Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • V vtigercrm
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 525
    • Issues 525
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 36
    • Merge requests 36
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar

Welcome to Vtiger Community. To gain access for account, please contact [ community @ vtiger.com ]

  • vtiger
  • vtigercrm
  • Issues
  • #1203
Closed
Open
Issue created Nov 12, 2019 by Uma@uma.sMaintainer

Data Integrity Support

7.2 API Documentation

  1. New api checkPermission() and requiresPermission() added to product.
  2. Core api definition in includes/runtime/Controller.php
  3. Privilege will be set for user to perform any actions via profile and sharing access.
  4. requiresPermission holds the standard array of permissions to be verified for user to perform particular action.
  5. checkPermission verifies the defined permission against User Privileges model.
  6. Only on thumbs up from checkpermission, respective action will be performed.
  7. This api is supported for all action and view files.

requirePermission api() :

  1. Api returns multidimensional array.
  2. Each array consists of 3 key parameters respectively 'module_parameter', 'action' and 'record_parameter'.
  3. 'module_parameter' points to module on which permission need to be verified.
  4. 'action' points to action permission from profile,that the user need to bear to perform particular action.
  5. 'record_parameter' points to particular record id on which permission need to be verified. This takes care of sharing level access.
  6. Every newly added view or action file need to have this api, holding the permission to be verified.

checkPermission api() :

  1. Iterates through the array returned from requirePermission() api to verify the permission against logged in User Privilege model.
  2. Every newly added view or action file, Make sure the parent class has checkpermission() defined or your extending Vtiger_Action_Controller() class.

Examples:

  • modules/Vtiger/actions/Save.php
  • modules/Vtiger/views/Edit.php

Previously this was addressed in models level, which led to slip many test-cases. To make sure no compromise on Data integrity above specified api is been added to all view and action files.

Assignee
Assign to
Time tracking

Copyright 2023 Vtiger. All rights reserved.