From 29c714c9c0d1c51943f4b053dd94851afbddfebc Mon Sep 17 00:00:00 2001
From: Amit <amit.r@vtiger.com>
Date: Wed, 26 Jul 2023 15:10:33 +0530
Subject: [PATCH] V-156500377::Amit::chart Reports Permission check in group by
field
---
modules/Reports/actions/Save.php | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/modules/Reports/actions/Save.php b/modules/Reports/actions/Save.php
index 197182bb3..d76a13b10 100644
--- a/modules/Reports/actions/Save.php
+++ b/modules/Reports/actions/Save.php
@@ -26,21 +26,23 @@ class Reports_Save_Action extends Vtiger_Save_Action {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
- $selectedFields = $request->get('selected_fields');
- if (count($selectedFields) > 0) {
- foreach ($selectedFields as $field) {
- list($tablename, $colname, $module_field, $fieldname, $single) = split(":", $field);
- list($module, $fieldName) = split("_", $module_field, 2);
- $moduleModel = Vtiger_Module_Model::getInstance($module);
- $fieldModel = Vtiger_Field_Model::getInstance($fieldname, $moduleModel);
-
- if ($fieldModel->table !== $tablename) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- } elseif ($fieldModel->column !== $colname) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- }
- }
+
+ $selectedFields = $request->get('selected_fields');
+ $groupbyfields = $request->get('groupbyfield');
+ $fieldsData = array($selectedFields, $groupbyfields);
+
+ foreach ($fieldsData as $selectedField){
+ foreach ($selectedField as $field) {
+ list($tablename, $colname, $module_field, $fieldname, $single) = split(":", $field);
+ list($module, $fieldName) = split("_", $module_field, 2);
+ $moduleModel = Vtiger_Module_Model::getInstance($module);
+ $fieldModel = Vtiger_Field_Model::getInstance($fieldname, $moduleModel);
+
+ if (($fieldModel->table !== $tablename) || ($fieldModel->column !== $colname)) {
+ throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
+ }
+ }
+ }
return true;
}
--
GitLab