diff --git a/modules/Calendar/actions/SaveAjax.php b/modules/Calendar/actions/SaveAjax.php
index 8cb299e75c3069b38e65d448dd6625716b112f2e..a82692ec96b3d793cff64bdd4fdc4a5899c4a88e 100644
--- a/modules/Calendar/actions/SaveAjax.php
+++ b/modules/Calendar/actions/SaveAjax.php
@@ -13,19 +13,8 @@ class Calendar_SaveAjax_Action extends Vtiger_SaveAjax_Action {
public function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$record = $request->get('record');
-
- // Child class permission check support - DragDropAjax
- $recordId = $request->get('id');
-
- $actionName = ($record || $recordId) ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
- if(!Users_Privileges_Model::isPermitted($moduleName, 'Save', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
+
+ parent::checkPermission($request);
if ($record) {
$activityModulesList = array('Calendar', 'Events');
$recordEntityName = getSalesEntityType($record);
diff --git a/modules/Events/actions/SaveAjax.php b/modules/Events/actions/SaveAjax.php
index 79d950f708752539178848cbfdd61eead16f6753..f6bd8e50cd9b16c42e2bc9ee9ccb479f4c1944fa 100644
--- a/modules/Events/actions/SaveAjax.php
+++ b/modules/Events/actions/SaveAjax.php
@@ -10,29 +10,6 @@
class Events_SaveAjax_Action extends Events_Save_Action {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $record = $request->get('record');
-
- $actionName = ($record) ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
- if(!Users_Privileges_Model::isPermitted($moduleName, 'Save', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
- if ($record) {
- $activityModulesList = array('Calendar', 'Events');
- $recordEntityName = getSalesEntityType($record);
-
- if (!in_array($recordEntityName, $activityModulesList) || !in_array($moduleName, $activityModulesList)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- }
- }
-
public function process(Vtiger_Request $request) {
$response = new Vtiger_Response();
try {
diff --git a/modules/Portal/actions/SaveAjax.php b/modules/Portal/actions/SaveAjax.php
index 2bdd5be0004488f0b8c916422b3fa67f0faad5b8..45ac1603d0efcb480df90a2eac6561d85a764413 100644
--- a/modules/Portal/actions/SaveAjax.php
+++ b/modules/Portal/actions/SaveAjax.php
@@ -10,20 +10,6 @@
class Portal_SaveAjax_Action extends Vtiger_SaveAjax_Action {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $record = $request->get('record');
-
- $actionName = ($record) ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
-
- if(!Users_Privileges_Model::isPermitted($moduleName, 'Save', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- }
-
public function process(Vtiger_Request $request) {
$module = $request->getModule();
$recordId = $request->get('record');
diff --git a/modules/Settings/CronTasks/actions/SaveAjax.php b/modules/Settings/CronTasks/actions/SaveAjax.php
index 2d1fa34da1bbc9a2ed6ead62bf11e2b43a323ea2..c70b714c5036458b8b909b4ffd59c21779f4f6d5 100644
--- a/modules/Settings/CronTasks/actions/SaveAjax.php
+++ b/modules/Settings/CronTasks/actions/SaveAjax.php
@@ -17,6 +17,7 @@ class Settings_CronTasks_SaveAjax_Action extends Settings_Vtiger_Index_Action {
if(!$recordId) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
+ return true;
}
public function process(Vtiger_Request $request) {
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index f2b4b4bcdaaf3a8e98b3613a0c2a3fd65c9fba7b..d206947588cba2a2260bcf5beeca7b1beb8bed54 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -19,12 +19,14 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
$moduleParameter = 'source_module';
}
$record = $request->get('record');
+ // Child class permission check support - DragDropAjax
+ $recordId = $request->get('id');
if (!$record) {
$recordParameter = '';
}else{
$recordParameter = 'record';
}
- $actionName = ($record) ? 'EditView' : 'CreateView';
+ $actionName = ($record || $recordId) ? 'EditView' : 'CreateView';
$permissions[] = array('module_parameter' => $moduleParameter, 'action' => $actionName, 'record_parameter' => $recordParameter);
return $permissions;
}
diff --git a/modules/Vtiger/views/Detail.php b/modules/Vtiger/views/Detail.php
index a512ea1a3ca537f59a7c5d82367354e76559816e..6a75d8b7c8ff014a9678cd977ddf48269ca8ddbf 100644
--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -50,6 +50,7 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
$request->set('custom_module', 'Calendar');
break;
default:
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
break;
}
}
diff --git a/modules/Vtiger/views/QuickCreateAjax.php b/modules/Vtiger/views/QuickCreateAjax.php
index 6b3dda04892af785fb6f450a65e966f79f34c366..742d952c5344fb6614289bbfa281d90286d67cd2 100644
--- a/modules/Vtiger/views/QuickCreateAjax.php
+++ b/modules/Vtiger/views/QuickCreateAjax.php
@@ -10,12 +10,14 @@
class Vtiger_QuickCreateAjax_View extends Vtiger_IndexAjax_View {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'CreateView');
+ return $permissions;
+ }
public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
-
- if (!(Users_Privileges_Model::isPermitted($moduleName, 'CreateView'))) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
- }
+ return parent::checkPermission($request);
}
public function process(Vtiger_Request $request) {