From 7040932ce916f310b3acf10565dcb05ced7798b6 Mon Sep 17 00:00:00 2001
From: root <you@example.com>
Date: Tue, 30 Apr 2024 11:30:41 +0530
Subject: [PATCH] Fixes : Broken access control in migration module issue is
 fixed

---
 modules/Migration/actions/Extract.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/Migration/actions/Extract.php b/modules/Migration/actions/Extract.php
index b9c0bf0fd..a51285084 100644
--- a/modules/Migration/actions/Extract.php
+++ b/modules/Migration/actions/Extract.php
@@ -23,8 +23,8 @@ class Migration_Extract_Action extends Vtiger_Action_Controller {
 		$user->column_fields['user_name'] = $userName;
 		$userid = $user->retrieve_user_id($userName);
 		$userRecordModel = Users_Privileges_Model::getInstanceById($userid, 'Users');
-		if ($user->doLogin($password)) {
-			if($userRecordModel->isAdminUser()) {
+		if($userRecordModel->isAdminUser()) {
+			if ($user->doLogin($password)) {
 				$zip = new ZipArchive();
 				$fileName = 'vtiger8.zip';
 				if ($zip->open($fileName)) {
@@ -47,11 +47,11 @@ class Migration_Extract_Action extends Vtiger_Action_Controller {
 					header('Location: migrate/index.php?error='.$errorMessage);
 				}
 			} else {
-				$errorMessage = 'PERMISSION DENIED! ONLY ADMIN USERS CAN ACCESS';
+				$errorMessage = 'INVALID CREDENTIALS';
 				header('Location: migrate/index.php?error='.$errorMessage);
 			}
 		} else {
-			$errorMessage = 'INVALID CREDENTIALS';
+			$errorMessage = 'PERMISSION DENIED! ONLY ADMIN USERS CAN ACCESS';
 			header('Location: migrate/index.php?error='.$errorMessage);
 		}
 	}
-- 
GitLab