Checkpermission addressed on Tickets, Helpdesh and Home modules

8a92b348 · Uma · 49a584cf · 8a92b348 · 8a92b348 · 8a92b348
Commit 8a92b348 authored 5 years ago by Uma
--- a/modules/HelpDesk/actions/ConvertFAQ.php
+++ b/modules/HelpDesk/actions/ConvertFAQ.php
@@ -10,14 +10,14 @@

 class HelpDesk_ConvertFAQ_Action extends Vtiger_Action_Controller {

-	public function checkPermission(Vtiger_Request $request) {
-		$recordPermission = Users_Privileges_Model::isPermitted('Faq', 'CreateView');
-
-		if(!$recordPermission) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+		$request->set('custom_module', 'Faq');
+		return $permissions;
 	}
-
+	
 	public function process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');

--- a/modules/Vtiger/views/DashBoard.php
+++ b/modules/Vtiger/views/DashBoard.php
@@ -12,13 +12,13 @@ class Vtiger_Dashboard_View extends Vtiger_Index_View {

 	protected static $selectable_dashboards;

-	function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		if(!Users_Privileges_Model::isPermitted($moduleName, $actionName)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+		$request->set('custom_module', 'Dashboard');
+		return $permissions;
 	}
-
+	
 	function preProcess(Vtiger_Request $request, $display=true) {
 		parent::preProcess($request, false);
 		$viewer = $this->getViewer($request);

--- a/modules/Vtiger/views/Index.php
+++ b/modules/Vtiger/views/Index.php
@@ -14,6 +14,12 @@ class Vtiger_Index_View extends Vtiger_Basic_View {
 		parent::__construct();
 	}

+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		return $permissions;
+	}
+	
 	public function preProcess (Vtiger_Request $request, $display=true) {
 		parent::preProcess($request, false);

@@ -22,17 +28,7 @@ class Vtiger_Index_View extends Vtiger_Basic_View {
 		$moduleName = $request->getModule();
 		if(!empty($moduleName)) {
 			$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
-			$currentUser = Users_Record_Model::getCurrentUserModel();
-			$userPrivilegesModel = Users_Privileges_Model::getInstanceById($currentUser->getId());
-			$permission = $userPrivilegesModel->hasModulePermission($moduleModel->getId());
 			$viewer->assign('MODULE', $moduleName);
-
-			if(!$permission) {
-				$viewer->assign('MESSAGE', vtranslate('LBL_PERMISSION_DENIED'));
-				$viewer->view('OperationNotPermitted.tpl', $moduleName);
-				exit;
-			}
-
 			$linkParams = array('MODULE'=>$moduleName, 'ACTION'=>$request->get('view'));
 			$linkModels = $moduleModel->getSideBarLinks($linkParams);


--- a/modules/Vtiger/views/MassActionAjax.php
+++ b/modules/Vtiger/views/MassActionAjax.php
@@ -19,6 +19,34 @@ class Vtiger_MassActionAjax_View extends Vtiger_IndexAjax_View {
 		$this->exposeMethod('transferOwnership');
 	}

+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$mode = $request->getMode();
+		$permissions[] = array('module_parameter' => 'module', 'action' => 'DetailView');
+		if(!empty($mode)) {
+			switch ($mode) {
+				case 'showMassEditForm':
+					$permissions[] = array('module_parameter' => 'module', 'action' => 'EditView');
+					break;
+				case 'showAddCommentForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+					$request->set('custom_module', 'ModComments');
+					break;
+				case 'showComposeEmailForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+					$request->set('custom_module', 'Emails');
+					break;
+				case 'showSendSMSForm':
+					$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'CreateView');
+					$request->set('custom_module', 'SMSNotifier');
+					break;
+				default:
+					break;
+			}
+		}
+		return $permissions;
+	}
+	
 	function process(Vtiger_Request $request) {
 		$mode = $request->get('mode');
 		if(!empty($mode)) {