[Vtigercrm-commits] [vtiger-commits] r4298 - in /vtigercrm/trunk/modules/Reports: NewReport0.html NewReport0.php ReportRun.php Reports.php SaveAndRun.php language/en_us.lang.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Sun Mar 19 13:08:53 EST 2006
Author: saraj
Date: Sun Mar 19 11:08:44 2006
New Revision: 4298
Log:
Security added for reports
Modified:
vtigercrm/trunk/modules/Reports/NewReport0.html
vtigercrm/trunk/modules/Reports/NewReport0.php
vtigercrm/trunk/modules/Reports/ReportRun.php
vtigercrm/trunk/modules/Reports/Reports.php
vtigercrm/trunk/modules/Reports/SaveAndRun.php
vtigercrm/trunk/modules/Reports/language/en_us.lang.php
Modified: vtigercrm/trunk/modules/Reports/NewReport0.html
==============================================================================
--- vtigercrm/trunk/modules/Reports/NewReport0.html (original)
+++ vtigercrm/trunk/modules/Reports/NewReport0.html Sun Mar 19 11:08:44 2006
@@ -11,7 +11,21 @@
<!-- BEGIN: main -->
<html>
<head>
- <script language="javascript" type="text/javascript" src="modules/Reports/Report.js"></script>
+<script language="javascript" type="text/javascript" src="modules/Reports/Report.js"></script>
+<script language="javascript">
+function checkmodule()
+{
+ if(document.NewReport.primarymodule.value=='')
+ {
+ alert("{ERROR_MSG}");
+ return false;
+ }
+ else
+ {
+ return true;
+ }
+}
+</script>
</head>
<body>
<form name="NewReport" action="index.php">
@@ -45,7 +59,7 @@
</td>
</tr>
<tr>
- <td><br><input name="nextBtn" class="button" type="submit" value="{MOD.LBL_CONTINUE_BUTTON}" onClick="">
+ <td><br><input name="nextBtn" class="button" type="submit" value="{MOD.LBL_CONTINUE_BUTTON}" onClick="return checkmodule();">
<input name="cancel" class="button" type="button" value="{APP.LBL_CANCEL_BUTTON_LABEL}" onClick="document.location.href='?module=Reports&action=index'"></td>
</tr>
Modified: vtigercrm/trunk/modules/Reports/NewReport0.php
==============================================================================
--- vtigercrm/trunk/modules/Reports/NewReport0.php (original)
+++ vtigercrm/trunk/modules/Reports/NewReport0.php Sun Mar 19 11:08:44 2006
@@ -41,6 +41,7 @@
global $adb;
global $app_list_strings;
global $report_modules;
+ global $mod_strings;
$count_flag = 0;
foreach($app_list_strings['moduleList'] as $key=>$value)
@@ -60,7 +61,7 @@
}
if($count_flag == 0)
{
- $shtml .= "<option value=\"\">--None--</option>";
+ $shtml .= "<option value=\"\">".$mod_strings['LBL_NO_PERMISSION']."</option>";
}
return $shtml;
}
@@ -74,6 +75,7 @@
{
global $app_list_strings;
global $related_modules;
+ global $mod_strings;
foreach($related_modules as $key_module=>$rel_modules)
{
@@ -93,7 +95,7 @@
}
}
}
- $shtml .= $optionhtml."</select>";
+ $shtml .= $optionhtml."</select>";
}
}
@@ -108,6 +110,7 @@
$list_report_form->assign("PRIMARYMODULE",$primary_module_html);
$list_report_form->assign("RELATEDMODULES",$related_module_html);
$list_report_form->assign("IMAGE_PATH", $image_path);
+$list_report_form->assign("ERROR_MSG", $mod_strings['LBL_NO_PERMISSION']);
$list_report_form->parse("main");
$list_report_form->out("main");
?>
Modified: vtigercrm/trunk/modules/Reports/ReportRun.php
==============================================================================
--- vtigercrm/trunk/modules/Reports/ReportRun.php (original)
+++ vtigercrm/trunk/modules/Reports/ReportRun.php Sun Mar 19 11:08:44 2006
@@ -340,7 +340,6 @@
}
}
-
return $stdfilterlist;
}
Modified: vtigercrm/trunk/modules/Reports/Reports.php
==============================================================================
--- vtigercrm/trunk/modules/Reports/Reports.php (original)
+++ vtigercrm/trunk/modules/Reports/Reports.php Sun Mar 19 11:08:44 2006
@@ -10,6 +10,7 @@
********************************************************************************/
require_once('include/database/PearDatabase.php');
require_once('data/CRMEntity.php');
+require_once('include/utils/UserInfoUtil.php');
global $calpath;
global $app_strings,$mod_strings;
global $app_list_strings;
@@ -20,7 +21,9 @@
global $report_modules;
global $related_modules;
-
+global $profileList;
+
+$profileList = getCurrentUserProfileList();
$adv_filter_options = array("e"=>"equals",
"n"=>"not equal to",
"s"=>"starts with",
@@ -233,8 +236,8 @@
$count_flag = 0;
do
{
- if(isPermitted($report['primarymodule'],'index') == "yes" && (isPermitted($report['secondarymodules'],'index')== "yes" || $report['secondarymodules'] == ''))
- {
+ /* if(isPermitted($report['primarymodule'],'index') == "yes" && (isPermitted($report['secondarymodules'],'index')== "yes" || $report['secondarymodules'] == ''))
+ {*/
$count_flag = 1;
if ($rowcnt%2 == 0)
$srptdetails .= '<tr class="evenListRow">';
@@ -258,13 +261,13 @@
<td height="21" style="padding:0px 3px 0px 3px;">'.$report["description"].'</td>
</tr>';
$rowcnt++;
- }
+ // }
}while($report = $adb->fetch_array($result));
- if($count_flag == 0)
+ /* if($count_flag == 0)
{
