[Vtigercrm-commits] [vtiger-commits] r9578 - in /vtigercrm/branches/5.0.1/modules: Accounts/Account.php Contacts/Contact.php Emails/Email.php Leads/Lead.php Notes/Note.php Potentials/Opportunity.php Products/Product.php
vtigercrm-commits at vtiger.fosslabs.com
vtigercrm-commits at vtiger.fosslabs.com
Fri Oct 6 10:37:32 EDT 2006
Author: richie
Date: Fri Oct 6 08:37:21 2006
New Revision: 9578
Log:
* Added security for the Export query so that the permitted fields and premitted records only can be export to CSV files
Modified:
vtigercrm/branches/5.0.1/modules/Accounts/Account.php
vtigercrm/branches/5.0.1/modules/Contacts/Contact.php
vtigercrm/branches/5.0.1/modules/Emails/Email.php
vtigercrm/branches/5.0.1/modules/Leads/Lead.php
vtigercrm/branches/5.0.1/modules/Notes/Note.php
vtigercrm/branches/5.0.1/modules/Potentials/Opportunity.php
vtigercrm/branches/5.0.1/modules/Products/Product.php
Modified: vtigercrm/branches/5.0.1/modules/Accounts/Account.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Accounts/Account.php (original)
+++ vtigercrm/branches/5.0.1/modules/Accounts/Account.php Fri Oct 6 08:37:21 2006
@@ -670,64 +670,34 @@
function create_export_query(&$order_by, &$where)
{
global $log;
+ global $current_user;
$log->debug("Entering create_export_query(".$order_by.",".$where.") method ...");
- if($this->checkIfCustomTableExists('vtiger_accountscf'))
- {
-
- $query = $this->constructCustomQueryAddendum('vtiger_accountscf','Accounts') . "
- vtiger_account.*,
- ".$this->entity_table.".*,
- vtiger_accountbillads.city AS billing_city,
- vtiger_accountbillads.country AS billing_country,
- vtiger_accountbillads.code AS billing_code,
- vtiger_accountbillads.state AS billing_state,
- vtiger_accountbillads.street AS billing_street,
- vtiger_accountshipads.city AS shipping_city,
- vtiger_accountshipads.country AS shipping_country,
- vtiger_accountshipads.code AS shipping_code,
- vtiger_accountshipads.state AS shipping_state,
- vtiger_accountshipads.street AS shipping_street,
- vtiger_users.user_name,
- vtiger_users.status AS user_status
- FROM ".$this->entity_table."
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Accounts", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM ".$this->entity_table."
INNER JOIN vtiger_account
ON vtiger_crmentity.crmid = vtiger_account.accountid
LEFT JOIN vtiger_accountbillads
ON vtiger_account.accountid = vtiger_accountbillads.accountaddressid
LEFT JOIN vtiger_accountshipads
ON vtiger_account.accountid = vtiger_accountshipads.accountaddressid
- LEFT JOIN vtiger_accountscf
+ LEFT JOIN vtiger_accountscf
ON vtiger_accountscf.accountid = vtiger_account.accountid
+ LEFT JOIN vtiger_accountgrouprelation
+ ON vtiger_accountscf.accountid = vtiger_accountgrouprelation.accountid
+ LEFT JOIN vtiger_groups
+ ON vtiger_groups.groupname = vtiger_accountgrouprelation.groupname
LEFT JOIN vtiger_users
- ON vtiger_crmentity.smownerid = vtiger_users.id ";
-
- }
- else
- {
- $query = "SELECT vtiger_account.*,
- ".$this->entity_table.".*,
- vtiger_accountbillads.city AS billing_city,
- vtiger_accountbillads.country AS billing_country,
- vtiger_accountbillads.code AS billing_code,
- vtiger_accountbillads.state AS billing_state,
- vtiger_accountbillads.street AS billing_street,
- vtiger_accountshipads.city AS shipping_city,
- vtiger_accountshipads.country AS shipping_country,
- vtiger_accountshipads.code AS shipping_code,
- vtiger_accountshipads.state AS shipping_state,
- vtiger_accountshipads.street AS shipping_street,
- vtiger_users.user_name,
- vtiger_users.status AS user_status
- FROM ".$this->entity_table."
