Skip to content
Snippets Groups Projects
Commit f41446eb authored by Prasad's avatar Prasad
Browse files

Merge branch '156500377' into 'master' 

V-156500377::Amit::Reports Permission check in selected_fields

See merge request vtiger/vtigercrm!897
parents 3bf0fa61 29c714c9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/Reports/actions/Save.php
+ 17
0
View file @ f41446eb
......@@ -26,6 +26,23 @@ class Reports_Save_Action extends Vtiger_Save_Action {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
$selectedFields = $request->get('selected_fields');
$groupbyfields = $request->get('groupbyfield');
$fieldsData = array($selectedFields, $groupbyfields);
foreach ($fieldsData as $selectedField){
foreach ($selectedField as $field) {
list($tablename, $colname, $module_field, $fieldname, $single) = split(":", $field);
list($module, $fieldName) = split("_", $module_field, 2);
$moduleModel = Vtiger_Module_Model::getInstance($module);
$fieldModel = Vtiger_Field_Model::getInstance($fieldname, $moduleModel);
if (($fieldModel->table !== $tablename) || ($fieldModel->column !== $colname)) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
}
return true;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.