From 45bfee7ef0f8789ad5405ef80e1bbb64a43d07b8 Mon Sep 17 00:00:00 2001
From: Denis Flaven <denis.flaven@combodo.com>
Date: Fri, 21 Sep 2012 16:57:53 +0000
Subject: [PATCH] Do not let portal users configure their lists... not bullet
 proof from the security point of view, but better than opening it wide.

SVN:trunk[2200]
---
 application/datatable.class.inc.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/application/datatable.class.inc.php b/application/datatable.class.inc.php
index ba943ed92..b6dd0bf42 100644
--- a/application/datatable.class.inc.php
+++ b/application/datatable.class.inc.php
@@ -71,7 +71,14 @@ class DataTable
 		}
 		$this->oSet->SetOrderBy($oCustomSettings->GetSortOrder());
 		
-		return $this->GetAsHTML($oPage, $oCustomSettings->iDefaultPageSize, $oCustomSettings->iDefaultPageSize, 0, $oCustomSettings->aColumns, $bActionsMenu, true, $sSelectMode, $bViewLink, $aExtraParams);
+		$bToolkitMenu = true;
+		if (UserRights::IsPortalUser())
+		{
+			// Portal users have a limited access to data, for now they can only see what's configured for them
+			$bToolkitMenu = false;
+		}
+		
+		return $this->GetAsHTML($oPage, $oCustomSettings->iDefaultPageSize, $oCustomSettings->iDefaultPageSize, 0, $oCustomSettings->aColumns, $bActionsMenu, $bToolkitMenu, $sSelectMode, $bViewLink, $aExtraParams);
 	}
 	
 	public function GetAsHTML(WebPage $oPage, $iPageSize, $iDefaultPageSize, $iPageIndex, $aColumns, $bActionsMenu, $bToolkitMenu, $sSelectMode, $bViewLink, $aExtraParams)