- INNER JOIN vtiger_account
- ON vtiger_crmentity.crmid = vtiger_account.accountid
- LEFT JOIN vtiger_accountbillads
- ON vtiger_account.accountid = vtiger_accountbillads.accountaddressid
- LEFT JOIN vtiger_accountshipads
- ON vtiger_account.accountid = vtiger_accountshipads.accountaddressid
- LEFT JOIN vtiger_users
- ON vtiger_crmentity.smownerid = vtiger_users.id ";
- }
+ ON vtiger_crmentity.smownerid = vtiger_users.id
+ LEFT JOIN vtiger_account vtiger_account2
+ ON vtiger_account2.accountid = vtiger_account.parentid
+ ";//vtiger_account2 is added to get the Member of account
+
$where_auto = " vtiger_users.status = 'Active'
AND vtiger_crmentity.deleted = 0 ";
@@ -737,8 +707,18 @@
else
$query .= "WHERE ".$where_auto;
+ require('user_privileges/user_privileges_'.$current_user->id.'.php');
+ require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ //we should add security check when the user has Private Access
+ if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[6] == 3)
+ {
+ //Added security check to get the permitted records only
+ $query = $query." ".getListViewSecurityParameter("Accounts");
+ }
+
if(!empty($order_by))
$query .= " ORDER BY $order_by";
+
$log->debug("Exiting create_export_query method ...");
return $query;
}
Modified: vtigercrm/branches/5.0.1/modules/Contacts/Contact.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Contacts/Contact.php (original)
+++ vtigercrm/branches/5.0.1/modules/Contacts/Contact.php Fri Oct 6 08:37:21 2006
@@ -653,36 +653,43 @@
function create_export_query(&$order_by, &$where)
{
global $log;
+ global $current_user;
$log->debug("Entering create_export_query(".$order_by.",".$where.") method ...");
- if($this->checkIfCustomTableExists('vtiger_contactscf'))
- {
- $query = $this->constructCustomQueryAddendum('vtiger_contactscf','Contacts') ."
- vtiger_contactdetails.*, vtiger_contactaddress.*,
- vtiger_account.accountname account_name,
- vtiger_users.user_name assigned_user_name
- FROM vtiger_contactdetails
- inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_contactdetails.contactid
- LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid=vtiger_users.id
- LEFT JOIN vtiger_account on vtiger_contactdetails.accountid=vtiger_account.accountid
- left join vtiger_contactaddress on vtiger_contactaddress.contactaddressid=vtiger_contactdetails.contactid
- left join vtiger_contactscf on vtiger_contactscf.contactid=vtiger_contactdetails.contactid
- where vtiger_crmentity.deleted=0 and vtiger_users.status='Active' ";
- }
- else
- {
- $query = "SELECT
- vtiger_contactdetails.*, vtiger_contactaddress.*,
- vtiger_account.accountname account_name,
- vtiger_users.user_name assigned_user_name
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Contacts", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list
FROM vtiger_contactdetails
inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_contactdetails.contactid
LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid=vtiger_users.id
LEFT JOIN vtiger_account on vtiger_contactdetails.accountid=vtiger_account.accountid
left join vtiger_contactaddress on vtiger_contactaddress.contactaddressid=vtiger_contactdetails.contactid
+ left join vtiger_contactsubdetails on vtiger_contactsubdetails.contactsubscriptionid=vtiger_contactdetails.contactid
left join vtiger_contactscf on vtiger_contactscf.contactid=vtiger_contactdetails.contactid
+ left join vtiger_customerdetails on vtiger_customerdetails.customerid=vtiger_contactdetails.contactid
+ LEFT JOIN vtiger_contactgrouprelation
+ ON vtiger_contactscf.contactid = vtiger_contactgrouprelation.contactid
+ LEFT JOIN vtiger_groups
+ ON vtiger_groups.groupname = vtiger_contactgrouprelation.groupname
+ LEFT JOIN vtiger_contactdetails vtiger_contactdetails2
+ ON vtiger_contactdetails2.contactid = vtiger_contactdetails.reportsto
where vtiger_crmentity.deleted=0 and vtiger_users.status='Active' ";
+ //vtiger_contactdetails2 is added to get the Reports To of Contact
+
+ require('user_privileges/user_privileges_'.$current_user->id.'.php');
