lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #8443 from atm-florian/6.0

Browse Source 
fix user right on modRessource,  fix security check on fourn card
This commit is contained in:
Laurent Destailleur 2018-03-24 16:37:11 +01:00 committed by GitHub
commit 1c581c6fff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/core/modules/modResource.class.php
View File

@ -231,7 +231,7 @@ class modResource extends DolibarrModules
'langs'=> 'resource',
'position'=> 101,
'enabled'=> '1',
'perms'=> '$user->rights->resource->read',
'perms'=> '$user->rights->resource->write',
'target'=> '',
'user'=> 0
);
@ -255,7 +255,7 @@ class modResource extends DolibarrModules
// Exports
//--------
$r=0;
$r++;
$this->export_code[$r]=$this->rights_class.'_'.$r;
$this->export_label[$r]="ResourceSingular"; // Translation key (used only if key ExportDataset_xxx_z not found)
@ -265,19 +265,19 @@ class modResource extends DolibarrModules
$this->export_entities_array[$r]=array('r.rowid'=>'resource','r.ref'=>'resource','c.code'=>'resource','c.label'=>'resource','r.description'=>'resource','r.note_private'=>"resource",'r.resource'=>"resource",'r.asset_number'=>'resource','r.datec'=>"resource",'r.tms'=>"resource");
$keyforselect='resource'; $keyforelement='resource'; $keyforaliasextra='extra';
include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php';
$this->export_dependencies_array[$r]=array('resource'=>array('r.rowid')); // We must keep this until the aggregate_array is used. To add unique key if we ask a field of a child to avoid the DISTINCT to discard them.
$this->export_sql_start[$r]='SELECT DISTINCT ';
$this->export_sql_end[$r] =' FROM '.MAIN_DB_PREFIX.'resource as r ';
$this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'c_type_resource as c ON c.rowid=r.fk_code_type_resource';
$this->export_sql_end[$r] .=' LEFT JOIN '.MAIN_DB_PREFIX.'resource_extrafields as extra ON extra.fk_object = c.rowid';
$this->export_sql_end[$r] .=' AND r.entity IN ('.getEntity('resource').')';
// Imports
//--------
$r=0;
// Import list of third parties and attributes
$r++;
$this->import_code[$r]=$this->rights_class.'_'.$r;
@ -307,7 +307,7 @@ class modResource extends DolibarrModules
$this->import_regex_array[$r]=array('s.datec'=>'^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]( [0-9][0-9]:[0-9][0-9]:[0-9][0-9])?$');
$this->import_examplevalues_array[$r]=array('r.ref'=>"REF1",'r.fk_code_type_resource'=>"Code from dictionary resource type",'r.datec'=>"2017-01-01 or 2017-01-01 12:30:00");
$this->import_updatekeys_array[$r]=array('r.rf'=>'ResourceFormLabel_ref');
}
/**

4
htdocs/fourn/card.php
View File

@ -50,7 +50,7 @@ $cancelbutton = GETPOST('cancel');
// Security check
$id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id','int'));
if ($user->societe_id) $id=$user->societe_id;
$result = restrictedArea($user, 'societe&fournisseur', $id, '&societe');
$result = restrictedArea($user, 'societe&fournisseur', $id, '&societe', '', 'rowid');
$object = new Fournisseur($db);
$extrafields = new ExtraFields($db);
@ -107,7 +107,7 @@ if (empty($reshook))
// Fill array 'array_options' with data from update form
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
$ret = $extrafields->setOptionalsFromPost($extralabels, $object, GETPOST('attribute'));
if ($ret < 0) $error++;
if (! $error)
{