Merge branch 'Admin_status_removal' into 'master'

Fixes #1447 Users admin status update on field ajax edit

See merge request !714

modules/Users/actions/SaveAjax.php

@@ -87,53 +87,82 @@ class Users_SaveAjax_Action extends Vtiger_SaveAjax_Action {
 	 * @return Vtiger_Record_Model or Module specific Record Model instance
 	 */
 	public function getRecordModelFromRequest(Vtiger_Request $request) {
-		$recordModel = parent::getRecordModelFromRequest($request);
+		$moduleName = $request->getModule();
+		$recordId = $request->get('record');
 		$currentUserModel = Users_Record_Model::getCurrentUserModel();
-                
-                $fieldModelList = $recordModel->getModule()->getFields();
-                $validationFields = array('is_admin', 'is_owner', 'roleid', 'signature');
-                foreach ($fieldModelList as $fieldName => $fieldModel) {
-                    if(in_array($fieldName, $validationFields)){
-                        if ($request->has($fieldName)) {
-                            $fieldValue = $request->get($fieldName, null);
-                        } else {
-                            $fieldValue = $fieldModel->getDefaultFieldValue();
-                         }
-                        if($fieldValue){
-                            $fieldValue = Vtiger_Util_Helper::validateFieldValue($fieldValue,$fieldModel);
-                        }
-                        if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$fieldValue)) {
-                            $fieldValue = 'off';
-                        }
-                        //to not update is_owner from ui
-                        if ($fieldName == 'is_owner' || $fieldName == 'roleid') {
-                            $fieldValue = $this->getOwnerRoleValue($request, $fieldName);
-                        }
-                        if ($fieldName == 'signature' && $fieldValue !== null) {
-                            $purifiedContent = vtlib_purify(decode_html($fieldValue));
-                            // Purify malicious html event attributes
-                            $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent), true);
-                        }
-                        if ($fieldValue !== null) {
-                            if (!is_array($fieldValue)) {
-                                $fieldValue = trim($fieldValue);
-                            }
-                            $recordModel->set($fieldName, $fieldValue);
-                        }
-                    }
-                }
-                $fieldName = $request->get('field');
-		if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$request->get('value'))) {
-			$recordModel->set($fieldName, 'off');
-		} else if($fieldName === 'is_admin' && $currentUserModel->isAdminUser()) {
-			$requestValue = $request->get('value');
-			$value = $requestValue==1?"on":"off";
-			$recordModel->set($fieldName,$value);
+
+		if(!empty($recordId)) {
+			$recordModel = Vtiger_Record_Model::getInstanceById($recordId, $moduleName);
+			$modelData = $recordModel->getData();
+			$recordModel->set('id', $recordId);
+			$sharedType = $request->get('sharedtype');
+			if(!empty($sharedType))
+				$recordModel->set('calendarsharedtype', $request->get('sharedtype'));
+			$recordModel->set('mode', 'edit');
+			
+		} else {
+			$recordModel = Vtiger_Record_Model::getCleanInstance($moduleName);
+			$modelData = $recordModel->getData();
+			$recordModel->set('mode', '');
 		}
+
+		foreach ($modelData as $fieldName => $value) {
+			$requestFieldExists = false;
+			 if($request->has($fieldName)){
+				$fieldValue = $request->get($fieldName,null);
+				$requestFieldExists = true;
+			}else if($fieldName === $request->get('field')){
+				$fieldValue = $request->get('value');
+				$requestFieldExists = true;
+			}
 			
-		if($fieldName == "is_owner" || $fieldName == "roleid") {
-			$fieldValue = $this->getOwnerRoleValue($request, $fieldName);
-                        $recordModel->set($fieldName,$fieldValue);
+			if(!$requestFieldExists){
+				continue;
+			}
+			
+			if ($fieldName === 'is_admin' && (!$currentUserModel->isAdminUser() || !$fieldValue)) {
+				$fieldValue = 'off';
+			}else if($fieldName === 'is_admin' && $currentUserModel->isAdminUser()) {
+				$fieldValue = $fieldValue==1?"on":"off";
+			}
+
+			//to not update is_owner from ui
+			 if ($fieldName == 'is_owner' || (in_array($fieldName, array('user_type', 'roleid')) && !$currentUserModel->isAdminUser())) {
+				$fieldValue = null;
+			}
+			if($fieldName == 'signature'){
+				$requestData = $request->getAll();
+				$instyle = new InStyle();
+				$signature = $instyle->convertStylesToInlineCss($requestData['signature']);
+				//#4823970 - Added to remove any action tags like <form>, <input>, <button>..
+				$fieldValue = vtlib_purify($signature);
+				// Purify malicious html event attributes
+	                        $fieldValue = purifyHtmlEventAttributes($fieldValue, true);
+			}
+			if($fieldValue !== null) {
+				if(!is_array($fieldValue)) {
+					$fieldValue = trim($fieldValue);
+				}
+				$recordModel->set($fieldName, $fieldValue);
+			}
+		}
+                $homePageComponents = $recordModel->getHomePageComponents();
+		$selectedHomePageComponents = $request->get('homepage_components', array());
+		foreach ($homePageComponents as $key => $value) {
+			if(in_array($key, $selectedHomePageComponents)) {
+				$request->setGlobal($key, $key);
+			} else {
+				$request->setGlobal($key, '');
+			}
+		}
+		if($request->has('tagcloudview')) {
+			// Tag cloud save
+			$tagCloud = $request->get('tagcloudview');
+			if($tagCloud == "on") {
+				$recordModel->set('tagcloud', 0);
+			} else {
+				$recordModel->set('tagcloud', 1);
+			}
 		}
 		return $recordModel;
 	}