function admin_search($pattern = null) { $user = parent::getUser(); # code after form submit if (!empty($this->data)) { $pattern = "'%" . $this->data['Rule']['pattern'] . "%'"; $WILDCARD = "'*'"; $search_result = $this->Rule->query('SELECT * FROM rules LEFT JOIN groups on rules.group_id = groups.id LEFT JOIN locations as loc1 on rules.location_id = loc1.id LEFT JOIN locations as loc2 on groups.location_id = loc2.id WHERE (rules.sitename LIKE ' . $pattern . ' OR rules.sitename = ' . $WILDCARD . ') AND (rules.location_id = 1 OR rules.location_id = ' . $this->data['Rule']['locations'] . ') ORDER BY sitename, priority;', $cachequeries = false); #pr($search_result); $this->set('results', $search_result); } if (in_array($user['Role']['name'], $this->priv_roles)) { $allowed_locations = parent::getAdminLocationIds(); $find_condition = array('fields' => array('Location.*'), 'conditions' => array("AND" => array('Location.id' => $allowed_locations, 'Location.id NOT' => "1")), 'order' => 'Location.code'); } else { $find_condition = array('fields' => array('Location.*'), 'order' => 'Location.code', 'conditions' => array("id NOT" => "1")); } $locations_list = $this->Location->find('all', $find_condition); $locations = Set::combine($locations_list, '{n}.Location.id', array('%s %s', '{n}.Location.code', '{n}.Location.name')); $this->set(compact('locations')); }
function admin_index() { # get global settings $settings = $this->CommonTasks->getGlobalSettings(); $this->set('settings', $settings); $user = parent::getUser(); $conditions = array(); # get proxys / locations if (!in_array($user['Role']['name'], $this->priv_roles)) { $allowed_locations = parent::getAdminLocationIds(); $conditions['Location.id'] = $allowed_locations; } # If form has been submitted if (!empty($this->data) && isset($this->data['User']['searchstring'])) { $string = $this->data['User']['searchstring']; $conditions = array("User.username LIKE '%{$string}%' OR User.realname LIKE '%{$string}%'"); } $this->User->recursive = 0; $this->set('users', $this->paginate('User', $conditions)); }
function isAuthorized() { $parent = parent::isAuthorized(); if (!is_null($parent)) { return $parent; } if ($this->action == 'admin_start') { return true; } if ($this->action == 'admin_view') { $locs = parent::getAdminLocationIds(); array_push($locs, 1); $locId = $this->params['pass'][0]; if (!parent::checkSecurity($locId, $locs)) { $this->Tracker->back(); } return true; } return false; }
function isAuthorized() { $parent = parent::isAuthorized(); if (!is_null($parent)) { return $parent; } $locs = parent::getAdminLocationIds(); if (in_array($this->action, array('admin_delete', 'admin_view'))) { $log = $this->Log->read(null, $this->passedArgs['0']); $locId = $log['Location']['id']; if (!parent::checkSecurity($locId)) { $this->Tracker->back(); } return true; } if (in_array($this->action, array('admin_searchlist'))) { if (isset($this->data)) { $proxy = $this->ProxySetting->read(null, $this->data['Log']['proxyId']); $locId = $proxy['Location']['id']; if (!parent::checkSecurity($locId)) { $this->Tracker->back(); } } return true; } if (in_array($this->action, array('admin_createRule'))) { // security check in action return true; } return false; }