function process() { $GLOBALS['log']->info(get_class($this) . ":"); global $current_user; $access = get_admin_modules_for_user($current_user); if (is_admin($current_user) || is_admin_for_any_module($current_user) && !isset($_REQUEST['view_module']) && (isset($_REQUEST['action']) && $_REQUEST['action'] != 'package') || isset($_REQUEST['view_module']) && (in_array($_REQUEST['view_module'], $access) || empty($_REQUEST['view_module'])) || isset($_REQUEST['type']) && ($_REQUEST['type'] == 'dropdowns' && is_admin_for_any_module($current_user) || $_REQUEST['type'] == 'studio' && displayStudioForCurrentUser() == true)) { $this->hasAccess = true; } else { $this->hasAccess = false; } parent::process(); }
function isModuleAdmin($access) { global $current_user; //Global admins have full access if (is_admin($current_user)) { return true; } $module = ""; if (!empty($_REQUEST['targetModule'])) { $module = $_REQUEST['targetModule']; } if (!empty($_REQUEST['tmodule'])) { $module = $_REQUEST['tmodule']; } //If the user is an admin of some module, and no module was set, assume they have access. if (is_admin_for_any_module($current_user) && empty($module) && (isset($_REQUEST['action']) && $_REQUEST['action'] != 'package')) { return true; } //If the module was set, check that the user has access if (!empty($module) && in_array($module, $access)) { return true; } }
<?php global $current_user; if (!is_admin($current_user) && !is_admin_for_any_module($current_user)) { sugar_die("Unauthorized access to administration."); } //***********************// //***AlineaSol Premium***// //***********************// $returnedPremiumHtml = asol_ReportsUtils::managePremiumFeature("reportFieldsManagement", "reportFunctions.php", "getReportFieldsManagementPanel", null); $returnedHtml = $returnedPremiumHtml !== false ? $returnedPremiumHtml : ''; //***********************// //***AlineaSol Premium***// //***********************// echo $returnedHtml;
die('Not A Valid Entry Point'); } /* * Your installation or use of this SugarCRM file is subject to the applicable * terms available at * http://support.sugarcrm.com/06_Customer_Center/10_Master_Subscription_Agreements/. * If you do not agree to all of the applicable terms or do not have the * authority to bind the entity as an authorized representative, then do not * install or use this SugarCRM file. * * Copyright (C) SugarCRM Inc. All rights reserved. */ global $current_user, $beanFiles; set_time_limit(3600); $db = DBManagerFactory::getInstance(); if (is_admin($current_user) || isset($from_sync_client) || is_admin_for_any_module($current_user)) { isset($_REQUEST['execute']) ? $execute = $_REQUEST['execute'] : ($execute = false); $export = false; if (sizeof($_POST) && isset($_POST['raction'])) { if (isset($_POST['raction']) && strtolower($_POST['raction']) == "export") { //jc - output buffering is being used. if we do not clean the output buffer //the contents of the buffer up to the length of the repair statement(s) //will be saved in the file... ob_clean(); header("Content-Disposition: attachment; filename=repairSugarDB.sql"); header("Content-Type: text/sql; charset={$app_strings['LBL_CHARSET']}"); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . TimeDate::httpTime()); header("Cache-Control: post-check=0, pre-check=0", false); header("Content-Length: " . strlen($_POST['sql'])); //jc:7347 - for whatever reason, html_entity_decode is choking on converting
