From e8d5190b6ddacbc03d9531af758311076536712d Mon Sep 17 00:00:00 2001
From: Uma S <uma.s@vtiger.com>
Date: Fri, 19 Jul 2019 17:20:37 +0530
Subject: [PATCH] Export operation should check for both module and source
 module profile levelpermission

---
 modules/Vtiger/actions/ExportData.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/Vtiger/actions/ExportData.php b/modules/Vtiger/actions/ExportData.php
index 648a9e20d..8bbb63b36 100644
--- a/modules/Vtiger/actions/ExportData.php
+++ b/modules/Vtiger/actions/ExportData.php
@@ -12,10 +12,13 @@ class Vtiger_ExportData_Action extends Vtiger_Mass_Action {
 
 	function checkPermission(Vtiger_Request $request) {
 		$moduleName = $request->getModule();
+		$sourceModule = $request->get('source_module');
 		$moduleModel = Vtiger_Module_Model::getInstance($moduleName);
+		$sourceModuleModel = Vtiger_Module_Model::getInstance($sourceModule);
 
 		$currentUserPriviligesModel = Users_Privileges_Model::getCurrentUserPrivilegesModel();
-		if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Export')) {
+		if(!$currentUserPriviligesModel->hasModuleActionPermission($moduleModel->getId(), 'Export') || 
+		  !$currentUserPriviligesModel->hasModuleActionPermission($sourceModuleModel->getId(), 'Export')) {
 			throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
 		}
 	}
-- 
GitLab