[Vtigercrm-commits] [vtiger-commits] r6675 - /vtigercrm/trunk/modules/Users/updateLeadDBStatus.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Mon May 29 08:15:55 EDT 2006
Author: saraj
Date: Mon May 29 06:15:52 2006
New Revision: 6675
Log:
Added record level security for change owner/status for all modules - ahmed
Modified:
vtigercrm/trunk/modules/Users/updateLeadDBStatus.php
Modified: vtigercrm/trunk/modules/Users/updateLeadDBStatus.php
==============================================================================
--- vtigercrm/trunk/modules/Users/updateLeadDBStatus.php (original)
+++ vtigercrm/trunk/modules/Users/updateLeadDBStatus.php Mon May 29 06:15:52 2006
@@ -10,8 +10,8 @@
*
********************************************************************************/
-
require_once('include/database/PearDatabase.php');
+require_once('include/utils/utils.php');
$idlist= $_REQUEST['idlist'];
$leadstatusval = $_REQUEST['leadval'];
@@ -22,14 +22,23 @@
global $adb;
$storearray = explode(";",$idlist);
+$ids_list = array();
+
$date_var = date('YmdHis');
if(isset($_REQUEST['user_id']) && $_REQUEST['user_id']!='')
{
foreach($storearray as $id)
{
- if($id != '') {
- $sql = "update crmentity set modifiedby=".$current_user->id.",smownerid='" .$idval ."', modifiedtime=".$adb->formatString("crmentity","modifiedtime",$date_var)." where crmid='" .$id."'";
- $result = $adb->query($sql);
+ if(isPermitted($return_module,'EditView',$id) == 'yes')
+ {
+ if($id != '') {
+ $sql = "update crmentity set modifiedby=".$current_user->id.",smownerid='" .$idval ."', modifiedtime=".$adb->formatString("crmentity","modifiedtime",$date_var)." where crmid='" .$id."'";
+ $result = $adb->query($sql);
+ }
+ }
+ else
+ {
+ $ids_list[] = $id;
}
}
}
@@ -37,14 +46,30 @@
{
foreach($storearray as $id)
{
- if($id != '') {
- $sql = "update leaddetails set leadstatus='" .$leadstatusval ."' where leadid='" .$id."'";
- $result = $adb->query($sql);
- $query = "update crmentity set modifiedby=".$current_user->id.",modifiedtime=".$adb->formatString("crmentity","modifiedtime",$date_var)." where crmid=".$id;
- $result1 = $adb->query($query);
+ if(isPermitted($return_module,'EditView',$id) == 'yes')
+ {
+ if($id != '') {
+ $sql = "update leaddetails set leadstatus='" .$leadstatusval ."' where leadid='" .$id."'";
+ $result = $adb->query($sql);
+ $query = "update crmentity set modifiedby=".$current_user->id.",modifiedtime=".$adb->formatString("crmentity","modifiedtime",$date_var)." where crmid=".$id;
+ $result1 = $adb->query($query);
+ }
}
+ else
+ {
+ $ids_list[] = $id;
+ }
+
}
}
-header("Location: index.php?module=$return_module&action=".$return_module."Ajax&file=ListView&ajax=changestate&viewname=".$viewid);
+$ret_owner = getEntityName($return_module,$ids_list);
+if(count($ret_owner) > 0)
+{
+ $errormsg = implode(',',$ret_owner);
+}else
+{
+ $errormsg = '';
+}
+
+header("Location: index.php?module=$return_module&action=".$return_module."Ajax&file=ListView&ajax=changestate&viewname=".$viewid."&errormsg=".$errormsg);
?>
-
More information about the vtigercrm-commits
mailing list