public function repairDatabaseSelectModules() { global $current_user, $mod_strings, $dictionary; set_time_limit(3600); include 'include/modules.php'; //bug 15661 $db = DBManagerFactory::getInstance(); if (is_admin($current_user) || is_admin_for_any_module($current_user)) { $export = false; if ($this->show_output) { echo getClassicModuleTitle($mod_strings['LBL_REPAIR_DATABASE'], array($mod_strings['LBL_REPAIR_DATABASE']), false); } if ($this->show_output) { echo "<h1 id=\"rdloading\">{$mod_strings['LBL_REPAIR_DATABASE_PROCESSING']}</h1>"; ob_flush(); } $sql = ''; if ($this->module_list && !in_array($mod_strings['LBL_ALL_MODULES'], $this->module_list)) { $repair_related_modules = array_keys($dictionary); //repair DB $dm = inDeveloperMode(); $GLOBALS['sugar_config']['developerMode'] = true; foreach ($this->module_list as $bean_name) { if (isset($beanFiles[$bean_name]) && file_exists($beanFiles[$bean_name])) { require_once $beanFiles[$bean_name]; $GLOBALS['reload_vardefs'] = true; $focus = new $bean_name(); #30273 if ($focus->disable_vardefs == false) { include 'modules/' . $focus->module_dir . '/vardefs.php'; if ($this->show_output) { print_r("<p>" . $mod_strings['LBL_REPAIR_DB_FOR'] . ' ' . $bean_name . "</p>"); } $sql .= $db->repairTable($focus, $this->execute); } } } $GLOBALS['sugar_config']['developerMode'] = $dm; if ($this->show_output) { echo "<script type=\"text/javascript\">document.getElementById('rdloading').style.display = \"none\";</script>"; } if (isset($sql) && !empty($sql)) { $qry_str = ""; foreach (explode("\n", $sql) as $line) { if (!empty($line) && substr($line, -2) != "*/") { $line .= ";"; } $qry_str .= $line . "\n"; } if ($this->show_output) { echo "<h3>{$mod_strings['LBL_REPAIR_DATABASE_DIFFERENCES']}</h3>"; echo "<p>{$mod_strings['LBL_REPAIR_DATABASE_TEXT']}</p>"; echo "<form method=\"post\" action=\"index.php?module=Administration&action=repairDatabase\">"; echo "<textarea name=\"sql\" rows=\"24\" cols=\"150\" id=\"repairsql\">{$qry_str}</textarea>"; echo "<br /><input type=\"submit\" value=\"" . $mod_strings['LBL_REPAIR_DATABASE_EXECUTE'] . "\" name=\"raction\" /> <input type=\"submit\" name=\"raction\" value=\"" . $mod_strings['LBL_REPAIR_DATABASE_EXPORT'] . "\" />"; } } else { if ($this->show_output) { echo "<h3>{$mod_strings['LBL_REPAIR_DATABASE_SYNCED']}</h3>"; } } } } else { sugar_die($GLOBALS['app_strings']['ERR_NOT_ADMIN']); } }
/** * Handles everything related to authorization. */ function handleAccessControl() { if (is_admin($GLOBALS['current_user']) || is_admin_for_any_module($GLOBALS['current_user'])) { return; } if (!empty($_REQUEST['action']) && $_REQUEST['action'] == "RetrieveEmail") { return; } if (!is_admin($GLOBALS['current_user']) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]['all']) && (empty($GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action]) || $GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action] != 'allow')) { $this->controller->hasAccess = false; return; } if (!empty($GLOBALS['current_user']) && empty($GLOBALS['modListHeader'])) { $GLOBALS['modListHeader'] = query_module_access_list($GLOBALS['current_user']); } if (in_array($this->controller->module, $GLOBALS['modInvisList']) && (in_array('Activities', $GLOBALS['moduleList']) && in_array('Calendar', $GLOBALS['moduleList']) && in_array($this->controller->module, $GLOBALS['modInvisListActivities']))) { $this->controller->hasAccess = false; return; } }
session_destroy(); include 'modules/Users/Logout.php'; } global $mod_strings; global $app_list_strings; global $app_strings; // Unimplemented until jscalendar language files are fixed // global $current_language; // global $default_language; // global $cal_codes; $focus = BeanFactory::getBean('WorkFlow'); if (isset($_REQUEST['record']) && isset($_REQUEST['record'])) { $focus->retrieve($_REQUEST['record']); } $access = get_workflow_admin_modules_for_user($current_user); if (!is_admin($current_user) && !is_admin_for_any_module($current_user) || !empty($focus->base_module) && empty($access[$focus->base_module])) { sugar_die("Unauthorized