diff --git a/include/ListView/ListViewController.php b/include/ListView/ListViewController.php
index c496d13eb429bcd4e59bcf4118671fbf3ee06f16..a887223328296b4e965e3f438e3c5ae072261b48 100644
--- a/include/ListView/ListViewController.php
+++ b/include/ListView/ListViewController.php
@@ -283,7 +283,7 @@ class ListViewController {
$fileIdRes = $db->pquery($fileIdQuery,array($recordId));
$fileId = $db->query_result($fileIdRes,0,'attachmentsid');
if($fileName != '' && $status == 1) {
- if($downloadType == 'I' ) {
+ if($downloadType == 'I' && $fileId) {
$value = '<a href="index.php?module=Documents&action=DownloadFile&record='.$recordId.'&fileid='.$fileId.'"'.
' title="'. getTranslatedString('LBL_DOWNLOAD_FILE',$module).
'" >'.textlength_check($value).
@@ -291,7 +291,7 @@ class ListViewController {
} elseif($downloadType == 'E') {
$value = '<a onclick="event.stopPropagation()"'.
' href="'.$fileName.'" target="_blank"'.
- ' title="'. getTranslatedString('LBL_DOWNLOAD_FILE',$module).
+ ' title="'. getTranslatedString('LBL_DOWNLOAD_FILE',$module).
'" >'.textlength_check($value).
'</a>';
} else {
diff --git a/languages/en_us/Vtiger.php b/languages/en_us/Vtiger.php
index d1602d3a395ea59478ee190398bcba5834daf2bd..147fcf73f122f87e6c8ee308fe1176819e23061d 100644
--- a/languages/en_us/Vtiger.php
+++ b/languages/en_us/Vtiger.php
@@ -1387,6 +1387,7 @@ $languageStrings = array(
'LBL_RECENT_UPDATES' => 'Recent Updates',
'LBL_VIEW_UPDATES_IN_DETAIL' => 'Read More ...',
'LBL_DEFAULT_DASHBOARD_TOOLTIP'=>'Make this dashboard as default by reordering it as the first tab!',
+ 'LBL_RELATED_MODULES_PERMISSION_DENIED' => 'Related modules permission is denied',
'LBL_RECORD_PERMISSION_DENIED' => 'Record permissions denied',
);
diff --git a/modules/Vtiger/actions/DeleteImage.php b/modules/Vtiger/actions/DeleteImage.php
index 44e2bd7729050eda32def96848301cc3e6f465ca..3553de8f4e339091dca928291152c555f214ee0c 100644
--- a/modules/Vtiger/actions/DeleteImage.php
+++ b/modules/Vtiger/actions/DeleteImage.php
@@ -10,13 +10,15 @@
class Vtiger_DeleteImage_Action extends Vtiger_Action_Controller {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'Delete', 'record_parameter' => 'record');
+ return $permissions;
+ }
+
public function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $record = $request->get('id');
-
- if (!(Users_Privileges_Model::isPermitted($moduleName, 'EditView', $record) && Users_Privileges_Model::isPermitted($moduleName, 'Delete', $record))) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ parent::checkPermission($request);
}
public function process(Vtiger_Request $request) {
@@ -26,7 +28,7 @@ class Vtiger_DeleteImage_Action extends Vtiger_Action_Controller {
$response = new Vtiger_Response();
if ($recordId) {
- $recordModel = Vtiger_Record_Model::getInstanceById($recordId, $moduleModel);
+ $recordModel = Vtiger_Record_Model::getInstanceById($recordId, $moduleName);
$status = $recordModel->deleteImage($imageId);
if ($status) {
$response->setResult(array(vtranslate('LBL_IMAGE_DELETED_SUCCESSFULLY', $moduleName)));
diff --git a/modules/Vtiger/actions/ExportData.php b/modules/Vtiger/actions/ExportData.php
index 3d116b4b9f2ca3e693da11710e292151f6f598c5..721ef835a0dfc0faccb70136206b72317b7cfdf8 100644
--- a/modules/Vtiger/actions/ExportData.php
+++ b/modules/Vtiger/actions/ExportData.php
@@ -11,17 +11,15 @@
class Vtiger_ExportData_Action extends Vtiger_Mass_Action {
var $moduleCall = false;
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'Export');
+ $permissions[] = array('module_parameter' => 'source_module', 'action' => 'Export');
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $sourceModule = $request->get('source_module');
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
- $sourceModuleModel = Vtiger_Module_Model::getInstance($sourceModule);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Export') ||
- !$currentUserPriviligesModel->hasModuleActionPermission($sourceModuleModel->getId(), 'Export')) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ parent::checkPermission($request);
}
/**
diff --git a/modules/Vtiger/actions/RelatedRecordsAjax.php b/modules/Vtiger/actions/RelatedRecordsAjax.php
index ae927a9eaa28f99a90fb0510788991524ae1447b..a795095871ed58123bac6a088b64ee086d2f9f47 100644
--- a/modules/Vtiger/actions/RelatedRecordsAjax.php
