diff --git a/modules/Accounts/actions/TransferOwnership.php b/modules/Accounts/actions/TransferOwnership.php
index da52b84442a858ba77d12df57830089f375fa886..1fa983429c79be623f5f3a8b2471eae12cc9b1b2 100644
--- a/modules/Accounts/actions/TransferOwnership.php
+++ b/modules/Accounts/actions/TransferOwnership.php
@@ -20,11 +20,10 @@ class Accounts_TransferOwnership_Action extends Vtiger_Action_Controller {
public function checkPermission(Vtiger_Request $request) {
parent::checkPermission($request);
- $permissions = $this->requiresPermission($request);
$recordIds = $this->getRecordIds($request);
foreach ($recordIds as $key => $recordId) {
$moduleName = getSalesEntityType($recordId);
- $permissionStatus = Users_Privileges_Model::isPermitted($moduleName, $permissions['action']);
+ $permissionStatus = Users_Privileges_Model::isPermitted($moduleName, 'EditView', $recordId);
if($permissionStatus){
$this->transferRecordIds[] = $recordId;
}
diff --git a/modules/Vtiger/views/ListViewQuickPreview.php b/modules/Vtiger/views/ListViewQuickPreview.php
index 04d3505216c8a873a7710d6168094e60682822fe..f68edf91276600293b4feac7dcf37731a3a22118 100644
--- a/modules/Vtiger/views/ListViewQuickPreview.php
+++ b/modules/Vtiger/views/ListViewQuickPreview.php
@@ -16,14 +16,17 @@ class Vtiger_ListViewQuickPreview_View extends Vtiger_Index_View {
parent::__construct();
}
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+ return $permissions;
+ }
+
function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$recordId = $request->get('record');
- $recordPermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $recordId);
- if(!$recordPermission) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
- }
+ parent::checkPermission($request);
if ($recordId) {
$recordEntityName = getSalesEntityType($recordId);
diff --git a/modules/Vtiger/views/MergeRecord.php b/modules/Vtiger/views/MergeRecord.php
index 3f5411b54dd85e3247bb5f1a71202619ddd63092..8e54908bca07bd272321c17ade134996ec4d6b16 100644
--- a/modules/Vtiger/views/MergeRecord.php
+++ b/modules/Vtiger/views/MergeRecord.php
@@ -9,29 +9,39 @@
**************************************************************************************/
class Vtiger_MergeRecord_View extends Vtiger_Popup_View {
+ var $mergeRecordIds = Array();
+
+ public function requiresPermission(\Vtiger_Request $request) {
+ $permissions = parent::requiresPermission($request);
+ $permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+ return $permissions;
+ }
public function checkPermission(Vtiger_Request $request) {
parent::checkPermission($request);
-
- $moduleName = $request->getModule();
- $actionName = 'EditView';
-
$records = $request->get('records');
$records = explode(',', $records);
foreach ($records as $record) {
- if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
- throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
+ $moduleName = getSalesEntityType($record);
+ $permissionStatus = Users_Privileges_Model::isPermitted($moduleName, 'EditView', $record);
+ if($permissionStatus){
+ $this->mergeRecordIds[] = $record;
+ }
+ if(empty($this->mergeRecordIds)){
+ throw new AppException(vtranslate('LBL_RECORD_PERMISSION_DENIED'));
}
}
+ return true;
}
function process(Vtiger_Request $request) {
- $records = $request->get('records');
- $records = explode(',', $records);
$module = $request->getModule();
$moduleModel = Vtiger_Module_Model::getInstance($module);
$fieldModels = $moduleModel->getFields();
+ if(!empty($this->mergeRecordIds)){
+ $records = $this->mergeRecordIds;
+ }
foreach($records as $record) {
$recordModels[] = Vtiger_Record_Model::getInstanceById($record);