Data Integrity Support
7.2 API Documentation
- New api checkPermission() and requiresPermission() added to product.
- Core api definition in includes/runtime/Controller.php
- Privilege will be set for user to perform any actions via profile and sharing access.
- requiresPermission holds the standard array of permissions to be verified for user to perform particular action.
- checkPermission verifies the defined permission against User Privileges model.
- Only on thumbs up from checkpermission, respective action will be performed.
- This api is supported for all action and view files.
requirePermission api() :
- Api returns multidimensional array.
- Each array consists of 3 key parameters respectively 'module_parameter', 'action' and 'record_parameter'.
- 'module_parameter' points to module on which permission need to be verified.
- 'action' points to action permission from profile,that the user need to bear to perform particular action.
- 'record_parameter' points to particular record id on which permission need to be verified. This takes care of sharing level access.
- Every newly added view or action file need to have this api, holding the permission to be verified.
checkPermission api() :
- Iterates through the array returned from requirePermission() api to verify the permission against logged in User Privilege model.
- Every newly added view or action file, Make sure the parent class has checkpermission() defined or your extending Vtiger_Action_Controller() class.
Previously this was addressed in models level, which led to slip many test-cases. To make sure no compromise on Data integrity above specified api is been added to all view and action files.