Merge branch '38276053_checkPermission_Overall' into 'master'

checkpermission addressed on Portal,Opportunities,Products,PriceBooks and Core files See merge request !390

Merge branch '38276053_checkPermission_Overall' into 'master'
checkpermission addressed on Portal,Opportunities,Products,PriceBooks and Core files See merge request !390
0cbffa0e · Prasad · a20e6965 · 3af639e1 · 0cbffa0e · 0cbffa0e
Commit 0cbffa0e authored 5 years ago by Prasad
--- a/modules/Portal/actions/DeleteAjax.php
+++ b/modules/Portal/actions/DeleteAjax.php
@@ -10,14 +10,9 @@

 class Portal_DeleteAjax_Action extends Vtiger_DeleteAjax_Action {

-	public function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$record = $request->get('record');
-
-		$currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPrivilegesModel->isPermitted($moduleName, 'Delete', $record)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		return $permissions;
 	}
 	
    public function process(Vtiger_Request $request) {

--- a/modules/Portal/actions/MassDelete.php
+++ b/modules/Portal/actions/MassDelete.php
@@ -10,16 +10,11 @@

 class Portal_MassDelete_Action extends Vtiger_MassDelete_Action {

-    function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		return $permissions;
 	}
-
+	
    public function process(Vtiger_Request $request) {
        $module = $request->getModule();
        

--- a/modules/Portal/actions/SaveAjax.php
+++ b/modules/Portal/actions/SaveAjax.php
@@ -10,14 +10,19 @@

 class Portal_SaveAjax_Action extends Vtiger_SaveAjax_Action {
    
-    public function process(Vtiger_Request $request) {
+    public function requiresPermission(\Vtiger_Request $request) {
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		return $permissions;
+	}
+	
+	public function process(Vtiger_Request $request) {
        $module = $request->getModule();
        $recordId = $request->get('record');
        $bookmarkName = $request->get('bookmarkName');
        $bookmarkUrl = $request->get('bookmarkUrl');
        
        Portal_Module_Model::saveRecord($recordId, $bookmarkName, $bookmarkUrl);
-        
+		
        $response = new Vtiger_Response();
        $result = array('message' => vtranslate('LBL_BOOKMARK_SAVED_SUCCESSFULLY', $module));
        $response->setResult($result);

--- a/modules/Portal/views/Detail.php
+++ b/modules/Portal/views/Detail.php
@@ -10,6 +10,13 @@

 class Portal_Detail_View extends Vtiger_Index_View {

+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		
+		return $permissions;
+	}
+	
 	function preProcess(Vtiger_Request $request, $display=true) {
 		parent::preProcess($request);
 	}

--- a/modules/Portal/views/EditAjax.php
+++ b/modules/Portal/views/EditAjax.php
@@ -10,6 +10,13 @@

 class Portal_EditAjax_View extends Vtiger_IndexAjax_View {

+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		
+		return $permissions;
+	}
+	
 	public function process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');

--- a/modules/Portal/views/List.php
+++ b/modules/Portal/views/List.php
@@ -10,6 +10,13 @@

 class Portal_List_View extends Vtiger_Index_View {

+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		
+		return $permissions;
+	}
+	
 	function preProcess(Vtiger_Request $request, $display=true) {
 		parent::preProcess($request);


--- a/modules/Potentials/views/ConvertPotential.php
+++ b/modules/Potentials/views/ConvertPotential.php
@@ -10,15 +10,13 @@

 class Potentials_ConvertPotential_View extends Vtiger_Index_View {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-		$projectModuleModel = Vtiger_Module_Model::getInstance('Project');
-
-		$currentUserModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserModel->hasModuleActionPermission($projectModuleModel->getId(), 'CreateView')) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
-		}
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+		$request->set('custom_module', 'Project');
+		
+		return $permissions;
 	}

 	function process(Vtiger_Request $request) {

--- a/modules/Potentials/views/SaveConvertPotential.php
+++ b/modules/Potentials/views/SaveConvertPotential.php
@@ -11,17 +11,15 @@ vimport('~~/include/Webservices/ConvertPotential.php');

 class Potentials_SaveConvertPotential_View extends Vtiger_View_Controller {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-		$projectModuleModel = Vtiger_Module_Model::getInstance('Project');
-
-		$currentUserModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserModel->hasModuleActionPermission($projectModuleModel->getId(), 'CreateView')) {
-			throw new AppException(vtranslate('LBL_CREATE_PROJECT_PERMISSION_DENIED', $moduleName));
-		}
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+		$request->set('custom_module', 'Project');
+		
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$recordId = $request->get('record');
 		$modules = $request->get('modules');

--- a/modules/PriceBooks/actions/ProductListPrice.php
+++ b/modules/PriceBooks/actions/ProductListPrice.php
@@ -10,14 +10,11 @@

 class PriceBooks_ProductListPrice_Action extends Vtiger_Action_Controller {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
-			throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
-		}
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		
+		return $permissions;
 	}

 	function process(Vtiger_Request $request) {

--- a/modules/PriceBooks/actions/RelationAjax.php
+++ b/modules/PriceBooks/actions/RelationAjax.php
@@ -17,6 +17,22 @@ class PriceBooks_RelationAjax_Action extends Vtiger_RelationAjax_Action {
 			return;
 		}
 	}
+	
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$mode = $request->getMode();
+		if(!empty($mode)) {
+			switch ($mode) {
+				case 'addListPrice':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+					$permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+					break;
+				default:
+					break;
+			}
+		}
+		return $permissions;
+	}

