From 38d85502e7a7be381db3a468726a14a603415d11 Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Tue, 10 Dec 2019 18:18:45 +0530
Subject: [PATCH] Fixes #1221 Access to Emails whose sharing access set to
PRivate
---
.../modules/Settings/Profiles/DetailView.tpl | 5 +-
.../Settings/Profiles/EditViewContents.tpl | 3 +-
modules/Migration/models/Module.php | 1 +
modules/Migration/schema/720_to_721.php | 48 ++++++++++++++++++
modules/Settings/Profiles/models/Record.php | 12 -----
packages/vtiger/mandatory/ModTracker.zip | Bin 16351 -> 16942 bytes
.../modules/ModTracker/models/Relation.php | 3 ++
vtigerversion.php | 4 +-
8 files changed, 57 insertions(+), 19 deletions(-)
create mode 100644 modules/Migration/schema/720_to_721.php
diff --git a/layouts/v7/modules/Settings/Profiles/DetailView.tpl b/layouts/v7/modules/Settings/Profiles/DetailView.tpl
index 552bee433..f0aa84866 100644
--- a/layouts/v7/modules/Settings/Profiles/DetailView.tpl
+++ b/layouts/v7/modules/Settings/Profiles/DetailView.tpl
@@ -91,7 +91,6 @@
</thead>
<tbody>
{foreach from=$RECORD_MODEL->getModulePermissions() key=TABID item=PROFILE_MODULE}
- {assign var=IS_RESTRICTED_MODULE value=$RECORD_MODEL->isRestrictedModule($PROFILE_MODULE->getName())}
<tr>
{assign var=MODULE_PERMISSION value=$RECORD_MODEL->hasModulePermission($PROFILE_MODULE)}
<td data-module-name='{$PROFILE_MODULE->getName()}' data-module-status='{$MODULE_PERMISSION}'>
@@ -102,7 +101,7 @@
{assign var="ACTION_MODEL" value=$ALL_BASIC_ACTIONS[$ACTION_ID]}
{assign var=MODULE_ACTION_PERMISSION value=$RECORD_MODEL->hasModuleActionPermission($PROFILE_MODULE, $ACTION_MODEL)}
<td data-action-state='{$ACTION_MODEL->getName()}' data-moduleaction-status='{$MODULE_ACTION_PERMISSION}' style="text-align: center;">
- {if !$IS_RESTRICTED_MODULE && $ACTION_MODEL->isModuleEnabled($PROFILE_MODULE)}
+ {if $ACTION_MODEL->isModuleEnabled($PROFILE_MODULE)}
<img src="{if $MODULE_ACTION_PERMISSION}{$ENABLE_IMAGE_PATH}{else}{$DISABLE_IMAGE_PATH}{/if}" />
{/if}
</td>
@@ -220,4 +219,4 @@
</div>
</div>
</div>
-{/strip}
\ No newline at end of file
+{/strip}
diff --git a/layouts/v7/modules/Settings/Profiles/EditViewContents.tpl b/layouts/v7/modules/Settings/Profiles/EditViewContents.tpl
index 0ebabbe07..e6267c44c 100644
--- a/layouts/v7/modules/Settings/Profiles/EditViewContents.tpl
+++ b/layouts/v7/modules/Settings/Profiles/EditViewContents.tpl
@@ -114,7 +114,6 @@
