diff --git a/modules/Portal/actions/DeleteAjax.php b/modules/Portal/actions/DeleteAjax.php
index cc72a3fd051d7dced67a1b7e6ea1f469c4866b26..73ce6af6f3b3506b4df842837c5c90e6015d9115 100644
--- a/modules/Portal/actions/DeleteAjax.php
+++ b/modules/Portal/actions/DeleteAjax.php
@@ -10,14 +10,9 @@
class Portal_DeleteAjax_Action extends Vtiger_DeleteAjax_Action {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $record = $request->get('record');
-
- $currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPrivilegesModel->isPermitted($moduleName, 'Delete', $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
}
public function process(Vtiger_Request $request) {
diff --git a/modules/Portal/actions/MassDelete.php b/modules/Portal/actions/MassDelete.php
index a8269a503e0863de567daea7d4f2dbf0b146546c..f782678a124d26d0ac1ec86d9f4a49adb7f93213 100644
--- a/modules/Portal/actions/MassDelete.php
+++ b/modules/Portal/actions/MassDelete.php
@@ -10,16 +10,11 @@
class Portal_MassDelete_Action extends Vtiger_MassDelete_Action {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ return $permissions;
}
-
+
public function process(Vtiger_Request $request) {
$module = $request->getModule();
diff --git a/modules/Portal/actions/SaveAjax.php b/modules/Portal/actions/SaveAjax.php
index 45ac1603d0efcb480df90a2eac6561d85a764413..0f5466018175d9f22231270bdd52327a332a65b5 100644
--- a/modules/Portal/actions/SaveAjax.php
+++ b/modules/Portal/actions/SaveAjax.php
@@ -10,14 +10,19 @@
class Portal_SaveAjax_Action extends Vtiger_SaveAjax_Action {
- public function process(Vtiger_Request $request) {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
+ }
+
+ public function process(Vtiger_Request $request) {
$module = $request->getModule();
$recordId = $request->get('record');
$bookmarkName = $request->get('bookmarkName');
$bookmarkUrl = $request->get('bookmarkUrl');
Portal_Module_Model::saveRecord($recordId, $bookmarkName, $bookmarkUrl);
-
+
$response = new Vtiger_Response();
$result = array('message' => vtranslate('LBL_BOOKMARK_SAVED_SUCCESSFULLY', $module));
$response->setResult($result);
diff --git a/modules/Portal/views/Detail.php b/modules/Portal/views/Detail.php
index d13721063054078b33f8b5f016b08a6ebad0c2ae..32bb2f77d52da80361c07a9dbd7bf94b72831d71 100644
--- a/modules/Portal/views/Detail.php
+++ b/modules/Portal/views/Detail.php
@@ -10,6 +10,13 @@
class Portal_Detail_View extends Vtiger_Index_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+
+ return $permissions;
+ }
+
function preProcess(Vtiger_Request $request, $display=true) {
parent::preProcess($request);
}
diff --git a/modules/Portal/views/EditAjax.php b/modules/Portal/views/EditAjax.php
index 16b3652887df2b92c444b403ace0caccdd4c9f1c..8262115031eca239701949cfa0740928f35f64bb 100644
--- a/modules/Portal/views/EditAjax.php
+++ b/modules/Portal/views/EditAjax.php
@@ -10,6 +10,13 @@
class Portal_EditAjax_View extends Vtiger_IndexAjax_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+
+ return $permissions;
+ }
+
public function process(Vtiger_Request $request) {
$moduleName = $request->getModule();
$recordId = $request->get('record');
diff --git a/modules/Portal/views/List.php b/modules/Portal/views/List.php
index fbfb16c909ff50f46ad03ebdbcdaa2010f33b697..c7d52f07a5b4d5c6d2481b32e898569d6f44eb5e 100644
--- a/modules/Portal/views/List.php
+++ b/modules/Portal/views/List.php
@@ -10,6 +10,13 @@
class Portal_List_View extends Vtiger_Index_View {
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+
+ return $permissions;
+ }
+
function preProcess(Vtiger_Request $request, $display=true) {
parent::preProcess($request);
diff --git a/modules/Potentials/views/ConvertPotential.php b/modules/Potentials/views/ConvertPotential.php
index b84e271ad3370a380869aac380bc50e863e5de38..1b670b191eda73819955452141858cd5820de964 100644
--- a/modules/Potentials/views/ConvertPotential.php
+++ b/modules/Potentials/views/ConvertPotential.php
@@ -10,15 +10,13 @@
class Potentials_ConvertPotential_View extends Vtiger_Index_View {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
- $projectModuleModel = Vtiger_Module_Model::getInstance('Project');
-
- $currentUserModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserModel->hasModuleActionPermission($projectModuleModel->getId(), 'CreateView')) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+ $request->set('custom_module', 'Project');
+
+ return $permissions;
}
function process(Vtiger_Request $request) {
diff --git a/modules/Potentials/views/SaveConvertPotential.php b/modules/Potentials/views/SaveConvertPotential.php
index 1df540874d30954f3064cb992f3061b2191b7d65..096a66e0d2f4dca5e0d8ec9307d4bfc68278f29d 100644
--- a/modules/Potentials/views/SaveConvertPotential.php
+++ b/modules/Potentials/views/SaveConvertPotential.php
@@ -11,17 +11,15 @@ vimport('~~/include/Webservices/ConvertPotential.php');
