diff --git a/modules/Reports/views/Detail.php b/modules/Reports/views/Detail.php
index 325c3fb4bde4a49563105a2696d934af20f2a90d..08b8fabdf59842fb8da9eb948decd3246924f349 100644
--- a/modules/Reports/views/Detail.php
+++ b/modules/Reports/views/Detail.php
@@ -65,17 +65,25 @@ class Reports_Detail_View extends Vtiger_Index_View {
$primaryModule = $reportModel->getPrimaryModule();
$secondaryModules = $reportModel->getSecondaryModules();
- $primaryModuleModel = Vtiger_Module_Model::getInstance($primaryModule);
-
+ $modulesList = array($primaryModule);
+ if(stripos($secondaryModules, ':') >= 0){
+ $secmodules = split(':', $secondaryModules);
+ $modulesList = array_merge($modulesList, $secmodules);
+ }else{
+ array_push($modulesList, $secondaryModules);
+ }
$currentUser = Users_Record_Model::getCurrentUserModel();
$userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
- $permission = $userPrivilegesModel->hasModulePermission($primaryModuleModel->getId());
- if(!$permission) {
- $viewer->assign('MODULE', $primaryModule);
- $viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
- $viewer->view('OperationNotPermitted.tpl', $primaryModule);
- exit;
- }
+ foreach ($modulesList as $checkModule) {
+ $moduleInstance = Vtiger_Module_Model::getInstance($checkModule);
+ $permission = $userPrivilegesModel->hasModulePermission($moduleInstance->getId());
+ if(!$permission) {
+ $viewer->assign('MODULE', $primaryModule);
+ $viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
+ $viewer->view('OperationNotPermitted.tpl', $primaryModule);
+ exit;
+ }
+ }
$detailViewLinks = $detailViewModel->getDetailViewLinks();
diff --git a/modules/Reports/views/ExportReport.php b/modules/Reports/views/ExportReport.php
index f9e1431ceae30a0c460c9bbd382978f9d96ac9e2..997427fe11509e3c70cfabc8348378612bcae83c 100644
--- a/modules/Reports/views/ExportReport.php
+++ b/modules/Reports/views/ExportReport.php
@@ -45,6 +45,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
function GetXLS(Vtiger_Request $request) {
$recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId);
+ $this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter'));
$reportModel->getReportXLS($request->get('source'));
}
@@ -56,6 +57,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
function GetCSV(Vtiger_Request $request) {
$recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId);
+ $this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter'));
$reportModel->getReportCSV($request->get('source'));
}
@@ -70,6 +72,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
$recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId);
+ $this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter'));
$printData = $reportModel->getReportPrint();
@@ -81,4 +84,31 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
$viewer->view('PrintReport.tpl', $moduleName);
}
+
+ function checkReportModulePermission(Vtiger_Request $request){
+ $viewer = $this->getViewer($request);
+ $recordId = $request->get('record');
+ $reportModel = Reports_Record_Model::getInstanceById($recordId);
+ $primaryModule = $reportModel->getPrimaryModule();
+ $secondaryModules = $reportModel->getSecondaryModules();
+ $modulesList = array($primaryModule);
+ if(stripos($secondaryModules, ':') >= 0){
+ $secmodules = split(':', $secondaryModules);
+ $modulesList = array_merge($modulesList, $secmodules);
+ }else{
+ array_push($modulesList, $secondaryModules);
+ }
+ $currentUser = Users_Record_Model::getCurrentUserModel();
+ $userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
+ foreach ($modulesList as $checkModule) {
+ $moduleInstance = Vtiger_Module_Model::getInstance($checkModule);
+ $permission = $userPrivilegesModel->hasModulePermission($moduleInstance->getId());
+ if(!$permission) {
+ $viewer->assign('MODULE', $primaryModule);
+ $viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
+ $viewer->view('OperationNotPermitted.tpl', $primaryModule);
+ exit;
+ }
+ }
+ }
}
\ No newline at end of file