{foreach from=$PROFILE_MODULES key=TABID item=PROFILE_MODULE}
{assign var=MODULE_NAME value=$PROFILE_MODULE->getName()}
{if $MODULE_NAME neq 'Events'}
- {assign var=IS_RESTRICTED_MODULE value=$RECORD_MODEL->isRestrictedModule($MODULE_NAME)}
<tr>
<td class="verticalAlignMiddleImp">
<input class="modulesCheckBox" type="checkbox" name="permissions[{$TABID}][is_permitted]" data-value="{$TABID}" data-module-state="" {if $RECORD_MODEL->hasModulePermission($PROFILE_MODULE)}checked="true"{else} data-module-unchecked="true" {/if}> {$PROFILE_MODULE->get('label')|vtranslate:$PROFILE_MODULE->getName()}
@@ -124,7 +123,7 @@
<td class="textAlignCenter verticalAlignMiddleImp">
{assign var="ACTION_MODEL" value=$ALL_BASIC_ACTIONS[$ORDERID]}
{assign var=ACTION_ID value=$ACTION_MODEL->get('actionid')}
- {if !$IS_RESTRICTED_MODULE && $ACTION_MODEL->isModuleEnabled($PROFILE_MODULE)}
+ {if $ACTION_MODEL->isModuleEnabled($PROFILE_MODULE)}
<input class="action{$ACTION_ID}CheckBox" type="checkbox" name="permissions[{$TABID}][actions][{$ACTION_ID}]" data-action-state="{$ACTION_MODEL->getName()}" {if $RECORD_MODEL->hasModuleActionPermission($PROFILE_MODULE, $ACTION_MODEL)}checked="true"{elseif empty($RECORD_ID) && empty($IS_DUPLICATE_RECORD)} checked="true" {else} data-action{$ACTION_ID}-unchecked="true"{/if}></td>
{/if}
</td>
diff --git a/modules/Migration/models/Module.php b/modules/Migration/models/Module.php
index 3190eb623..8f9aa4ae1 100644
--- a/modules/Migration/models/Module.php
+++ b/modules/Migration/models/Module.php
@@ -45,6 +45,7 @@ class Migration_Module_Model extends Vtiger_Module_Model {
array('710' => '7.1.0'),
array('711' => '7.1.1'),
array('720' => '7.2.0'),
+ array('721' => '7.2.1'),
);
return $versions;
}
diff --git a/modules/Migration/schema/720_to_721.php b/modules/Migration/schema/720_to_721.php
new file mode 100644
index 000000000..18310b45a
--- /dev/null
+++ b/modules/Migration/schema/720_to_721.php
@@ -0,0 +1,48 @@
+<?php
+/*+********************************************************************************
+ * The contents of this file are subject to the vtiger CRM Public License Version 1.0
+ * ("License"); You may not use this file except in compliance with the License
+ * The Original Code is: vtiger CRM Open Source
+ * The Initial Developer of the Original Code is vtiger.
+ * Portions created by vtiger are Copyright (C) vtiger.
