[Vtigercrm-commits] [vtiger development] #63: Restricted user modifying record erases hidden fields
vtiger development
vtiger-tickets at vtiger.fosslabs.com
Sat Mar 18 10:13:27 EST 2006
#63: Restricted user modifying record erases hidden fields
-----------------------+----------------------------------------------------
Reporter: mikecrowe | Owner: developer
Type: defect | Status: new
Priority: critical | Milestone: 4.2.4
Component: vtigercrm | Version: 4.2.4rc3
Keywords: |
-----------------------+----------------------------------------------------
Thanks to Martin Hagelstrom for finding.
Situation:
Using Profiles, certain fields are hidden from certain roles
Mutual editing of records is allowed.
A Manager (profile A) has information in a contact (for example) which an
employee can't see
If an employee (profile B where that custom field is hidden) edits the
record, custom field is erased.
Solution:
CRMEntity.php must be modified to only load/save fields that the current
user has permission to modify
Code Changes:
{{{
#!php
function insertIntoEntityTable($table_name, $module)
{
// MWC -- Fix hidden field saving issue
global $profile_id;
(snip)
// MWC -- Fix hidden field saving issue
// $sql = "select * from field where tabid=" .
$tabid . " and tablename='" . $table_name . "' and displaytype in (1,3)";
$sql = "select * from field
inner join profile2field
on profile2field.fieldid=field.fieldid
inner join def_org_field
on def_org_field.fieldid=field.fieldid
where field.tabid=" . $tabid . "
and field.tablename='" .
$table_name . "'
and field.displaytype in
(1,3)
and
profile2field.visible=0
and
def_org_field.visible=0
and
profile2field.profileid=" . $profile_id . "
order by sequence";
}}}
'''Next Change: (I'm not sure this is needed, but good for consistency)'''
{{{
#!php
function retrieve_entity_info($record, $module)
{
// MWC -- Fix hidden field saving issue
global $profile_id;
(snip)
// MWC -- Fix hidden field saving issue
// $sql1 = "select * from field where tabid=" .
$tabid;
$sql1 = "select * from field
inner join profile2field
on profile2field.fieldid=field.fieldid
inner join def_org_field
on def_org_field.fieldid=field.fieldid
where field.tabid=" . $tabid . "
and
profile2field.visible=0
and
def_org_field.visible=0
and
profile2field.profileid=" . $profile_id . "
order by sequence";
}}}
--
Ticket URL: <http://vtiger.fosslabs.com/cgi-bin/trac.cgi/ticket/63>
vtiger development <http://vtiger.fosslabs.com/>
vtigerCRM
More information about the vtigercrm-commits
mailing list