Changeset 10845


Ignore:
Timestamp:
May 10, 2007 10:14:33 PM (13 years ago)
Author:
jerrydgeorge
Message:

Field Level Security implemented in Merge.Fixes #3790

Location:
vtigercrm/branches/5.0.3/modules
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • vtigercrm/branches/5.0.3/modules/Accounts/Merge.php

    r10682 r10845  
    9595 
    9696//<<<<<<<<<<<<<<<<header for csv and select columns for query>>>>>>>>>>>>>>>>>>>>>>>> 
    97 $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 6 and vtiger_field.block <> 75 order by vtiger_field.tablename"; 
     97global $current_user; 
     98require('user_privileges/user_privileges_'.$current_user->id.'.php'); 
     99if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0 || $module == "Users" || $module == "Emails") 
     100{ 
     101        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 75 order by vtiger_field.tablename"; 
     102} 
     103else 
     104{ 
     105        $profileList = getCurrentUserProfileList(); 
     106        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid INNER JOIN vtiger_profile2field ON vtiger_profile2field.fieldid=vtiger_field.fieldid INNER JOIN vtiger_def_org_field ON vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 75 AND vtiger_profile2field.visible=0 AND vtiger_def_org_field.visible=0 AND vtiger_profile2field.profileid IN ".$profileList." GROUP BY vtiger_field.fieldid order by vtiger_field.tablename"; 
     107        //Postgres 8 fixes 
     108        if( $adb->dbType == "pgsql") 
     109        $sql = fixPostgresQuery( $sql, $log, 0); 
     110} 
    98111 
    99112$result = $adb->query($query1); 
     
    173186                                left join vtiger_contactsubdetails on vtiger_contactdetails.contactid = vtiger_contactsubdetails.contactsubscriptionid  
    174187                                left join vtiger_contactscf on vtiger_contactdetails.contactid = vtiger_contactscf.contactid  
     188                                left join vtiger_customerdetails on vtiger_contactdetails.contactid = vtiger_customerdetails.customerid  
    175189                                left join vtiger_contactdetails as vtiger_contactdetailsContacts on vtiger_contactdetailsContacts.contactid = vtiger_contactdetails.reportsto 
    176190                                left join vtiger_account as vtiger_accountContacts on vtiger_accountContacts.accountid = vtiger_contactdetails.accountid  

  • vtigercrm/branches/5.0.3/modules/Contacts/Merge.php

    r10790 r10845  
    7979 
    8080//<<<<<<<<<<<<<<<<header for csv and select columns for query>>>>>>>>>>>>>>>>>>>>>>>> 
    81 $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 6 and vtiger_field.block <> 75 order by vtiger_field.tablename"; 
    82  
     81 
     82global $current_user; 
     83require('user_privileges/user_privileges_'.$current_user->id.'.php'); 
     84if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0 || $module == "Users" || $module == "Emails") 
     85{ 
     86        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 75 order by vtiger_field.tablename"; 
     87} 
     88else 
     89{ 
     90        $profileList = getCurrentUserProfileList(); 
     91        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid INNER JOIN vtiger_profile2field ON vtiger_profile2field.fieldid=vtiger_field.fieldid INNER JOIN vtiger_def_org_field ON vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid in (4,6) and vtiger_field.block <> 75 AND vtiger_profile2field.visible=0 AND vtiger_def_org_field.visible=0 AND vtiger_profile2field.profileid IN ".$profileList." GROUP BY vtiger_field.fieldid order by vtiger_field.tablename"; 
     92        //Postgres 8 fixes 
     93        if( $adb->dbType == "pgsql") 
     94        $sql = fixPostgresQuery( $sql, $log, 0); 
     95} 
    8396$result = $adb->query($query1); 
    8497$y=$adb->num_rows($result); 
     
