From 57ec27ef4c8cba21942cbf90c9f8b6bad088de7c Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Wed, 21 Aug 2019 18:15:04 +0530
Subject: [PATCH] check permission addressed on pkg modules
---
modules/Vtiger/actions/Delete.php | 2 +-
modules/Vtiger/actions/Mass.php | 3 ++-
modules/Vtiger/actions/Save.php | 2 +-
modules/Vtiger/views/Detail.php | 5 ++--
modules/Vtiger/views/Edit.php | 2 +-
modules/Vtiger/views/Index.php | 2 +-
modules/Vtiger/views/ListViewQuickPreview.php | 2 +-
modules/Vtiger/views/QuickCreateAjax.php | 3 ---
.../modules/EmailTemplates/actions/Delete.php | 13 ++++++++--
.../EmailTemplates/actions/DeleteAjax.php | 21 +++++++++-------
.../EmailTemplates/actions/MassDelete.php | 13 ++++++++--
.../modules/EmailTemplates/actions/Save.php | 13 ++++++++++
.../actions/ShowTemplateContent.php | 18 +++++++-------
.../modules/EmailTemplates/views/Detail.php | 13 ++++++++++
.../modules/EmailTemplates/views/Edit.php | 24 +++++++++++--------
.../modules/EmailTemplates/views/List.php | 13 ++++++++++
.../modules/EmailTemplates/views/Popup.php | 12 ++++++++--
.../Google/modules/Google/actions/Import.php | 4 ++++
.../Google/modules/Google/actions/MapAjax.php | 4 ++++
.../modules/Google/actions/SaveSettings.php | 4 ++++
.../Google/actions/SaveSyncSettings.php | 4 ++++
.../modules/Google/views/Authenticate.php | 4 ++++
.../Google/modules/Google/views/Index.php | 4 ++++
.../Google/modules/Google/views/List.php | 4 ++++
.../Google/modules/Google/views/Setting.php | 4 ++++
.../modules/MailManager/actions/Folder.php | 4 ----
.../modules/MailManager/views/Abstract.php | 6 ++++-
.../MailManager/views/ComposeEmail.php | 4 ++++
.../MailManager/views/MassActionAjax.php | 6 ++++-
.../RecycleBin/actions/RecycleBinAjax.php | 6 ++++-
.../SMSNotifier/actions/MassSaveAjax.php | 10 --------
.../modules/SMSNotifier/views/CheckStatus.php | 10 +-------
.../settings/actions/CheckDuplicate.php | 1 +
.../Webforms/settings/actions/Delete.php | 1 +
.../Webforms/settings/views/Detail.php | 1 +
.../modules/Webforms/settings/views/Edit.php | 1 +
.../settings/views/GetSourceModuleFields.php | 1 +
.../modules/Webforms/settings/views/List.php | 1 +
.../Webforms/settings/views/ShowForm.php | 1 +
39 files changed, 175 insertions(+), 71 deletions(-)
diff --git a/modules/Vtiger/actions/Delete.php b/modules/Vtiger/actions/Delete.php
index 00b1c0290..dc0e221d1 100644
--- a/modules/Vtiger/actions/Delete.php
+++ b/modules/Vtiger/actions/Delete.php
@@ -23,7 +23,7 @@ class Vtiger_Delete_Action extends Vtiger_Action_Controller {
parent::checkPermission($request);
- $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss', 'EmailTemplates');
if ($record && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($record);
if ($recordEntityName !== $moduleName) {
diff --git a/modules/Vtiger/actions/Mass.php b/modules/Vtiger/actions/Mass.php
index f077bcb7b..cb2a11c2d 100644
--- a/modules/Vtiger/actions/Mass.php
+++ b/modules/Vtiger/actions/Mass.php
@@ -13,7 +13,8 @@ abstract class Vtiger_Mass_Action extends Vtiger_Action_Controller {
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
- return $permissions;
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+ return $permissions;
}
protected function getRecordsListFromRequest(Vtiger_Request $request) {
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index 98bfde801..36cf4c2fd 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -35,7 +35,7 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
$moduleName = $request->getModule();
$record = $request->get('record');
- $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss', 'EmailTemplates');
if ($record && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($record);
if ($recordEntityName !== $moduleName) {
diff --git a/modules/Vtiger/views/Detail.php b/modules/Vtiger/views/Detail.php
index 940912466..51370ac9c 100644
--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -58,17 +58,18 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
}
function checkPermission(Vtiger_Request $request) {
+ parent::checkPermission($request);
$moduleName = $request->getModule();
$recordId = $request->get('record');
- $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss', 'EmailTemplates');
if ($recordId && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($recordId);
if ($recordEntityName !== $moduleName) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
