Skip to content
Permalink
Browse files
sec(Workflow) restrict access to system workflows: only admin can access
  • Loading branch information
joebordes committed Oct 31, 2021
1 parent 4ddab26 commit 971ad65641e211ec8cf8e56517257d527051264b
Showing with 15 additions and 0 deletions.
  1. +5 −0 modules/com_vtiger_workflow/VTWorkflow.php
  2. +5 −0 modules/com_vtiger_workflow/edittask.php
  3. +5 −0 modules/com_vtiger_workflow/editworkflow.php
@@ -194,6 +194,11 @@ public function setup($row) {
}
}

public function checkNonAdminAccess() {
global $current_user;
return (is_admin($current_user) || $this->defaultworkflow != 1);
}

public function evaluate($entityCache, $id) {
if ($this->test=='') {
return true;
@@ -62,6 +62,11 @@ function vtTaskEdit($adb, $request, $current_language, $app_strings) {
$util->redirectTo($errorUrl, $mod['LBL_ERROR_NO_WORKFLOW']);
return;
}
if (!$workflow->checkNonAdminAccess()) {
$errorUrl = $module->errorPageUrl(getTranslatedString('LBL_PERMISSION'));
$util->redirectTo($errorUrl, getTranslatedString('LBL_PERMISSION'));
return;
}

$module->setReturnUrl('');
$returnUrl = $module->editWorkflowUrl($task->workflowId);
@@ -45,6 +45,11 @@ function vtWorkflowEdit($adb, $request, $requestUrl, $current_language, $app_str
} else {
if (isset($request['workflow_id'])) {
$workflow = $wfs->retrieve($request['workflow_id']);
if (!$workflow->checkNonAdminAccess()) {
$errorUrl = $module->errorPageUrl(getTranslatedString('LBL_PERMISSION'));
$util->redirectTo($errorUrl, getTranslatedString('LBL_PERMISSION'));
return;
}
if ($workflow->executionCondition!=VTWorkflowManager::$ON_SCHEDULE) {
$smarty->assign('MaxAllowedScheduledWorkflows', $wfs->getMaxAllowedScheduledWorkflows());
} else {

0 comments on commit 971ad65

Please sign in to comment.