access to WorkFlow."); } $old_workflow_id = $focus->id; if (isset($_REQUEST['isDuplicate']) && $_REQUEST['isDuplicate'] == 'true') { $focus->id = ""; } $params = array(); $params[] = "<a href='index.php?module=WorkFlow&action=index'>{$mod_strings['LBL_MODULE_NAME']}</a>"; if (empty($focus->id)) { $params[] = $GLOBALS['app_strings']['LBL_CREATE_BUTTON_LABEL']; } else { $params[] = "<a href='index.php?module=WorkFlow&action=DetailView&record={$focus->id}'>{$focus->name}</a>"; $params[] = $GLOBALS['app_strings']['LBL_EDIT_BUTTON_LABEL']; } echo getClassicModuleTitle("WorkFlow", $params, true);
/** * Handles everything related to authorization. */ function handleAccessControl() { if (is_admin($GLOBALS['current_user']) || is_admin_for_any_module($GLOBALS['current_user'])) { return; } if (!empty($_REQUEST['action']) && $_REQUEST['action'] == "RetrieveEmail") { return; } if (!is_admin($GLOBALS['current_user']) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]) && !empty($GLOBALS['adminOnlyList'][$this->controller->module]['all']) && (empty($GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action]) || $GLOBALS['adminOnlyList'][$this->controller->module][$this->controller->action] != 'allow')) { $this->controller->hasAccess = false; return; } // Bug 20916 - Special case for check ACL access rights for Subpanel QuickCreates if (isset($_POST['action']) && $_POST['action'] == 'SubpanelCreates') { $actual_module = $_POST['target_module']; if (!empty($GLOBALS['modListHeader']) && !in_array($actual_module, $GLOBALS['modListHeader'])) { $this->controller->hasAccess = false; } return; } if (!empty($GLOBALS['current_user']) && empty($GLOBALS['modListHeader'])) { $GLOBALS['modListHeader'] = query_module_access_list($GLOBALS['current_user']); } if (in_array($this->controller->module, $GLOBALS['modInvisList']) && (in_array('Activities', $GLOBALS['moduleList']) && in_array('Calendar', $GLOBALS['moduleList']) && in_array($this->controller->module, $GLOBALS['modInvisListActivities']))) { $this->controller->hasAccess = false; return; } }
} $xtpl->assign("BODY", $focus->body); $xtpl->assign("BODY_HTML", from_html($focus->body_html)); $xtpl->assign("DATE_MODIFIED", $focus->date_modified); $xtpl->assign("DATE_ENTERED", $focus->date_entered); if ($focus->published == 'on') { $xtpl->assign("PUBLISHED", "CHECKED"); } /////////////////////////////////////////////////////////////////////////////// //// NOTES (attachements, etc.) /////////////////////////////////////////////////////////////////////////////// $attachments = ''; $note = BeanFactory::getBean('Notes'); $notes_list = $note->get_full_list("notes.name", "notes.parent_id=" . $GLOBALS['db']->quoted($focus->id), true); if (!empty($notes_list)) { for ($i = 0; $i < count($notes_list); $i++) { $the_note = $notes_list[$i]; $attachments .= "<a href=\"index.php?entryPoint=download&id={$the_note->id}&type=Notes\">" . $the_note->name . "</a><br />"; } } $xtpl->assign("ATTACHMENTS", $attachments); global $current_user; if ((is_admin($current_user) || is_admin_for_any_module($current_user)) && $_REQUEST['module'] != 'DynamicLayout' && !empty($_SESSION['editinplace'])) { $xtpl->assign("ADMIN_EDIT", "<a href='index.php?action=index&module=DynamicLayout&from_action=" . $_REQUEST['action'] . "&from_module=" . $_REQUEST['module'] . "&record=" . $_REQUEST['record'] . "'>" . SugarThemeRegistry::current()->getImage("EditLayout", "border='0' align='bottom'", null, null, '.gif', $mod_strings['LBL_EDITLAYOUT']) . "</a>"); } $xtpl->assign("DESCRIPTION", $focus->description); $detailView->processListNavigation($xtpl, "EMAIL_TEMPLATE", $offset); // adding custom fields: require_once 'modules/DynamicFields/templates/Files/DetailView.php'; $xtpl->parse("main"); $xtpl->out("main");