Skip to content
Snippets Groups Projects
Commit 191d75ee authored by Prasad's avatar Prasad
Browse files

Merge branch 'Reports_moduleAccess_check' into 'master' 

All report actions should check for module level profile permissions

See merge request !419
parents c1be88aa addf63d3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/Reports/views/Detail.php
+ 17
9
View file @ 191d75ee
...@@ -65,17 +65,25 @@ class Reports_Detail_View extends Vtiger_Index_View { ...@@ -65,17 +65,25 @@ class Reports_Detail_View extends Vtiger_Index_View {
$primaryModule = $reportModel->getPrimaryModule(); $primaryModule = $reportModel->getPrimaryModule();
$secondaryModules = $reportModel->getSecondaryModules(); $secondaryModules = $reportModel->getSecondaryModules();
$primaryModuleModel = Vtiger_Module_Model::getInstance($primaryModule); $modulesList = array($primaryModule);
if(stripos($secondaryModules, ':') >= 0){
$secmodules = split(':', $secondaryModules);
$modulesList = array_merge($modulesList, $secmodules);
}else{
array_push($modulesList, $secondaryModules);
}
$currentUser = Users_Record_Model::getCurrentUserModel(); $currentUser = Users_Record_Model::getCurrentUserModel();
$userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId()); $userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
$permission = $userPrivilegesModel->hasModulePermission($primaryModuleModel->getId()); foreach ($modulesList as $checkModule) {
if(!$permission) { $moduleInstance = Vtiger_Module_Model::getInstance($checkModule);
$viewer->assign('MODULE', $primaryModule); $permission = $userPrivilegesModel->hasModulePermission($moduleInstance->getId());
$viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED')); if(!$permission) {
$viewer->view('OperationNotPermitted.tpl', $primaryModule); $viewer->assign('MODULE', $primaryModule);
exit; $viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
} $viewer->view('OperationNotPermitted.tpl', $primaryModule);
exit;
}
}
$detailViewLinks = $detailViewModel->getDetailViewLinks(); $detailViewLinks = $detailViewModel->getDetailViewLinks();
......
modules/Reports/views/ExportReport.php
+ 30
0
View file @ 191d75ee
...@@ -45,6 +45,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller { ...@@ -45,6 +45,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
function GetXLS(Vtiger_Request $request) { function GetXLS(Vtiger_Request $request) {
$recordId = $request->get('record'); $recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId); $reportModel = Reports_Record_Model::getInstanceById($recordId);
$this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter')); $reportModel->set('advancedFilter', $request->get('advanced_filter'));
$reportModel->getReportXLS($request->get('source')); $reportModel->getReportXLS($request->get('source'));
} }
...@@ -56,6 +57,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller { ...@@ -56,6 +57,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
function GetCSV(Vtiger_Request $request) { function GetCSV(Vtiger_Request $request) {
$recordId = $request->get('record'); $recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId); $reportModel = Reports_Record_Model::getInstanceById($recordId);
$this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter')); $reportModel->set('advancedFilter', $request->get('advanced_filter'));
$reportModel->getReportCSV($request->get('source')); $reportModel->getReportCSV($request->get('source'));
} }
...@@ -70,6 +72,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller { ...@@ -70,6 +72,7 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
$recordId = $request->get('record'); $recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId); $reportModel = Reports_Record_Model::getInstanceById($recordId);
$this->checkReportModulePermission($request);
$reportModel->set('advancedFilter', $request->get('advanced_filter')); $reportModel->set('advancedFilter', $request->get('advanced_filter'));
$printData = $reportModel->getReportPrint(); $printData = $reportModel->getReportPrint();
...@@ -81,4 +84,31 @@ class Reports_ExportReport_View extends Vtiger_View_Controller { ...@@ -81,4 +84,31 @@ class Reports_ExportReport_View extends Vtiger_View_Controller {
$viewer->view('PrintReport.tpl', $moduleName); $viewer->view('PrintReport.tpl', $moduleName);
} }
function checkReportModulePermission(Vtiger_Request $request){
$viewer = $this->getViewer($request);
$recordId = $request->get('record');
$reportModel = Reports_Record_Model::getInstanceById($recordId);
$primaryModule = $reportModel->getPrimaryModule();
$secondaryModules = $reportModel->getSecondaryModules();
$modulesList = array($primaryModule);
if(stripos($secondaryModules, ':') >= 0){
$secmodules = split(':', $secondaryModules);
$modulesList = array_merge($modulesList, $secmodules);
}else{
array_push($modulesList, $secondaryModules);
}
$currentUser = Users_Record_Model::getCurrentUserModel();
$userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
foreach ($modulesList as $checkModule) {
$moduleInstance = Vtiger_Module_Model::getInstance($checkModule);
$permission = $userPrivilegesModel->hasModulePermission($moduleInstance->getId());
if(!$permission) {
$viewer->assign('MODULE', $primaryModule);
$viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
$viewer->view('OperationNotPermitted.tpl', $primaryModule);
exit;
}
}
}
} }
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.