ $this->form_validation->set_rules('user_name', 'User name',
'trim|required|min_length[1]|max_length[100]');
+ $this->form_validation->set_rules('user_password', 'Password',
'trim|required|min_length[1]|max_length[100]');
+
+ /* Re-populating form */
+ if ($_POST)
+ {
+ $data['user_name']['value'] =
$this->input->post('user_name', TRUE);
+ $data['user_password']['value'] =
$this->input->post('user_password', TRUE);
+ }
+
+ if ($this->form_validation->run() == FALSE)
+ {
+ $this->messages->add(validation_errors(), 'error');
+ $this->template->load('user_template', 'user/login', $data);
+ return;
+ }
+ else
+ {
+ $data_user_name = $this->input->post('user_name', TRUE);
+ $data_user_password = $this->input->post('user_password', TRUE);
+
+ /* Dummy accounts */
+ if ($data_user_name == "admin" && $data_user_password =
"admin")
+ {
+ $this->messages->add('Logged in as ' . 'admin' . '.',
'success');
+ $this->session->set_userdata('user_name', 'admin');
+ $this->session->set_userdata('user_role', 'administrator');
+ redirect('');
+ return;
+ } else if ($data_user_name == "guest" && $data_user_password =
"guest")
+ {
+ $this->messages->add('Logged in as ' . 'guest' . '.',
'success');
+ $this->session->set_userdata('user_name', 'guest');
+ $this->session->set_userdata('user_role', 'guest');
+ redirect('');
+ return;
+ } else {
+ $this->session->sess_destroy();
+ $this->messages->add('Invalid User name or Password.',
'error');
+ $this->template->load('user_template', 'user/login', $data);
+ return;
+ }
+ }
+ }
+
+ function logout()
+ {
+ $this->session->sess_destroy();
+ $this->messages->add('Logged out.', 'success');
+ redirect('user/login');
+ }
+}
+
+/* End of file user.php */
+/* Location: ./system/application/controllers/user.php */
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index 1629661..2d011af 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -10,7 +10,6 @@ if ( ! function_exists('check_access'))
function check_access($action_name)
{
$CI =& get_instance();
- $CI->session->set_userdata('user_role', 'administrator');
$user_role = $CI->session->userdata('user_role');
$permissions['manager'] = array(
'view voucher',
@@ -75,6 +74,9 @@ if ( ! function_exists('check_access'))
'download voucher',
);
+ if ( ! isset($user_role))
+ return FALSE;
+
/* If user is administrator then always allow access */
if ($user_role == "administrator")
return TRUE;
diff --git a/system/application/libraries/Startup.php
b/system/application/libraries/Startup.php
index 3e00ad9..26d6f2b 100644
--- a/system/application/libraries/Startup.php
+++ b/system/application/libraries/Startup.php
@@ -19,6 +19,17 @@ class Startup
if ($CI->uri->segment(1) == "admin")
return;
+ /* Skip checking if accessing user section*/
+ if ($CI->uri->segment(1) == "user")
+ return;
+
+ /* Check if user is logged in */
+ if ( ! $CI->session->userdata('user_name'))
+ {
+ redirect('user/login');
+ return;
+ }
+
/* Reading database settings ini file */
if ($CI->session->userdata('db_active_label'))
{
diff --git a/system/application/views/template.php
b/system/application/views/template.php
index 018c33a..460acb1 100644
--- a/system/application/views/template.php
+++ b/system/application/views/template.php
@@ -68,7 +68,15 @@ $(document).ready(function() {
Webzash <span id="beta-area">(beta)</span>
</div>
<div id="admin">
- <?php echo anchor('admin', 'Administer', array('title'
=> "Administer", 'class' => 'anchor-link-b')); ?>
+ <?php
+ /* Check if allowed administer rights */
+ if (check_access('administer'))
+ {
+ echo anchor('admin', 'Administer', array('title' =>
"Administer", 'class' => 'anchor-link-b'));
+ echo " | ";
+ }
+ ?>
+ <?php echo anchor('user/logout', 'Logout', array('title'
=> "Logout", 'class' => 'anchor-link-b')); ?>
</div>
<div id="info">
<?php
diff --git a/system/application/views/user/login.php
b/system/application/views/user/login.php
new file mode 100644
index 0000000..db9f576
--- /dev/null
+++ b/system/application/views/user/login.php
@@ -0,0 +1,25 @@
+<?php
+ echo form_open('user/login');
+
+ echo "<p>";
+ echo form_label('User name', 'user_name');
+ echo "<br />";
+ echo form_input($user_name);
+ echo "</p>";
+
