From c39c1a554272d46ed3bf3338ad7e03a4358321c4 Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Thu, 1 Aug 2019 18:45:03 +0530
Subject: [PATCH] Check permission handled on Save.php on module passed

---
 modules/Vtiger/actions/Save.php | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index 4938e2d6a..6f15add13 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -12,10 +12,20 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
 
 	public function requiresPermission(\Vtiger_Request $request) {
 		$permissions = parent::requiresPermission($request);
+		$moduleParameter = $request->get('source_module');
+		if (!$moduleParameter) {
+			$moduleParameter = 'module';
+		}else{
+			$moduleParameter = 'source_module';
+		}
 		$record = $request->get('record');
+		if (!$record) {
+			$recordParameter = '';
+		}else{
+			$recordParameter = 'record';
+		}
 		$actionName = ($record) ? 'EditView' : 'CreateView';
-		$permissions[] = array('module_parameter' => 'module', 'action' => $actionName, 'record_parameter' => 'record');
-		$permissions[] = array('module_parameter' => 'module', 'action' => 'Save', 'record_parameter' => 'record');
+		$permissions[] = array('module_parameter' => $moduleParameter, 'action' => $actionName, 'record_parameter' => $recordParameter);
 		return $permissions;
 	}
 	
-- 
GitLab