+ * All Rights Reserved.
+ *********************************************************************************/
+
+if (defined('VTIGER_UPGRADE')) {
+ global $current_user, $adb;
+ $db = PearDatabase::getInstance();
+
+ $actions = array('Save', 'EditView', 'Delete', 'DetailView', 'CreateView');
+ $emailsTabId = getTabid('Emails');
+
+ $actionIds = array();
+ foreach($actions as $actionName) {
+ array_push($actionIds, getActionid($actionName));
+ }
+
+ $profileIdsResult = $db->pquery("SELECT DISTINCT profileid FROM vtiger_profile", array());
+ $profileIdCount = $db->num_rows($profileIdsResult);
+ for($i = 0; $i < $profileIdCount; $i++) {
+ $profileId = $db->query_result($profileIdsResult, $i, 'profileid');
+ foreach($actionIds as $actionId) {
+ $db->pquery("INSERT INTO vtiger_profile2standardpermissions VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE permissions = ?",
+ array($profileId, $emailsTabId, $actionId, 0, 0));
+ }
+ echo "Emails permission for profile id :: $profileId inserted into vtiger_profile2standardpermissions table.<br>";
+ }
+
+ $db->pquery("UPDATE vtiger_tab SET ownedby = ? WHERE tabid = ?", array(0, $emailsTabId));
+ echo "ownedby value updated to 0 for Emails in vtiger_tab table.<br>";
+ vimport('~modules/Users/CreateUserPrivilegeFile.php');
+ $usersResult = $db->pquery("SELECT id FROM vtiger_users", array());
+ $usersCount = $db->num_rows($usersResult);
+ for($i = 0; $i < $usersCount; $i++) {
+ $userId = $db->query_result($usersResult, $i, 'id');
+ createUserPrivilegesfile($userId);
+ createUserSharingPrivilegesfile($userId);
+ echo "User privilege and sharing privilege files recreated for user id :: $userId.<br>";
+ }
+
+ Vtiger_Cache::flushAllData();
+ echo "Cache cleared <br>";
+}
\ No newline at end of file
diff --git a/modules/Settings/Profiles/models/Record.php b/modules/Settings/Profiles/models/Record.php
index dcba26e06..a4e4064bf 100644
--- a/modules/Settings/Profiles/models/Record.php
+++ b/modules/Settings/Profiles/models/Record.php
@@ -607,9 +607,6 @@ class Settings_Profiles_Record_Model extends Settings_Vtiger_Record_Model {
$db->pquery($utilityInsertQuery, array());
}
}
- } elseif ($this->isRestrictedModule($moduleModel->getName())) {
- //To check the module is restricted or not(Emails, Webmails)
- $actionEnabled = true;
}
} else {
$actionEnabled = true;
@@ -798,15 +795,6 @@ class Settings_Profiles_Record_Model extends Settings_Vtiger_Record_Model {