+ require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ //we should add security check when the user has Private Access
+ if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[4] == 3)
+ {
+ //Added security check to get the permitted records only
+ $query = $query." ".getListViewSecurityParameter("Contacts");
}
- $log->info("Export Query Constructed Successfully");
+
+ $log->info("Export Query Constructed Successfully");
$log->debug("Exiting create_export_query method ...");
return $query;
}
Modified: vtigercrm/branches/5.0.1/modules/Emails/Email.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Emails/Email.php (original)
+++ vtigercrm/branches/5.0.1/modules/Emails/Email.php Fri Oct 6 08:37:21 2006
@@ -257,8 +257,50 @@
function create_export_query(&$order_by, &$where)
{
global $log;
+ global $current_user;
$log->debug("Entering create_export_query(".$order_by.",".$where.") method ...");
- $query = 'SELECT vtiger_activity.activityid, vtiger_activity.subject, vtiger_activity.activitytype, vtiger_attachments.name as filename, vtiger_crmentity.description as email_content FROM vtiger_activity inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_activity.activityid left join vtiger_seattachmentsrel on vtiger_activity.activityid=vtiger_seattachmentsrel.crmid left join vtiger_attachments on vtiger_seattachmentsrel.attachmentsid = vtiger_attachments.attachmentsid where vtiger_activity.activitytype="Emails" and vtiger_crmentity.deleted=0';
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Emails", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM vtiger_activity
+ INNER JOIN vtiger_crmentity
+ ON vtiger_crmentity.crmid=vtiger_activity.activityid
+ LEFT JOIN vtiger_users
+ ON vtiger_users.id = vtiger_crmentity.smownerid
+ LEFT JOIN vtiger_seactivityrel
+ ON vtiger_seactivityrel.activityid = vtiger_activity.activityid
+ LEFT JOIN vtiger_contactdetails
+ ON vtiger_contactdetails.contactid = vtiger_seactivityrel.crmid
+ LEFT JOIN vtiger_cntactivityrel
+ ON vtiger_cntactivityrel.activityid = vtiger_activity.activityid
+ AND vtiger_cntactivityrel.contactid = vtiger_cntactivityrel.contactid
+ LEFT JOIN vtiger_activitygrouprelation
+ ON vtiger_activitygrouprelation.activityid = vtiger_crmentity.crmid
+ LEFT JOIN vtiger_groups
+ ON vtiger_groups.groupname = vtiger_activitygrouprelation.groupname
+ LEFT JOIN vtiger_salesmanactivityrel
+ ON vtiger_salesmanactivityrel.activityid = vtiger_activity.activityid
+ LEFT JOIN vtiger_emaildetails
+ ON vtiger_emaildetails.emailid = vtiger_activity.activityid
+ LEFT JOIN vtiger_seattachmentsrel
+ ON vtiger_activity.activityid=vtiger_seattachmentsrel.crmid
+ LEFT JOIN vtiger_attachments
+ ON vtiger_seattachmentsrel.attachmentsid = vtiger_attachments.attachmentsid
+ WHERE vtiger_activity.activitytype='Emails' AND vtiger_crmentity.deleted=0 ";
+
+ require('user_privileges/user_privileges_'.$current_user->id.'.php');
+ require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ //we should add security check when the user has Private Access
+
+ if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1)
+ {
+ $sec_parameter=getListViewSecurityParameter("Emails");
+ $query .= $sec_parameter;
+ }
$log->debug("Exiting create_export_query method ...");
return $query;
Modified: vtigercrm/branches/5.0.1/modules/Leads/Lead.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Leads/Lead.php (original)
+++ vtigercrm/branches/5.0.1/modules/Leads/Lead.php Fri Oct 6 08:37:21 2006
@@ -138,38 +138,32 @@
function create_export_query(&$order_by, &$where)
{
global $log;
+ global $current_user;
$log->debug("Entering create_export_query(".$order_by.",".$where.") method ...");
- if($this->checkIfCustomTableExists('vtiger_leadscf'))
- {
-
- $query = $this->constructCustomQueryAddendum('vtiger_leadscf','Leads') . "
- vtiger_leaddetails.*, ".$this->entity_table.".*, vtiger_leadsubdetails.*,vtiger_leadaddress.city city, vtiger_leadaddress.state state,vtiger_leadaddress.code code,vtiger_leadaddress.country country, vtiger_leadaddress.phone phone, vtiger_users.user_name, vtiger_users.status user_status
- FROM ".$this->entity_table."
