lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX : if user is only allowed to see his companies, he must be allowed to see deplacement which are not linked to a company

Browse Source
This commit is contained in:
gauthier 2016-06-06 16:31:42 +02:00
parent 0e06f116a2
commit 07d07d522a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/compta/deplacement/list.php
View File

@ -91,7 +91,7 @@ if (!$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_
$sql.= " WHERE d.fk_user = u.rowid";
$sql.= " AND d.entity = ".$conf->entity;
if (empty($user->rights->deplacement->readall) && empty($user->rights->deplacement->lire_tous)) $sql.=' AND d.fk_user IN ('.join(',',$childids).')';
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND (sc.fk_user = " .$user->id." OR d.fk_soc IS NULL) ";
if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($search_ref) $sql.=" AND d.rowid=".$search_ref;