Skip to content
Snippets Groups Projects
Commit df7fb381 authored by Prasad's avatar Prasad
Browse files

Merge branch '39806724_Security_Widgets_Generalized' into 'master' 

Fixes #1149 ::Uma::Widgets security access has been generalized

See merge request !364
parents c5eeedf0 45f89cbd
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/Vtiger/dashboards/CalendarActivities.php
+ 0
10
View file @ df7fb381
......@@ -9,16 +9,6 @@
*************************************************************************************/
class Vtiger_CalendarActivities_Dashboard extends Vtiger_IndexAjax_View {
function checkPermission(Vtiger_Request $request) {
$moduleName = 'Calendar';
$modulePermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView');
if(!$modulePermission) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
return true;
}
public function process(Vtiger_Request $request) {
$currentUser = Users_Record_Model::getCurrentUserModel();
......
modules/Vtiger/views/ShowWidget.php
+ 8
2
View file @ df7fb381
......@@ -53,9 +53,15 @@ class Vtiger_ShowWidget_View extends Vtiger_IndexAjax_View {
}
$request->set('createdtime', $dates);
$classInstance = new $className();
if($classInstance->checkPermission($request)){
if($componentName == 'CalendarActivities' || $componentName == 'OverdueActivities') {
$moduleName = 'Calendar';
}
$currentUserPrivilegeModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
if($currentUserPrivilegeModel->hasModulePermission(getTabid($moduleName)) && !Vtiger_Runtime::isRestricted('modules', $moduleName)){
$classInstance = new $className();
$classInstance->process($request, $widget);
}else{
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
return;
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.