admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#33913 Kan gegevens (gecloond) rapport niet opslaan

Browse Source 
svn path=/Website/trunk/; revision=26518
This commit is contained in:
Erik Groener
2015-09-30 06:42:21 +00:00
parent c6a0029142
commit 9007f4785f
1 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
APPL/API2/model_reportsx.inc
View File

@@ -59,15 +59,20 @@ function model_reportsx(usrrap_key, rapparams)
this.is_safe_view = function(viewname)
{
if (viewname.substr(0, 4).toUpperCase() == customerId)
if (viewname && viewname.indexOf(".") != -1)
{
if (viewname.substr(0, 4).toUpperCase() == customerId)
return true;
var regexp = S("fac_usrrap_safe_view_regexp"); //"^(AAXX|PCHX)"
if (regexp && new RegExp(regexp, 'i').test(viewname))
return true;
return false;
}
else
return true;
var regexp = S("fac_usrrap_safe_view_regexp"); //"^(AAXX|PCHX)"
if (regexp && new RegExp(regexp, 'i').test(viewname))
return true;
return false;
};
this._check_authorization = function(params, method)
@@ -82,8 +87,8 @@ function model_reportsx(usrrap_key, rapparams)
if (user.oslogin() != "_FACILITOR") // Die mag alles
{
// viewname zit alleen in dbfields als het een insert is. In edit-mode is dit veld readonly, dus niet in dbfields.
var view_in_db = (("viewname" in dbfields) || (params.filter.id && params.filter.id != -1));
user.auth_required_or_abort(view_in_db || this.is_safe_view(jsondata.viewname));
if ("viewname" in dbfields)
user.auth_required_or_abort(this.is_safe_view(jsondata.viewname));
}
};