Widgets security access has been generalized

45f89cbd · Uma · c5eeedf0 · 45f89cbd · 45f89cbd
Commit 45f89cbd authored 5 years ago by Uma
--- a/modules/Vtiger/dashboards/CalendarActivities.php
+++ b/modules/Vtiger/dashboards/CalendarActivities.php
@@ -9,16 +9,6 @@
 *************************************************************************************/
 class Vtiger_CalendarActivities_Dashboard extends Vtiger_IndexAjax_View {
-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = 'Calendar';
-		$modulePermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView');
-		if(!$modulePermission) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
-		return true;
-	}
 	public function process(Vtiger_Request $request) {
 		$currentUser = Users_Record_Model::getCurrentUserModel();

--- a/modules/Vtiger/views/ShowWidget.php
+++ b/modules/Vtiger/views/ShowWidget.php
@@ -53,9 +53,15 @@ class Vtiger_ShowWidget_View extends Vtiger_IndexAjax_View {
 				}
 				$request->set('createdtime', $dates);
-				$classInstance = new $className();
+				if($componentName == 'CalendarActivities' || $componentName == 'OverdueActivities') {
-				if($classInstance->checkPermission($request)){
+					$moduleName = 'Calendar';
+				}
+				$currentUserPrivilegeModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
+				if($currentUserPrivilegeModel->hasModulePermission(getTabid($moduleName)) && !Vtiger_Runtime::isRestricted('modules', $moduleName)){
+					$classInstance = new $className();
 					$classInstance->process($request, $widget);
+				}else{
+					throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
 				}
 				return;
 			}