diff --git a/modules/Calendar/models/DetailRecordStructure.php b/modules/Calendar/models/DetailRecordStructure.php
index c86ea71416634d0ad6728f76d1745eb08c012f6a..a3da2a0de21df93f7a7b465ae8eda320da1c40b9 100644
--- a/modules/Calendar/models/DetailRecordStructure.php
+++ b/modules/Calendar/models/DetailRecordStructure.php
@@ -44,7 +44,7 @@ class Calendar_DetailRecordStructure_Model extends Vtiger_DetailRecordStructure_
$value = $recordModel->get($fieldName);
if(!$currentUsersModel->isAdminUser() && ($fieldModel->getFieldDataType() == 'picklist' || $fieldModel->getFieldDataType() == 'multipicklist')) {
$value = decode_html($value);
- $this->setupAccessiblePicklistValueList($fieldName);
+ $this->setupAccessiblePicklistValueList($fieldModel);
}
$fieldModel->set('fieldvalue', $value);
}
diff --git a/modules/Calendar/views/Detail.php b/modules/Calendar/views/Detail.php
index 0b1e256f4986a255912ae34d490e7221292da26d..186583fb7e952add457393681224bf2da3f65b07 100644
--- a/modules/Calendar/views/Detail.php
+++ b/modules/Calendar/views/Detail.php
@@ -14,11 +14,7 @@ class Calendar_Detail_View extends Vtiger_Detail_View {
$moduleName = $request->getModule();
$recordId = $request->get('record');
- $recordPermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $recordId);
- if(!$recordPermission) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
+ parent::checkPermission($request);
if ($recordId) {
$activityModulesList = array('Calendar', 'Events');
$recordEntityName = getSalesEntityType($recordId);
diff --git a/modules/Calendar/views/Edit.php b/modules/Calendar/views/Edit.php
index 01f22d75d9e7b24002626057eeea8b42c8e8e27a..514da34fd109879feee780a0777103491a94203a 100644
--- a/modules/Calendar/views/Edit.php
+++ b/modules/Calendar/views/Edit.php
@@ -20,15 +20,7 @@ Class Calendar_Edit_View extends Vtiger_Edit_View {
$moduleName = $request->getModule();
$record = $request->get('record');
- $actionName = 'CreateView';
- if ($record && !$request->get('isDuplicate')) {
- $actionName = 'EditView';
- }
-
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
+ parent::checkPermission($request);
if ($record) {
$activityModulesList = array('Calendar', 'Events');
$recordEntityName = getSalesEntityType($record);
diff --git a/modules/Calendar/views/QuickCreateAjax.php b/modules/Calendar/views/QuickCreateAjax.php
index ac00e7e86d4caddddd8922e04864faa6a237474b..db574278582aaaae68290c5002e03a4c8079a94f 100644
--- a/modules/Calendar/views/QuickCreateAjax.php
+++ b/modules/Calendar/views/QuickCreateAjax.php
@@ -10,17 +10,16 @@
class Calendar_QuickCreateAjax_View extends Vtiger_QuickCreateAjax_View {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- //Need to check record permission as Calendar view is using QuickCreateAjax to show edit form
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
$record = $request->get('record');
-
+ //Need to check record permission as Calendar view is using QuickCreateAjax to show edit form
$actionName = ($record) ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+
+ $permissions[] = array('module_parameter' => 'module', 'action' => $actionName, 'record_parameter' => 'record');
+ return $permissions;
}
-
+
public function process(Vtiger_Request $request) {
$moduleName = $request->getModule();
diff --git a/modules/Events/views/Calendar.php b/modules/Events/views/Calendar.php
index 32943390abfa1a4896d0454e25427a7faf08c8a8..d0ccd3af5ec6adb91935bf55a49ab371d8039036 100644
--- a/modules/Events/views/Calendar.php
+++ b/modules/Events/views/Calendar.php
@@ -12,6 +12,17 @@
// user continue working with Calendar when dropping from Event View.
class Events_Calendar_View extends Vtiger_Index_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ $request->set('custom_module', 'Calendar');
+ return $permissions;
+ }
+
+ public function checkPermission(Vtiger_Request $request) {
+ return parent::checkPermission($request);
+ }
+
public function preProcess(Vtiger_Request $request, $display = true) {}
public function postProcess(Vtiger_Request $request) {}
diff --git a/modules/Vtiger/views/Detail.php b/modules/Vtiger/views/Detail.php
index 488fdaf11f2f5c7d46eb02ef4fc65187486ed806..89cb8a38969e54fdef85205e2ff8803cb8026f2d 100644
--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -61,7 +61,8 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
$moduleName = $request->getModule();
$recordId = $request->get('record');
- if ($recordId) {
+ $nonEntityModules = array('Users', 'Events', 'Calendar');
+ if ($recordId && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($recordId);
if ($recordEntityName !== $moduleName) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
diff --git a/modules/Vtiger/views/Edit.php b/modules/Vtiger/views/Edit.php
index 634c3951507296eb785c0ad22bb53edfc0ba3aa4..e2766d33311ca172bb7bda521f0cb2933ec3fe76 100644
--- a/modules/Vtiger/views/Edit.php
+++ b/modules/Vtiger/views/Edit.php
@@ -29,7 +29,8 @@ Class Vtiger_Edit_View extends Vtiger_Index_View {
$moduleName = $request->getModule();
$record = $request->get('record');
- if ($record) {
+ $nonEntityModules = array('Users', 'Events', 'Calendar');
+ if ($record && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($record);
if ($recordEntityName !== $moduleName) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));