}
}
- /**
- * Function to check whether module is restricted for to show actions and field access
- * @param <String> $moduleName
- * @return <boolean> true/false
- */
- public function isRestrictedModule($moduleName) {
- return in_array($moduleName, array('Emails'));
- }
-
/**
* Function recalculate the sharing rules
*/
diff --git a/packages/vtiger/mandatory/ModTracker.zip b/packages/vtiger/mandatory/ModTracker.zip
index 5c601415e360598d1e0d7108c4943669168dbf78..ca620cea7c868acd0016485dad2c45627441df9b 100644
GIT binary patch
delta 4470
zcmb_f4LFqP8vbVd%xC<hP$IuYreu@ZhN6sOWwZ#TPF5P0GNvg;B4=V*t;H!{a?qa2
z&&fr#IacULTf4OitE3+)E4#YrB(=wG(v|PL@2uB+=EpkMb)M_;cX^)seV+Sy-{-mK
zC&}4#nzKJoP2CWK_IS6GpY)gUZ%oV*6NC$+#NknqaUTQ+>0%5m_s>F4<_v`%&lw_m
zaAPCIAbrg8aJYfqxNpgX@9a4^hEF;omX2ZOz`M#y&b#`)E6taIo4z$XvxtUa&`))e
z;5<r_k-{*s(o|I*Pwb`tAJ2~#heeBJR83WW*dOH+J2mCcugTYRgaqstXuP%n1VGQ}
z5+I5X+rCGZfUH-F1ayrjFvd|xK&W0oTg$)?-r2My10(=FRVRQ;JFst;IG)11ta4*V
z#Y>`12}$56OV`*%G0I?aRP3$@v4DCpDQ7CVnBb}rx>^?cO75{DH`hVM%cKDx%3aPH
zU#&#QO+)GL{htDEpy$-wOqJ(s<y8__aU*o@R4u%|9K)<Ynmr~9ko!0ZHF~C(^%gU5
z`;UH3tkMH%0?$9vlz)aaT@166Vwe-Ut90dYOc!lX2RMCqnpe52V;J;Sj>7`~wH?Pv
zUZpLMbJ1a#X3xOC?hW~&7tjX1RnukyIt@55AeOo@ls3#*zKSI{hRvr$&Gp(5DTr_o
zMT;i-jhMNix04Ps>8PbQg@ES4NaYp1pNU}$WSCk+n=4bkto<`vGyqtVU2Mk%4Ge=J
zGO+AJSrY^G@8B3f4=T$@0w(00LqnnHOPr{U(bW6ZFiiTbHu#aS%UwT3FU&E=y0h$;
z_D$`!JGBDlA5Lp3udKYa<%N}iKXl<@44yUe=Es*^+ZLA12yWJX=oI&?rBHjQ?bprS
zE4ni4-jQQ>(^BdSt-jx2Z0Pmbv9!Y7x`F?&UYc>@OUX^YY+d7Zn&}Ns-&CC7G^PbO
zuG^=hW?p(5-&?^hpm&>@|D{7z$9{3%ucz4FlF!p`cjq=18;%(Bg$J}t4)w93ti3`+
zPH~++2ebP8Une_+Fx?6*MNcwT91qW>pN%}(EB>~;=W~K|`Oz`o#pS~2C)WASnaf2B
z@=toOzh_Dcud3TNFUm10TlgOv&o-U(%L#5T`9;?rny|A2N{jft-DKwZt78FGMyGsZ
z>ho^qY=5m*8J*3lX_=pt$y&!-vY!3eB`YGQ+{fopU{$TtlC^>-+|s!Lk=N3b8{P?t
zl&Gk-gn^!pD`_+QP5id3tV$Yw4=7==GiKdB*geZh($h;b@Vn*d@wSs^dqj}#`<2so
zw!Zv2-dKT$>B@QG?;-}DdoPPT^My@+U_0M<<bkVJQ_7%c?HqR8BUh&==JTF=Ggj&T
z^mxN+F?+-QkJlvst*iOr;2t-R{M~E#vzF(@TRMOAU1HJ?yJyC4Ypod!u8b)9S5Rqr
zeHZ?!%Dr~MQOQ-Y<o3{$+jwYp=BB<1&+1#=0m7rNev6YlKE-OSKQm@8%FpYuzdPJ=
zWP7uSc(B>%xwW{}*S2F`0c%)mrT>j2Kda2U)m!^-Z8F?k*6(8Pc&VVE^^5A81HNTl
zCZ+bB%mLRD##XP9rrJAg!7-K_w|w}kf6<<j6yJMUquFeCiJ4jZgI<4)VD8!eraAn@
zyy&jV-W8%3rGo9g$q9EG&*^X)7<o1oTko5jIj|}g#?&np9jh2jwRqKvb+7`K#heZ?
zsQ*^Ol{Z)To11fax!arUzLG(6x8aPuPOr=&;nzQ>)As6U4J7y6V2wPz9BWWqwI;B$
zE&8<h+{@ODYp+P&9A=z7p0?-T`->9JaPB>czV`NBVztBXMZb)Zr~VprsjK+<#o!(L
