Skip to content
Snippets Groups Projects
Commit 60c0c795 authored by Uma's avatar Uma
Browse files

Checkpermission addressed on Leads and Vtiger actions

parent 5a19b786
No related branches found
No related tags found
1 merge request!38838276053 check permission overall
......@@ -10,14 +10,17 @@
class Vtiger_Delete_Action extends Vtiger_Action_Controller {
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
$permissions[] = array('module_parameter' => 'module', 'action' => 'Delete', 'record_parameter' => 'record');
return $permissions;
}
function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$record = $request->get('record');
$currentUserPrivilegesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
if(!$currentUserPrivilegesModel->isPermitted($moduleName, 'Delete', $record)) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
parent::checkPermission($request);
if ($record) {
$recordEntityName = getSalesEntityType($record);
......
......@@ -10,16 +10,12 @@
class Vtiger_MassDelete_Action extends Vtiger_Mass_Action {
function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Delete')) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
public function requiresPermission(\Vtiger_Request $request) {
$permissions = parent::requiresPermission($request);
$permissions[] = array('module_parameter' => 'module', 'action' => 'Delete');
return $permissions;
}
function preProcess(Vtiger_Request $request) {
return true;
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment