Control what your users can access and save time, money, and frustrations. Lock down sensitive data in SugarCRM or SuiteCRM to specific groups or teams. Supports unlimited assigned users, unlimited group assignments to records, custom layouts for each group, login/sudo capabilities and much more.
#95 - EmailTemplate dropdown in EmailMarketing module
We found that there is missing SecuritySuite protection of the list of email templates available to users in the drop-down box labeled "Email Templates:" in the Email Marketing module. Users are able to select all Email Templates, even if we've tried to protect the Email Templates with SecuritySuite. We patched it on our own installation, but we'd like to see a proper patch added to an upcoming version.
Below we're including the patch file we used. We'd also appreciate any feedback on this solution.
Thank you! KTSI
diff -c modules/EmailMarketing/EditView.php custom/modules/EmailMarketing/EditView.php *** modules/EmailMarketing/EditView.php 2013-03-28 01:27:08.679449492 -0400 --- custom/modules/EmailMarketing/EditView.php 2013-03-28 21:57:00.461443092 -0400
*** 121,127 **** $xtpl->assign("TIME_START", $time_start); $xtpl->assign("TIME_FORMAT", '('. $timedate->get_user_time_format().')');
! $email_templates_arr = get_bean_select_array(true, 'EmailTemplate','name',"(type IS NULL OR type='' OR type='campaign')",'name'); if($focus->template_id) { $xtpl->assign("TEMPLATE_ID", $focus->template_id); $xtpl->assign("EMAIL_TEMPLATE_OPTIONS", get_select_options_with_id($email_templates_arr, $focus->template_id)); --- 121,156 ---- $xtpl->assign("TIME_START", $time_start); $xtpl->assign("TIME_FORMAT", '('. $timedate->get_user_time_format().')');
! $where = "(type IS NULL OR type='' OR type='campaign')"; ! ! /* BEGIN - SECURITY GROUPS / ! global $beanFiles; ! require_once($beanFiles['EmailTemplate']); ! $email_templates_bean = new EmailTemplate(); ! ! if($email_templates_bean->bean_implements('ACL') && ACLController::requireSecurityGroup($email_templates_bean->module_dir, 'list') ) ! { ! require_once('modules/SecurityGroups/SecurityGroup.php'); ! $owner_where = " email_templates.created_by ='$current_user->id' "; ! $group_where = SecurityGroup::getGroupWhere($email_templates_bean->table_name,$email_templates_bean->module_dir,$current_user->id); ! ! if(!empty($owner_where)){ ! if(empty($where)) ! { ! $where = " (". $owner_where." or ".$group_where.") "; ! } else { ! $where .= " AND (". $owner_where." or ".$group_where.") "; ! } ! } else { ! $where .= ' AND '. $group_where; ! } ! ! } ! / END - SECURITY GROUPS */ ! ! ! $email_templates_arr = get_bean_select_array(true, 'EmailTemplate','name',$where,'name'); ! if($focus->template_id) { $xtpl->assign("TEMPLATE_ID", $focus->template_id); $xtpl->assign("EMAIL_TEMPLATE_OPTIONS", get_select_options_with_id($email_templates_arr, $focus->template_id));
-
"I can say that it has been one of the best modules within our SugarCRM CE instance!"
Read More Reviews
- Most Recent Love from Users
kacsoristvan- damien8105
- anri
- Administrador
- Stefano1
- einkauf2
11 years ago
Thanks Kevin! I'll probably get that included upstream in the get_bean_select_array function to catch other possible areas.
11 years ago
Included in 6.5.12 by adding logic to include/utils.php->get_bean_select_array().