- return parent::checkPermission($request);
+ return true;
}
function preProcess(Vtiger_Request $request, $display=true) {
diff --git a/modules/Vtiger/views/Edit.php b/modules/Vtiger/views/Edit.php
index fb653ee02..d33c4e768 100644
--- a/modules/Vtiger/views/Edit.php
+++ b/modules/Vtiger/views/Edit.php
@@ -29,7 +29,7 @@ Class Vtiger_Edit_View extends Vtiger_Index_View {
$moduleName = $request->getModule();
$record = $request->get('record');
- $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss', 'EmailTemplates');
if ($record && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($record);
if ($recordEntityName !== $moduleName) {
diff --git a/modules/Vtiger/views/Index.php b/modules/Vtiger/views/Index.php
index 8e9b597e8..7818f31e8 100644
--- a/modules/Vtiger/views/Index.php
+++ b/modules/Vtiger/views/Index.php
@@ -16,7 +16,7 @@ class Vtiger_Index_View extends Vtiger_Basic_View {
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
- $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
return $permissions;
}
diff --git a/modules/Vtiger/views/ListViewQuickPreview.php b/modules/Vtiger/views/ListViewQuickPreview.php
index 3010a2f35..3b0761e28 100644
--- a/modules/Vtiger/views/ListViewQuickPreview.php
+++ b/modules/Vtiger/views/ListViewQuickPreview.php
@@ -28,7 +28,7 @@ class Vtiger_ListViewQuickPreview_View extends Vtiger_Index_View {
parent::checkPermission($request);
- $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal', 'Reports', 'Rss', 'EmailTemplates');
if ($recordId && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($recordId);
if ($recordEntityName !== $moduleName) {
diff --git a/modules/Vtiger/views/QuickCreateAjax.php b/modules/Vtiger/views/QuickCreateAjax.php
index 742d952c5..76c189aba 100644
--- a/modules/Vtiger/views/QuickCreateAjax.php
+++ b/modules/Vtiger/views/QuickCreateAjax.php
@@ -16,9 +16,6 @@ class Vtiger_QuickCreateAjax_View extends Vtiger_IndexAjax_View {
$permissions[] = array('module_parameter' => 'module', 'action' => 'CreateView');
return $permissions;
}
- public function checkPermission(Vtiger_Request $request) {
- return parent::checkPermission($request);
- }
public function process(Vtiger_Request $request) {
$moduleName = $request->getModule();
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Delete.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Delete.php
index 5d8bbe004..72813ceb9 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Delete.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Delete.php
@@ -10,9 +10,18 @@
class EmailTemplates_Delete_Action extends Vtiger_Delete_Action {
- function checkPermission(Vtiger_Request $request) {
- return true;
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
}
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
public function process(Vtiger_Request $request) {
$moduleName = $request->getModule();
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/DeleteAjax.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/DeleteAjax.php
index 2c4b99570..a381b9101 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/DeleteAjax.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/DeleteAjax.php
@@ -10,16 +10,19 @@
class EmailTemplates_DeleteAjax_Action extends Vtiger_Delete_Action {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $record = $request->get('record');
-
- $currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPrivilegesModel->isPermitted($moduleName, 'Delete', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
}
-
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
public function process(Vtiger_Request $request) {
$moduleName = $request->getModule();
$recordId = $request->get('record');
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/MassDelete.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/MassDelete.php
index ff0959be5..9475702e6 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/MassDelete.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/MassDelete.php
@@ -10,10 +10,19 @@
class EmailTemplates_MassDelete_Action extends Vtiger_Mass_Action {
- function checkPermission(){
- return true;
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
}
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
function preProcess(Vtiger_Request $request) {
return true;
}
