[Vtigercrm-commits] [vtiger-commits] r9869 - in /vtigercrm/branches/5.0.3/modules/Calendar: CalendarCommon.php EditView.php addEventUI.php calendar_share.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Tue Nov 21 04:47:47 EST 2006 

Author: richie
Date: Tue Nov 21 02:47:40 2006
New Revision: 9869

Log:
security check added for users list while sharing

Modified:
    vtigercrm/branches/5.0.3/modules/Calendar/CalendarCommon.php
    vtigercrm/branches/5.0.3/modules/Calendar/EditView.php
    vtigercrm/branches/5.0.3/modules/Calendar/addEventUI.php
    vtigercrm/branches/5.0.3/modules/Calendar/calendar_share.php

Modified: vtigercrm/branches/5.0.3/modules/Calendar/CalendarCommon.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Calendar/CalendarCommon.php (original)
+++ vtigercrm/branches/5.0.3/modules/Calendar/CalendarCommon.php Tue Nov 21 02:47:40 2006
@@ -54,18 +54,13 @@
 /**
  * To get userid and username of all vtiger_users except the current user
  * @param $id -- The user id :: Type integer
- * @param $check -- true/false :: Type boolean
  * @returns $user_details -- Array in the following format:
  * $user_details=Array($userid1=>$username, $userid2=>$username,............,$useridn=>$username);
  */
-function getOtherUserName($id,$check)
-{
-	global $adb,$current_user;
-	require('user_privileges/user_privileges_'.$current_user->id.'.php');
-	require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+function getOtherUserName($id)
+{
+	global $adb;
 	$user_details=Array();
-	if($check)
-	{
 		$query="select * from vtiger_users where deleted=0 and status='Active' and id!=".$id;
 		$result = $adb->query($query);
 		$num_rows=$adb->num_rows($result);
@@ -75,10 +70,23 @@
 			$username=$adb->query_result($result,$i,'user_name');
 			$user_details[$userid]=$username;
 		}
-
-	}
-	else
-	{
+		return $user_details;
+}
+
+/**
+ * To get userid and username of vtiger_users in hierarchy level
+ * @param $id -- The user id :: Type integer
+ * @returns $user_details -- Array in the following format:
+ * $user_details=Array($userid1=>$username, $userid2=>$username,............,$useridn=>$username);
+ */
+
+function getSharingUserName($id)
+{
+	global $adb,$current_user;
+        require('user_privileges/user_privileges_'.$current_user->id.'.php');
+        require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+        $user_details=Array();
+
 		if($is_admin==false && $profileGlobalPermission[2] == 1 && ($defaultOrgSharingPermission[getTabid('Calendar')] == 3 or $defaultOrgSharingPermission[getTabid('Calendar')] == 0))
 		{
 			$user_details = get_user_array(FALSE, "Active", $id, 'private');
@@ -89,7 +97,6 @@
 			$user_details = get_user_array(FALSE, "Active", $id);
 			unset($user_details[$id]);
 		}
-	}
 	return $user_details;
 }
 

Modified: vtigercrm/branches/5.0.3/modules/Calendar/EditView.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Calendar/EditView.php (original)
+++ vtigercrm/branches/5.0.3/modules/Calendar/EditView.php Tue Nov 21 02:47:40 2006
@@ -127,7 +127,7 @@
 	$focus->id = "";
     	$focus->mode = ''; 	
 }
-$userDetails=getOtherUserName($current_user->id,true);
+$userDetails=getOtherUserName($current_user->id);
 //echo '<pre>';print_r($userDetails);echo '</pre>';
 $to_email = getUserEmailId('id',$current_user->id);
 $smarty->assign("CURRENTUSERID",$current_user->id);

Modified: vtigercrm/branches/5.0.3/modules/Calendar/addEventUI.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Calendar/addEventUI.php (original)
+++ vtigercrm/branches/5.0.3/modules/Calendar/addEventUI.php Tue Nov 21 02:47:40 2006
@@ -20,8 +20,7 @@
  $image_path=$theme_path."images/";
  require_once ($theme_path."layout_utils.php");
  $category = getParentTab();
- $userDetails=getOtherUserName($current_user->id,true);
- //echo '<pre>';print_r($userDetails);echo '</pre>';
+ $userDetails=getOtherUserName($current_user->id);
  $to_email = getUserEmailId('id',$current_user->id);
  $date_format = parse_calendardate($app_strings['NTC_DATE_FORMAT']);
  $taskassignedto = getAssignedTo(9);

Modified: vtigercrm/branches/5.0.3/modules/Calendar/calendar_share.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Calendar/calendar_share.php (original)
+++ vtigercrm/branches/5.0.3/modules/Calendar/calendar_share.php Tue Nov 21 02:47:40 2006
@@ -16,7 +16,7 @@
 require_once('include/database/PearDatabase.php');
 require_once('modules/Calendar/CalendarCommon.php');
  $t=Date("Ymd");
- $userDetails=getOtherUserName($current_user->id,true);
+ $userDetails=getSharingUserName($current_user->id);
  $shareduser_ids = getSharedUserId($current_user->id);
 ?>
 <table border=0 cellspacing=0 cellpadding=5 width=100% class="layerHeadingULine">

More information about the vtigercrm-commits mailing list