can't copy address from accounts in quote if quotes module is private and user is non admin and does not have the administrator profile
The only privilege a user should have to copy the address from an account when creating a quote should be:
- Read access to the account.
- Read and Create quotes.
To reproduce the error:
- Make quotes private in sharing access.
- Login with a user who is not admin and who doesn't have the administrator profile (e.g. taking into account no modifications were made to permissions, choose Sales Manager)
- Create a quote and choose an account that already has an address.
- Try to copy from "Organization"
When retrieving the address, the action that's being used is Vtiger_GetData_Action
, whose requiresPermission
function returns:
Array
(
[0] => Array
(
[module_parameter] => module
[action] => DetailView
[record_parameter] => record
)
[1] => Array
(
[module_parameter] => source_module
[action] => DetailView
[record_parameter] => record
)
)
A typical request would look like this: module=Quotes&action=GetData&record=971&source_module=Accounts
Why would I need DetailView permission for the Quotes module for a recordid that belongs to an account ? In my opinion, the first permission should not be necessary.
By removing the first permission in the requiresPermission
function like so, this gets fixed:
public function requiresPermission(\Vtiger_Request $request) {
//$permissions = parent::requiresPermission($request);
$permissions[] = array('module_parameter' => 'source_module', 'action' => 'DetailView', 'record_parameter' => 'record');
return $permissions;
}
However I'm not sure if this is the "correct" solution.