diff --git a/modules/Calendar/actions/ActivityReminder.php b/modules/Calendar/actions/ActivityReminder.php
index 073aaa0efca070ee7379811c7a0a86f0c8fa64cd..3d51ed4dceaaae4f77892aa85edb56e8917c4be4 100644
--- a/modules/Calendar/actions/ActivityReminder.php
+++ b/modules/Calendar/actions/ActivityReminder.php
@@ -34,10 +34,6 @@ class Calendar_ActivityReminder_Action extends Vtiger_Action_Controller{
}
return $permissions;
}
-
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
diff --git a/modules/Calendar/actions/CalendarActions.php b/modules/Calendar/actions/CalendarActions.php
index 71a0bc953bffd57ece3e90277894801bb6819bfb..243759ce5c5a187dac56515483936ca4199bd4e0 100644
--- a/modules/Calendar/actions/CalendarActions.php
+++ b/modules/Calendar/actions/CalendarActions.php
@@ -28,11 +28,7 @@ class Calendar_CalendarActions_Action extends Vtiger_BasicAjax_Action {
}
return $permissions;
}
-
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
-
+
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if (!empty($mode) && $this->isMethodExposed($mode)) {
diff --git a/modules/Calendar/actions/CalendarUserActions.php b/modules/Calendar/actions/CalendarUserActions.php
index 274692da74d227f2ec65124fc383f9475e62b921..b4b377bc8a3b9f7f04d037a99c789a8fe05cd4c2 100755
--- a/modules/Calendar/actions/CalendarUserActions.php
+++ b/modules/Calendar/actions/CalendarUserActions.php
@@ -20,32 +20,10 @@ class Calendar_CalendarUserActions_Action extends Vtiger_Action_Controller{
public function requiresPermission(Vtiger_Request $request){
$permissions = parent::requiresPermission($request);
- $mode = $request->getMode();
- if(!empty($mode)) {
- switch ($mode) {
- case 'deleteUserCalendar':
- $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
- break;
- case 'deleteCalendarView':
- $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
- $permissions[] = array('module_parameter' => 'module', 'action' => 'Delete');
- break;
- case 'addUserCalendar':
- case 'addCalendarView':
- $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
- $permissions[] = array('module_parameter' => 'module', 'action' => 'CreateView');
- break;
- default:
- break;
- }
- }
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
return $permissions;
}
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
-
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if(!empty($mode) && $this->isMethodExposed($mode)) {
diff --git a/modules/Calendar/actions/SaveFollowupAjax.php b/modules/Calendar/actions/SaveFollowupAjax.php
index 59d321a794824bc05a5cba30c96e8f45fd231607..3e50747462c13c94e05ee7631519d40f5cba55c7 100755
--- a/modules/Calendar/actions/SaveFollowupAjax.php
+++ b/modules/Calendar/actions/SaveFollowupAjax.php
@@ -9,19 +9,12 @@
*************************************************************************************/
class Calendar_SaveFollowupAjax_Action extends Calendar_SaveAjax_Action {
-
+
public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$record = $request->get('record');
- $actionName = ($record && $request->getMode() != 'createFollowupEvent') ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
- if(!Users_Privileges_Model::isPermitted($moduleName, 'Save', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ parent::checkPermission($request);
if ($record) {
$activityModulesList = array('Calendar', 'Events');
diff --git a/modules/CustomView/actions/Save.php b/modules/CustomView/actions/Save.php
index a28abced87c34c7cdc2228a7ba21d9051a658f99..6900d392f7f100c9aa9f3d40b5f5c5f7da12d17a 100644
--- a/modules/CustomView/actions/Save.php
+++ b/modules/CustomView/actions/Save.php
@@ -14,10 +14,6 @@ class CustomView_Save_Action extends Vtiger_Action_Controller {
$permissions[] = array('module_parameter' => 'source_module', 'action' => 'DetailView');
return $permissions;
}
-
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
public function process(Vtiger_Request $request) {
$sourceModuleName = $request->get('source_module');
diff --git a/modules/CustomView/models/Record.php b/modules/CustomView/models/Record.php
index c2964abdd6c923dd46704d802394c9850d4a86e6..2c2cf5b13acc608ccce9025a8e26763337a0b504 100644
--- a/modules/CustomView/models/Record.php
+++ b/modules/CustomView/models/Record.php
@@ -747,7 +747,7 @@ class CustomView_Record_Model extends Vtiger_Base_Model {
}
public function getToggleDefaultUrl() {
- return 'index.php?module=CustomView&action=SaveAjax&record='.$this->getId();
+ return 'index.php?module=CustomView&source_module='.$this->getModule()->get('name').'&action=SaveAjax&record='.$this->getId();
}
/**
diff --git a/modules/CustomView/views/EditAjax.php b/modules/CustomView/views/EditAjax.php
index 0fb95813e114ff59414416936c227dba16b881cc..aac78c7be35d39719009444d3d0c14305248d466 100644
--- a/modules/CustomView/views/EditAjax.php
+++ b/modules/CustomView/views/EditAjax.php
@@ -15,9 +15,6 @@ Class CustomView_EditAjax_View extends Vtiger_IndexAjax_View {
$permissions[] = array('module_parameter' => 'source_module', 'action' => 'DetailView');
return $permissions;
}
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
public function process(Vtiger_Request $request) {
$viewer = $this->getViewer ($request);