z@^xZ60@ojiDh*nln-ehl&82UOFAtuJ9}{^kdb^D$=&M=Z@=rWB_siI$!<@9n&->^b
z^_>jbEMHu_!moN}-k4NzdbH~PE`J^aKi%Cg_6E-jK1A?DO@Zi<A0qu=D4C%*I_RV$
z|Jc>o=iv<dINxxzjD}&*UG)r`i-5Y9;&MPhI?Yy?VC7(Z*vMiu367(lTwINx<1V^4
z1K;X@Bt8_3E*K)4HdOic3>2vYz+%INJ3ft!i+4zj6(|hC5#|Z{Mh5=XshbYD01d|Y
z^JsKKHPvzu$wQJ0f15%aRxdYXsRDwM4H?Px#xNy<5yhhxQN<wG<R}~?Q;&jp1qn%j
zc%SK=Zx2eB6{12wPCuO_I;KQY!hGzemyf<W5$<d#*LfH(<rDEi)rOP#_(UC3qAC9e
zLI%LCk`bapP@;NJK2)hVIUkND@t$L?q#h4dd_X~ojO5yZYbgj<AumB1o~mG=$V5hR
zg%lWNk`o}USA_(HCo+;-HyKH#yhAO6k<_;d|DHq<7uUj+OH%}aSf+|jAWtEZ)X3Bb
zDTKUOg<YQ}%|6=Tla?w)4PaE>-pS+~(k7~1jTAK-LO_*JbtzD=<8@%*JwKHq5Xao~
zmE0L=76^l?Nr8f;V7xPdSrEq@m`Wt=#9Kr-R80yc8Zt7q+F~4MLXD%(7^oiTE8kqG
zUXhVphBd&L_vegI^(a)b$jH<%DS~Q6t56VCjY0v7j7+t&0m;}+MJ&{;)Kxi|kf6mN
z-kdlvN4gu4b_G8ba-c3rxKojlsrnyCNmbmh6By7}o>aI_k&#>rM=6Gq)ruN}noHf4
xaJ?cUQxgz|vQ-On@q+UJ;ZV0E+^opRR4+DoIaBOeqG9zs=5r>7IdEXme*sZPA`}1s
delta 3849
zcmb7{c~nz(7RO&!LkI{ah>#G35@a`QVi8cVSQSc9NM%tGEg(w(#RwWTMRBY}nN!2a
z(v6}*v4SWnXl1|^L}*1UAljmU1u0r)N}<CUWq!Z+^2mEh+A=xk<>Zh1dG~(rZ@J%8
z<xqMR9-%=rIvatX_r!bNMSrNi*oXj0iA_zA#U{jMER=-nA+$3ly&J0ey~=id-XaW&
z)PRggP+V$E!e$ITKaI{cMGzJOLH>Vul@1gHkx~&vhzOL%i>=ro3k(HM&26d=Wieje
zUnY{NYMe=;N7{+_f09UP?9Igs!{n<qeAvFu`5@5HqtcM(P110HSuj%#TV*j@Wq;hP
zJt>TTS%O3{szh=+DbZ=VD@BZJ&|FFux+=TUWIMDM(pC3D>JyNiUYcd`%rGiiWBIvY
z6|?nt9CWu_nqG1|e7#0ET=Z-`ODw!@IvndR48D9~d?+4>z6C_Pp~0STAz&zYYHsRf
zQ9NjL9@w!gBpk$lR({7N55)e&LJ$s6AdO8;jE~FM;gTgyL2LR7kl?BLz@vovr|pua
zy)R4AvF}yFqcoI2;oBTl!fU3L;KDWgWR8aOHT#4KhrtgnQkx@y5N9Cd4J=rhv{WC8
zhiwH<O|^9r73^9}JY;s;NgrHcAjm6Y1hGLG3*`?>*+gcysFgutW_bi%wV)x09mr#g
zGWH5}jt#ObeS|_E0s-jPMahP=9x-pPOG95(!0Jt7Th6}dOro8Zl+xO(Iy~NKwkhcI
zJm>z%KG0-pZ`aN_$MRmr_WYYVUO)Iaqv2TX;6t}$3)xfIMDJ4Pq3dmPtd3nT5t|QC
zTaP72jMB61>7RY4*z|s*Vx`-BpLzQZu_rqm3kQD9d0X6P%s!f)yE?=EN!!zNaRw9m
zH}(zk{@Ef}dx>dfFfj0qLH6H`<C%5y^%9S#+gj(Ccm<hOme@)1Od9(4i|!S;Qo9y}
zcDa8W+IX>55>9bpczyccS-*d9xV5?c*~F5tYZ+U!xfL8ysnyzM&TVmwq98WKf6^_Q
zyE}3INak?e#42i7@;!0j(P7G#%qhzr<_{;{b6j26nJ((*-zt@d*Vx;(I(*S?VH+Nm
zlz8T8=PH|I8_D|a&!Z~q16{0tHZ*U`apT&iB)qI$K3-pc>BaqPMGgBiL+8C4E&s%O
zvMNAc7@%~d7>pUVewZsiQg5d?l+%~kl)+x)U&d^$ezPNMd%)|00R9p|?BIp%GV7xA
zo!#s)tLO8WuZx=~m)C8~mxs95-gTFim4s~6n=CpJ#dW9?=KbvzKk50c9eX4f_RX!x
zcN>T|i19NlUtV0CAMH7qog2*9R8i(0_EF`H)n~g-g$^EeO!X<>e0k-Uv%3`ss6YE2
z6f7*;ekv&D<8t@F!RjZY8~qHr`lZ1MeYw?rqesuLJNs$Vh_K6j&p^*m^%{r!p$Q|r
z#uWl~Sa4y}?|RAOXZ(i;?)gLrTS|hPMZUk@>2BRTysv2e>^$EV=IxVd3#Pb1+xT*u
z$RjO*FFJDHVh^u+HkTO^cJDyrY=Pp{Bdf#vBezr(H#4f9L^h|F|8mXDxxLZx_}6($
