[Vtigercrm-developers] v5 alpha 3
Josh Lee
jlee at zertis.net
Fri Mar 24 13:55:36 PST 2006
I have a client who wants v5alpha3, so I am turning into a stable
version for them. Here are some diffs for some patches.
I do not have the time to create my own branch and submit these. Please
someone take the time to commit these, to save everyone else the work.
Index: includes/database/PearDatabase.php
===================================================================
--- includes/database/PearDatabase.php (revision 4391)
+++ includes/database/PearDatabase.php (working copy)
@@ -435,7 +437,9 @@
/* ADODB newly added. replacement for mysql_result() */
function query_result(&$result, $row, $col=0)
+ if(!$result)
+ return null;
//$this->println("ADODB query_result r=".$row." c=".$col);
$result->Move($row);
$rowdata = $this->change_key_case($result->FetchRow());
Index: includes/utils/DetailViewUtils.php
===================================================================
--- includes/utils/DetailViewUtils.php (revision 4391)
+++ includes/utils/DetailViewUtils.php (working copy)
@@ -861,9 +861,9 @@
for($i=0; $i<$num_row; $i++)
{
$rel_tab_id =
$adb->query_result($result,$i,"related_tabid");
- echo '<BR>'.$rel_tab_id.'<BR>';
+ //echo '<BR>'.$rel_tab_id.'<BR>';
$funtion_name = $adb->query_result($result,$i,"name");
- echo '<BR>'.$funtion_name.'<BR>';
+// echo '<BR>'.$funtion_name.'<BR>';
$label = $adb->query_result($result,$i,"label");
if($rel_tab_id != 0)
{
Index: includes/utils/export.php
===================================================================
--- includes/utils/export.php (revision 4391)
+++ includes/utils/export.php (working copy)
@@ -30,7 +30,7 @@
require_once('modules/Potentials/Opportunity.php');
require_once('modules/Users/User.php');
require_once('modules/Products/Product.php');
-
+require_once 'include/utils/UserInfoUtil.php';
global $allow_exports;
session_start();
@@ -202,10 +204,12 @@
*/
$order_by = "";
- $query = $focus->create_export_query($order_by,$where);
-
+ // I made a new function for security during exporting. It makes
sure they only have access
+ // to export what they would have access to read. Previous to this,
anyone who had export writes, could export anything.
+ $query = $focus->create_export_query($order_by,$where);
+ $clause = getExportSecurityClause($type);
+ $query .= "\n and (\n $clause \n)";
+ //print "<hr><pre>";
+ //print "<hr>";
//print $query;
$result = $adb->query($query,true,"Error exporting $type:
"."<BR>$query");
Index: utils/UserInfoUtil.php
===================================================================
--- utils/UserInfoUtil.php (revision 4391)
+++ utils/UserInfoUtil.php (working copy)
@@ -3730,7 +3730,37 @@
}
return $list;
}
+function getExportSecurityClause($module) {
+ global $current_user;
+ $tabid=getTabid($module);
+ global $current_user;
+ if($current_user)
+ {
+
require('user_privileges/user_privileges_'.$current_user->id.'.php');
+
require('user_privileges/sharing_privileges_'.$current_user->id.'.php');
+ }
+
+ $clause = "crmentity.smownerid in(".$current_user->id.") or
crmentity.smownerid in(select user2role.userid from user2role inner join
users on users.id=user2role.userid inner join role on
role.roleid=user2role.roleid where role.parentrole like
'".$current_user_parent_role_seq."::%') or crmentity.smownerid in(select
shareduserid from tmp_read_user_sharing_per where
userid=".$current_user->id." and tabid=".$tabid.")";
+ return $clause;
+}
function getListViewSecurityParameter($module)
{
global $adb;
Hope this helps.
Josh Lee
--
Josh Lee
Software Engineer
Zertis Technologies, LLC
205.422.5279
jlee at zertis.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jlee.vcf
Type: text/x-vcard
Size: 219 bytes
Desc: not available
Url : http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20060324/fed86992/attachment-0003.vcf
More information about the vtigercrm-developers
mailing list