    8699for ($x=0; $x<$y; $x++) 
    87100{  
    88   $tablename = $adb->query_result($result,$x,"tablename"); 
    89   $columnname = $adb->query_result($result,$x,"columnname"); 
    90   $modulename = $adb->query_result($result,$x,"name"); 
    91    
     101        $tablename = $adb->query_result($result,$x,"tablename"); 
     102        $columnname = $adb->query_result($result,$x,"columnname"); 
     103        $modulename = $adb->query_result($result,$x,"name"); 
     104 
    92105        if($tablename == "crmentity") 
    93   { 
    94         if($modulename == "Accounts") 
    95         { 
    96                 $tablename = "crmentityAccounts"; 
    97         } 
    98   } 
    99   $querycolumns[$x] = $tablename.".".$columnname; 
    100   if($columnname == "smownerid") 
    101   { 
    102     if($modulename == "Accounts") 
    103     { 
     106        { 
     107                if($modulename == "Accounts") 
     108                { 
     109                        $tablename = "crmentityAccounts"; 
     110                } 
     111        } 
     112        $querycolumns[$x] = $tablename.".".$columnname; 
     113        if($columnname == "smownerid") 
     114        { 
     115                if($modulename == "Accounts") 
     116                { 
    104117                        $querycolumns[$x]="concat(usersAccounts.last_name,' ',usersAccounts.first_name) as username"; 
    105     } 
     118                } 
    106119                if($modulename == "Contacts") 
    107     { 
    108         $querycolumns[$x]="concat(vtiger_users.last_name,' ',vtiger_users.first_name) as usercname,vtiger_users.first_name,vtiger_users.last_name,vtiger_users.user_name,vtiger_users.yahoo_id,vtiger_users.title,vtiger_users.phone_work,vtiger_users.department,vtiger_users.phone_mobile,vtiger_users.phone_other,vtiger_users.phone_fax,vtiger_users.email1,vtiger_users.phone_home,vtiger_users.email2,vtiger_users.address_street,vtiger_users.address_city,vtiger_users.address_state,vtiger_users.address_postalcode,vtiger_users.address_country"; 
    109     } 
    110   } 
     120                { 
     121                        $querycolumns[$x]="concat(vtiger_users.last_name,' ',vtiger_users.first_name) as usercname,vtiger_users.first_name,vtiger_users.last_name,vtiger_users.user_name,vtiger_users.yahoo_id,vtiger_users.title,vtiger_users.phone_work,vtiger_users.department,vtiger_users.phone_mobile,vtiger_users.phone_other,vtiger_users.phone_fax,vtiger_users.email1,vtiger_users.phone_home,vtiger_users.email2,vtiger_users.address_street,vtiger_users.address_city,vtiger_users.address_state,vtiger_users.address_postalcode,vtiger_users.address_country"; 
     122                } 
     123        } 
    111124        if($columnname == "parentid") 
    112125        { 
     
    121134                $querycolumns[$x] = "contactdetailsContacts.lastname"; 
    122135        } 
    123          
    124          
     136 
     137 
    125138        if($modulename == "Accounts") 
    126   { 
    127         $field_label[$x] = "ACCOUNT_".strtoupper(str_replace(" ","",$adb->query_result($result,$x,"fieldlabel"))); 
    128   } 
    129          
     139        { 
     140                $field_label[$x] = "ACCOUNT_".strtoupper(str_replace(" ","",$adb->query_result($result,$x,"fieldlabel"))); 
     141        } 
     142 
    130143        if($modulename == "Contacts") 
    131   { 
    132         $field_label[$x] = "CONTACT_".strtoupper(str_replace(" ","",$adb->query_result($result,$x,"fieldlabel"))); 
    133         if($columnname == "smownerid") 
    134                 { 
    135                         $field_label[$x] = $field_label[$x].",USER_FIRSTNAME,USER_LASTNAME,USER_USERNAME,USER_YAHOOID,USER_TITLE,USER_OFFICEPHONE,USER_DEPARTMENT,USER_MOBILE,USER_OTHERPHONE,USER_FAX,USER_EMAIL,USER_HOMEPHONE,USER_OTHEREMAIL,USER_PRIMARYADDRESS,USER_CITY,USER_STATE,USER_POSTALCODE,USER_COUNTRY"; 
    136                 } 
    137   } 
    138      
    139          
     144        { 
     145                $field_label[$x] = "CONTACT_".strtoupper(str_replace(" ","",$adb->query_result($result,$x,"fieldlabel"))); 
     146                if($columnname == "smownerid") 
     147                { 
     148                        $field_label[$x] = $field_label[$x].",USER_FIRSTNAME,USER_LASTNAME,USER_USERNAME,USER_YAHOOID,USER_TITLE,USER_OFFICEPHONE,USER_DEPARTMENT,USER_MOBILE,USER_OTHERPHONE,USER_FAX,USER_EMAIL,USER_HOMEPHONE,USER_OTHEREMAIL,USER_PRIMARYADDRESS,USER_CITY,USER_STATE,USER_POSTALCODE,USER_COUNTRY"; 
     149                } 
     150        } 
     151 
     152 
    140153} 
    141154$csvheader = implode(",",$field_label); 
     
    153166                                inner join vtiger_contactsubdetails on vtiger_contactdetails.contactid = vtiger_contactsubdetails.contactsubscriptionid  
    154167                                inner join vtiger_contactscf on vtiger_contactdetails.contactid = vtiger_contactscf.contactid  
     168                                inner join vtiger_customerdetails on vtiger_contactdetails.contactid = vtiger_customerdetails.customerid  
    155169                                left join vtiger_contactdetails as contactdetailsContacts on contactdetailsContacts.contactid = vtiger_contactdetails.reportsto 
    156170                                left join vtiger_account as accountContacts on accountContacts.accountid = vtiger_contactdetails.accountid  