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Save.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Save.php
index 3fad84c90..2ce48d0e6 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Save.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/Save.php
@@ -10,6 +10,19 @@
class EmailTemplates_Save_Action extends Vtiger_Save_Action {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
public function process(Vtiger_Request $request) {
$site_URL = vglobal('site_URL');
$moduleName = $request->getModule();
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/ShowTemplateContent.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/ShowTemplateContent.php
index 2d2e9402e..4d97bec0c 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/ShowTemplateContent.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/actions/ShowTemplateContent.php
@@ -14,6 +14,15 @@ class EmailTemplates_ShowTemplateContent_Action extends Vtiger_Action_Controller
$this->exposeMethod('getContent');
}
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if (!empty($mode)) {
@@ -23,15 +32,6 @@ class EmailTemplates_ShowTemplateContent_Action extends Vtiger_Action_Controller
}
}
- public function checkPermission(Vtiger_Request $request) {
- $record = $request->get('record');
- $moduleName = $request->getModule();
-
- if (!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- }
-
public function getContent(Vtiger_Request $request) {
$response = new Vtiger_Response();
$recordId = $request->get('record');
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Detail.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Detail.php
index 484363abe..120633386 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Detail.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Detail.php
@@ -10,6 +10,19 @@
class EmailTemplates_Detail_View extends Vtiger_Index_View {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
function preProcess(Vtiger_Request $request, $display=true) {
parent::preProcess($request, false);
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Edit.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Edit.php
index f771f4c29..abc14a7e5 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Edit.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Edit.php
@@ -10,7 +10,20 @@
Class EmailTemplates_Edit_View extends Vtiger_Index_View {
- public function preProcess(Vtiger_Request $request, $display = true) {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
+ public function preProcess(Vtiger_Request $request, $display = true) {
$record = $request->get('record');
if (!empty($record)) {
$recordModel = EmailTemplates_Record_Model::getInstanceById($record);
@@ -36,15 +49,6 @@ Class EmailTemplates_Edit_View extends Vtiger_Index_View {
$viewer->assign('MODULE_SETTING_ACTIONS', $settingLinks);
}
- /**
- * Function to check module Edit Permission
- * @param Vtiger_Request $request
- * @return boolean
- */
- public function checkPermission(Vtiger_Request $request) {
- return true;
- }
-
/**
* Function to get the list of Script models to be included
* @param Vtiger_Request $request
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/List.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/List.php
index 225730d59..8c7b04c1a 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/List.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/List.php
@@ -14,6 +14,19 @@ class EmailTemplates_List_View extends Vtiger_Index_View {
parent::__construct();
}
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
+
function preProcess(Vtiger_Request $request, $display = true) {
parent::preProcess($request, false);
diff --git a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Popup.php b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Popup.php
index d5e561d00..9eb4bb018 100644
--- a/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Popup.php
+++ b/pkg/vtiger/modules/EmailTemplates/modules/EmailTemplates/views/Popup.php
@@ -10,10 +10,18 @@
class EmailTemplates_Popup_View extends Vtiger_Popup_View {
- public function checkPermission(Vtiger_Request $request) {
- return true;
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
}
+ public function checkPermission($request) {
+ $moduleName = $request->getModule();
+ $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+ if(!$moduleModel->isActive()){
+ return false;
+ }
+ return true;
+ }
/*