$srptdetails .= "<tr><td colspan=3 align='center'>".$mod_strings['LBL_NO_PERMISSION']."</td></tr>";
}
-
+*/
$srptdetails .= '</table>
</td>
</tr>
@@ -349,12 +352,21 @@
function getColumnsListbyBlock($module,$block)
{
global $adb;
- global $log;
+ global $log;
+ global $profile_id;
+ global $profileList;
+
$tabid = getTabid($module);
- global $profile_id;
-
- $sql = "select * from field inner join profile2field on profile2field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.block in (".$block .") and field.displaytype in (1,2) and profile2field.visible=0 and profile2field.profileid=".$profile_id." order by sequence";
-
+
+ //Security Check
+ if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] ==0)
+ {
+ $sql = "select * from field inner join profile2field on profile2field.fieldid=field.fieldid inner join def_org_field on def_org_field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.block in (".$block .") and field.displaytype in (1,2) and profile2field.visible=0 and def_org_field.visible=0 and profile2field.profileid = ".$profile_id." order by sequence";
+ }
+ else
+ {
+ $sql = "select * from field inner join profile2field on profile2field.fieldid=field.fieldid inner join def_org_field on def_org_field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.block in (".$block .") and field.displaytype in (1,2) and profile2field.visible=0 and def_org_field.visible=0 and profile2field.profileid in ".$profileList." group by field.fieldid order by sequence";
+ }
$result = $adb->query($sql);
$noofrows = $adb->num_rows($result);
for($i=0; $i<$noofrows; $i++)
@@ -952,12 +964,19 @@
//retreive the tabid
global $adb;
global $log;
+ global $profileList;
$tabid = getTabid($module);
global $profile_id;
$escapedchars = Array('_SUM','_AVG','_MIN','_MAX');
- $ssql = "select * from field inner join tab on tab.tabid = field.tabid inner join profile2field on profile2field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.displaytype = 1 and profile2field.visible=0 and profile2field.profileid=".$profile_id." order by sequence";
-
+ if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] ==0)
+ {
+ $ssql = "select * from field inner join tab on tab.tabid = field.tabid inner join def_org_field on def_org_field.fieldid=field.fieldid inner join profile2field on profile2field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.displaytype = 1 and def_org_field.visible=0 and profile2field.visible=0 and profile2field.profileid=".$profile_id." order by sequence";
+ }
+ else
+ {
+ $ssql = "select * from field inner join tab on tab.tabid = field.tabid inner join def_org_field on def_org_field.fieldid=field.fieldid inner join profile2field on profile2field.fieldid=field.fieldid where field.uitype != 50 and field.tabid=".$tabid." and field.displaytype = 1 and def_org_field.visible=0 and profile2field.visible=0 and profile2field.profileid in ".$profileList." order by sequence";
+ }
$result = $adb->query($ssql);
$columntototalrow = $adb->fetch_array($result);
$n = 0;
Modified: vtigercrm/trunk/modules/Reports/SaveAndRun.php
==============================================================================
--- vtigercrm/trunk/modules/Reports/SaveAndRun.php (original)
+++ vtigercrm/trunk/modules/Reports/SaveAndRun.php Sun Mar 19 11:08:44 2006
@@ -41,13 +41,11 @@
$secondarymodule = $ogReport->secmodule;
$oReportRun = new ReportRun($reportid);
$filterlist = $oReportRun->RunTimeFilter($filtercolumn,$filter,$startdate,$enddate);
-//print_r($filterlist);
$sshtml = $oReportRun->GenerateReport("HTML",$filterlist);
$totalhtml = $oReportRun->GenerateReport("TOTALHTML",$filterlist);
-
+if(isPermitted($primarymodule,'index') == "yes" && (isPermitted($secondarymodule,'index')== "yes"))
+{
?>
-<html>
-<head>
<script language="JavaScript" type="text/javascript" src="include/js/general.js"></script>
<script type="text/javascript" language="JavaScript">
function goToURL( url )
@@ -55,8 +53,6 @@
document.location.href = url;
}
</script>
-</head>
-<body>
<?php
echo get_module_title($mod_strings['LBL_MODULE_NAME'], $ogReport->reportname, false);
?>
@@ -113,6 +109,10 @@
<input type="hidden" name="reportDesc"/>
<input type="hidden" name="folder"/>
</form>
-</body>
-</html>
<br>
+<?
+}
+else
+{
+ echo $mod_strings['LBL_NO_PERMISSION']." ".$primarymodule." ".$secondarymodule;
+}
Modified: vtigercrm/trunk/modules/Reports/language/en_us.lang.php
==============================================================================
--- vtigercrm/trunk/modules/Reports/language/en_us.lang.php (original)
+++ vtigercrm/trunk/modules/Reports/language/en_us.lang.php Sun Mar 19 11:08:44 2006
@@ -79,7 +79,7 @@
'LBL_EXPORTXL_BUTTON'=>'Export To Excel',
//Added for 5 Beta
-'LBL_NO_PERMISSION'=>'You are not permitted to view reports for this module',
+'LBL_NO_PERMISSION'=>'Your profile dosen\'t allow you view the reports for one of the module(s)',
);
More information about the vtigercrm-commits
mailing list