From 7e73fcd70fc8ee333ec27103c1f9d5ffbf6aa6fc Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Mon, 29 Jul 2019 12:04:06 +0530
Subject: [PATCH] Refinement on action controller checkpermission api

---
 includes/runtime/Controller.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/includes/runtime/Controller.php b/includes/runtime/Controller.php
index bcbd0c159..fdaa4be3c 100644
--- a/includes/runtime/Controller.php
+++ b/includes/runtime/Controller.php
@@ -115,7 +115,17 @@ abstract class Vtiger_Action_Controller extends Vtiger_Controller {
 	function checkPermission(Vtiger_Request $request) {
 		$permissions = $this->requiresPermission($request);
 		foreach($permissions as $permission) {
-			if(!Users_Privileges_Model::isPermitted($request->get($permission['module_parameter']), $permission['action'], $request->get($permission['record_parameter']))) {
+			if(array_key_exists('module_parameter', $permission)){
+				$moduleParameter = $request->get($permission['module_parameter']);
+			}else{
+				$moduleParameter = 'module';
+			}
+			if(array_key_exists('record_parameter', $permission)){
+				$recordParameter = $request->get($permission['record_parameter']);
+			}else{
+				$recordParameter = '';
+			}
+			if(!Users_Privileges_Model::isPermitted($moduleParameter, $permission['action'], $recordParameter)) {
 				throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
 			}
 		}
-- 
GitLab