+ echo "<p>";
+ echo form_label('Password', 'user_password');
+ echo "<br />";
+ echo form_password($user_password);
+ echo "</p>";
+
+ echo "<p>";
+ echo form_submit('submit', 'Login');
+ echo "</p>";
+
+ echo "<p>";
+ echo "<span class=\"form-help-text\">Hint : You may login with user
name as 'admin' and password as 'admin'</span>";
+ echo "</p>";
+
+ echo form_close();
+
diff --git a/system/application/views/user_template.php
b/system/application/views/user_template.php
new file mode 100644
index 0000000..9fd47a4
--- /dev/null
+++ b/system/application/views/user_template.php
@@ -0,0 +1,114 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en">
+<head>
+<title>Webzash<?php if (isset($page_title)) echo ' | ' . $page_title;
?></title>
+
+<?php echo link_tag(asset_url() . 'images/favicon.ico', 'shortcut
icon', 'image/ico'); ?>
+
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/style.css">
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/tables.css">
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/custom.css">
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/menu.css">
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/jquery.datepick.css">
+<link type="text/css" rel="stylesheet" href="<?php echo
asset_url(); ?>css/thickbox.css">
+
+<script type="text/javascript" src="<?php echo asset_url();
?>js/jquery.min.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/jquery.datepick.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/custom.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/hoverIntent.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/superfish.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/supersubs.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/thickbox-compressed.js"></script>
+<script type="text/javascript" src="<?php echo asset_url();
?>js/ezpz_tooltip.min.js"></script>
+</head>
+<body>
+<div id="container">
+ <div id="header">
+ <div id="logo">
+ Webzash <span id="beta-area">(beta)</span>
+ </div>
+ </div>
+ <div id="menu">
+ <ul class="sf-menu">
+ <li class="current">
+ </li>
+ </ul>
+ </div>
+ <div id="content">
+ <div id="sidebar">
+ <?php if (isset($page_sidebar)) echo $page_sidebar; ?>
+ </div>
+ <div id="main">
+ <div id="main-title">
+ <?php if (isset($page_title)) echo $page_title; ?>
+ </div>
+ <div id="main-links">
+ <?php if (isset($nav_links)) {
+ echo "<ul id=\"main-links-nav\">";
+ foreach ($nav_links as $link => $title) {
+ if ($title == "Print Preview")
+ echo "<li>" . anchor_popup($link, $title, array('title'
=> $title, 'class' => 'nav-links-item', 'style' =>
'background-image:url(\'' . asset_url() .
'images/buttons/navlink.png\');', 'width' => '1024')) .
"</li>";
+ else
+ echo "<li>" . anchor($link, $title, array('title' =>
$title, 'class' => 'nav-links-item', 'style' =>
'background-image:url(\'' . asset_url() .
'images/buttons/navlink.png\');')) . "</li>";
+ }
+ echo "</ul>";
+ } ?>
+ </div>
+ <div class="clear">
+ </div>
+ <div id="main-content">
+ <?php
+ $messages = $this->messages->get();
+ if (is_array($messages))
+ {
+ if (count($messages['success']) > 0)
+ {
+ echo "<div id=\"success-box\">";
+ echo "<ul>";
+ foreach ($messages['success'] as $message) {
+ echo ('<li>' . $message . '</li>');
+ }
+ echo "</ul>";
+ echo "</div>";
+ }
+ if (count($messages['error']) > 0)
+ {
+ echo "<div id=\"error-box\">";
+ echo "<ul>";
+ foreach ($messages['error'] as $message) {
+ if (substr($message, 0, 4) == "<li>")
+ echo ($message);
+ else
+ echo ('<li>' . $message . '</li>');
+ }
+ echo "</ul>";
+ echo "</div>";
+ }
+ if (count($messages['message']) > 0)
+ {
+ echo "<div id=\"message-box\">";
+ echo "<ul>";
+ foreach ($messages['message'] as $message) {
+ echo ('<li>' . $message . '</li>');
+ }
+ echo "</ul>";
+ echo "</div>";
+ }
+ }
+ ?>
+ <?php echo $contents; ?>
+ </div>
+ </div>
+ </div>
+</div>
+<div id="footer">
+ <?php if (isset($page_footer)) echo $page_footer ?>
+ <a href="http://webzash.wordpress.com"
target="_blank">Webzash<a/> is licensed under <a
href="http://www.gnu.org/licenses/agpl-3.0.txt" target="_blank">GNU
Affero General Public License, version 3</a> as published by the Free Software
Foundation.