zb`R@|I;0j!GI`MgPF>i_;9ja%$hFL0q@Q#P;)+{hTe3<Ioc3B`_DcAz&$hjuxz3}p
z-WPw&mp?vPGv2oIuBlUdL`vpQ4YPg|O?)pbu{u~QSoeiw?Nt#+`XH<l`EEtU>+?}b
zNA4f`El%)q<JgauomZSJM;ed&ee=;nr~S(Q>bCsXWhD!@z1hgLjxQDEET7nQ;ro;=
zUp|j~=IkX=bWAefJjISAyds?5?$7$#5Zqsj5X1^SUOc4}pKaulzBL`akKk1SXPuZ+
zZ#aE0A^EKRuHP~`f=~>=;hZK-;bDdhcxu-0*V0MM*}jOTK5$#w0}eaPXg1}DC3<n-
z9Ao|%1#r4=a5Iq0*k6EO8pLr2@0j(W`8zg%d+8LoXGCbIxw6vL5D$m<(jC_{^}Ph8
zg#3dyc@mU01j@2dNx8C&LzEJ|@Djz3LKV`mqBQ3h8=0pvB}T}UKm18FCJfY=DA)M%
z7T_<?b_>K8yrn$nWx@m)=)4NUmQ34}U>GPKnaa)s8296wMg%foW(kcz$J7-ASA?3C
z|GR)F<-^5q5VG6NEc;`c(#V@f=G1!028O8Dmaa_owkB{hR7+zL)#A2Bt=3*hQ>Q1}
z8e;l)n1~XX9729?T(9Q-V3GF6%~>!%?sn9>!xzUjcZWU+XM$0P<EZl?Rj&Kga7k|n
zVj<84u_WOD1xEtzF(4X4wLK7VYZjuYC58fvqe8KMX*(ifzeZ8i6ZT65`r(b%wnjwo
zIw*{6l)x*1NrJg&*z)7xmQp(=fP;Su5TD+m+J1?sy4yhMy37O<4Q?qCscoHzq{tAE
z0#c_zPOM$pK8mP%7fM1?1v{o%B@#>aQ$*Iq7-SVfbM;3o*;f(S6{di7(8XyF3?g^K
z9QFuK4-PgxK-KDAVT!c}2k{Me>{V|th1qqn<N-otlU?xaaGH>L-ABTVbR;UpC?D#|
r(xqH`vJi74t}2!ZM~yCCd&&^`tL`WdMh;##D?q@W1In)TgtO#-V(|cD
diff --git a/pkg/vtiger/modules/ModTracker/modules/ModTracker/models/Relation.php b/pkg/vtiger/modules/ModTracker/modules/ModTracker/models/Relation.php
index 28219de3a..dcf11bba4 100644
--- a/pkg/vtiger/modules/ModTracker/modules/ModTracker/models/Relation.php
+++ b/pkg/vtiger/modules/ModTracker/modules/ModTracker/models/Relation.php
@@ -24,6 +24,9 @@ class ModTracker_Relation_Model extends Vtiger_Record_Model {
$targetId = $this->get('targetid');
$targetModule = $this->get('targetmodule');
+ if(!Users_Privileges_Model::isPermitted($targetModule, 'DetailView', $targetId)) {
+ return false;
+ }
$query = 'SELECT * FROM vtiger_crmentity WHERE crmid = ?';
$params = array($targetId);
$result = $db->pquery($query, $params);
diff --git a/vtigerversion.php b/vtigerversion.php
index 399a93b8b..a6578bc39 100644
--- a/vtigerversion.php
+++ b/vtigerversion.php
@@ -8,9 +8,9 @@
* All Rights Reserved.
************************************************************************************/
-$patch_version = '20191104'; // -ve timestamp before release, +ve timestamp after release.
+$patch_version = '-20191210'; // -ve timestamp before release, +ve timestamp after release.
$modified_database = '';
-$vtiger_current_version = '7.2.0';
+$vtiger_current_version = '7.2.1';
$_SESSION['vtiger_version'] = $vtiger_current_version;
?>
\ No newline at end of file
--
GitLab