Skip to content
Snippets Groups Projects
Commit 29c714c9 authored by amit r's avatar amit r
Browse files

V-156500377::Amit::chart Reports Permission check in group by field

parent 6d5c906f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/Reports/actions/Save.php
+ 17
15
View file @ 29c714c9
......@@ -26,21 +26,23 @@ class Reports_Save_Action extends Vtiger_Save_Action {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
$selectedFields = $request->get('selected_fields');
if (count($selectedFields) > 0) {
foreach ($selectedFields as $field) {
list($tablename, $colname, $module_field, $fieldname, $single) = split(":", $field);
list($module, $fieldName) = split("_", $module_field, 2);
$moduleModel = Vtiger_Module_Model::getInstance($module);
$fieldModel = Vtiger_Field_Model::getInstance($fieldname, $moduleModel);
if ($fieldModel->table !== $tablename) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
} elseif ($fieldModel->column !== $colname) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
}
$selectedFields = $request->get('selected_fields');
$groupbyfields = $request->get('groupbyfield');
$fieldsData = array($selectedFields, $groupbyfields);
foreach ($fieldsData as $selectedField){
foreach ($selectedField as $field) {
list($tablename, $colname, $module_field, $fieldname, $single) = split(":", $field);
list($module, $fieldName) = split("_", $module_field, 2);
$moduleModel = Vtiger_Module_Model::getInstance($module);
$fieldModel = Vtiger_Field_Model::getInstance($fieldname, $moduleModel);
if (($fieldModel->table !== $tablename) || ($fieldModel->column !== $colname)) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
}
return true;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.