From 99fb08240376c647b11bbd708bcb4457377ee9d7 Mon Sep 17 00:00:00 2001 From: Atm-Gregr Date: Mon, 24 Jan 2022 14:50:54 +0100 Subject: [PATCH 1/3] prevent access denied page --- htdocs/core/lib/security.lib.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 3ea554a4a8f..b26c723a014 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -615,6 +615,9 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta if ($feature == 'task') { $feature = 'projet_task'; } + if ($feature == 'banque') { + $feature = 'fk_account@bank_account'; + } $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object From 53b185ce9c987f4dbd8b0aae80e380c8f78f8f17 Mon Sep 17 00:00:00 2001 From: Atm-Gregr Date: Mon, 4 Apr 2022 10:19:51 +0200 Subject: [PATCH 2/3] fix condition on remx --- htdocs/comm/remx.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index f8a4c12fba7..1e3f56c30db 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -62,7 +62,7 @@ if (GETPOST('cancel', 'alpha') && !empty($backtopage)) { exit; } -if ($action == 'confirm_split' && GETPOST("confirm", "alpha") == 'yes' && $user->rights->societe->creer) { +if ($action == 'confirm_split' && GETPOST("confirm", "alpha") == 'yes' && ($user->rights->societe->creer || $user->rights->facture->creer)) { //if ($user->rights->societe->creer) //if ($user->rights->facture->creer) @@ -153,7 +153,7 @@ if ($action == 'confirm_split' && GETPOST("confirm", "alpha") == 'yes' && $user- } } -if ($action == 'setremise' && $user->rights->societe->creer) { +if ($action == 'setremise' && ($user->rights->societe->creer || $user->rights->facture->creer)) { //if ($user->rights->societe->creer) //if ($user->rights->facture->creer) @@ -192,7 +192,7 @@ if ($action == 'setremise' && $user->rights->societe->creer) { } } -if (GETPOST('action', 'aZ09') == 'confirm_remove' && GETPOST("confirm") == 'yes' && $user->rights->societe->creer) { +if (GETPOST('action', 'aZ09') == 'confirm_remove' && GETPOST("confirm") == 'yes' && ($user->rights->societe->creer || $user->rights->facture->creer)) { //if ($user->rights->societe->creer) //if ($user->rights->facture->creer) From 2009cc96e0e7d31a2e1cf3a422cd850a59112198 Mon Sep 17 00:00:00 2001 From: Atm-Gregr Date: Mon, 4 Apr 2022 10:21:06 +0200 Subject: [PATCH 3/3] clean branch --- htdocs/core/lib/security.lib.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b26c723a014..3ea554a4a8f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -615,9 +615,6 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta if ($feature == 'task') { $feature = 'projet_task'; } - if ($feature == 'banque') { - $feature = 'fk_account@bank_account'; - } $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object