class Potentials_SaveConvertPotential_View extends Vtiger_View_Controller {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
- $projectModuleModel = Vtiger_Module_Model::getInstance('Project');
-
- $currentUserModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserModel->hasModuleActionPermission($projectModuleModel->getId(), 'CreateView')) {
- throw new AppException(vtranslate('LBL_CREATE_PROJECT_PERMISSION_DENIED', $moduleName));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+ $request->set('custom_module', 'Project');
+
+ return $permissions;
}
-
+
public function process(Vtiger_Request $request) {
$recordId = $request->get('record');
$modules = $request->get('modules');
diff --git a/modules/PriceBooks/actions/ProductListPrice.php b/modules/PriceBooks/actions/ProductListPrice.php
index 978a227cc5f153e464003cc6f21e94595fb85c19..d3267bdb15112bde57e6d8633b51fc5adbb5e043 100644
--- a/modules/PriceBooks/actions/ProductListPrice.php
+++ b/modules/PriceBooks/actions/ProductListPrice.php
@@ -10,14 +10,11 @@
class PriceBooks_ProductListPrice_Action extends Vtiger_Action_Controller {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+
+ return $permissions;
}
function process(Vtiger_Request $request) {
diff --git a/modules/PriceBooks/actions/RelationAjax.php b/modules/PriceBooks/actions/RelationAjax.php
index 052b72ed5b94f4fcf22ee0f7f02a7730de3c1f80..d3f9add3791af133c30c71a9d9926b0e9b15a73e 100644
--- a/modules/PriceBooks/actions/RelationAjax.php
+++ b/modules/PriceBooks/actions/RelationAjax.php
@@ -17,6 +17,22 @@ class PriceBooks_RelationAjax_Action extends Vtiger_RelationAjax_Action {
return;
}
}
+
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $mode = $request->getMode();
+ if(!empty($mode)) {
+ switch ($mode) {
+ case 'addListPrice':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+ $permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+ break;
+ default:
+ break;
+ }
+ }
+ return $permissions;
+ }
/**
* Function adds PriceBooks-Products Relation
@@ -27,7 +43,6 @@ class PriceBooks_RelationAjax_Action extends Vtiger_RelationAjax_Action {
$sourceRecordId = $request->get('src_record');
$relatedModule = $request->get('related_module');
$relInfos = $request->get('relinfo');
- $relatedModule = $request->get('related_module');
$sourceModuleModel = Vtiger_Module_Model::getInstance($sourceModule);
$relatedModuleModel = Vtiger_Module_Model::getInstance($relatedModule);
diff --git a/modules/PriceBooks/views/ListPriceUpdate.php b/modules/PriceBooks/views/ListPriceUpdate.php
index c52d16e00d89bd24fe28fd8a5b66d39b1390a8b6..f0cd378451b515069e837d9f4113abfda919a1df 100644
--- a/modules/PriceBooks/views/ListPriceUpdate.php
+++ b/modules/PriceBooks/views/ListPriceUpdate.php
@@ -10,16 +10,15 @@
class PriceBooks_ListPriceUpdate_View extends Vtiger_View_Controller {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
+
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView', 'record_parameter' => 'record');
+
+ return $permissions;
}
-
+
function preProcess(Vtiger_Request $request, $display = true) {
}
diff --git a/modules/Products/actions/Mass.php b/modules/Products/actions/Mass.php
index 0ad55912ce19d3c366171adaf1914f61e240be85..a719c049878638d944e3c3dcadef79bc9ce11989 100644
--- a/modules/Products/actions/Mass.php
+++ b/modules/Products/actions/Mass.php
@@ -15,10 +15,12 @@ class Products_Mass_Action extends Vtiger_Mass_Action {
$this->exposeMethod('isChildProduct');
}
- public function checkPermission(Vtiger_Request $request) {
- return true;
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+ return $permissions;
}
-
+
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
if(!empty($mode)) {
diff --git a/modules/Products/actions/RelationAjax.php b/modules/Products/actions/RelationAjax.php
index a934c73341b8d0760767128a22517d17570195cc..12ef06febed53e770f5034c42e86a985aa6ff20c 100644
--- a/modules/Products/actions/RelationAjax.php
+++ b/modules/Products/actions/RelationAjax.php
@@ -18,6 +18,31 @@ class Products_RelationAjax_Action extends Vtiger_RelationAjax_Action {
$this->exposeMethod('changeBundleCost');
}
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $mode = $request->getMode();
+ if(!empty($mode)) {
+ switch ($mode) {
+ case 'addListPrice':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+ $permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+ break;
+ case 'updateShowBundles':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+ case 'updateQuantity':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'src_record');
+ $permissions[] = array('module_parameter' => 'related_module', 'action' => 'DetailView');
+ case 'changeBundleCost':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+ default:
+ break;
+ }
+ }
+ return $permissions;
+ }
+
/*