+</div>
+<div id="account_change" class="hidden-element">
+ <div id="changeActiveAccount">
+ <?php $this->load->view("setting/change"); ?>
+ </div>
+</div>
+</body>
+</html>
commit bd6f089fe39abe7f622567439918e9156786c260
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Tue Jan 4 14:28:00 2011 +0530
Added check_access to Vouchers
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/voucher.php
b/system/application/controllers/voucher.php
index 4d1345c..91fcbf2 100644
--- a/system/application/controllers/voucher.php
+++ b/system/application/controllers/voucher.php
@@ -243,6 +243,14 @@ class Voucher extends Controller {
function add($voucher_type)
{
+ /* Check access */
+ if ( ! check_access('create voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
switch ($voucher_type)
{
case 'receipt' :
@@ -558,6 +566,14 @@ class Voucher extends Controller {
function edit($voucher_type, $voucher_id = 0)
{
+ /* Check access */
+ if ( ! check_access('edit voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
switch ($voucher_type)
{
case 'receipt' :
@@ -907,6 +923,14 @@ class Voucher extends Controller {
function delete($voucher_type, $voucher_id)
{
+ /* Check access */
+ if ( ! check_access('delete voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
/* Load current voucher details */
if ( ! $cur_voucher = $this->Voucher_model->get_voucher($voucher_id,
$voucher_type))
{
@@ -945,6 +969,14 @@ class Voucher extends Controller {
$this->load->model('Setting_model');
$this->load->model('Ledger_model');
+ /* Check access */
+ if ( ! check_access('download voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
$account = $this->Setting_model->get_current();
/* Load current voucher details */
@@ -994,6 +1026,14 @@ class Voucher extends Controller {
$this->load->model('Setting_model');
$this->load->model('Ledger_model');
+ /* Check access */
+ if ( ! check_access('print voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
$account = $this->Setting_model->get_current();
/* Load current voucher details */
@@ -1041,6 +1081,14 @@ class Voucher extends Controller {
$this->load->model('Ledger_model');
$this->load->library('email');
+ /* Check access */
+ if ( ! check_access('email voucher'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('voucher/show/' . $voucher_type);
+ return;
+ }
+
$account_data = $this->Setting_model->get_current();
/* Load current voucher details */
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index 3a95995..1629661 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -79,6 +79,9 @@ if ( ! function_exists('check_access'))
if ($user_role == "administrator")
return TRUE;
+ if ( ! isset($permissions[$user_role]))
+ return FALSE;
+
if (in_array($action_name, $permissions[$user_role]))
return TRUE;
else
commit 1536233d582eb9287b63185ef123224f86e8a7ec
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:55:54 2011 +0530
Added check_access to Settings
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/group.php
b/system/application/controllers/group.php
index 64b02f5..83dc0e3 100644
--- a/system/application/controllers/group.php
+++ b/system/application/controllers/group.php
@@ -24,7 +24,7 @@ class Group extends Controller {
if ( ! check_access('create group'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
@@ -110,7 +110,7 @@ class Group extends Controller {
if ( ! check_access('edit group'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
@@ -229,7 +229,7 @@ class Group extends Controller {
if ( ! check_access('delete group'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
diff --git a/system/application/controllers/ledger.php
b/system/application/controllers/ledger.php
index 1ef6d2f..7a86132 100644
--- a/system/application/controllers/ledger.php
+++ b/system/application/controllers/ledger.php
@@ -24,7 +24,7 @@ class Ledger extends Controller {
if ( ! check_access('create ledger'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
@@ -126,7 +126,7 @@ class Ledger extends Controller {
if ( ! check_access('edit ledger'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