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Leads", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM ".$this->entity_table."
INNER JOIN vtiger_leaddetails
- ON vtiger_crmentity.crmid=vtiger_leaddetails.leadid
- LEFT JOIN vtiger_leadaddress
- ON vtiger_leaddetails.leadid=vtiger_leadaddress.leadaddressid
+ ON vtiger_crmentity.crmid=vtiger_leaddetails.leadid
LEFT JOIN vtiger_leadsubdetails
- ON vtiger_leaddetails.leadid=vtiger_leadsubdetails.leadsubscriptionid
+ ON vtiger_leaddetails.leadid = vtiger_leadsubdetails.leadsubscriptionid
+ LEFT JOIN vtiger_leadaddress
+ ON vtiger_leaddetails.leadid=vtiger_leadaddress.leadaddressid
LEFT JOIN vtiger_leadscf
- ON vtiger_leadscf.leadid=vtiger_leaddetails.leadid
+ ON vtiger_leadscf.leadid=vtiger_leaddetails.leadid
+ LEFT JOIN vtiger_leadgrouprelation
+ ON vtiger_leadscf.leadid = vtiger_leadgrouprelation.leadid
+ LEFT JOIN vtiger_groups
+ ON vtiger_groups.groupname = vtiger_leadgrouprelation.groupname
LEFT JOIN vtiger_users
- ON vtiger_crmentity.smownerid = vtiger_users.id ";
-
- }
- else
- {
- $query = "SELECT
- vtiger_leaddetails.*, ".$this->entity_table.".*, vtiger_leadsubdetails.*,vtiger_leadaddress.*,vtiger_users.user_name, vtiger_users.status user_status FROM ".$this->entity_table."
- INNER JOIN vtiger_leaddetails
- ON vtiger_crmentity.crmid=vtiger_leaddetails.leadid
- LEFT JOIN vtiger_leadsubdetails
- ON vtiger_leaddetails.leadid = vtiger_leadsubdetails.leadsubscriptionid
- LEFT JOIN vtiger_leadaddress
- ON vtiger_leaddetails.leadid=vtiger_leadaddress.leadaddressid
- LEFT JOIN vtiger_users
- ON vtiger_crmentity.smownerid = vtiger_users.id ";
- }
+ ON vtiger_crmentity.smownerid = vtiger_users.id
+ ";
+
$where_auto = " vtiger_users.status='Active'
AND vtiger_crmentity.deleted=0 AND vtiger_leaddetails.converted =0";
@@ -178,6 +172,15 @@
$query .= "where ($where) AND ".$where_auto;
else
$query .= "where ".$where_auto;
+
+ require('user_privileges/user_privileges_'.$current_user->id.'.php');
+ require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ //we should add security check when the user has Private Access
+ if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[7] == 3)
+ {
+ //Added security check to get the permitted records only
+ $query = $query." ".getListViewSecurityParameter("Leads");
+ }
if(!empty($order_by))
$query .= " ORDER BY $order_by";
Modified: vtigercrm/branches/5.0.1/modules/Notes/Note.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Notes/Note.php (original)
+++ vtigercrm/branches/5.0.1/modules/Notes/Note.php Fri Oct 6 08:37:21 2006
@@ -89,12 +89,55 @@
{
global $log;
$log->debug("Entering create_export_query(".$order_by.",". $where.") method ...");
- $query = "SELECT
- vtiger_notes.*,
- vtiger_contactdetails.firstname,
- vtiger_contactdetails.lastname
- FROM vtiger_notes
- LEFT JOIN vtiger_contactdetails ON vtiger_notes.contact_id=vtiger_contactdetails.contactid inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_notes.notesid and vtiger_crmentity.deleted=0 ";
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Notes", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM vtiger_notes
+ inner join vtiger_crmentity
+ on vtiger_crmentity.crmid=vtiger_notes.notesid
+ LEFT JOIN vtiger_senotesrel
+ ON vtiger_senotesrel.notesid = vtiger_notes.notesid
+ LEFT JOIN vtiger_contactdetails
+ ON vtiger_notes.contact_id=vtiger_contactdetails.contactid
