Refactored, simplified access system a bit. Tested, for once.

* Mobs provide GetAccess() and hasFullAccess()
 * Human GetAccess() provides the "best" accesses available combined from all conventional sources.\
 * Silicons have hasFullAccess()
 * AdminGhosts also provide full access.

code/game/jobs/access.dm

@@ -117,25 +117,11 @@
 
 
 //returns 1 if this mob has sufficient access to use this object
-/obj/proc/allowed(mob/M)
-	//check if it doesn't require any access at all
-	if(src.check_access(null))
+/obj/proc/allowed(var/mob/M)
+	if(M.hasFullAccess()) // AI, robots, adminghosts, etc.
 		return 1
-	if(istype(M, /mob/living/silicon) || isAdminGhost(M))
-		//AI can do whatever he wants
-		// So can admins.
-		return 1
-	else if(istype(M, /mob/living/carbon/human))
-		var/mob/living/carbon/human/H = M
-		//if they are holding or wearing a card that has access, that works
-		if(src.check_access(H.get_active_hand()) || src.check_access(H.wear_id))
-			return 1
-	else if(istype(M, /mob/living/carbon/monkey) || istype(M, /mob/living/carbon/alien/humanoid))
-		var/mob/living/carbon/george = M
-		//they can only hold things :(
-		if(src.check_access(george.get_active_hand()))
-			return 1
-	return 0
+	var/list/ACL = M.GetAccess()
+	return can_access(ACL,req_access,req_one_access)
 
 /obj/item/proc/GetAccess()
 	return list()
@@ -144,26 +130,8 @@
 	return null
 
 /obj/proc/check_access(obj/item/I)
-
-	if(!src.req_access && !src.req_one_access) //no requirements
-		return 1
-	if(!istype(src.req_access, /list)) //something's very wrong
-		return 1
-
-	var/list/L = src.req_access
-	if(!L.len && (!src.req_one_access || !src.req_one_access.len)) //no requirements
-		return 1
-	if(!I)
-		return 0
-	for(var/req in src.req_access)
-		if(!(req in I.GetAccess())) //doesn't have this access
-			return 0
-	if(src.req_one_access && src.req_one_access.len)
-		for(var/req in src.req_one_access)
-			if(req in I.GetAccess()) //has an access from the single access list
-				return 1
-		return 0
-	return 1
+	var/list/ACL = I.GetAccess()
+	return can_access(ACL,req_access,req_one_access)
 
 
 /obj/proc/check_access_list(var/list/L)

code/modules/mob/dead/observer/observer.dm

@@ -30,7 +30,7 @@
 	var/antagHUD = 0
 	universal_speak = 1
 	var/atom/movable/following = null
-	
+
 
 
 /mob/dead/observer/New(var/mob/body=null, var/flags=1)
@@ -93,6 +93,12 @@
 	real_name = name
 	..()
 
+/mob/dead/observer/hasFullAccess()
+	return isAdminGhost(src)
+
+/mob/dead/observer/GetAccess()
+	return isAdminGhost(src) ? get_all_accesses() : list()
+
 /mob/dead/attackby(obj/item/W, mob/user)
 	if(istype(W,/obj/item/weapon/tome))
 		var/mob/dead/M = src

code/modules/mob/living/carbon/human/human.dm

@@ -1470,4 +1470,14 @@ mob/living/carbon/human/yank_out_object()
 		var/obj/item/clothing/shoes/magboots/M = shoes
 		if(M.magpulse)
 			return 0
-	return 1
+	return 1
+
+// Get ALL accesses available.
+/mob/living/carbon/human/GetAccess()
+	var/list/ACL=list()
+	var/obj/item/I = get_active_hand()
+	if(istype(I))
+		ACL |= I.GetAccess()
+	if(wear_id)
+		ACL |= wear_id.GetAccess()
+	return ACL

code/modules/mob/living/carbon/monkey/monkey.dm

@@ -516,3 +516,10 @@
 	if(!ticker.mode.name == "monkey")	return 0
 	return 1
 
+// Get ALL accesses available.
+/mob/living/carbon/monkey/GetAccess()
+	var/list/ACL=list()
+	var/obj/item/I = get_active_hand()
+	if(istype(I))
+		ACL |= I.GetAccess()
+	return ACL

code/modules/mob/living/silicon/silicon.dm

@@ -11,6 +11,12 @@
 	var/list/alarm_types_show = list("Motion" = 0, "Fire" = 0, "Atmosphere" = 0, "Power" = 0, "Camera" = 0)
 	var/list/alarm_types_clear = list("Motion" = 0, "Fire" = 0, "Atmosphere" = 0, "Power" = 0, "Camera" = 0)
 
