First start at retiring Affiliate in favour of RTM

application/classes/Auth/OSB.php

@@ -271,12 +271,12 @@ class Auth_OSB extends Auth_ORM {
 	/**
 	 * Determine if a user is authorised to view an account
 	 *
-	 * @param integer Account ID
+	 * @param Model_Account Account Ojbect to validate if the current user has access
 	 *
 	 * @return boolean TRUE if authorised, FALSE if not.
 	 */
-	public function authorised($aid,$afid=NULL) {
-		return (($ao = $this->get_user()) AND $ao->loaded() AND ($aid == $ao->id OR $ao->isAdmin() OR (! is_null($afid) AND $afid == $ao->affiliate->id))) ? TRUE : FALSE;
+	public function authorised(Model_Account $ao) {
+		return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM))));
 	}
 }
 ?>