Skip to content
Snippets Groups Projects
Commit 237038b6 authored by root's avatar root
Browse files

Fixes::158429882::Chaitanya N::Broken access control in migration module issue is fixed.

parent bd2ae92c
Branches 536_pajax_iOS_Issues
No related tags found
No related merge requests found
......@@ -9,6 +9,17 @@
************************************************************************************/
class Migration_DisableModules_Action extends Vtiger_Action_Controller {
public function checkPermission(\Vtiger_Request $request) {
global $current_user;
$isAdmin = is_admin($current_user);
if ($isAdmin == true) {
return true;
} else {
throw new Exception(vtranslate('LBL_ONLY_ADMINS_CAN_ACCESS'));
}
return parent::checkPermission($request);
}
public function process(Vtiger_Request $request) {
$modulesList = $request->get('modulesList');
......
......@@ -22,27 +22,32 @@ class Migration_Extract_Action extends Vtiger_Action_Controller {
$user = CRMEntity::getInstance('Users');
$user->column_fields['user_name'] = $userName;
if ($user->doLogin($password)) {
$zip = new ZipArchive();
$fileName = 'vtiger8.zip';
if ($zip->open($fileName)) {
if ($zip->extractTo($root_directory)) {
$zip->close();
if($user->is_admin == 'on') {
$zip = new ZipArchive();
$fileName = 'vtiger8.zip';
if ($zip->open($fileName)) {
if ($zip->extractTo($root_directory)) {
$zip->close();
$userid = $user->retrieve_user_id($userName);
$_SESSION['authenticated_user_id'] = $userid;
$_SESSION['app_unique_key'] = vglobal('application_unique_key');
$userid = $user->retrieve_user_id($userName);
$_SESSION['authenticated_user_id'] = $userid;
$_SESSION['app_unique_key'] = vglobal('application_unique_key');
/* Give time for PHP runtime to pickup new changes after zip
* for files that are include/require once previously */
sleep(5);
/* Give time for PHP runtime to pickup new changes after zip
* for files that are include/require once previously */
sleep(5);
header('Location: index.php?module=Migration&view=Index&mode=step1');
header('Location: index.php?module=Migration&view=Index&mode=step1');
} else {
$errorMessage = 'ERROR EXTRACTING MIGRATION ZIP FILE!';
header('Location: migrate/index.php?error='.$errorMessage);
}
} else {
$errorMessage = 'ERROR EXTRACTING MIGRATION ZIP FILE!';
$errorMessage = 'ERROR READING MIGRATION ZIP FILE!';
header('Location: migrate/index.php?error='.$errorMessage);
}
} else {
$errorMessage = 'ERROR READING MIGRATION ZIP FILE!';
}else{
$errorMessage = 'PERMISSION DENIED! ONLY ADMIN USERS CAN ACCESS';
header('Location: migrate/index.php?error='.$errorMessage);
}
} else {
......
......@@ -18,7 +18,13 @@ class Migration_Index_View extends Vtiger_View_Controller {
}
public function checkPermission(Vtiger_Request $request){
return true;
global $current_user;
$isAdmin = is_admin($current_user);
if ($isAdmin == true) {
return true;
} else {
throw new Exception('ADMIN USERS CAN ONLY ACCESS');
}
}
public function process(Vtiger_Request $request) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment