diff --git a/modules/Products/actions/Mass.php b/modules/Products/actions/Mass.php
index a719c049878638d944e3c3dcadef79bc9ce11989..39e3286c95e8c2b65bdde6a087979053475f53d1 100644
--- a/modules/Products/actions/Mass.php
+++ b/modules/Products/actions/Mass.php
@@ -15,12 +15,6 @@ class Products_Mass_Action extends Vtiger_Mass_Action {
$this->exposeMethod('isChildProduct');
}
- public function requiresPermission(\Vtiger_Request $request) {
- $permissions = parent::requiresPermission($request);
- $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
- return $permissions;
- }
-
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if(!empty($mode)) {
diff --git a/modules/Vtiger/actions/DashBoardTab.php b/modules/Vtiger/actions/DashBoardTab.php
index 6582ce89ddeddd09d282ddadd8e4944cc9d70f72..a67ed527c6e9b71e708cceba1c27bda80912bee4 100644
--- a/modules/Vtiger/actions/DashBoardTab.php
+++ b/modules/Vtiger/actions/DashBoardTab.php
@@ -17,6 +17,18 @@ class Vtiger_DashBoardTab_Action extends Vtiger_Action_Controller {
$this->exposeMethod('updateTabSequence');
}
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$mode = $request->get('mode');
if ($mode) {
diff --git a/modules/Vtiger/actions/DownloadAttachment.php b/modules/Vtiger/actions/DownloadAttachment.php
index f06b6adafa30cfef7335b0780af0e8e97c40f63b..4ccf556b613550cd173f793558a38236e83904bf 100644
--- a/modules/Vtiger/actions/DownloadAttachment.php
+++ b/modules/Vtiger/actions/DownloadAttachment.php
@@ -10,12 +10,11 @@
class Vtiger_DownloadAttachment_Action extends Vtiger_Action_Controller {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
-
- if (!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $request->get('record'))) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+
+ return $permissions;
}
public function process(Vtiger_Request $request) {
diff --git a/modules/Vtiger/actions/ExportData.php b/modules/Vtiger/actions/ExportData.php
index 721ef835a0dfc0faccb70136206b72317b7cfdf8..8bbea58fe471c0c00d8392f996b7956ad624cc40 100644
--- a/modules/Vtiger/actions/ExportData.php
+++ b/modules/Vtiger/actions/ExportData.php
@@ -17,10 +17,6 @@ class Vtiger_ExportData_Action extends Vtiger_Mass_Action {
$permissions[] = array('module_parameter' => 'source_module', 'action' => 'Export');
return $permissions;
}
-
- function checkPermission(Vtiger_Request $request) {
- parent::checkPermission($request);
- }
/**
* Function is called by the controller
diff --git a/modules/Vtiger/actions/GetData.php b/modules/Vtiger/actions/GetData.php
index 482f2c8e97c1c58270299139112add40aafb7fcf..ed0274fd76b6226224e1237d419f0dff89c7647c 100644
--- a/modules/Vtiger/actions/GetData.php
+++ b/modules/Vtiger/actions/GetData.php
@@ -10,19 +10,21 @@
class Vtiger_GetData_Action extends Vtiger_IndexAjax_View {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'source_module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$record = $request->get('record');
$sourceModule = $request->get('source_module');
$response = new Vtiger_Response();
- $permitted = Users_Privileges_Model::isPermitted($sourceModule, 'DetailView', $record);
- if($permitted) {
- $recordModel = Vtiger_Record_Model::getInstanceById($record, $sourceModule);
- $data = $recordModel->getData();
- $response->setResult(array('success'=>true, 'data'=>array_map('decode_html',$data)));
- } else {
- $response->setResult(array('success'=>false, 'message'=>vtranslate('LBL_PERMISSION_DENIED')));
- }
+ $recordModel = Vtiger_Record_Model::getInstanceById($record, $sourceModule);
+ $data = $recordModel->getData();
+ $response->setResult(array('success'=>true, 'data'=>array_map('decode_html',$data)));
+
$response->emit();
}
}
diff --git a/modules/Vtiger/actions/Mass.php b/modules/Vtiger/actions/Mass.php
index 83a2e79a8d8993ef3dfa3611b1e3d8738c86435d..f077bcb7b486086a62b8830edd5b875b1eef4eca 100644
--- a/modules/Vtiger/actions/Mass.php
+++ b/modules/Vtiger/actions/Mass.php
@@ -10,6 +10,12 @@
abstract class Vtiger_Mass_Action extends Vtiger_Action_Controller {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ return $permissions;
+ }
+
protected function getRecordsListFromRequest(Vtiger_Request $request) {
$cvId = $request->get('viewname');
$module = $request->get('module');
diff --git a/modules/Vtiger/actions/MentionedUsers.php b/modules/Vtiger/actions/MentionedUsers.php
index 0b27e62863277a224664b5708507ec9a0abe81d8..ae906ccdc52fac558b81b3e43796919eb03d28df 100644
--- a/modules/Vtiger/actions/MentionedUsers.php
+++ b/modules/Vtiger/actions/MentionedUsers.php
@@ -10,14 +10,16 @@
class Vtiger_MentionedUsers_Action extends Vtiger_Action_Controller {
- function checkPermission(Vtiger_Request $request) {
- return true;
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ $request->set('custom_module', 'ModComments');
+
+ return $permissions;
}
-
+
public function process(Vtiger_Request $request) {
- $mentionRule = Settings_Notifications_Task_Model::getInstance('Mention');
