From 37f7c5a978ee26c2594c3e3b973dc015405d2bde Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Tue, 18 Aug 2020 15:08:48 +0530
Subject: [PATCH] Fixes #1447 Users admin status update on field ajax edit
---
modules/Users/actions/SaveAjax.php | 117 ++++++++++++++++++-----------
1 file changed, 73 insertions(+), 44 deletions(-)
diff --git a/modules/Users/actions/SaveAjax.php b/modules/Users/actions/SaveAjax.php
index c1f555c18..78d9d5912 100644
--- a/modules/Users/actions/SaveAjax.php
+++ b/modules/Users/actions/SaveAjax.php
@@ -87,53 +87,82 @@ class Users_SaveAjax_Action extends Vtiger_SaveAjax_Action {
* @return Vtiger_Record_Model or Module specific Record Model instance
*/
public function getRecordModelFromRequest(Vtiger_Request $request) {
- $recordModel = parent::getRecordModelFromRequest($request);
+ $moduleName = $request->getModule();
+ $recordId = $request->get('record');
$currentUserModel = Users_Record_Model::getCurrentUserModel();
-
- $fieldModelList = $recordModel->getModule()->getFields();
- $validationFields = array('is_admin', 'is_owner', 'roleid', 'signature');
- foreach ($fieldModelList as $fieldName => $fieldModel) {
- if(in_array($fieldName, $validationFields)){
- if ($request->has($fieldName)) {
- $fieldValue = $request->get($fieldName, null);
- } else {
- $fieldValue = $fieldModel->getDefaultFieldValue();
- }
- if($fieldValue){
- $fieldValue = Vtiger_Util_Helper::validateFieldValue($fieldValue,$fieldModel);
- }
- if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$fieldValue)) {
- $fieldValue = 'off';
- }
- //to not update is_owner from ui
- if ($fieldName == 'is_owner' || $fieldName == 'roleid') {
- $fieldValue = $this->getOwnerRoleValue($request, $fieldName);
- }
- if ($fieldName == 'signature' && $fieldValue !== null) {
- $purifiedContent = vtlib_purify(decode_html($fieldValue));
- // Purify malicious html event attributes
- $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent), true);
- }
- if ($fieldValue !== null) {
- if (!is_array($fieldValue)) {
- $fieldValue = trim($fieldValue);
- }
- $recordModel->set($fieldName, $fieldValue);
- }
- }
- }
- $fieldName = $request->get('field');
- if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$request->get('value'))) {
- $recordModel->set($fieldName, 'off');
- } else if($fieldName === 'is_admin' && $currentUserModel->isAdminUser()) {
- $requestValue = $request->get('value');
- $value = $requestValue==1?"on":"off";
- $recordModel->set($fieldName,$value);
+
+ if(!empty($recordId)) {
+ $recordModel = Vtiger_Record_Model::getInstanceById($recordId, $moduleName);
+ $modelData = $recordModel->getData();
+ $recordModel->set('id', $recordId);
+ $sharedType = $request->get('sharedtype');
+ if(!empty($sharedType))
+ $recordModel->set('calendarsharedtype', $request->get('sharedtype'));
+ $recordModel->set('mode', 'edit');
+
+ } else {
+ $recordModel = Vtiger_Record_Model::getCleanInstance($moduleName);
+ $modelData = $recordModel->getData();
+ $recordModel->set('mode', '');
}
+
+ foreach ($modelData as $fieldName => $value) {
+ $requestFieldExists = false;
+ if($request->has($fieldName)){
+ $fieldValue = $request->get($fieldName,null);
+ $requestFieldExists = true;
+ }else if($fieldName === $request->get('field')){
+ $fieldValue = $request->get('value');
+ $requestFieldExists = true;
+ }
- if($fieldName == "is_owner" || $fieldName == "roleid") {
- $fieldValue = $this->getOwnerRoleValue($request, $fieldName);
- $recordModel->set($fieldName,$fieldValue);
+ if(!$requestFieldExists){
+ continue;
+ }
+
+ if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$fieldValue)) {
+ $fieldValue = 'off';
+ }else if($fieldName === 'is_admin' && $currentUserModel->isAdminUser()) {
+ $fieldValue = $fieldValue==1?"on":"off";
+ }
+
+ //to not update is_owner from ui
+ if ($fieldName == 'is_owner' || (in_array($fieldName, array('user_type', 'roleid')) && !$currentUserModel->isAdminUser())) {
+ $fieldValue = null;
+ }
+ if($fieldName == 'signature'){
+ $requestData = $request->getAll();
+ $instyle = new InStyle();
+ $signature = $instyle->convertStylesToInlineCss($requestData['signature']);
+ //#4823970 - Added to remove any action tags like <form>, <input>, <button>..
+ $fieldValue = vtlib_purify($signature);
+ // Purify malicious html event attributes
+ $fieldValue = purifyHtmlEventAttributes($fieldValue, true);
+ }
+ if($fieldValue !== null) {
+ if(!is_array($fieldValue)) {
+ $fieldValue = trim($fieldValue);
+ }
+ $recordModel->set($fieldName, $fieldValue);
+ }
+ }
+ $homePageComponents = $recordModel->getHomePageComponents();
+ $selectedHomePageComponents = $request->get('homepage_components', array());
+ foreach ($homePageComponents as $key => $value) {
+ if(in_array($key, $selectedHomePageComponents)) {
+ $request->setGlobal($key, $key);
+ } else {
+ $request->setGlobal($key, '');
+ }
+ }
+ if($request->has('tagcloudview')) {
+ // Tag cloud save
+ $tagCloud = $request->get('tagcloudview');
+ if($tagCloud == "on") {
+ $recordModel->set('tagcloud', 0);
+ } else {
+ $recordModel->set('tagcloud', 1);
+ }
}
return $recordModel;
}
--
GitLab