+
+ LEFT JOIN vtiger_crmentity vtiger_crmentityRelatedTo
+ ON vtiger_crmentityRelatedTo.crmid = vtiger_senotesrel.crmid
+
+ LEFT JOIN vtiger_leaddetails vtiger_NoteRelatedToLead
+ ON vtiger_NoteRelatedToLead.leadid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_account vtiger_NoteRelatedToAccount
+ ON vtiger_NoteRelatedToAccount.accountid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_potential vtiger_NoteRelatedToPotential
+ ON vtiger_NoteRelatedToPotential.potentialid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_products vtiger_NoteRelatedToProduct
+ ON vtiger_NoteRelatedToProduct.productid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_invoice vtiger_NoteRelatedToInvoice
+ ON vtiger_NoteRelatedToInvoice.invoiceid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_purchaseorder vtiger_NoteRelatedToPO
+ ON vtiger_NoteRelatedToPO.purchaseorderid = vtiger_senotesrel.crmid
+ LEFT JOIN vtiger_salesorder vtiger_NoteRelatedToSO
+ ON vtiger_NoteRelatedToSO.salesorderid = vtiger_senotesrel.crmid
+
+ WHERE vtiger_crmentity.deleted=0
+
+ AND ((vtiger_senotesrel.crmid IS NULL
+ AND (vtiger_notes.contact_id = 0
+ OR vtiger_notes.contact_id IS NULL))
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('Leads').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('Accounts').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('Potentials').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('Products').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('Invoice').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('PurchaseOrder').")
+ OR vtiger_senotesrel.crmid IN (".getReadEntityIds('SalesOrder').")
+ OR vtiger_notes.contact_id IN (".getReadEntityIds('Contacts')."))
+
+ ";
+
$log->debug("Exiting create_export_query method ...");
return $query;
}
Modified: vtigercrm/branches/5.0.1/modules/Potentials/Opportunity.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Potentials/Opportunity.php (original)
+++ vtigercrm/branches/5.0.1/modules/Potentials/Opportunity.php Fri Oct 6 08:37:21 2006
@@ -183,34 +183,37 @@
function create_export_query($order_by, $where)
{
global $log;
+ global $current_user;
$log->debug("Entering create_export_query(".$order_by.",". $where.") method ...");
- if($this->checkIfCustomTableExists('vtiger_potentialscf'))
- {
- $query = $this->constructCustomQueryAddendum('vtiger_potentialscf','Potentials') ."
- vtiger_potential.*,
- vtiger_account.accountname account_name,
- vtiger_users.user_name assigned_user_name
- FROM vtiger_potential
- INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid=vtiger_potential.potentialid
- LEFT JOIN vtiger_account on vtiger_potential.accountid=vtiger_account.accountid
- left join vtiger_potentialscf on vtiger_potentialscf.potentialid=vtiger_potential.potentialid
- left join vtiger_users on vtiger_crmentity.smownerid=vtiger_users.id
- where vtiger_crmentity.deleted=0 ";
- }
- else
- {
- $query = "SELECT
- vtiger_potential.*,
- vtiger_account.accountname account_name,
- vtiger_users.user_name assigned_user_name
- FROM vtiger_potential
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Potentials", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM vtiger_potential
inner join vtiger_crmentity on vtiger_crmentity.crmid=vtiger_potential.potentialid
LEFT JOIN vtiger_users ON vtiger_crmentity.smownerid=vtiger_users.id