@@ -251,7 +251,7 @@ class Ledger extends Controller {
if ( ! check_access('delete ledger'))
{
$this->messages->add('Permission denied', 'error');
- redirect("account");
+ redirect('account');
return;
}
diff --git a/system/application/controllers/log.php
b/system/application/controllers/log.php
index e697e61..2785969 100644
--- a/system/application/controllers/log.php
+++ b/system/application/controllers/log.php
@@ -12,7 +12,7 @@ class Log extends Controller {
if ( ! check_access('view log'))
{
$this->messages->add('Permission denied', 'error');
- redirect("");
+ redirect('');
return;
}
@@ -25,17 +25,17 @@ class Log extends Controller {
if ( ! check_access('clear log'))
{
$this->messages->add('Permission denied', 'error');
- redirect("");
+ redirect('');
return;
}
if ($this->db->query('DELETE FROM logs'))
{
$this->messages->add('Log cleared.', 'success');
- redirect("log");
+ redirect('log');
} else {
$this->messages->add('Error clearing Log.', 'error');
- redirect("log");
+ redirect('log');
}
return;
}
@@ -49,7 +49,7 @@ class Log extends Controller {
if ( ! check_access('view log'))
{
$this->messages->add('Permission denied', 'error');
- redirect("");
+ redirect('');
return;
}
diff --git a/system/application/controllers/report.php
b/system/application/controllers/report.php
index ed5d963..d6048b6 100644
--- a/system/application/controllers/report.php
+++ b/system/application/controllers/report.php
@@ -12,7 +12,7 @@ class Report extends Controller {
if ( ! check_access('view reports'))
{
$this->messages->add('Permission denied', 'error');
- redirect("");
+ redirect('');
return;
}
@@ -622,7 +622,7 @@ class Report extends Controller {
if ($data['ledger_id'] < 1)
{
$this->messages->add('Invalid Ledger A/C.', 'error');
- redirect("report/ledgerst");
+ redirect('report/ledgerst');
}
$data['report'] = "report/ledgerst";
$data['title'] = "Ledger Statement for '" .
$this->Ledger_model->get_name($data['ledger_id']) . "'";
diff --git a/system/application/controllers/setting.php
b/system/application/controllers/setting.php
index db3f28b..0ac8bf8 100644
--- a/system/application/controllers/setting.php
+++ b/system/application/controllers/setting.php
@@ -6,6 +6,15 @@ class Setting extends Controller {
{
parent::Controller();
$this->load->model('Setting_model');
+
+ /* Check access */
+ if ( ! check_access('change account settings'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('');
+ return;
+ }
+
return;
}
@@ -158,6 +167,14 @@ class Setting extends Controller {
$this->load->model('Setting_model');
$this->template->set('page_title', 'Carry forward account');
+ /* Check access */
+ if ( ! check_access('cf account'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('setting');
+ return;
+ }
+
/* Current settings */
$account_data = $this->Setting_model->get_current();
@@ -780,6 +797,15 @@ class Setting extends Controller {
{
$this->load->dbutil();
$this->load->helper('download');
+
+ /* Check access */
+ if ( ! check_access('backup account'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect('setting');
+ return;
+ }
+
$backup_filename = "backup" . date("dmYHis") . ".gz";
/* Backup your entire database and assign it to a variable */
@@ -899,7 +925,7 @@ class Setting extends Controller {
if ($this->form_validation->run() == FALSE)
{
$this->messages->add(validation_errors(), 'error');
- redirect("");
+ redirect('');
return;
} else {
/* Unsetting all database configutaion */
@@ -912,7 +938,7 @@ class Setting extends Controller {
if ( ! get_file_info($ini_file))
{
$this->messages->add('Account setting file is missing.',
'error');
- redirect("");
+ redirect('');
return;
}
@@ -921,14 +947,14 @@ class Setting extends Controller {
if ( ! $active_accounts)
{
$this->messages->add('Invalid account setting file.',
'error');
- redirect("");
+ redirect('');
return;
}
/* Setting new account database details in session */
$this->session->set_userdata('db_active_label', $data_select_account);
$this->messages->add('Active account changed.', 'success');
- redirect("");
+ redirect('');
}
return;
}
diff --git a/system/application/controllers/tag.php
