diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 274343ff1191e312224488bf029b1d376522ded1..90a5e8cd40ac597ca1f13ebb6d9ea3ec1167eca4 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -145,46 +145,52 @@ function vtlib_moduleAlwaysActive() {
* Toggle the module (enable/disable)
*/
function vtlib_toggleModuleAccess($modules, $enable_disable) {
- global $adb, $__cache_module_activeinfo;
-
+ global $adb, $__cache_module_activeinfo, $current_user;
+
include_once('vtlib/Vtiger/Module.php');
+
+ // Checks if the user is admin or not
+ $isAdmin = is_admin($current_user);
+ if($isAdmin == true) {
+ if(is_string($modules)) $modules = array($modules);
+ $event_type = false;
+
+ if($enable_disable === true) {
+ $enable_disable = 0;
+ $event_type = Vtiger_Module::EVENT_MODULE_ENABLED;
+ } else if($enable_disable === false) {
+ $enable_disable = 1;
+ $event_type = Vtiger_Module::EVENT_MODULE_DISABLED;
+ //Update default landing page to dashboard if module is disabled.
+ $adb->pquery('UPDATE vtiger_users SET defaultlandingpage = ? WHERE defaultlandingpage IN(' . generateQuestionMarks($modules) . ')', array_merge(array('Home'), $modules));
+ }
+
+ $checkResult = $adb->pquery('SELECT name FROM vtiger_tab WHERE name IN ('. generateQuestionMarks($modules) .')', array($modules));
+ $rows = $adb->num_rows($checkResult);
+ for($i=0; $i<$rows; $i++) {
+ $existingModules[] = $adb->query_result($checkResult, $i, 'name');
+ }
- if(is_string($modules)) $modules = array($modules);
- $event_type = false;
-
- if($enable_disable === true) {
- $enable_disable = 0;
- $event_type = Vtiger_Module::EVENT_MODULE_ENABLED;
- } else if($enable_disable === false) {
- $enable_disable = 1;
- $event_type = Vtiger_Module::EVENT_MODULE_DISABLED;
- //Update default landing page to dashboard if module is disabled.
- $adb->pquery('UPDATE vtiger_users SET defaultlandingpage = ? WHERE defaultlandingpage IN(' . generateQuestionMarks($modules) . ')', array_merge(array('Home'), $modules));
- }
-
- $checkResult = $adb->pquery('SELECT name FROM vtiger_tab WHERE name IN ('. generateQuestionMarks($modules) .')', array($modules));
- $rows = $adb->num_rows($checkResult);
- for($i=0; $i<$rows; $i++) {
- $existingModules[] = $adb->query_result($checkResult, $i, 'name');
- }
-
- foreach($modules as $module) {
- if (in_array($module, $existingModules)) { // check if module exists then only update and trigger events
- $adb->pquery("UPDATE vtiger_tab set presence = ? WHERE name = ?", array($enable_disable, $module));
- $__cache_module_activeinfo[$module] = $enable_disable;
- Vtiger_Module::fireEvent($module, $event_type);
- Vtiger_Cache::flushModuleCache($module);
+ foreach($modules as $module) {
+ if (in_array($module, $existingModules)) { // check if module exists then only update and trigger events
+ $adb->pquery("UPDATE vtiger_tab set presence = ? WHERE name = ?", array($enable_disable, $module));
+ $__cache_module_activeinfo[$module] = $enable_disable;
+ Vtiger_Module::fireEvent($module, $event_type);
+ Vtiger_Cache::flushModuleCache($module);
+ }
}
- }
- create_tab_data_file();
- create_parenttab_data_file();
+ create_tab_data_file();
+ create_parenttab_data_file();
- // UserPrivilege file needs to be regenerated if module state is changed from
- // vtiger 5.1.0 onwards
- global $vtiger_current_version;
- if(version_compare($vtiger_current_version, '5.0.4', '>')) {
- vtlib_RecreateUserPrivilegeFiles();
+ // UserPrivilege file needs to be regenerated if module state is changed from
+ // vtiger 5.1.0 onwards
+ global $vtiger_current_version;
+ if(version_compare($vtiger_current_version, '5.0.4', '>')) {
+ vtlib_RecreateUserPrivilegeFiles();
+ }
+ } else {
+ throw new Exception ("Permission denied, only admin users can toggle module access");
}
}