LEFT JOIN vtiger_account on vtiger_potential.accountid=vtiger_account.accountid
LEFT JOIN vtiger_potentialscf on vtiger_potentialscf.potentialid=vtiger_potential.potentialid
+ LEFT JOIN vtiger_potentialgrouprelation
+ ON vtiger_potentialscf.potentialid = vtiger_potentialgrouprelation.potentialid
+ LEFT JOIN vtiger_groups
+ ON vtiger_groups.groupname = vtiger_potentialgrouprelation.groupname
+ LEFT JOIN vtiger_campaign
+ ON vtiger_campaign.campaignid = vtiger_potential.campaignid
+
where vtiger_crmentity.deleted=0 ";
- }
+
+ require('user_privileges/user_privileges_'.$current_user->id.'.php');
+ require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ //we should add security check when the user has Private Access
+ if($is_admin==false && $profileGlobalPermission[1] == 1 && $profileGlobalPermission[2] == 1 && $defaultOrgSharingPermission[2] == 3)
+ {
+ //Added security check to get the permitted records only
+ $query = $query." ".getListViewSecurityParameter("Potentials");
+ }
$log->debug("Exiting create_export_query method ...");
return $query;
Modified: vtigercrm/branches/5.0.1/modules/Products/Product.php
==============================================================================
--- vtigercrm/branches/5.0.1/modules/Products/Product.php (original)
+++ vtigercrm/branches/5.0.1/modules/Products/Product.php Fri Oct 6 08:37:21 2006
@@ -517,96 +517,54 @@
{
global $log;
$log->debug("Entering create_export_query(".$order_by.",".$where.") method ...");
- if($this->checkIfCustomTableExists('vtiger_productcf'))
- {
-
- $query = $this->constructCustomQueryAddendum('vtiger_productcf','Products') ."
- vtiger_products.productid AS productid,
- vtiger_products.productname AS productname,
- vtiger_products.productcode AS productcode,
- vtiger_products.productcategory AS productcategory,
- vtiger_products.manufacturer AS manufacturer,
- vtiger_crmentity.description AS product_description,
- vtiger_products.qty_per_unit AS qty_per_unit,
- vtiger_products.unit_price AS unit_price,
- vtiger_products.weight AS weight,
- vtiger_products.pack_size AS pack_size,
- DATE_FORMAT(vtiger_products.start_date, '%Y-%m-%d') AS start_date,
- DATE_FORMAT(vtiger_products.expiry_date, '%Y-%m-%d') AS expiry_date,
- vtiger_products.cost_factor AS cost_factor,
- vtiger_products.commissionrate AS commissionrate,
- vtiger_products.commissionmethod AS commissionmethod,
- vtiger_products.discontinued AS discontinued,
- vtiger_products.sales_start_date AS sales_start_date,
- vtiger_products.sales_end_date AS sales_end_date,
- vtiger_products.usageunit AS usageunit,
- vtiger_products.serialno AS serialno,
- vtiger_products.currency AS currency,
- vtiger_products.reorderlevel AS reorderlevel,
- vtiger_products.website AS website,
- vtiger_products.taxclass AS taxclass,
- vtiger_products.mfr_part_no AS mfr_part_no,
- vtiger_products.vendor_part_no AS vendor_part_no,
- vtiger_products.qtyinstock AS qtyinstock,
- vtiger_products.productsheet AS productsheet,
- vtiger_products.qtyindemand AS qtyindemand
- FROM ".$this->entity_table."
- INNER JOIN vtiger_products
- ON vtiger_crmentity.crmid = vtiger_products.productid
+
+ include("include/utils/ExportUtils.php");
+
+ //To get the Permitted fields query and the permitted fields list
+ $sql = getPermittedFieldsQuery("Products", "detail_view");
+ $fields_list = getFieldsListFromQuery($sql);
+
+ $query = "SELECT $fields_list FROM ".$this->table_name ."