* Function to initialize the required data in smarty to display the List View Contents
*/
diff --git a/pkg/vtiger/modules/Google/modules/Google/actions/Import.php b/pkg/vtiger/modules/Google/modules/Google/actions/Import.php
index 0a3cbd760..1ea5d6dfd 100644
--- a/pkg/vtiger/modules/Google/modules/Google/actions/Import.php
+++ b/pkg/vtiger/modules/Google/modules/Google/actions/Import.php
@@ -10,6 +10,10 @@
class Google_Import_Action extends Vtiger_BasicAjax_Action {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
function process(Vtiger_Request $request) {
$request->set('sourcemodule', 'Contacts');
$sourceModule = $request->get('sourcemodule');
diff --git a/pkg/vtiger/modules/Google/modules/Google/actions/MapAjax.php b/pkg/vtiger/modules/Google/modules/Google/actions/MapAjax.php
index 6fbf65a2c..3fda89a19 100644
--- a/pkg/vtiger/modules/Google/modules/Google/actions/MapAjax.php
+++ b/pkg/vtiger/modules/Google/modules/Google/actions/MapAjax.php
@@ -11,6 +11,10 @@
class Google_MapAjax_Action extends Vtiger_BasicAjax_Action {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
public function process(Vtiger_Request $request) {
switch ($request->get("mode")) {
case 'getLocation' : $result = $this->getLocation($request);
diff --git a/pkg/vtiger/modules/Google/modules/Google/actions/SaveSettings.php b/pkg/vtiger/modules/Google/modules/Google/actions/SaveSettings.php
index d3c417b90..2dc74f203 100644
--- a/pkg/vtiger/modules/Google/modules/Google/actions/SaveSettings.php
+++ b/pkg/vtiger/modules/Google/modules/Google/actions/SaveSettings.php
@@ -11,6 +11,10 @@
class Google_SaveSettings_Action extends Vtiger_BasicAjax_Action {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
public function process(Vtiger_Request $request) {
$sourceModule = $request->get('sourcemodule');
$fieldMapping = $request->get('fieldmapping');
diff --git a/pkg/vtiger/modules/Google/modules/Google/actions/SaveSyncSettings.php b/pkg/vtiger/modules/Google/modules/Google/actions/SaveSyncSettings.php
index d72d9a9d9..b8cfb91cf 100644
--- a/pkg/vtiger/modules/Google/modules/Google/actions/SaveSyncSettings.php
+++ b/pkg/vtiger/modules/Google/modules/Google/actions/SaveSyncSettings.php
@@ -10,6 +10,10 @@
class Google_SaveSyncSettings_Action extends Vtiger_BasicAjax_Action {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
public function process(Vtiger_Request $request) {
$contactsSettings = $request->get('Contacts');
$calendarSettings = $request->get('Calendar');
diff --git a/pkg/vtiger/modules/Google/modules/Google/views/Authenticate.php b/pkg/vtiger/modules/Google/modules/Google/views/Authenticate.php
index 406e75273..d8872c81d 100644
--- a/pkg/vtiger/modules/Google/modules/Google/views/Authenticate.php
+++ b/pkg/vtiger/modules/Google/modules/Google/views/Authenticate.php
@@ -10,6 +10,10 @@
class Google_Authenticate_View extends Vtiger_Index_View {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
diff --git a/pkg/vtiger/modules/Google/modules/Google/views/Index.php b/pkg/vtiger/modules/Google/modules/Google/views/Index.php
index 48c9ab0c1..0b9c9adbd 100644
--- a/pkg/vtiger/modules/Google/modules/Google/views/Index.php
+++ b/pkg/vtiger/modules/Google/modules/Google/views/Index.php
@@ -14,6 +14,10 @@ class Google_Index_View extends Vtiger_ExtensionViews_View {
parent::__construct();
$this->exposeMethod('settings');
}
+
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
function getUserEmail() {
$user = Users_Record_Model::getCurrentUserModel();
diff --git a/pkg/vtiger/modules/Google/modules/Google/views/List.php b/pkg/vtiger/modules/Google/modules/Google/views/List.php
index 3570e508f..c9756f305 100644
--- a/pkg/vtiger/modules/Google/modules/Google/views/List.php
+++ b/pkg/vtiger/modules/Google/modules/Google/views/List.php
@@ -16,6 +16,10 @@ class Google_List_View extends Vtiger_PopupAjax_View {
$this->exposeMethod('Contacts');
$this->exposeMethod('Calendar');
}
+
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
function process(Vtiger_Request $request) {
switch ($request->get('operation')) {
diff --git a/pkg/vtiger/modules/Google/modules/Google/views/Setting.php b/pkg/vtiger/modules/Google/modules/Google/views/Setting.php
index bdaf161d8..e27ecffed 100644
--- a/pkg/vtiger/modules/Google/modules/Google/views/Setting.php
+++ b/pkg/vtiger/modules/Google/modules/Google/views/Setting.php
