checkpermission added on Inventoty actions and Basic vtiger operations

5463f68d · Uma · 8a92b348 · 5463f68d · 5463f68d · 5463f68d
Commit 5463f68d authored 5 years ago by Uma
--- a/modules/Inventory/actions/ExportPDF.php
+++ b/modules/Inventory/actions/ExportPDF.php
@@ -10,15 +10,12 @@

 class Inventory_ExportPDF_Action extends Vtiger_Action_Controller {

-	public function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$recordId = $request->get('record');
-
-		if(!Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $recordId)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $moduleName));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');

--- a/modules/Inventory/actions/GetTaxes.php
+++ b/modules/Inventory/actions/GetTaxes.php
@@ -10,6 +10,12 @@

 class Inventory_GetTaxes_Action extends Vtiger_Action_Controller {

+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'sourceModule', 'action' => 'DetailView');
+		return $permissions;
+	}
+	
 	function process(Vtiger_Request $request) {
 		$decimalPlace = getCurrencyDecimalPlaces();
 		$currencyId = $request->get('currency_id');

--- a/modules/Vtiger/actions/BasicAjax.php
+++ b/modules/Vtiger/actions/BasicAjax.php
@@ -10,6 +10,16 @@

 class Vtiger_BasicAjax_Action extends Vtiger_Action_Controller {

+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		$permissions[] = array('module_parameter' => 'search_module', 'action' => 'DetailView');
+		if(!empty($request->get('parent_module'))){
+			$permissions[] = array('module_parameter' => 'parent_module', 'action' => 'DetailView');
+		}
+		return $permissions;
+	}
+	
 	public function process(Vtiger_Request $request) {
 		$searchValue = $request->get('search_value');
 		$searchModule = $request->get('search_module');

--- a/modules/Vtiger/actions/MassSave.php
+++ b/modules/Vtiger/actions/MassSave.php
@@ -10,16 +10,12 @@

 class Vtiger_MassSave_Action extends Vtiger_Mass_Action {

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-
-		if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Save')) {
-			throw new AppException(vtranslate($moduleName, $moduleName).' '.vtranslate('LBL_NOT_ACCESSIBLE'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$response = new Vtiger_Response();
 		try {