+/mob/living/silicon/hasFullAccess()
+	return 1
+
+/mob/living/silicon/GetAccess()
+	return get_all_accesses()
+
 /mob/living/silicon/proc/cancelAlarm()
 	return
 
@@ -145,8 +151,8 @@
 	if (bot.connected_ai == ai)
 		return 1
 	return 0
-	
-	
+
+
 // this function shows the health of the pAI in the Status panel
 /mob/living/silicon/proc/show_system_integrity()
 	if(!src.stat)
@@ -154,25 +160,25 @@
 	else
 		stat(null, text("Systems nonfunctional"))
 
-	
+
 // This is a pure virtual function, it should be overwritten by all subclasses
 /mob/living/silicon/proc/show_malf_ai()
 	return 0
 
-	
+
 // this function displays the station time in the status panel
 /mob/living/silicon/proc/show_station_time()
 	stat(null, "Station Time: [worldtime2text()]")
-	
-	
+
+
 // this function displays the shuttles ETA in the status panel if the shuttle has been called
 /mob/living/silicon/proc/show_emergency_shuttle_eta()
 	if(emergency_shuttle.online && emergency_shuttle.location < 2)
 		var/timeleft = emergency_shuttle.timeleft()
 		if (timeleft)
 			stat(null, "ETA-[(timeleft / 60) % 60]:[add_zero(num2text(timeleft % 60), 2)]")
-				
-				
+
+
 // This adds the basic clock, shuttle recall timer, and malf_ai info to all silicon lifeforms
 /mob/living/silicon/Stat()
 	..()
@@ -182,7 +188,7 @@
 		show_emergency_shuttle_eta()
 		show_system_integrity()
 		show_malf_ai()
-		
+
 // this function displays the stations manifest in a separate window
 /mob/living/silicon/proc/show_station_manifest()
 	var/dat

code/modules/mob/mob.dm

@@ -1443,4 +1443,12 @@ mob/verb/yank_out_object()
 			pinned -= O
 		if(!pinned.len)
 			anchored = 0
-	return 1
+	return 1
+
+// Mobs tell access what access levels it has.
+/mob/proc/GetAccess()
+	return list()
+
+// Skip over all the complex list checks.
+/mob/proc/hasFullAccess()
+	return 0

html/changelog.html

@@ -75,6 +75,18 @@
 		<!-- To take advantage of the pretty new format (well it was new when I wrote this anyway), open the "add-to-changelog.html" file in any browser and add the stuff and then generate the html code and paste it here -->
 		<!-- Suggestion:  Group changes not merged into master into a single [IN DEVELOPMENT] block, then change the date to today before merging.  Makes the changes from the last release a bit easier to comprehend. -->
 	
+		<div class="commit sansserif">
+			<h2 class="date">2014.05.20</h2>
+			<h3 class="author">N3X15 updated:</h3>
+			<ul class="changes bgimages16">
+				<li class="rscadd">The jukebox now requires a payment to change songs by default. (Settings panel can set price, $0 will not require payment.)</li>
+				<li class="rscadd">Refactored, far more flexible and efficient access control system (backwards compatible).</li>
+				<li class="tweak">Purchased song will only play after the current song ends.</li>
+				<li class="tweak">Only bartender access can change playlist.</li>
+				<li class="tweak">Bartender can change jukebox payable account, price of songs, and restrict song changes to a variety of access levels.</li>
+			</ul>
+		</div>
+		
 		<div class="commit sansserif">
 			<h2 class="date">2014.05.19</h2>
 			<h3 class="author">N3X15 updated:</h3>