Merge pull request #22099 from Hystepik/develop#5
Fix : permission check code
This commit is contained in:
Laurent Destailleur
GitHub
commit
11fc7cd870
@ -62,9 +62,9 @@ class box_activity extends ModeleBoxes
|
||||
// FIXME: Pb into some status
|
||||
$this->enabled = ($conf->global->MAIN_FEATURES_LEVEL); // Not enabled by default due to bugs (see previous comments)
|
||||
|
||||
$this->hidden = !((isModEnabled('facture') && $user->rights->facture->lire)
|
||||
|| (isModEnabled('commande') && $user->rights->commande->lire)
|
||||
|| (isModEnabled('propal') && $user->rights->propale->lire)
|
||||
$this->hidden = !((isModEnabled('facture') && $user->hasRight('facture', 'read'))
|
||||
|| (isModEnabled('commande') && $user->hasRight('commande', 'read'))
|
||||
|| (isModEnabled('propal') && $user->hasRight('propale', 'read'))
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@ -60,7 +60,7 @@ class box_birthdays extends ModeleBoxes
|
||||
|
||||
$this->db = $db;
|
||||
|
||||
$this->hidden = !($user->rights->user->user->lire && empty($user->socid));
|
||||
$this->hidden = !($user->hasRight('user', 'user', 'read') && empty($user->socid));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -65,7 +65,7 @@ class box_clients extends ModeleBoxes
|
||||
$this->enabled = 0; // disabled by this option
|
||||
}
|
||||
|
||||
$this->hidden = !($user->rights->societe->lire && empty($user->socid));
|
||||
$this->hidden = !($user->hasRight('societe', 'read') && empty($user->socid));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -65,7 +65,7 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
|
||||
$this->enabled = 0; // disabled by this option
|
||||
}
|
||||
|
||||
$this->hidden = !($user->rights->societe->lire && empty($user->socid));
|
||||
$this->hidden = !($user->hasRight('societe', 'read') && empty($user->socid));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -60,7 +60,7 @@ class box_fournisseurs extends ModeleBoxes
|
||||
|
||||
$this->db = $db;
|
||||
|
||||
$this->hidden = !($user->rights->societe->lire && empty($user->socid));
|
||||
$this->hidden = !($user->hasRight('societe', 'read') && empty($user->socid));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -84,7 +84,7 @@ class box_last_ticket extends ModeleBoxes
|
||||
'text' => $langs->trans("BoxLastTicketContent"),
|
||||
);
|
||||
|
||||
if ($user->rights->ticket->read) {
|
||||
if ($user->hasRight('ticket', 'read')) {
|
||||
$sql = "SELECT t.rowid as id, t.ref, t.track_id, t.fk_soc, t.fk_user_create, t.fk_user_assign, t.subject, t.message, t.fk_statut as status, t.type_code, t.category_code, t.severity_code, t.datec, t.date_read, t.date_close, t.origin_email,";
|
||||
$sql .= " type.label as type_label, category.label as category_label, severity.label as severity_label,";
|
||||
$sql .= " s.nom as company_name, s.email as socemail, s.client, s.fournisseur";
|
||||
|
||||
@ -67,7 +67,7 @@ class box_prospect extends ModeleBoxes
|
||||
$this->enabled = 0; // disabled by this option
|
||||
}
|
||||
|
||||
$this->hidden = !($user->rights->societe->lire && empty($user->socid));
|
||||
$this->hidden = !($user->hasRight('societe', 'read') && empty($user->socid));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -209,9 +209,9 @@ if (empty($reshook)) {
|
||||
// Mass actions
|
||||
$objectclass = 'Holiday';
|
||||
$objectlabel = 'Holiday';
|
||||
$permissiontoread = $user->rights->holiday->read;
|
||||
$permissiontodelete = $user->rights->holiday->delete;
|
||||
$permissiontoapprove = $user->rights->holiday->approve;
|
||||
$permissiontoread = $user->hasRight('holiday', 'read');
|
||||
$permissiontodelete = $user->hasRight('holiday', 'delete');
|
||||
$permissiontoapprove = $user->hasRight('holiday', 'approve');
|
||||
$uploaddir = $conf->holiday->dir_output;
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
|
||||
}
|
||||
@ -580,7 +580,7 @@ if ($resql) {
|
||||
|
||||
// Approver
|
||||
if (!empty($arrayfields['cp.fk_validator']['checked'])) {
|
||||
if ($user->rights->holiday->readall) {
|
||||
if ($user->hasRight('holiday', 'readall')) {
|
||||
print '<td class="liste_titre maxwidthonsmartphone left">';
|
||||
$validator = new UserGroup($db);
|
||||
$excludefilter = $user->admin ? '' : 'u.rowid <> '.$user->id;
|
||||
|
||||
@ -270,7 +270,7 @@ if (isModEnabled('holiday') && $user->rights->holiday->read) {
|
||||
|
||||
|
||||
// Latest expense report
|
||||
if (isModEnabled('expensereport') && $user->rights->expensereport->lire) {
|
||||
if (isModEnabled('expensereport') && $user->hasRight('expensereport', 'read')) {
|
||||
$sql = "SELECT u.rowid as uid, u.lastname, u.firstname, u.login, u.email, u.statut as user_status, u.photo,";
|
||||
$sql .= " x.rowid, x.ref, x.date_debut as date, x.tms as dm, x.total_ttc, x.fk_statut as status";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."expensereport as x, ".MAIN_DB_PREFIX."user as u";
|
||||
@ -342,7 +342,7 @@ if (isModEnabled('expensereport') && $user->rights->expensereport->lire) {
|
||||
|
||||
|
||||
// Last modified job position
|
||||
if (isModEnabled('recruitment') && $user->rights->recruitment->recruitmentjobposition->read) {
|
||||
if (isModEnabled('recruitment') && $user->hasRight('recruitment', 'recruitmentjobposition', 'read')) {
|
||||
$staticrecruitmentcandidature = new RecruitmentCandidature($db);
|
||||
$staticrecruitmentjobposition = new RecruitmentJobPosition($db);
|
||||
$sql = "SELECT rc.rowid, rc.ref, rc.email, rc.lastname, rc.firstname, rc.date_creation, rc.tms, rc.status,";
|
||||
|
||||
@ -2703,7 +2703,7 @@ class User extends CommonObject
|
||||
global $dolibarr_main_authentication, $dolibarr_main_demo;
|
||||
global $menumanager;
|
||||
|
||||
if (!$user->rights->user->user->lire && $user->id != $this->id) {
|
||||
if (!$user->hasRight('user', 'user', 'read') && $user->id != $this->id) {
|
||||
$option = 'nolink';
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user