lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add hook checkSecureAccess.

Browse Source 
It replaces mymodule_SUBPERMCATEGORY_FOR_DOCUMENTS and
mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS
This commit is contained in:
Laurent Destailleur 2021-08-28 00:53:13 +02:00
parent 2dd91bf312
commit 11096a5453
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
htdocs/core/lib/files.lib.php
View File

@ -2269,8 +2269,9 @@ function dol_most_recent_file($dir, $regexfilter = '', $excludefilter = array('(
*/
function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser = '', $refname = '', $mode = 'read')
{
global $conf, $db, $user;
global $conf, $db, $user, $hookmanager;
global $dolibarr_main_data_root, $dolibarr_main_document_root_alt;
global $object;
if (!is_object($fuser)) {
$fuser = $user;
@ -2927,6 +2928,25 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
}
}
$parameters = array(
'modulepart' => $modulepart,
'original_file' => $original_file,
'entity' => $entity,
'fuser' => $fuser,
'refname' => '',
'mode' => $mode
);
$reshook = $hookmanager->executeHooks('checkSecureAccess', $parameters, $object);
if ($reshook > 0) {
if (!empty($hookmanager->resArray['accessallowed'])) {
$accessallowed = $hookmanager->resArray['accessallowed'];
}
if (!empty($hookmanager->resArray['sqlprotectagainstexternals'])) {
$sqlprotectagainstexternals = $hookmanager->resArray['sqlprotectagainstexternals'];
}
}
/*
// For modules who wants to manage different levels of permissions for documents
$subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS';
if (!empty($conf->global->$subPermCategoryConstName)) {
@ -2939,9 +2959,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
// Define $sqlprotectagainstexternals for modules who want to protect access using a SQL query.
$sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS';
if (!empty($conf->global->$sqlProtectConstName)) { // If module want to define its own $sqlprotectagainstexternals
// Example: mymodule__SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
// Example: mymodule_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
// TODO Replace this with a hook
eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";');
}
*/
}
$ret = array(