Added affiliate pages and email due invoices

modules/account/classes/auth/osb.php

@@ -250,17 +250,8 @@ class Auth_OSB extends Auth_ORM {
 	 *
 	 * @return boolean TRUE if authorised, FALSE if not.
 	 */
-	public function authorised($aid) {
-		if (! $this->get_user())
-			return FALSE;
-
-		// @todo Consider caching this.
-		$ao = ORM::factory('account',$this->get_user()->id);
-
-		if (! $ao->loaded() OR ($aid != $ao->id AND ! $ao->admin()))
-			return FALSE;
-
-		return TRUE;
+	public function authorised($aid,$afid=NULL) {
+		return (($ao = $this->get_user()) AND $ao->loaded() AND ($aid == $ao->id OR $ao->isAdmin() OR (! is_null($afid) AND $afid == $ao->affiliate->id))) ? TRUE : FALSE;
 	}
 }
 ?>

modules/account/classes/model/account.php

@@ -18,6 +18,9 @@ class Model_Account extends Model_Auth_UserDefault {
 		'payment'=>array('far_key'=>'id'),
 		'service' => array('far_key'=>'id'),
 	);
+	protected $_has_one = array(
+		'affiliate' => array('far_key'=>'id'),
+	);
 
 	protected $_display_filters = array(
 		'date_orig'=>array(
@@ -69,11 +72,11 @@ class Model_Account extends Model_Auth_UserDefault {
 		return $this->group->find_all();
 	}
 
-	public function admin() {
+	public function isAdmin() {
 		// @todo Define admins in the config file or DB
-		$admins = array('Root');
+		$admins = array(ORM::factory('group',array('name'=>'Root')));
 
-		return $this->has($admins);
+		return $this->has('group',$admins);
 	}
 
 	/**