@@ -14,6 +14,10 @@ class Google_Setting_View extends Vtiger_PopupAjax_View {
$this->exposeMethod('emitContactSyncSettingUI');
}
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
public function process(Vtiger_Request $request) {
switch ($request->get('sourcemodule')) {
case "Contacts" : $this->emitContactsSyncSettingUI($request);
diff --git a/pkg/vtiger/modules/MailManager/modules/MailManager/actions/Folder.php b/pkg/vtiger/modules/MailManager/modules/MailManager/actions/Folder.php
index 2db5e533c..00e28e0d2 100644
--- a/pkg/vtiger/modules/MailManager/modules/MailManager/actions/Folder.php
+++ b/pkg/vtiger/modules/MailManager/modules/MailManager/actions/Folder.php
@@ -15,10 +15,6 @@ class MailManager_Folder_Action extends Vtiger_Action_Controller {
$this->exposeMethod('showMailContent');
}
- function checkPermission(Vtiger_Request $request) {
- return true;
- }
-
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if (!empty($mode)) {
diff --git a/pkg/vtiger/modules/MailManager/modules/MailManager/views/Abstract.php b/pkg/vtiger/modules/MailManager/modules/MailManager/views/Abstract.php
index bdd18fdd7..d3e6112a2 100644
--- a/pkg/vtiger/modules/MailManager/modules/MailManager/views/Abstract.php
+++ b/pkg/vtiger/modules/MailManager/modules/MailManager/views/Abstract.php
@@ -16,7 +16,11 @@ vimport('modules/Settings/MailConverter/handlers/MailRecord.php');
abstract class MailManager_Abstract_View extends Vtiger_Index_View {
- public function preProcess (Vtiger_Request $request, $display = true) {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ public function preProcess (Vtiger_Request $request, $display = true) {
if ($this->getOperationArg($request) === 'attachment_dld') {
return true;
} else {
diff --git a/pkg/vtiger/modules/MailManager/modules/MailManager/views/ComposeEmail.php b/pkg/vtiger/modules/MailManager/modules/MailManager/views/ComposeEmail.php
index 96a9213fc..5dbd4936d 100644
--- a/pkg/vtiger/modules/MailManager/modules/MailManager/views/ComposeEmail.php
+++ b/pkg/vtiger/modules/MailManager/modules/MailManager/views/ComposeEmail.php
@@ -9,6 +9,10 @@
* ***********************************************************************************/
class MailManager_ComposeEmail_View extends Vtiger_ComposeEmail_View {
+
+ public function requiresPermission(Vtiger_Request $request){
+ return array();
+ }
public function composeMailData($request) {
$moduleName = 'Emails';
diff --git a/pkg/vtiger/modules/MailManager/modules/MailManager/views/MassActionAjax.php b/pkg/vtiger/modules/MailManager/modules/MailManager/views/MassActionAjax.php
index af68246a0..7d43c4cf5 100644
--- a/pkg/vtiger/modules/MailManager/modules/MailManager/views/MassActionAjax.php
+++ b/pkg/vtiger/modules/MailManager/modules/MailManager/views/MassActionAjax.php
@@ -10,7 +10,11 @@
class MailManager_MassActionAjax_View extends Vtiger_MassActionAjax_View {
- protected function getEmailFieldsInfo(Vtiger_Request $request) {
+ public function requiresPermission(\Vtiger_Request $request) {
+ return array();
+ }
+
+ protected function getEmailFieldsInfo(Vtiger_Request $request) {
$sourceModules = Array();
$linkToModule = $request->get('linktomodule');
if (!empty($linkToModule)) {
diff --git a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
index 0d8b141f3..3d5a429a4 100644
--- a/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
+++ b/pkg/vtiger/modules/RecycleBin/modules/RecycleBin/actions/RecycleBinAjax.php
@@ -19,7 +19,11 @@ class RecycleBin_RecycleBinAjax_Action extends Vtiger_Mass_Action {
function checkPermission(Vtiger_Request $request) {
if($request->get('mode') == 'emptyRecycleBin') {
- //we dont check for permissions since recylebin axis will not be there for non admin users
+ //Only admin user can empty the recycle bin, so this check is mabdatory
+ $currentUserModel = Users_Record_Model::getCurrentUserModel();
+ if(!$currentUserModel->isAdminUser()) {
+ throw new AppException(vtranslate('LBL_PERMISSION_DENIED', 'Vtiger'));
+ }
return true;
}
$targetModuleName = $request->get('sourceModule', $request->get('module'));
diff --git a/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/actions/MassSaveAjax.php b/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/actions/MassSaveAjax.php
index a03a9ae4b..76d364ecb 100644
--- a/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/actions/MassSaveAjax.php