b/system/application/controllers/tag.php
index f663af0..ccd49d8 100644
--- a/system/application/controllers/tag.php
+++ b/system/application/controllers/tag.php
@@ -25,7 +25,7 @@ class Tag extends Controller {
if ( ! check_access('create tag'))
{
$this->messages->add('Permission denied', 'error');
- redirect("tag");
+ redirect('tag');
return;
}
@@ -120,7 +120,7 @@ class Tag extends Controller {
if ( ! check_access('edit tag'))
{
$this->messages->add('Permission denied', 'error');
- redirect("tag");
+ redirect('tag');
return;
}
@@ -233,7 +233,7 @@ class Tag extends Controller {
if ( ! check_access('delete tag'))
{
$this->messages->add('Permission denied', 'error');
- redirect("tag");
+ redirect('tag');
return;
}
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index abbfe92..3a95995 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -33,7 +33,8 @@ if ( ! function_exists('check_access'))
'view log',
'clear log',
'change account settings',
- 'backup account database',
+ 'cf account',
+ 'backup account',
);
$permissions['accountant'] = array(
'view voucher',
commit 9f2044750301dea6fd7d4ae8766665d44126f271
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:42:50 2011 +0530
Added check_access to Tags
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/ledger.php
b/system/application/controllers/ledger.php
index 86b994e..1ef6d2f 100644
--- a/system/application/controllers/ledger.php
+++ b/system/application/controllers/ledger.php
@@ -247,7 +247,6 @@ class Ledger extends Controller {
function delete($id)
{
-
/* Check access */
if ( ! check_access('delete ledger'))
{
diff --git a/system/application/controllers/log.php
b/system/application/controllers/log.php
index 90532c7..e697e61 100644
--- a/system/application/controllers/log.php
+++ b/system/application/controllers/log.php
@@ -21,7 +21,6 @@ class Log extends Controller {
function clear()
{
-
/* Check access */
if ( ! check_access('clear log'))
{
diff --git a/system/application/controllers/tag.php
b/system/application/controllers/tag.php
index 9fefda0..f663af0 100644
--- a/system/application/controllers/tag.php
+++ b/system/application/controllers/tag.php
@@ -21,6 +21,14 @@ class Tag extends Controller {
{
$this->template->set('page_title', 'New Tag');
+ /* Check access */
+ if ( ! check_access('create tag'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("tag");
+ return;
+ }
+
/* Colorpicker JS and CSS */
$this->template->set('add_css', array(
"plugins/colorpicker/css/colorpicker.css",
@@ -107,7 +115,15 @@ class Tag extends Controller {
function edit($id = 0)
{
$this->template->set('page_title', 'Edit Tag');
-
+
+ /* Check access */
+ if ( ! check_access('edit tag'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("tag");
+ return;
+ }
+
/* Colorpicker JS and CSS */
$this->template->set('add_css', array(
"plugins/colorpicker/css/colorpicker.css",
@@ -213,6 +229,14 @@ class Tag extends Controller {
function delete($id)
{
+ /* Check access */
+ if ( ! check_access('delete tag'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("tag");
+ return;
+ }
+
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int)$id;
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index dc1fb2c..abbfe92 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -26,7 +26,9 @@ if ( ! function_exists('check_access'))
'create group',
'edit group',
'delete group',
- 'manage tag',
+ 'create tag',
+ 'edit tag',
+ 'delete tag',
'view reports',
'view log',
'clear log',
@@ -47,7 +49,9 @@ if ( ! function_exists('check_access'))
'create group',
'edit group',
'delete group',
- 'manage tag',
+ 'create tag',
+ 'edit tag',
+ 'delete tag',
'view reports',
'view log',
'clear log',
commit 40d225ef91a1d71b7f8f49654522ff78c2b19e5e
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:36:23 2011 +0530
Added check_access to Reports
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/report.php
b/system/application/controllers/report.php
index fa8d923..ed5d963 100644
--- a/system/application/controllers/report.php
+++ b/system/application/controllers/report.php
@@ -7,6 +7,15 @@ class Report extends Controller {
