diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index e3dad8c0386..2afd7e15fe9 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -248,7 +248,7 @@ function getEntity($element, $shared = 1, $currentobject = null)
$out = $mc->getEntity($element, $shared, $currentobject);
} else {
$out = '';
- $addzero = array('user', 'usergroup', 'c_email_templates', 'email_template', 'default_values');
+ $addzero = array('user', 'usergroup', 'cronjob', 'c_email_templates', 'email_template', 'default_values');
if (in_array($element, $addzero)) {
$out .= '0,';
}
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 55a516377b2..f75bb21eae9 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -989,6 +989,8 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$checkonentitydone = 1;
}
+ //var_dump($checkonentitydone);
+
if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) { // By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield
// If external user: Check permission for external users
if ($user->socid > 0) {
@@ -1000,7 +1002,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$sql .= " WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.".$dbt_keyfield." = ".((int) $user->socid);
} elseif (isModEnabled("societe") && empty($user->rights->societe->client->voir)) {
- // If internal user: Check permission for internal users that are restricted on their objects
+ // If internal user without permission to see all thirdparties: Check permission for internal users that are restricted on their objects
if ($feature != 'ticket') {
if (empty($dbt_keyfield)) {
dol_print_error('', 'Param dbt_keyfield is required but not defined');
@@ -1022,7 +1024,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR sc.fk_user IS NULL)";
}
} elseif (isModEnabled('multicompany')) {
- // If multicompany and internal users with all permissions, check user is in correct entity
+ // If multicompany, and user is an internal user with all permissions, check that object is in correct entity
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
diff --git a/htdocs/cron/class/cronjob.class.php b/htdocs/cron/class/cronjob.class.php
index 4aa6ef3a25e..c1cea5abe7d 100644
--- a/htdocs/cron/class/cronjob.class.php
+++ b/htdocs/cron/class/cronjob.class.php
@@ -996,7 +996,7 @@ class Cronjob extends CommonObject
}
$datas['space'] = '
';
- if (!empty($this->datestart)) {
+ if (!empty($this->datestart) && $this->datestart >= dol_now()) {
$datas['crondtstart'] = '
'.$langs->trans('CronDtStart').': '.dol_print_date($this->datestart, 'dayhour', 'tzuserrel');
}
if (!empty($this->dateend)) {
@@ -1025,8 +1025,6 @@ class Cronjob extends CommonObject
public function getNomUrl($withpicto = 0, $option = '', $notooltip = 0, $morecss = '', $save_lastsearch_value = -1)
{
global $db, $conf, $langs;
- global $dolibarr_main_authentication, $dolibarr_main_demo;
- global $menumanager;
if (!empty($conf->dol_no_mouse_hover)) {
$notooltip = 1; // Force disable tooltips