Fix: limit access to internal users

htdocs/admin/mails_templates.php

@@ -55,8 +55,7 @@ $search_lang=GETPOST('search_lang','alpha');
 $search_fk_user=GETPOST('search_fk_user','intcomma');
 $search_topic=GETPOST('search_topic','alpha');
 
-$allowed=1;
-if (! $allowed) accessforbidden();
+if ($user->socid) accessforbidden();
 
 $acts[0] = "activate";
 $acts[1] = "disable";

htdocs/core/menus/init_menu_auguria.sql

@@ -311,7 +311,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->categorie->enabled', __HANDLER__, 'left', 3804__+MAX_llx_menu__, 'project', 'cat', 7__+MAX_llx_menu__, '/categories/index.php?leftmenu=cat&type=6', 'Categories', 0, 'categories', '$user->rights->categorie->lire', '', 2, 4, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->categorie->enabled', __HANDLER__, 'left', 3805__+MAX_llx_menu__, 'project', '', 3804__+MAX_llx_menu__, '/categories/card.php?action=create&type=6', 'NewCategory', 1, 'categories', '$user->rights->categorie->creer', '', 2, 0, __ENTITY__);
 -- Tools
-insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '', __HANDLER__, 'left', 3900__+MAX_llx_menu__, 'tools', 'email_templates', 8__+MAX_llx_menu__, '/admin/mails_templates.php?leftmenu=email_templates', 'EMailTemplates', 0, '', '', '', 0, 0, __ENTITY__);
+insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', 'empty($user->socid)', __HANDLER__, 'left', 3900__+MAX_llx_menu__, 'tools', 'email_templates', 8__+MAX_llx_menu__, '/admin/mails_templates.php?leftmenu=email_templates', 'EMailTemplates', 0, '', '', '', 0, 0, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->mailing->enabled', __HANDLER__, 'left', 3910__+MAX_llx_menu__, 'tools', 'mailing', 8__+MAX_llx_menu__, '/comm/mailing/index.php?leftmenu=mailing', 'EMailings', 0, 'mails', '$user->rights->mailing->lire', '', 0, 0, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->mailing->enabled', __HANDLER__, 'left', 3911__+MAX_llx_menu__, 'tools', '', 3910__+MAX_llx_menu__, '/comm/mailing/card.php?leftmenu=mailing&action=create', 'NewMailing', 1, 'mails', '$user->rights->mailing->creer', '', 0, 0, __ENTITY__);
 insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->mailing->enabled', __HANDLER__, 'left', 3912__+MAX_llx_menu__, 'tools', '', 3910__+MAX_llx_menu__, '/comm/mailing/list.php?leftmenu=mailing', 'List', 1, 'mails', '$user->rights->mailing->lire', '', 0, 1, __ENTITY__);

htdocs/core/menus/standard/eldy.lib.php

@@ -1418,8 +1418,11 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 		 */
 		if ($mainmenu == 'tools')
 		{
-			$langs->load("mails");
-			$newmenu->add("/admin/mails_templates.php?leftmenu=email_templates", $langs->trans("EMailTemplates"), 0, 1, '', $mainmenu, 'email_templates');
+			if (empty($user->socid)) // limit to internal users
+			{
+				$langs->load("mails");
+				$newmenu->add("/admin/mails_templates.php?leftmenu=email_templates", $langs->trans("EMailTemplates"), 0, 1, '', $mainmenu, 'email_templates');
+			}
 
 			if (! empty($conf->mailing->enabled))
 			{