{
parent::Controller();
$this->load->model('Ledger_model');
+
+ /* Check access */
+ if ( ! check_access('view reports'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("");
+ return;
+ }
+
return;
}
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index 49d800d..dc1fb2c 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -27,7 +27,7 @@ if ( ! function_exists('check_access'))
'edit group',
'delete group',
'manage tag',
- 'view report',
+ 'view reports',
'view log',
'clear log',
'change account settings',
@@ -48,7 +48,7 @@ if ( ! function_exists('check_access'))
'edit group',
'delete group',
'manage tag',
- 'view report',
+ 'view reports',
'view log',
'clear log',
);
commit 10f10e920c3beddd94b3072d29916b7e660e8841
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:33:02 2011 +0530
Added check_access to Logs
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/log.php
b/system/application/controllers/log.php
index 9d24beb..90532c7 100644
--- a/system/application/controllers/log.php
+++ b/system/application/controllers/log.php
@@ -7,11 +7,29 @@ class Log extends Controller {
$this->template->set('page_title', 'Logs');
$this->template->set('nav_links', array('log/clear' =>
'Clear Log'));
$this->template->load('template', 'log/index');
+
+ /* Check access */
+ if ( ! check_access('view log'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("");
+ return;
+ }
+
return;
}
function clear()
{
+
+ /* Check access */
+ if ( ! check_access('clear log'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("");
+ return;
+ }
+
if ($this->db->query('DELETE FROM logs'))
{
$this->messages->add('Log cleared.', 'success');
@@ -27,6 +45,15 @@ class Log extends Controller {
{
$this->load->helper('xml');
$this->load->helper('text');
+
+ /* Check access */
+ if ( ! check_access('view log'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("");
+ return;
+ }
+
$data['feed_name'] = $this->config->item('account_name');
$data['feed_url'] = base_url();
$data['page_description'] = 'Accounting feed for ' .
$data['feed_name'];
@@ -40,5 +67,5 @@ class Log extends Controller {
}
}
-/* End of file account.php */
-/* Location: ./system/application/controllers/account.php */
+/* End of file log.php */
+/* Location: ./system/application/controllers/log.php */
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
index 0ca7c34..49d800d 100644
--- a/system/application/helpers/access_helper.php
+++ b/system/application/helpers/access_helper.php
@@ -10,7 +10,7 @@ if ( ! function_exists('check_access'))
function check_access($action_name)
{
$CI =& get_instance();
- // $CI->session->set_userdata('user_role', 'guest');
+ $CI->session->set_userdata('user_role', 'administrator');
$user_role = $CI->session->userdata('user_role');
$permissions['manager'] = array(
'view voucher',
commit e8a7d3a7d4a2fc0aa298a82e9cbab8c144759253
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:27:23 2011 +0530
Added check_access to Ledgers
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/ledger.php
b/system/application/controllers/ledger.php
index 20ee0aa..86b994e 100644
--- a/system/application/controllers/ledger.php
+++ b/system/application/controllers/ledger.php
@@ -20,6 +20,14 @@ class Ledger extends Controller {
{
$this->template->set('page_title', 'New Ledger');
+ /* Check access */
+ if ( ! check_access('create ledger'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Form fields */
$data['ledger_name'] = array(
'name' => 'ledger_name',
@@ -114,6 +122,14 @@ class Ledger extends Controller {
{
$this->template->set('page_title', 'Edit Ledger');
+ /* Check access */
+ if ( ! check_access('edit ledger'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int)$id;
@@ -231,6 +247,15 @@ class Ledger extends Controller {
function delete($id)
{
+
+ /* Check access */
+ if ( ! check_access('delete ledger'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int)$id;
commit 155d98aad66fbf53a534cd77acf87486ebcab3b3
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:24:13 2011 +0530
Added check_access to Groups
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/controllers/group.php