 	/**
 	 * Function adds PriceBooks-Products Relation
@@ -27,7 +43,6 @@ class PriceBooks_RelationAjax_Action extends Vtiger_RelationAjax_Action {
 		$sourceRecordId = $request->get('src_record');
 		$relatedModule =  $request->get('related_module');
 		$relInfos = $request->get('relinfo');
-		$relatedModule = $request->get('related_module');

 		$sourceModuleModel = Vtiger_Module_Model::getInstance($sourceModule);
 		$relatedModuleModel = Vtiger_Module_Model::getInstance($relatedModule);

--- a/modules/PriceBooks/views/ListPriceUpdate.php
+++ b/modules/PriceBooks/views/ListPriceUpdate.php
@@ -10,16 +10,15 @@

 class PriceBooks_ListPriceUpdate_View extends Vtiger_View_Controller {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
-			throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
-		}
+	
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'EditView', 'record_parameter' => 'record');
+		
+		return $permissions;
 	}
-
+	
 	function preProcess(Vtiger_Request $request, $display = true) {
 	}


--- a/modules/Products/actions/Mass.php
+++ b/modules/Products/actions/Mass.php
@@ -15,10 +15,12 @@ class Products_Mass_Action extends Vtiger_Mass_Action {
 		$this->exposeMethod('isChildProduct');
 	}

-	public function checkPermission(Vtiger_Request $request) {
-		return true;
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$mode = $request->getMode();
 		if(!empty($mode)) {

--- a/modules/Products/actions/RelationAjax.php
+++ b/modules/Products/actions/RelationAjax.php
@@ -18,6 +18,31 @@ class Products_RelationAjax_Action extends Vtiger_RelationAjax_Action {
 		$this->exposeMethod('changeBundleCost');
 	}
 	
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$mode = $request->getMode();
+		if(!empty($mode)) {
+			switch ($mode) {
+				case 'addListPrice':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+					$permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+					break;
+				case 'updateShowBundles':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+				case 'updateQuantity':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+					$permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+				case 'changeBundleCost':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+				default:
+					break;
+			}
+		}
+		return $permissions;
+	}
+	
 	/*
 	 * Function to add relation for specified source record id and related record id list
 	 * @param <array> $request

--- a/modules/Products/actions/SubProducts.php
+++ b/modules/Products/actions/SubProducts.php
@@ -10,14 +10,10 @@

 class Products_SubProducts_Action extends Vtiger_Action_Controller {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
-			throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		return $permissions;
 	}

 	function process(Vtiger_Request $request) {

--- a/modules/Products/views/Detail.php
+++ b/modules/Products/views/Detail.php
@@ -15,6 +15,20 @@ class Products_Detail_View extends Vtiger_Detail_View {
 		$this->exposeMethod('showBundleTotalCostView');
 	}
 	
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$mode = $request->getMode();
+		if(!empty($mode)) {
+			switch ($mode) {
+				case 'showBundleTotalCostView':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+					break;
+			}
+		}
+		return $permissions;
+	}
+	
 	function preProcess(Vtiger_Request $request, $display = true) {
 		$recordId = $request->get('record');
 		$moduleName = $request->getModule();

--- a/modules/Products/views/MoreCurrenciesList.php
+++ b/modules/Products/views/MoreCurrenciesList.php
@@ -11,14 +11,13 @@

 class Products_MoreCurrenciesList_View extends Vtiger_IndexAjax_View {

-	public function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
 		$record = $request->get('record');

 		$actionName = ($record) ? 'EditView' : 'CreateView';
-		if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+		$permissions[] = array('module_parameter' => 'module', 'action' => $actionName, 'record_parameter' => 'record');
+		return $permissions;
 	}

 	public function process(Vtiger_Request $request) {

--- a/modules/Products/views/SubProductQuantityUpdate.php
+++ b/modules/Products/views/SubProductQuantityUpdate.php
@@ -10,14 +10,10 @@

 class Products_SubProductQuantityUpdate_View extends Vtiger_View_Controller {

-	public function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if (!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
-			throw new AppException(vtranslate($moduleName, $moduleName) . ' ' . vtranslate('LBL_NOT_ACCESSIBLE'));
-		}
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		return $permissions;
 	}

 	public function preProcess(Vtiger_Request $request, $display = true) {

--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -35,7 +35,7 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
 		$moduleName = $request->getModule();
 		$record = $request->get('record');

-		$nonEntityModules = array('Users', 'Events', 'Calendar');
+		$nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal');
 		if ($record && !in_array($moduleName, $nonEntityModules)) {
 			$recordEntityName = getSalesEntityType($record);
 			if ($recordEntityName !== $moduleName) {

--- a/modules/Vtiger/actions/TagCloud.php
+++ b/modules/Vtiger/actions/TagCloud.php
@@ -24,10 +24,6 @@ class Vtiger_TagCloud_Action extends Vtiger_Mass_Action {
 		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
 		return $permissions;
 	}
-	
-	function checkPermission(Vtiger_Request $request) {
-		parent::checkPermission($request);
-	}

 	public function process(Vtiger_Request $request) {
 		$mode = $request->getMode();

--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -44,7 +44,7 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
 					break;
 				case 'showRelatedList':
 				case 'showRelatedRecords':
-					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+					$permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView', 'record_parameter' => 'record');
 					break;
 				case 'getActivities':
 					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');