diff --git a/classes/lnApp/Auth/ORM.php b/classes/lnApp/Auth/ORM.php index 2e98a19..085e121 100644 --- a/classes/lnApp/Auth/ORM.php +++ b/classes/lnApp/Auth/ORM.php @@ -98,7 +98,7 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM { * @return boolean TRUE if authorised, FALSE if not. */ public function authorised(Model_Account $ao) { - return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM)))); + return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR ($uo->admin > $ao->admin))); } public function get_groups() { @@ -158,7 +158,8 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM { // If we are not a valid user object, then we are not logged in if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) - $status = TRUE; + if (empty($role) OR ($role <= $uo->admin)) + $status = TRUE; return $status; } diff --git a/classes/lnApp/Controller/TemplateDefault.php b/classes/lnApp/Controller/TemplateDefault.php index 5973cfb..b4986da 100644 --- a/classes/lnApp/Controller/TemplateDefault.php +++ b/classes/lnApp/Controller/TemplateDefault.php @@ -68,7 +68,15 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa * @uses meta */ public function before() { - $this->ao = Auth::instance()->get_user(); + if ($this->auth_required) { + if (! count($this->secure_actions) OR (! isset($this->secure_actions[Request::current()->action()]))) + throw HTTP_Exception::factory(403,'Class has no security defined :class, or no security configured for :method',array(':class'=>get_class($this),':method'=>Request::current()->action())); + + $this->ao = Auth::instance()->get_user(); + + if (! is_null($this->ao) AND (is_string($this->ao))) + throw HTTP_Exception::factory(501,'Account doesnt exist :account ?',array(':account'=>(is_string($this->ao) OR is_null($this->ao)) ? $this->ao : Auth::instance()->get_user()->id)); + } // Actions that start with ajax, should only be ajax if (! Kohana::$config->load('debug')->ajax AND preg_match('/^ajax/',Request::current()->action()) AND ! Request::current()->is_ajax()) @@ -82,7 +90,7 @@ abstract class lnApp_Controller_TemplateDefault extends Kohana_Controller_Templa return; } - if ($this->ao AND $this->ao->loaded() AND ! $this->ao->activated() AND ($this->request->controller() != 'Account' OR $this->request->action() != 'activate')) + if ($this->ao AND is_object($this->ao) AND $this->ao->loaded() AND ! $this->ao->activated() AND ($this->request->controller() != 'Account' OR $this->request->action() != 'activate')) HTTP::redirect('login/activate'); // Check user auth and role diff --git a/classes/lnApp/Form.php b/classes/lnApp/Form.php index c1750ab..791e961 100644 --- a/classes/lnApp/Form.php +++ b/classes/lnApp/Form.php @@ -22,6 +22,9 @@ abstract class lnApp_Form extends Kohana_Form { return '%s'; } + if (! isset($attributes['class'])) + $attributes['class'] = 'form-control'; + $output = ''; $output .= '