[Vtigercrm-commits] [vtiger-commits] r7561 - /vtigercrm/trunk/soap/thunderbirdplugin.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Tue Jun 27 05:07:48 EDT 2006 

Author: richie
Date: Tue Jun 27 03:07:44 2006
New Revision: 7561

Log:
added security check to 1 method alone

Modified:
    vtigercrm/trunk/soap/thunderbirdplugin.php

Modified: vtigercrm/trunk/soap/thunderbirdplugin.php
==============================================================================
--- vtigercrm/trunk/soap/thunderbirdplugin.php (original)
+++ vtigercrm/trunk/soap/thunderbirdplugin.php Tue Jun 27 03:07:44 2006
@@ -16,6 +16,7 @@
 
 $log = &LoggerManager::getLogger('thunderbirdplugin');
 
+$accessDenied = "You are not authorized for performing this action";
 $NAMESPACE = 'http://www.vtiger.com/vtigercrm/';
 $server = new soap_server;
 
@@ -50,38 +51,46 @@
 	
 	$date_sent = getDisplayDate($date_sent);
 
-	require_once('modules/Emails/Email.php');
-	
-	$email = new Email();
+	if(isPermitted("Emails","EditView") == "yes")
+	{
+		require_once('modules/Emails/Email.php');
 
-	$email_body = str_replace("'", "''", $email_body);
-	$email_subject = str_replace("'", "''", $email_subject);
-	
-	//fixed subject issue 9/6/05
-	$email->column_fields[activitytype]='Emails';
-	$email->column_fields[subject]=$email_subject;
-	$email->column_fields[assigned_user_id] = $user_id;
-	$email->column_fields[date_start] = $date_sent;
-	$email->column_fields[description]  = $email_body;
+		$email = new Email();
 
-	
-	// Save one copy of the email message
-	//$email->saveentity("Emails");
-	$email->save("Emails");
+		$email_body = str_replace("'", "''", $email_body);
+		$email_subject = str_replace("'", "''", $email_subject);
+
+		//fixed subject issue 9/6/05
+		$email->column_fields[activitytype]='Emails';
+		$email->column_fields[subject]=$email_subject;
+		$email->column_fields[assigned_user_id] = $user_id;
+		$email->column_fields[date_start] = $date_sent;
+		$email->column_fields[description]  = $email_body;
 
 
-	
-	// for each contact, add a link between the contact and the email message
-	$contact_id_list = explode(";", $contact_ids);
+		// Save one copy of the email message
+		//$email->saveentity("Emails");
+		$email->save("Emails");
 
-	foreach( $contact_id_list as $contact_id)
+
+
+		// for each contact, add a link between the contact and the email message
+		$contact_id_list = explode(";", $contact_ids);
+
+		foreach( $contact_id_list as $contact_id)
+		{
+			$email->set_emails_contact_invitee_relationship($email->id, $contact_id);
+			$email->set_emails_se_invitee_relationship($email->id,$contact_id);
+			}
+			$email->set_emails_user_invitee_relationship($email->id, $user_id);
+
+			return $email->id;
+	}
+	else
 	{
-		$email->set_emails_contact_invitee_relationship($email->id, $contact_id);
-		$email->set_emails_se_invitee_relationship($email->id,$contact_id);
+		return $accessDenied;
 	}
-	$email->set_emails_user_invitee_relationship($email->id, $user_id);
-	
-	return $email->id;
+
 }

More information about the vtigercrm-commits mailing list