* Function to add relation for specified source record id and related record id list
* @param <array> $request
diff --git a/modules/Products/actions/SubProducts.php b/modules/Products/actions/SubProducts.php
index b62c686c5458b0a497daa4e10e6e39f0667e4c2b..ed3915b0b82bdba08030af251f9136c65b43f5dc 100644
--- a/modules/Products/actions/SubProducts.php
+++ b/modules/Products/actions/SubProducts.php
@@ -10,14 +10,10 @@
class Products_SubProducts_Action extends Vtiger_Action_Controller {
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
- }
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
}
function process(Vtiger_Request $request) {
diff --git a/modules/Products/views/Detail.php b/modules/Products/views/Detail.php
index 92a44a6fbdd139877e6a3244c51f252b52b299fa..56cfc130bce08c86c3f4bf110b17ce9b7778e57e 100644
--- a/modules/Products/views/Detail.php
+++ b/modules/Products/views/Detail.php
@@ -15,6 +15,20 @@ class Products_Detail_View extends Vtiger_Detail_View {
$this->exposeMethod('showBundleTotalCostView');
}
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $mode = $request->getMode();
+ if(!empty($mode)) {
+ switch ($mode) {
+ case 'showBundleTotalCostView':
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+ break;
+ }
+ }
+ return $permissions;
+ }
+
function preProcess(Vtiger_Request $request, $display = true) {
$recordId = $request->get('record');
$moduleName = $request->getModule();
diff --git a/modules/Products/views/MoreCurrenciesList.php b/modules/Products/views/MoreCurrenciesList.php
index 2720352cc3f26f9a37474bd13759f717dedd282d..f4716b0d4ddc52fda08accf7fe8dc4027ceb74d9 100644
--- a/modules/Products/views/MoreCurrenciesList.php
+++ b/modules/Products/views/MoreCurrenciesList.php
@@ -11,14 +11,13 @@
class Products_MoreCurrenciesList_View extends Vtiger_IndexAjax_View {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
$record = $request->get('record');
$actionName = ($record) ? 'EditView' : 'CreateView';
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ $permissions[] = array('module_parameter' => 'module', 'action' => $actionName, 'record_parameter' => 'record');
+ return $permissions;
}
public function process(Vtiger_Request $request) {
diff --git a/modules/Products/views/SubProductQuantityUpdate.php b/modules/Products/views/SubProductQuantityUpdate.php
index 4f3b36b2fd15cc3345807c24e429d90aebdaf859..740a4f97e7b915806f40972189b54f91a32ddfd3 100644
--- a/modules/Products/views/SubProductQuantityUpdate.php
+++ b/modules/Products/views/SubProductQuantityUpdate.php
@@ -10,14 +10,10 @@
class Products_SubProductQuantityUpdate_View extends Vtiger_View_Controller {
- public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if (!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate($moduleName, $moduleName) . ' ' . vtranslate('LBL_NOT_ACCESSIBLE'));
- }
+ public function requiresPermission(Vtiger_Request $request){
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
}
public function preProcess(Vtiger_Request $request, $display = true) {
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index d206947588cba2a2260bcf5beeca7b1beb8bed54..583bb1561bc0050228cd9114140985f0874f7435 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -35,7 +35,7 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
$moduleName = $request->getModule();
$record = $request->get('record');
- $nonEntityModules = array('Users', 'Events', 'Calendar');
+ $nonEntityModules = array('Users', 'Events', 'Calendar', 'Portal');
if ($record && !in_array($moduleName, $nonEntityModules)) {
$recordEntityName = getSalesEntityType($record);
if ($recordEntityName !== $moduleName) {
diff --git a/modules/Vtiger/actions/TagCloud.php b/modules/Vtiger/actions/TagCloud.php
index 860998bb62d0f27cad16909a13b19c6bb4578736..e1b7e12203fd8823dacef0512a7ea72695627f7e 100644
--- a/modules/Vtiger/actions/TagCloud.php
+++ b/modules/Vtiger/actions/TagCloud.php
@@ -24,10 +24,6 @@ class Vtiger_TagCloud_Action extends Vtiger_Mass_Action {
$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
return $permissions;
}
-
- function checkPermission(Vtiger_Request $request) {
- parent::checkPermission($request);
- }
public function process(Vtiger_Request $request) {
$mode = $request->getMode();
diff --git a/modules/Vtiger/views/Detail.php b/modules/Vtiger/views/Detail.php
index 1e120664a0d2279920992c9fb454b87cb7f57588..dfcdbef25eb51464cecf4b3c2d4c00775cb9a8fb 100644
--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -44,7 +44,7 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
break;
case 'showRelatedList':
case 'showRelatedRecords':
- $permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView');
+ $permissions[] = array('module_parameter' => 'relatedModule', 'action' => 'DetailView', 'record_parameter' => 'record');
break;
case 'getActivities':
$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');