b/system/application/controllers/group.php
index ffdf439..64b02f5 100644
--- a/system/application/controllers/group.php
+++ b/system/application/controllers/group.php
@@ -106,6 +106,14 @@ class Group extends Controller {
{
$this->template->set('page_title', 'Edit Group');
+ /* Check access */
+ if ( ! check_access('edit group'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int)$id;
@@ -217,6 +225,14 @@ class Group extends Controller {
function delete($id)
{
+ /* Check access */
+ if ( ! check_access('delete group'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Checking for valid data */
$id = $this->input->xss_clean($id);
$id = (int)$id;
commit 8d847c0acb69a30b8748504839ac34a95c81ee54
Author: Prashant P Shah <pshah.mumbai(a)gmail.com>
Date: Mon Jan 3 21:21:40 2011 +0530
Added user access verification helper
Signed-off-by: Prashant P Shah <pshah.mumbai(a)gmail.com>
diff --git a/system/application/config/autoload.php
b/system/application/config/autoload.php
index 0d632e2..8cfb4e3 100644
--- a/system/application/config/autoload.php
+++ b/system/application/config/autoload.php
@@ -51,7 +51,7 @@ $autoload['libraries'] = array('database',
'session', 'form_validation', 'messag
| $autoload['helper'] = array('url', 'file');
*/
-$autoload['helper'] = array('url', 'path', 'html',
'form', 'date', 'file', 'custom');
+$autoload['helper'] = array('url', 'path', 'html',
'form', 'date', 'file', 'access', 'custom');
/*
diff --git a/system/application/controllers/group.php
b/system/application/controllers/group.php
index f5d24d7..ffdf439 100644
--- a/system/application/controllers/group.php
+++ b/system/application/controllers/group.php
@@ -20,6 +20,14 @@ class Group extends Controller {
$this->load->library('validation');
$this->template->set('page_title', 'New Group');
+ /* Check access */
+ if ( ! check_access('create group'))
+ {
+ $this->messages->add('Permission denied', 'error');
+ redirect("account");
+ return;
+ }
+
/* Form fields */
$data['group_name'] = array(
'name' => 'group_name',
diff --git a/system/application/helpers/access_helper.php
b/system/application/helpers/access_helper.php
new file mode 100644
index 0000000..0ca7c34
--- /dev/null
+++ b/system/application/helpers/access_helper.php
@@ -0,0 +1,85 @@
+<?php if ( ! defined('BASEPATH')) exit('No direct script access
allowed');
+
+/*
+ * Check if the currently logger in user has the necessary permissions
+ * to permform the given action
+ */
+
+if ( ! function_exists('check_access'))
+{
+ function check_access($action_name)
+ {
+ $CI =& get_instance();
+ // $CI->session->set_userdata('user_role', 'guest');
+ $user_role = $CI->session->userdata('user_role');
+ $permissions['manager'] = array(
+ 'view voucher',
+ 'create voucher',
+ 'edit voucher',
+ 'delete voucher',
+ 'print voucher',
+ 'email voucher',
+ 'download voucher',
+ 'create ledger',
+ 'edit ledger',
+ 'delete ledger',
+ 'create group',
+ 'edit group',
+ 'delete group',
+ 'manage tag',
+ 'view report',
+ 'view log',
+ 'clear log',
+ 'change account settings',
+ 'backup account database',
+ );
+ $permissions['accountant'] = array(
+ 'view voucher',
+ 'create voucher',
+ 'edit voucher',
+ 'delete voucher',
+ 'print voucher',
+ 'email voucher',
+ 'download voucher',
+ 'create ledger',
+ 'edit ledger',
+ 'delete ledger',
+ 'create group',
+ 'edit group',
+ 'delete group',
+ 'manage tag',
+ 'view report',
+ 'view log',
+ 'clear log',
+ );
+ $permissions['dataentry'] = array(
+ 'view voucher',
+ 'create voucher',
+ 'edit voucher',
+ 'delete voucher',
+ 'print voucher',
+ 'email voucher',
+ 'download voucher',
+ 'create ledger',
+ 'edit ledger',
+ );
+ $permissions['guest'] = array(
+ 'view voucher',
+ 'print voucher',
+ 'email voucher',
+ 'download voucher',
+ );
+
+ /* If user is administrator then always allow access */
+ if ($user_role == "administrator")
+ return TRUE;
+
+ if (in_array($action_name, $permissions[$user_role]))
+ return TRUE;
+ else
+ return FALSE;
+ }
+}
+
+/* End of file access_helper.php */
+/* Location: ./system/application/helpers/access_helper.php */