CheckPermission handled on Events and Calendar core files

a6fbe719 · Uma · 5733a53e · a6fbe719 · a6fbe719 · a6fbe719
Commit a6fbe719 authored 5 years ago by Uma
--- a/modules/Calendar/models/DetailRecordStructure.php
+++ b/modules/Calendar/models/DetailRecordStructure.php
@@ -44,7 +44,7 @@ class Calendar_DetailRecordStructure_Model extends Vtiger_DetailRecordStructure_
                            $value = $recordModel->get($fieldName);
                            if(!$currentUsersModel->isAdminUser() && ($fieldModel->getFieldDataType() == 'picklist' || $fieldModel->getFieldDataType() == 'multipicklist')) {
                                $value = decode_html($value);
-                                $this->setupAccessiblePicklistValueList($fieldName);
+                                $this->setupAccessiblePicklistValueList($fieldModel);
                            } 
 							$fieldModel->set('fieldvalue', $value);
 						}

--- a/modules/Calendar/views/Detail.php
+++ b/modules/Calendar/views/Detail.php
@@ -14,11 +14,7 @@ class Calendar_Detail_View extends Vtiger_Detail_View {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');

-		$recordPermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $recordId);
-		if(!$recordPermission) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
-
+		parent::checkPermission($request);
 		if ($recordId) {
 			$activityModulesList = array('Calendar', 'Events');
 			$recordEntityName = getSalesEntityType($recordId);

--- a/modules/Calendar/views/Edit.php
+++ b/modules/Calendar/views/Edit.php
@@ -20,15 +20,7 @@ Class Calendar_Edit_View extends Vtiger_Edit_View {
 		$moduleName = $request->getModule();
 		$record = $request->get('record');

-		$actionName = 'CreateView';
-		if ($record && !$request->get('isDuplicate')) {
-			$actionName = 'EditView';
-		}
-
-		if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
-
+		parent::checkPermission($request);
 		if ($record) {
 			$activityModulesList = array('Calendar', 'Events');
 			$recordEntityName = getSalesEntityType($record);

--- a/modules/Calendar/views/QuickCreateAjax.php
+++ b/modules/Calendar/views/QuickCreateAjax.php
@@ -10,17 +10,16 @@

 class Calendar_QuickCreateAjax_View extends Vtiger_QuickCreateAjax_View {

-	public function checkPermission(Vtiger_Request $request) {
-		$moduleName = $request->getModule();
-		//Need to check record permission as Calendar view is using QuickCreateAjax to show edit form	
+	public function requiresPermission(\Vtiger_Request $request) {
+		$permissions = parent::requiresPermission($request);
 		$record = $request->get('record');
-
+		//Need to check record permission as Calendar view is using QuickCreateAjax to show edit form
 		$actionName = ($record) ? 'EditView' : 'CreateView';
-		if(!Users_Privileges_Model::isPermitted($moduleName, $actionName, $record)) {
-			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
-		}
+		
+		$permissions[] = array('module_parameter' => 'module', 'action' => $actionName, 'record_parameter' => 'record');
+		return $permissions;
 	}
-
+	
 	public function  process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();


--- a/modules/Events/views/Calendar.php
+++ b/modules/Events/views/Calendar.php
@@ -12,6 +12,17 @@
 // user continue working with Calendar when dropping from Event View.
 class Events_Calendar_View extends Vtiger_Index_View {
 	
+	public function requiresPermission(Vtiger_Request $request){
+		$permissions = parent::requiresPermission($request);
+		$permissions[] = array('module_parameter' => 'custom_module', 'action' => 'DetailView');
+		$request->set('custom_module', 'Calendar');
+		return $permissions;
+	}
+	
+	public function checkPermission(Vtiger_Request $request) {
+		return parent::checkPermission($request);
+	}
+	
 	public function preProcess(Vtiger_Request $request, $display = true) {}
 	public function postProcess(Vtiger_Request $request) {}
 	

--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -61,7 +61,8 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
 		$moduleName = $request->getModule();
 		$recordId = $request->get('record');

-		if ($recordId) {
+		$nonEntityModules = array('Users', 'Events', 'Calendar');
+		if ($recordId && !in_array($moduleName, $nonEntityModules)) {
 			$recordEntityName = getSalesEntityType($recordId);
 			if ($recordEntityName !== $moduleName) {
 				throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));

--- a/modules/Vtiger/views/Edit.php
+++ b/modules/Vtiger/views/Edit.php
@@ -29,7 +29,8 @@ Class Vtiger_Edit_View extends Vtiger_Index_View {
 		$moduleName = $request->getModule();
 		$record = $request->get('record');

-		if ($record) {
+		$nonEntityModules = array('Users', 'Events', 'Calendar');
+		if ($record && !in_array($moduleName, $nonEntityModules)) {
 			$recordEntityName = getSalesEntityType($record);
 			if ($recordEntityName !== $moduleName) {
 				throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));