+ INNER JOIN vtiger_crmentity
+ ON vtiger_crmentity.crmid = vtiger_products.productid
+ LEFT JOIN vtiger_productcf
+ ON vtiger_products.productid = vtiger_productcf.productid
+ LEFT JOIN vtiger_seproductsrel
+ ON vtiger_seproductsrel.productid = vtiger_products.productid
+ LEFT JOIN vtiger_producttaxrel
+ ON vtiger_producttaxrel.productid = vtiger_products.productid
INNER JOIN vtiger_users
- ON vtiger_users.id = vtiger_crmentity.smownerid
- LEFT JOIN vtiger_productcf
- ON vtiger_productcf.productid = vtiger_products.productid";
-
- }
- else
- {
- $query = "SELECT vtiger_products.productid AS productid,
- vtiger_products.productname AS productname,
- vtiger_products.productcode AS productcode,
- vtiger_products.productcategory AS productcategory,
- vtiger_products.manufacturer AS manufacturer,
- vtiger_crmentity.description AS product_description,
- vtiger_products.qty_per_unit AS qty_per_unit,
- vtiger_products.unit_price AS unit_price,
- vtiger_products.weight AS weight,
- vtiger_products.pack_size AS pack_size,
- DATE_FORMAT(vtiger_products.start_date, '%Y-%m-%d') AS start_date,
- DATE_FORMAT(vtiger_products.expiry_date, '%Y-%m-%d') AS expiry_date,
- vtiger_products.cost_factor AS cost_factor,
- vtiger_products.commissionrate AS commissionrate,
- vtiger_products.commissionmethod AS commissionmethod,
- vtiger_products.discontinued AS discontinued,
- vtiger_products.sales_start_date AS sales_start_date,
- vtiger_products.sales_end_date AS sales_end_date,
- vtiger_products.usageunit AS usageunit,
- vtiger_products.serialno AS serialno,
- vtiger_products.currency AS vtiger_currency,
- vtiger_products.reorderlevel AS reorderlevel,
- vtiger_products.website AS website,
- vtiger_products.taxclass AS taxclass,
- vtiger_products.mfr_part_no AS mfr_part_no,
- vtiger_products.vendor_part_no AS vendor_part_no,
- vtiger_products.qtyinstock AS qtyinstock,
- vtiger_products.productsheet AS productsheet,
- vtiger_products.qtyindemand AS qtyindemand
- FROM ".$this->table_name ."
- INNER JOIN vtiger_crmentity
- ON vtiger_crmentity.crmid = vtiger_products.productid
- INNER JOIN vtiger_users
- ON vtiger_users.id=vtiger_crmentity.smownerid ";
-
- }
+ ON vtiger_users.id=vtiger_crmentity.smownerid
+
+ LEFT JOIN vtiger_crmentity vtiger_crmentityRelatedTo
+ ON vtiger_crmentityRelatedTo.crmid = vtiger_seproductsrel.crmid
+
+ LEFT JOIN vtiger_leaddetails vtiger_ProductRelatedToLead
+ ON vtiger_ProductRelatedToLead.leadid = vtiger_seproductsrel.crmid
+ LEFT JOIN vtiger_account vtiger_ProductRelatedToAccount
+ ON vtiger_ProductRelatedToAccount.accountid = vtiger_seproductsrel.crmid
+ LEFT JOIN vtiger_potential vtiger_ProductRelatedToPotential
+ ON vtiger_ProductRelatedToPotential.potentialid = vtiger_seproductsrel.crmid
- $where_auto = " vtiger_users.status = 'Active'
- AND vtiger_crmentity.deleted = 0 ";
-
-
-
- if($where != "")
- $query .= " WHERE ($where) AND ".$where_auto;
- else
- $query .= " WHERE ".$where_auto;
+ LEFT JOIN vtiger_contactdetails
+ ON vtiger_contactdetails.contactid = vtiger_products.contactid
+ LEFT JOIN vtiger_vendor
+ ON vtiger_vendor.vendorid = vtiger_products.vendor_id
+
+ WHERE vtiger_crmentity.deleted = 0 AND vtiger_users.status = 'Active'
+ AND ((vtiger_seproductsrel.crmid IS NULL
+ AND (vtiger_products.contactid = 0 OR vtiger_products.contactid IS NULL))
+ OR vtiger_seproductsrel.crmid IN (".getReadEntityIds('Leads').")
+ OR vtiger_seproductsrel.crmid IN (".getReadEntityIds('Accounts').")
+ OR vtiger_seproductsrel.crmid IN (".getReadEntityIds('Potentials').")
+ OR vtiger_products.contactid IN (".getReadEntityIds('Contacts')."))
+ group by vtiger_products.productid
+ ";
+ //ProductRelatedToLead, Account and Potential tables are added to get the Related to field
+
+
+ if($where != "")
+ $query .= " AND ($where) ";
if(!empty($order_by))
$query .= " ORDER BY $order_by";
More information about the vtigercrm-commits
mailing list