From 8b1a4bcc06393ea1c15f9c0ebe8aaaa18a014107 Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Wed, 14 Aug 2019 18:33:32 +0530
Subject: [PATCH] Check permission addressed on Vtiger view files
---
modules/Vtiger/views/BasicAjax.php | 7 ++++-
modules/Vtiger/views/DashBoard.php | 30 +++++++++++--------
.../Vtiger/views/EmailsRelatedModulePopup.php | 8 +++++
modules/Vtiger/views/Export.php | 13 ++++----
modules/Vtiger/views/Extension.php | 17 ++++++-----
modules/Vtiger/views/Import.php | 13 ++++----
modules/Vtiger/views/MiniListWizard.php | 12 ++++++++
7 files changed, 62 insertions(+), 38 deletions(-)
diff --git a/modules/Vtiger/views/BasicAjax.php b/modules/Vtiger/views/BasicAjax.php
index 95e8a1ff7..daaf1bafe 100644
--- a/modules/Vtiger/views/BasicAjax.php
+++ b/modules/Vtiger/views/BasicAjax.php
@@ -16,7 +16,12 @@ class Vtiger_BasicAjax_View extends Vtiger_Basic_View {
$this->exposeMethod('showSearchResults');
}
- function checkPermission() { }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+
+ return $permissions;
+ }
function preProcess(Vtiger_Request $request) {
return true;
diff --git a/modules/Vtiger/views/DashBoard.php b/modules/Vtiger/views/DashBoard.php
index 2f9b634fc..f58497599 100644
--- a/modules/Vtiger/views/DashBoard.php
+++ b/modules/Vtiger/views/DashBoard.php
@@ -14,8 +14,12 @@ class Vtiger_Dashboard_View extends Vtiger_Index_View {
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
- $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
- $request->set('custom_module', 'Dashboard');
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
return $permissions;
}
@@ -30,17 +34,17 @@ class Vtiger_Dashboard_View extends Vtiger_Index_View {
$userPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
$permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId());
if($permission) {
- // TODO : Need to optimize the widget which are retrieving twice
- $dashboardTabs = $dashBoardModel->getActiveTabs();
- if ($request->get("tabid")) {
- $tabid = $request->get("tabid");
- } else {
- // If no tab, then select first tab of the user
- $tabid = $dashboardTabs[0]["id"];
- }
- $dashBoardModel->set("tabid", $tabid);
- $widgets = $dashBoardModel->getSelectableDashboard();
- self::$selectable_dashboards = $widgets;
+ // TODO : Need to optimize the widget which are retrieving twice
+ $dashboardTabs = $dashBoardModel->getActiveTabs();
+ if ($request->get("tabid")) {
+ $tabid = $request->get("tabid");
+ } else {
+ // If no tab, then select first tab of the user
+ $tabid = $dashboardTabs[0]["id"];
+ }
+ $dashBoardModel->set("tabid", $tabid);
+ $widgets = $dashBoardModel->getSelectableDashboard();
+ self::$selectable_dashboards = $widgets;
} else {
$widgets = array();
}
diff --git a/modules/Vtiger/views/EmailsRelatedModulePopup.php b/modules/Vtiger/views/EmailsRelatedModulePopup.php
index 0636f752f..6665ae41d 100644
--- a/modules/Vtiger/views/EmailsRelatedModulePopup.php
+++ b/modules/Vtiger/views/EmailsRelatedModulePopup.php
@@ -10,6 +10,14 @@
class Vtiger_EmailsRelatedModulePopup_View extends Vtiger_Popup_View {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ $permissions[] = array('module_parameter' => 'src_module', 'action' => 'DetailView');
+
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
if($moduleName == 'Users') {
diff --git a/modules/Vtiger/views/Export.php b/modules/Vtiger/views/Export.php
index ee38c3f77..78d078f6f 100644
--- a/modules/Vtiger/views/Export.php
+++ b/modules/Vtiger/views/Export.php
@@ -10,14 +10,11 @@
class Vtiger_Export_View extends Vtiger_Index_View {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Export')) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'Export');
+
+ return $permissions;
}
function process(Vtiger_Request $request) {
diff --git a/modules/Vtiger/views/Extension.php b/modules/Vtiger/views/Extension.php
index 97156b65a..2fb2555fd 100644
--- a/modules/Vtiger/views/Extension.php
+++ b/modules/Vtiger/views/Extension.php
@@ -10,20 +10,21 @@
class Vtiger_Extension_View extends Vtiger_List_View {
- public function checkPermission(Vtiger_Request $request) {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'extensionModule', 'action' => 'DetailView');
+
+ return $permissions;
+ }
+
+ public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->get('extensionModule');
+ parent::checkPermission($request);
$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
if (empty($moduleModel)) {
throw new AppException(vtranslate('LBL_HANDLER_NOT_FOUND'));
}
-
- $userPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- $permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId());
- if (!$permission) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
-
return true;
}
diff --git a/modules/Vtiger/views/Import.php b/modules/Vtiger/views/Import.php
index 75ec101c4..076a7109b 100644
--- a/modules/Vtiger/views/Import.php
+++ b/modules/Vtiger/views/Import.php
@@ -26,14 +26,11 @@ class Vtiger_Import_View extends Vtiger_Index_View {
$this->exposeMethod('updateSavedMapping');
}
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Import')) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'Import');
+ return $permissions;
}
function process(Vtiger_Request $request) {
diff --git a/modules/Vtiger/views/MiniListWizard.php b/modules/Vtiger/views/MiniListWizard.php
index 1d73b07e5..b27dc270f 100644
--- a/modules/Vtiger/views/MiniListWizard.php
+++ b/modules/Vtiger/views/MiniListWizard.php
@@ -10,6 +10,18 @@
class Vtiger_MiniListWizard_View extends Vtiger_Index_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
function process (Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
$viewer = $this->getViewer($request);
--
GitLab