Method security checking

application/classes/Auth/OSB.php

@@ -185,26 +185,19 @@ class Auth_OSB extends Auth_ORM {
 		$uo = $this->get_user();
 
 		// If we are not a valid user object, then we are not logged in
-		if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) {
-			if (Config::sitemode() == Kohana::DEVELOPMENT)
-				SystemMessage::add(array('title'=>'Debug','type'=>'debug','body'=>Debug::vars(array('user'=>$uo->username,'r'=>$role))));
-
-			if (! empty($role) AND Request::current()->mmo()) {
-				// If the role has the authorisation to run the method
-				$gmo = ORM::factory('Group_Method')
-					->where('method_id','=',Request::current()->mmo()->id);
-
-				foreach ($gmo->find_all() as $gm)
-					// $gm->group->id == 0 means all users.
-					if ($gm->group->id == 0 OR $uo->has_any('group',$gm->group->list_childgrps(TRUE))) {
-						$status = TRUE;
-						break;
-					}
+		if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
+			if (! empty($role)) {
+				if (($x = Request::current()->mmo()) instanceof Model)
+					// If the role has the authorisation to run the method
+					foreach ($x->group->find_all() as $go)
+						if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) {
+							$status = TRUE;
+							break;
+						}
 
 			// There is no role, so the method should be allowed to run as anonymous
 			} else
 				$status = TRUE;
-		}
 
 		return $status;
 	}

application/classes/Request.php

@@ -45,7 +45,7 @@ class Request extends Kohana_Request {
 			$method = strtolower($this->_directory ? sprintf('%s_%s',$this->_directory,$this->_action) : $this->_action);
 
 			// Get the method number
-			$mmo = ORM::factory('Module_Method',array('module_id'=>$mo->id,'name'=>$method));
+			$mmo = $mo->module_method->where('name','=',$method)->find();
 
 			if ($mmo->loaded())
 				$result = $mmo;