Skip to content
Snippets Groups Projects

All report actions should check for module level profile permissions

Merged All report actions should check for module level profile permissions
uma.s/vtigercrm:Reports_moduleAccess_check into master
Merged Uma requested to merge uma.s/vtigercrm:Reports_moduleAccess_check into master

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
modules/Reports/views/ExportReport.php
81 84
82 85 $viewer->view('PrintReport.tpl', $moduleName);
83 86 }
87
88 function checkReportModulePermission(Vtiger_Request $request){
89 $viewer = $this->getViewer($request);
90 $recordId = $request->get('record');
91 $reportModel = Reports_Record_Model::getInstanceById($recordId);
92 $primaryModule = $reportModel->getPrimaryModule();
93 $secondaryModules = $reportModel->getSecondaryModules();
94 $modulesList = array($primaryModule);
95 if(stripos($secondaryModules, ':') >= 0){
96 $secmodules = split(':', $secondaryModules);
  • Alan Lord
    Alan Lord @lord_alan ·
    Contributor

    This is incorrect. If you have a report with no secondary module, this test passes as "0" also equates to false (which strpos returns). split is deprecated and should not be used; replace with explode.

Please register or sign in to reply

Copyright 2023 Vtiger. All rights reserved.