lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Works on enhancement of project tasks

Browse Source 
Fix: security check
This commit is contained in:
Regis Houssin 2010-02-14 15:35:52 +00:00
parent cd46758cc0
commit 1f71ab2e39
4 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/includes/modules/modProjet.class.php
View File

@ -121,7 +121,7 @@ class modProjet extends DolibarrModules
$this->rights[$r][0] = 141; // id de la permission
$this->rights[$r][1] = "Lire tous les projets et taches (y compris prives qui ne me sont pas affectes)"; // libelle de la permission
$this->rights[$r][2] = 'r'; // type de la permission (deprecie a ce jour)
$this->rights[$r][3] = 1; // La permission est-elle une permission par defaut
$this->rights[$r][3] = 0; // La permission est-elle une permission par defaut
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'lire';

1
htdocs/projet/activity/list.php
View File

@ -113,6 +113,7 @@ if ($mesg) print $mesg;
$tasksarray=$task->getTasksArray(0,0,$project->id,0);
$tasksrole=$task->getUserRolesForProjectsOrTasks($user,0,$project->id,0);
//var_dump($tasksarray);
var_dump($tasksrole);
print '<form name="addtime" method="POST" action="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';

2
htdocs/projet/index.php
View File

@ -127,7 +127,7 @@ $sql.= ", s.nom, s.rowid as socid";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
$sql.= " WHERE p.entity = ".$conf->entity;
$sql.= " AND p.rowid IN (".$projectsListId.")";
if (!$user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
if ($socid) $sql.= " AND s.rowid = ".$socid;
$sql.= " GROUP BY s.nom, s.rowid";

2
htdocs/projet/project.class.php
View File

@ -612,7 +612,7 @@ class Project extends CommonObject
{
// To verify role of users
$userAccess = 0;
if (!empty($this->user_author_id) && $this->user_author_id == $user->id)
if ((!empty($this->user_author_id) && $this->user_author_id == $user->id) || $user->rights->projet->all->lire)
{
$userAccess = 1;
}