+++ b/modules/Vtiger/actions/RelatedRecordsAjax.php
@@ -9,13 +9,33 @@
*************************************************************************************/
class Vtiger_RelatedRecordsAjax_Action extends Vtiger_Action_Controller {
-
+ var $relationModules = array();
function __construct() {
parent::__construct();
$this->exposeMethod('getRelatedRecordsCount');
}
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'recordId');
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
+ parent::checkPermission($request);
+ $parentModule = $request->get("module");
+ $parentModuleModel = Vtiger_Module_Model::getInstance($parentModule);
+ $relationModels = $parentModuleModel->getRelations();
+ foreach ($relationModels as $relation) {
+ $relatedModuleName = $relation->get('relatedModuleName');
+ $permissionStatus = Users_Privileges_Model::isPermitted($relatedModuleName, 'DetailView');
+ if($permissionStatus){
+ $this->relationModules[] = $relation;
+ }
+ }
+ if(empty($this->relationModules)){
+ throw new AppException(vtranslate('LBL_RELATED_MODULES_PERMISSION_DENIED'));
+ }
}
public function process(Vtiger_Request $request) {
@@ -35,7 +55,7 @@ class Vtiger_RelatedRecordsAjax_Action extends Vtiger_Action_Controller {
$parentModule = $request->get("module");
$parentModuleModel = Vtiger_Module_Model::getInstance($parentModule);
$parentRecordModel = Vtiger_Record_Model::getInstanceById($parentRecordId, $parentModuleModel);
- $relationModels = $parentModuleModel->getRelations();
+ $relationModels = $this->relationModules;
$relatedRecordsCount = array();
foreach ($relationModels as $relation) {
$relationId = $relation->getId();
diff --git a/modules/Vtiger/actions/TagCloud.php b/modules/Vtiger/actions/TagCloud.php
index 0c4bd299525bee5b381ae1c883cb49f61fc42a7a..860998bb62d0f27cad16909a13b19c6bb4578736 100644
--- a/modules/Vtiger/actions/TagCloud.php
+++ b/modules/Vtiger/actions/TagCloud.php
@@ -19,16 +19,14 @@ class Vtiger_TagCloud_Action extends Vtiger_Mass_Action {
$this->exposeMethod('remove');
}
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $userPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- $permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId());
- if(!$permission) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- return true;
+ parent::checkPermission($request);
}
public function process(Vtiger_Request $request) {
diff --git a/modules/Vtiger/views/ExportExtensionLog.php b/modules/Vtiger/views/ExportExtensionLog.php
index 50cf1abe961db3742b23d1d2ae0bd0555bd4ba65..0b71c03c29a63037e70e39e50df6ce0e008332f1 100644
--- a/modules/Vtiger/views/ExportExtensionLog.php
+++ b/modules/Vtiger/views/ExportExtensionLog.php
@@ -11,6 +11,16 @@ require_once 'modules/WSAPP/WSAPPLogs.php';
class Vtiger_ExportExtensionLog_View extends Vtiger_View_Controller {
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ $request->set('custom_module', 'WSAPP');
+ return $permissions;
+ }
+
+ public function checkPermission(Vtiger_Request $request) {
+ parent::checkPermission($request);
+ }
function preProcess(Vtiger_Request $request) {
return false;
}
@@ -19,15 +29,6 @@ class Vtiger_ExportExtensionLog_View extends Vtiger_View_Controller {
return false;
}
- function checkPermission(Vtiger_Request $request) {
- $moduleName = $request->getModule();
- $moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-
- $currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
- if (!$currentUserPriviligesModel->hasModulePermission($moduleModel->getId())) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
- }
/**
* Function to convert log details to user format
diff --git a/modules/Vtiger/views/ExtensionViews.php b/modules/Vtiger/views/ExtensionViews.php
index 3cda8aabef75c3c3adccaf5fa90a806fa6a046e1..26b2528e93a249ef156cebcc72edc777e857b552 100644
--- a/modules/Vtiger/views/ExtensionViews.php
+++ b/modules/Vtiger/views/ExtensionViews.php
@@ -16,6 +16,17 @@ class Vtiger_ExtensionViews_View extends Vtiger_Index_View {
$this->exposeMethod('showLogs');
$this->exposeMethod('showLogDetail');
}
+
+ function checkPermission(Vtiger_Request $request) {
+ parent::checkPermission($request);
+ }
+
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+ $request->set('custom_module', 'WSAPP');
+ return $permissions;
+ }
function process(Vtiger_Request $request) {
$mode = $request->get('mode');