From 60c0c7959ffa8193dbfbc9ad15941f6d1d1dd14b Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Fri, 9 Aug 2019 18:18:26 +0530
Subject: [PATCH] Checkpermission addressed on Leads and Vtiger actions

---
 modules/Vtiger/actions/Delete.php     | 11 +++++++----
 modules/Vtiger/actions/MassDelete.php | 14 +++++---------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/modules/Vtiger/actions/Delete.php b/modules/Vtiger/actions/Delete.php
index b98271563..783d004f4 100644
--- a/modules/Vtiger/actions/Delete.php
+++ b/modules/Vtiger/actions/Delete.php
@@ -10,14 +10,17 @@
 
 class Vtiger_Delete_Action extends Vtiger_Action_Controller {
 
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'Delete', 'record_parameter' => 'record');
+		return $permissions;
+	}
+	
 	function checkPermission(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$record = $request->get('record');
 
-		$currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPrivilegesModel->isPermitted($moduleName, 'Delete', $record)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+		parent::checkPermission($request);
 
 		if ($record) {
 			$recordEntityName = getSalesEntityType($record);
diff --git a/modules/Vtiger/actions/MassDelete.php b/modules/Vtiger/actions/MassDelete.php
index 40a8788b4..b67c22017 100644
--- a/modules/Vtiger/actions/MassDelete.php
+++ b/modules/Vtiger/actions/MassDelete.php
@@ -10,16 +10,12 @@
 
 class Vtiger_MassDelete_Action extends Vtiger_Mass_Action {
 
-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Delete')) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'Delete');
+		return $permissions;
 	}
-
+	
 	function preProcess(Vtiger_Request $request) {
 		return true;
 	}
-- 
GitLab