+++ b/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/actions/MassSaveAjax.php
@@ -10,16 +10,6 @@
class SMSNotifier_MassSaveAjax_Action extends Vtiger_Mass_Action {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Save')) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
- }
-
/**
* Function that saves SMS records
* @param Vtiger_Request $request
diff --git a/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/views/CheckStatus.php b/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/views/CheckStatus.php
index e2a3e5b8a..e3b7976e9 100644
--- a/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/views/CheckStatus.php
+++ b/pkg/vtiger/modules/SMSNotifier/modules/SMSNotifier/views/CheckStatus.php
@@ -10,15 +10,7 @@
class SMSNotifier_CheckStatus_View extends Vtiger_IndexAjax_View {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
-
- if(!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $request->get('record'))) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
- }
-
- function process(Vtiger_Request $request) {
+ function process(Vtiger_Request $request) {
$viewer = $this->getViewer($request);
$moduleName = $request->getModule();
diff --git a/pkg/vtiger/modules/Webforms/settings/actions/CheckDuplicate.php b/pkg/vtiger/modules/Webforms/settings/actions/CheckDuplicate.php
index c20c03690..0e13a01a4 100644
--- a/pkg/vtiger/modules/Webforms/settings/actions/CheckDuplicate.php
+++ b/pkg/vtiger/modules/Webforms/settings/actions/CheckDuplicate.php
@@ -19,6 +19,7 @@ class Settings_Webforms_CheckDuplicate_Action extends Settings_Vtiger_Index_Acti
if(!$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/pkg/vtiger/modules/Webforms/settings/actions/Delete.php b/pkg/vtiger/modules/Webforms/settings/actions/Delete.php
index 141015b02..c4749cf10 100644
--- a/pkg/vtiger/modules/Webforms/settings/actions/Delete.php
+++ b/pkg/vtiger/modules/Webforms/settings/actions/Delete.php
@@ -20,6 +20,7 @@ class Settings_Webforms_Delete_Action extends Settings_Vtiger_Index_Action {
if(!$recordId || !$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/pkg/vtiger/modules/Webforms/settings/views/Detail.php b/pkg/vtiger/modules/Webforms/settings/views/Detail.php
index 88c2879b8..c43d2442b 100644
--- a/pkg/vtiger/modules/Webforms/settings/views/Detail.php
+++ b/pkg/vtiger/modules/Webforms/settings/views/Detail.php
@@ -20,6 +20,7 @@ class Settings_Webforms_Detail_View extends Settings_Vtiger_Index_View {
if(!$recordId || !$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/pkg/vtiger/modules/Webforms/settings/views/Edit.php b/pkg/vtiger/modules/Webforms/settings/views/Edit.php
index 221fd21dd..bb49a9957 100644
--- a/pkg/vtiger/modules/Webforms/settings/views/Edit.php
+++ b/pkg/vtiger/modules/Webforms/settings/views/Edit.php
@@ -19,6 +19,7 @@ Class Settings_Webforms_Edit_View extends Settings_Vtiger_Index_View {
if (!$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/pkg/vtiger/modules/Webforms/settings/views/GetSourceModuleFields.php b/pkg/vtiger/modules/Webforms/settings/views/GetSourceModuleFields.php
index 0cdbafe69..bf4cca671 100644
--- a/pkg/vtiger/modules/Webforms/settings/views/GetSourceModuleFields.php
+++ b/pkg/vtiger/modules/Webforms/settings/views/GetSourceModuleFields.php
@@ -19,6 +19,7 @@ class Settings_Webforms_GetSourceModuleFields_View extends Settings_Vtiger_Index
if(!$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/pkg/vtiger/modules/Webforms/settings/views/List.php b/pkg/vtiger/modules/Webforms/settings/views/List.php
index a723ad736..76873580e 100644
--- a/pkg/vtiger/modules/Webforms/settings/views/List.php
+++ b/pkg/vtiger/modules/Webforms/settings/views/List.php
@@ -25,6 +25,7 @@ class Settings_Webforms_List_View extends Settings_Vtiger_List_View {
if(!$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
/**
diff --git a/pkg/vtiger/modules/Webforms/settings/views/ShowForm.php b/pkg/vtiger/modules/Webforms/settings/views/ShowForm.php
index 91cffb477..2f8ba7bba 100644
--- a/pkg/vtiger/modules/Webforms/settings/views/ShowForm.php
+++ b/pkg/vtiger/modules/Webforms/settings/views/ShowForm.php
@@ -20,6 +20,7 @@ Class Settings_Webforms_ShowForm_View extends Settings_Vtiger_IndexAjax_View {
if(!$recordId || !$currentUserPrivilegesModel->hasModulePermission($moduleModel->getId())) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
--
GitLab