From 164dc8a577a4c80f23249759ed56415ad1faa502 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 29 Nov 2007 21:05:32 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20probl=E8me=20de=20droit=20d'acc=E8s,=20m?= =?UTF-8?q?ise=20en=20place=20de=20la=20fonction=20restrictedArea?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/projet/fiche.php | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index 6451ee7fca7..a937716da02 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -43,27 +43,8 @@ if ($_GET["id"]) { $projetid=$_GET["id"]; } if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden(); -if ($user->societe_id > 0) -{ - $socid = $user->societe_id; -} - -// Protection restriction commercial -if ($projetid && !$user->rights->commercial->client->voir) -{ - $sql = "SELECT p.rowid, p.fk_soc"; - $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc "; - $sql.= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; - if ($socid) $sql .= " AND p.fk_soc = ".$socid; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } -} - +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'projet', $projetid); if ($_POST["action"] == 'add' && $user->rights->projet->creer) {