Skip to content
Snippets Groups Projects

Fixes#1147::Uma::User level access permission enabled on view file

Merged Fixes#1147::Uma::User level access permission enabled on view file
uma.s/vtigercrm:39751983_Security_access_any_record into master
Merged Uma requested to merge uma.s/vtigercrm:39751983_Security_access_any_record into master
Compare
and
+ 35
0
Compare changes
  • Side-by-side
  • Inline
Files
modules/Vtiger/views/ListViewQuickPreview.php
+ 18
0
@@ -15,6 +15,24 @@ class Vtiger_ListViewQuickPreview_View extends Vtiger_Index_View {
function __construct() {
parent::__construct();
}
function checkPermission(Vtiger_Request $request) {
$moduleName = $request->getModule();
$recordId = $request->get('record');
$recordPermission = Users_Privileges_Model::isPermitted($moduleName, 'DetailView', $recordId);
if(!$recordPermission) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
if ($recordId) {
$recordEntityName = getSalesEntityType($recordId);
if ($recordEntityName !== $moduleName) {
throw new AppException(vtranslate('LBL_PERMISSION_DENIED'));
}
}
return true;
}
function process(Vtiger_Request $request) {

Copyright 2023 Vtiger. All rights reserved.