From 8a92b348489a90f032b7f309fab1c065c216a280 Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Wed, 7 Aug 2019 17:13:47 +0530
Subject: [PATCH] Checkpermission addressed on Tickets, Helpdesh and Home
 modules

---
 modules/HelpDesk/actions/ConvertFAQ.php | 14 ++++++-------
 modules/Vtiger/views/DashBoard.php      | 12 +++++------
 modules/Vtiger/views/Index.php          | 16 ++++++--------
 modules/Vtiger/views/MassActionAjax.php | 28 +++++++++++++++++++++++++
 4 files changed, 47 insertions(+), 23 deletions(-)

diff --git a/modules/HelpDesk/actions/ConvertFAQ.php b/modules/HelpDesk/actions/ConvertFAQ.php
index 91f35af30..fe850b7f1 100644
--- a/modules/HelpDesk/actions/ConvertFAQ.php
+++ b/modules/HelpDesk/actions/ConvertFAQ.php
@@ -10,14 +10,14 @@
 
 class HelpDesk_ConvertFAQ_Action extends Vtiger_Action_Controller {
 
-	public function checkPermission(Vtiger_Request $request) {
-		$recordPermission = Users_Privileges_Model::isPermitted('Faq', 'CreateView');
-
-		if(!$recordPermission) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+		$request->set('custom_module', 'Faq');
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');
diff --git a/modules/Vtiger/views/DashBoard.php b/modules/Vtiger/views/DashBoard.php
index ee199225a..2f9b634fc 100644
--- a/modules/Vtiger/views/DashBoard.php
+++ b/modules/Vtiger/views/DashBoard.php
@@ -12,13 +12,13 @@ class Vtiger_Dashboard_View extends Vtiger_Index_View {
 
 	protected static $selectable_dashboards;
 
-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		if(!Users_Privileges_Model::isPermitted($moduleName, $actionName)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+		$request->set('custom_module', 'Dashboard');
+		return $permissions;
 	}
-
+	
 	function preProcess(Vtiger_Request $request, $display=true) {
 		parent::preProcess($request, false);
 		$viewer = $this->getViewer($request);
diff --git a/modules/Vtiger/views/Index.php b/modules/Vtiger/views/Index.php
index f2956e788..8e9b597e8 100644
--- a/modules/Vtiger/views/Index.php
+++ b/modules/Vtiger/views/Index.php
@@ -14,6 +14,12 @@ class Vtiger_Index_View extends Vtiger_Basic_View {
 		parent::__construct();
 	}
 
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		return $permissions;
+	}
+	
 	public function preProcess (Vtiger_Request $request, $display=true) {
 		parent::preProcess($request, false);
 
@@ -22,17 +28,7 @@ class Vtiger_Index_View extends Vtiger_Basic_View {
 		$moduleName = $request->getModule();
 		if(!empty($moduleName)) {
 			$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-			$currentUser = Users_Record_Model::getCurrentUserModel();
-			$userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
-			$permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId());
 			$viewer->assign('MODULE', $moduleName);
-
-			if(!$permission) {
-				$viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
-				$viewer->view('OperationNotPermitted.tpl', $moduleName);
-				exit;
-			}
-
 			$linkParams = array('MODULE'=>$moduleName, 'ACTION'=>$request->get('view'));
 			$linkModels = $moduleModel->getSideBarLinks($linkParams);
 
diff --git a/modules/Vtiger/views/MassActionAjax.php b/modules/Vtiger/views/MassActionAjax.php
index 8bc719064..9073a7810 100644
--- a/modules/Vtiger/views/MassActionAjax.php
+++ b/modules/Vtiger/views/MassActionAjax.php
@@ -19,6 +19,34 @@ class Vtiger_MassActionAjax_View extends Vtiger_IndexAjax_View {
 		$this->exposeMethod('transferOwnership');
 	}
 
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$mode = $request->getMode();
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		if(!empty($mode)) {
+			switch ($mode) {
+				case 'showMassEditForm':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+					break;
+				case 'showAddCommentForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+					$request->set('custom_module', 'ModComments');
+					break;
+				case 'showComposeEmailForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+					$request->set('custom_module', 'Emails');
+					break;
+				case 'showSendSMSForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+					$request->set('custom_module', 'SMSNotifier');
+					break;
+				default:
+					break;
+			}
+		}
+		return $permissions;
+	}
+	
 	function process(Vtiger_Request $request) {
 		$mode = $request->get('mode');
 		if(!empty($mode)) {
-- 
GitLab