From 23d19a8af3ae7807dcdb37ea1f323b99dfa25f13 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 10 May 2021 19:20:17 +0200 Subject: [PATCH] Fix permissions --- htdocs/expedition/card.php | 27 +++++++++------------------ htdocs/expedition/contact.php | 7 ------- 2 files changed, 9 insertions(+), 25 deletions(-) diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index c204afcef72..0c7d51edcfe 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -82,21 +82,6 @@ if (empty($origin_id)) { $ref = GETPOST('ref', 'alpha'); $line_id = GETPOST('lineid', 'int') ?GETPOST('lineid', 'int') : ''; -// Security check -$socid = ''; -if ($user->socid) { - $socid = $user->socid; -} - -if ($origin == 'expedition') { - $result = restrictedArea($user, $origin, $id); -} else { - $result = restrictedArea($user, 'expedition'); - if (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) { - accessforbidden(); - } -} - $action = GETPOST('action', 'alpha'); $confirm = GETPOST('confirm', 'alpha'); $cancel = GETPOST('cancel', 'alpha'); @@ -121,18 +106,24 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('expeditioncard', 'globalcard')); -$permissiondellink = $user->rights->expedition->delivery->creer; // Used by the include of actions_dellink.inc.php -//var_dump($object->lines[0]->detail_batch); - $date_delivery = dol_mktime(GETPOST('date_deliveryhour', 'int'), GETPOST('date_deliverymin', 'int'), 0, GETPOST('date_deliverymonth', 'int'), GETPOST('date_deliveryday', 'int'), GETPOST('date_deliveryyear', 'int')); +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref); + $object->fetch_thirdparty(); +} + // Security check +$socid = ''; if ($user->socid) { $socid = $user->socid; } $result = restrictedArea($user, 'expedition', $object->id, ''); +$permissiondellink = $user->rights->expedition->delivery->creer; // Used by the include of actions_dellink.inc.php +//var_dump($object->lines[0]->detail_batch); + /* * Actions diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index cd9febc685d..f6f6fb7e1c7 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -108,13 +108,6 @@ if ($action == 'addcontact' && $user->rights->expedition->creer) { dol_print_error($db); } } -/* -elseif ($action == 'setaddress' && $user->rights->expedition->creer) -{ - $object->fetch($id); - $result=$object->setDeliveryAddress($_POST['fk_address']); - if ($result < 0) dol_print_error($db,$object->error); -}*/ /*