- $message = $request->get('message');
- $mentionedUsers = $mentionRule->getMentionedNames($message);
$commentId = $request->get('crmid');
$commentRecord = Vtiger_Record_Model::getInstanceById($commentId, Vtiger_Module_Model::getInstance('ModComments'));
$commentOwnerId = $commentRecord->get('creator');
diff --git a/modules/Vtiger/actions/NoteBook.php b/modules/Vtiger/actions/NoteBook.php
index 88e87b4783deff7121828b61db6a48888d2de6ea..a553aee9be3623534b674bee5dadd81a7c8b9f84 100644
--- a/modules/Vtiger/actions/NoteBook.php
+++ b/modules/Vtiger/actions/NoteBook.php
@@ -14,6 +14,18 @@ class Vtiger_NoteBook_Action extends Vtiger_Action_Controller {
$this->exposeMethod('NoteBookCreate');
}
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
function process(Vtiger_Request $request) {
$mode = $request->getMode();
diff --git a/modules/Vtiger/actions/ProcessDuplicates.php b/modules/Vtiger/actions/ProcessDuplicates.php
index 74e98275d20d547e197bf6ea2d134e9861026038..95e613f2583586cc50719f50304dfb33489e94ae 100644
--- a/modules/Vtiger/actions/ProcessDuplicates.php
+++ b/modules/Vtiger/actions/ProcessDuplicates.php
@@ -10,7 +10,16 @@
class Vtiger_ProcessDuplicates_Action extends Vtiger_Action_Controller {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
+ parent::checkPermission($request);
$module = $request->getModule();
$records = $request->get('records');
if($records) {
@@ -21,6 +30,7 @@ class Vtiger_ProcessDuplicates_Action extends Vtiger_Action_Controller {
}
}
}
+ return true;
}
function process (Vtiger_Request $request) {
diff --git a/modules/Vtiger/actions/RecipientPreferencesSaveAjax.php b/modules/Vtiger/actions/RecipientPreferencesSaveAjax.php
index 72b4f652a3fcd539f79fc63aabcfc3cdc1c61329..74e4db4ee6d38059248d02d2304d4cb1da948d2b 100644
--- a/modules/Vtiger/actions/RecipientPreferencesSaveAjax.php
+++ b/modules/Vtiger/actions/RecipientPreferencesSaveAjax.php
@@ -10,6 +10,13 @@
class Vtiger_RecipientPreferencesSaveAjax_Action extends Vtiger_SaveAjax_Action {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$sourceModule = $request->get('source_module');
$selecltedFields = $request->get('selectedFields');
diff --git a/modules/Vtiger/actions/RemoveWidget.php b/modules/Vtiger/actions/RemoveWidget.php
index 3ace91794f373737e7e47cb5ceae8943a1e2b54d..bdaccd71402d3deadc831d031e4b5873f8373d93 100644
--- a/modules/Vtiger/actions/RemoveWidget.php
+++ b/modules/Vtiger/actions/RemoveWidget.php
@@ -10,6 +10,17 @@
class Vtiger_RemoveWidget_Action extends Vtiger_IndexAjax_View {
+ public function requiresPermission(Vtiger_Request $request){
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
$linkId = $request->get('linkid');
diff --git a/modules/Vtiger/actions/SaveWidgetPositions.php b/modules/Vtiger/actions/SaveWidgetPositions.php
index e87302b6447e2514c387a2c7f7a2bbb6ae92c754..742d68ea75a710805aee2d93345f5e416a7d67d4 100644
--- a/modules/Vtiger/actions/SaveWidgetPositions.php
+++ b/modules/Vtiger/actions/SaveWidgetPositions.php
@@ -10,6 +10,17 @@
class Vtiger_SaveWidgetPositions_Action extends Vtiger_IndexAjax_View {
+ public function requiresPermission(Vtiger_Request $request){
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
diff --git a/modules/Vtiger/actions/SaveWidgetSize.php b/modules/Vtiger/actions/SaveWidgetSize.php
index 9f6e82365003e96b9d5724a3d952434faae010e5..4920b064080f68d964fb25f7fb6f3cbe061f4d17 100644
--- a/modules/Vtiger/actions/SaveWidgetSize.php
+++ b/modules/Vtiger/actions/SaveWidgetSize.php
@@ -10,6 +10,17 @@
class Vtiger_SaveWidgetSize_Action extends Vtiger_IndexAjax_View {
+ public function requiresPermission(Vtiger_Request $request){
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
diff --git a/modules/Vtiger/views/AddNotePad.php b/modules/Vtiger/views/AddNotePad.php
index 182e40166631ee72262b310146553c29fda11601..705c394bbb6e1f23513d430922892028f3fa107d 100644
--- a/modules/Vtiger/views/AddNotePad.php
+++ b/modules/Vtiger/views/AddNotePad.php
@@ -10,6 +10,18 @@
class Vtiger_AddNotePad_View extends Vtiger_Index_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
function process (Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
$viewer = $this->getViewer($request);
diff --git a/modules/Vtiger/views/DashBoardTab.php b/modules/Vtiger/views/DashBoardTab.php
index b737557e18feed097c3c7ee50dfad030c671037e..8ab58f8cdd6e05aa5d73883126c8de694a847401 100644
--- a/modules/Vtiger/views/DashBoardTab.php
+++ b/modules/Vtiger/views/DashBoardTab.php
@@ -17,6 +17,18 @@ class Vtiger_DashboardTab_View extends Vtiger_Index_View {
$this->exposeMethod('showDashBoardTabList');
}
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ if($request->get('module') != 'Dashboard'){
+ $request->set('custom_module', 'Dashboard');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ }else{
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ }
+
+ return $permissions;
+ }
+
function process(Vtiger_Request $request) {
$mode = $request->getMode();
if(!empty($mode)) {