  • vtigercrm/branches/5.0.3/modules/HelpDesk/Merge.php

    r10682 r10845  
    7373 
    7474//<<<<<<<<<<<<<<<<header for csv and select columns for query>>>>>>>>>>>>>>>>>>>>>>>> 
    75 $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (13,4,6) and vtiger_field.uitype <> 61 and (vtiger_field.tablename <>'CustomerDetails' and block <> 6 and block <> 75) and block <> 30 order by vtiger_field.tablename"; 
    76  
     75 
     76global $current_user; 
     77require('user_privileges/user_privileges_'.$current_user->id.'.php'); 
     78if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0 || $module == "Users" || $module == "Emails") 
     79{ 
     80        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid where vtiger_field.tabid in (13,4,6) and vtiger_field.uitype <> 61 and block <> 75 and block <> 30 order by vtiger_field.tablename"; 
     81} 
     82else 
     83{ 
     84        $profileList = getCurrentUserProfileList(); 
     85        $query1="select vtiger_tab.name,vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field inner join vtiger_tab on vtiger_tab.tabid = vtiger_field.tabid INNER JOIN vtiger_profile2field ON vtiger_profile2field.fieldid=vtiger_field.fieldid INNER JOIN vtiger_def_org_field ON vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid in (13,4,6) and vtiger_field.uitype <> 61 and block <> 75 and block <> 30 AND vtiger_profile2field.visible=0 AND vtiger_def_org_field.visible=0 AND vtiger_profile2field.profileid IN ".$profileList." GROUP BY vtiger_field.fieldid order by vtiger_field.tablename"; 
     86        //Postgres 8 fixes 
     87        if( $adb->dbType == "pgsql") 
     88        $sql = fixPostgresQuery( $sql, $log, 0); 
     89} 
    7790$result = $adb->query($query1); 
    7891$y=$adb->num_rows($result); 
     
    184197                        left join vtiger_contactsubdetails on vtiger_contactdetails.contactid = vtiger_contactsubdetails.contactsubscriptionid  
    185198                        left join vtiger_contactscf on vtiger_contactdetails.contactid = vtiger_contactscf.contactid  
     199                        left join vtiger_customerdetails on vtiger_contactdetails.contactid = vtiger_customerdetails.customerid  
    186200                        left join vtiger_contactdetails as contactdetailsContacts on contactdetailsContacts.contactid = vtiger_contactdetails.reportsto 
    187201                        left join vtiger_account as accountContacts on accountContacts.accountid = vtiger_contactdetails.accountid  

  • vtigercrm/branches/5.0.3/modules/Leads/Merge.php

    r10682 r10845  
    7676 
    7777//<<<<<<<<<<<<<<<<header for csv and select columns for query>>>>>>>>>>>>>>>>>>>>>>>> 
    78 $query1="select tablename,columnname,fieldlabel from vtiger_field where tabid=7 order by tablename"; 
     78 
     79global $current_user; 
     80require('user_privileges/user_privileges_'.$current_user->id.'.php'); 
     81if($is_admin == true || $profileGlobalPermission[1] == 0 || $profileGlobalPermission[2] == 0 || $module == "Users" || $module == "Emails") 
     82{ 
     83        $query1="select tablename,columnname,fieldlabel from vtiger_field where tabid=7 order by tablename"; 
     84} 
     85else 
     86{ 
     87        $profileList = getCurrentUserProfileList(); 
     88        $query1="select vtiger_field.tablename,vtiger_field.columnname,vtiger_field.fieldlabel from vtiger_field INNER JOIN vtiger_profile2field ON vtiger_profile2field.fieldid=vtiger_field.fieldid INNER JOIN vtiger_def_org_field ON vtiger_def_org_field.fieldid=vtiger_field.fieldid where vtiger_field.tabid in (7) AND vtiger_profile2field.visible=0 AND vtiger_def_org_field.visible=0 AND vtiger_profile2field.profileid IN ".$profileList." GROUP BY vtiger_field.fieldid order by vtiger_field.tablename"; 
     89        //Postgres 8 fixes 
     90        if( $adb->dbType == "pgsql") 
     91        $sql = fixPostgresQuery( $sql, $log, 0); 
     92} 
     93 
    7994$result = $adb->query($query1); 
    8095$y=$adb->num_rows($result); 
Note: See TracChangeset for help on using the changeset viewer.