[Vtigercrm-commits] [vtiger-commits] r4375 - in /vtigercrm/trunk: include/utils/UserInfoUtil.php modules/Dashboard/display_charts.php modules/Dashboard/language/en_us.lang.php

Tue Mar 21 09:56:16 EST 2006

Author: saraj
Date: Tue Mar 21 07:56:06 2006
New Revision: 4375

Log:
Changes made for dashboard security

Modified:
    vtigercrm/trunk/include/utils/UserInfoUtil.php
    vtigercrm/trunk/modules/Dashboard/display_charts.php
    vtigercrm/trunk/modules/Dashboard/language/en_us.lang.php

Modified: vtigercrm/trunk/include/utils/UserInfoUtil.php
==============================================================================

--- vtigercrm/trunk/include/utils/UserInfoUtil.php (original)
+++ vtigercrm/trunk/include/utils/UserInfoUtil.php Tue Mar 21 07:56:06 2006
@@ -3982,4 +3982,29 @@
 	$groupid = $adb->query_result($result,0,'groupid');
 	return $groupid;
 }
+
+/** Function to check permission to access a field for a given user
+  * @param $fld_module -- Module :: Type String
+  * @param $userid -- User Id :: Type integer
+  * @param $fieldname -- Field Name :: Type varchar
+  * @returns $rolename -- Role Name :: Type varchar
+  *
+ */
+function getFieldVisibilityPermission($fld_module, $userid, $fieldname)
+{
+	
+	global $adb;
+
+        //get profile list using userid
+	$profilelist = getCurrentUserProfileList();
+
+        //get tabid
+	$tabid = getTabid($fld_module);
+
+        $query="select profile2field.* from field inner join profile2field on profile2field.fieldid=field.fieldid inner join def_org_field on def_org_field.fieldid=field.fieldid where field.tabid=".$tabid." and profile2field.visible=0 and def_org_field.visible=0  and profile2field.profileid in".$profilelist." and field.fieldname='".$fieldname."' group by field.fieldid";
+	$result = $adb->query($query);
+	return $adb->query_result($result,"0","visible");
+
+}
+
 ?>

Modified: vtigercrm/trunk/modules/Dashboard/display_charts.php
==============================================================================
--- vtigercrm/trunk/modules/Dashboard/display_charts.php (original)
+++ vtigercrm/trunk/modules/Dashboard/display_charts.php Tue Mar 21 07:56:06 2006
@@ -88,7 +88,7 @@
           "ticketsbystatus" => "Tickets by status",
           "ticketsbypriority" => "Tickets by Priority",
           );
-
+/*
 if($type == "leadsource")
 {
      $graph_by="leadsource";
@@ -206,7 +206,7 @@
    $graph_title="Tickets by Priority";
    $module="HelpDesk";
 }
-                    
+  */                  
 function get_graph_by_type($graph_by,$graph_title,$module,$where,$query)
 {
 	global $user_id,$date_start,$end_date,$type;
@@ -445,7 +445,7 @@
 				<!--char goes here-->
 				<?php 
 				//Charts for Lead Source
-                    if($type == "leadsource")
+                    if(($type == "leadsource") && (getFieldVisibilityPermission('Leads',$user_id,'leadsource') == "0"))
                     {
                     	$graph_by="leadsource";
                     	$graph_title="Leads By Source";
@@ -455,6 +455,10 @@
                     	echo get_graph_by_type($graph_by,$graph_title,$module,$where,$query);
                     
                     }
+		    else
+		    {
+			echo $mod_strings['LBL_NO_PERMISSION_FIELD'];
+		    }
                     // To display the charts  for Lead status                   
                     if ($type == "leadstatus")
                     {

Modified: vtigercrm/trunk/modules/Dashboard/language/en_us.lang.php
==============================================================================
Binary files - no diff available.



