related module permission will be checked before process trigger

c242b3db · Uma · 9b33d4f7 · c242b3db · c242b3db
Commit c242b3db authored 5 years ago by Uma
--- a/modules/Vtiger/views/Detail.php
+++ b/modules/Vtiger/views/Detail.php
@@ -514,9 +514,15 @@ class Vtiger_Detail_View extends Vtiger_Index_View {
 				$targetControllerClass = Vtiger_Loader::getComponentClassName('View', 'RelatedList', $moduleName);
 			}
 		}
+		global $log;
+		$log->fatal('Related list target class => ');
+		$log->fatal($targetControllerClass);
 		if($targetControllerClass) {
 			$targetController = new $targetControllerClass();
-			return $targetController->process($request);
+			if($targetController->checkPermission($request)){
+				$log->fatal('Entered check permission loop');
+				return $targetController->process($request);
+			}
 		}
 	}

--- a/modules/Vtiger/views/RelatedList.php
+++ b/modules/Vtiger/views/RelatedList.php
@@ -9,6 +9,17 @@
 *************************************************************************************/
 class Vtiger_RelatedList_View extends Vtiger_Index_View {
+	function checkPermission(Vtiger_Request $request) {
+		$relatedModuleName = $request->get('relatedModule');
+		$relatedModulePermission = Users_Privileges_Model::isPermitted($relatedModuleName, 'DetailView');
+		if(!$relatedModulePermission) {
+			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
+		}
+		return true;
+	}
 	function process(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
 		$relatedModuleName = $request->get('relatedModule');