diff --git a/modules/Vtiger/actions/BasicAjax.php b/modules/Vtiger/actions/BasicAjax.php
index cdb63b727b605ac0558156fc2cbf44065028a057..7abf09a1455eb2b5fca0744f4dffbf10f29b3aee 100644
--- a/modules/Vtiger/actions/BasicAjax.php
+++ b/modules/Vtiger/actions/BasicAjax.php
@@ -10,39 +10,42 @@
class Vtiger_BasicAjax_Action extends Vtiger_Action_Controller {
- public function requiresPermission(\Vtiger_Request $request) {
- $permissions = parent::requiresPermission($request);
- $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
- $permissions[] = array('module_parameter' => 'search_module', 'action' => 'DetailView');
- if(!empty($request->get('parent_module'))){
- $permissions[] = array('module_parameter' => 'parent_module', 'action' => 'DetailView');
- }
- return $permissions;
- }
-
- public function process(Vtiger_Request $request) {
- $searchValue = $request->get('search_value');
- $searchModule = $request->get('search_module');
-
- $parentRecordId = $request->get('parent_id');
- $parentModuleName = $request->get('parent_module');
- $relatedModule = $request->get('module');
-
- $searchModuleModel = Vtiger_Module_Model::getInstance($searchModule);
- $records = $searchModuleModel->searchRecord($searchValue, $parentRecordId, $parentModuleName, $relatedModule);
-
- $baseRecordId = $request->get('base_record');
- $result = array();
- foreach($records as $moduleName=>$recordModels) {
- foreach($recordModels as $recordModel) {
- if ($recordModel->getId() != $baseRecordId) {
- $result[] = array('label'=>decode_html($recordModel->getName()), 'value'=>decode_html($recordModel->getName()), 'id'=>$recordModel->getId());
- }
- }
- }
-
- $response = new Vtiger_Response();
- $response->setResult($result);
- $response->emit();
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ if (!empty($request->get('search_module'))) {
+ $permissions[] = array('module_parameter' => 'search_module', 'action' => 'DetailView');
+ }
+ if (!empty($request->get('parent_module'))) {
+ $permissions[] = array('module_parameter' => 'parent_module', 'action' => 'DetailView');
+ }
+ return $permissions;
+ }
+
+ public function process(Vtiger_Request $request) {
+ $searchValue = $request->get('search_value');
+ $searchModule = $request->get('search_module');
+
+ $parentRecordId = $request->get('parent_id');
+ $parentModuleName = $request->get('parent_module');
+ $relatedModule = $request->get('module');
+
+ $searchModuleModel = Vtiger_Module_Model::getInstance($searchModule);
+ $records = $searchModuleModel->searchRecord($searchValue, $parentRecordId, $parentModuleName, $relatedModule);
+
+ $baseRecordId = $request->get('base_record');
+ $result = array();
+ foreach ($records as $moduleName => $recordModels) {
+ foreach ($recordModels as $recordModel) {
+ if ($recordModel->getId() != $baseRecordId) {
+ $result[] = array('label' => decode_html($recordModel->getName()), 'value' => decode_html($recordModel->getName()), 'id' => $recordModel->getId());
+ }
+ }
+ }
+
+ $response = new Vtiger_Response();
+ $response->setResult($result);
+ $response->emit();
+ }
+
}
diff --git a/modules/Vtiger/actions/ExportData.php b/modules/Vtiger/actions/ExportData.php
index 8bbea58fe471c0c00d8392f996b7956ad624cc40..2a8b3d6510a2f068e2ed2f64f977939ac4dc9cfd 100644
--- a/modules/Vtiger/actions/ExportData.php
+++ b/modules/Vtiger/actions/ExportData.php
@@ -14,7 +14,9 @@ class Vtiger_ExportData_Action extends Vtiger_Mass_Action {
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
$permissions[] = array('module_parameter' => 'module', 'action' => 'Export');
- $permissions[] = array('module_parameter' => 'source_module', 'action' => 'Export');
+ if (!empty($request->get('source_module'))) {
+ $permissions[] = array('module_parameter' => 'source_module', 'action' => 'Export');
+ }
return $permissions;
}
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index 36cf4c2fd320fdd851631b9deae67fc049cca0cd..e848585c3e135725c7fd9609ce75aea53cdc943a 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -27,6 +27,7 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
$recordParameter = 'record';
}
$actionName = ($record || $recordId) ? 'EditView' : 'CreateView';
+ $permissions[] = array('module_parameter' => $moduleParameter, 'action' => 'DetailView', 'record_parameter' => $recordParameter);
$permissions[] = array('module_parameter' => $moduleParameter, 'action' => $actionName, 'record_parameter' => $recordParameter);
return $permissions;
}
diff --git a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
index 3d5a429a48b04e7e79baab2670655f988a561849..f6d9f63a4b16854506820ae68a31f7143d6f4a1f 100644
--- a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
+++ b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
@@ -19,7 +19,7 @@ class RecycleBin_RecycleBinAjax_Action extends Vtiger_Mass_Action {
function checkPermission(Vtiger_Request $request) {
if($request->get('mode') == 'emptyRecycleBin') {
- //Only admin user can empty the recycle bin, so this check is mabdatory
+ //Only admin user can empty the recycle bin, so this check is mandatory
$currentUserModel = Users_Record_Model::getCurrentUserModel();
if(!$currentUserModel->isAdminUser()) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED', 'Vtiger'));