';
print ''."\n";
- if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read))
+ if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read) && in_array($id, $childids))
+ || (!empty($conf->salaries->enabled) && !empty($user->rights->salaries->readall))
|| (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read))) {
// Even a superior can't see this info of its subordinates wihtout $user->rights->salaries->read and $user->rights->hrm->employee->read (setting/viewing is reserverd to HR people).
// However, he can see the valuation of timesheet of its subordinates even without these permissions.
@@ -1777,17 +1778,14 @@ if ($action == 'create' || $action == 'adduserldap') {
print ''."\n";
// API key
- if (!empty($conf->api->enabled) && $user->admin) {
+ if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin)) {
print '
'.$langs->trans("ApiKey").'
';
print '
';
if (!empty($object->api_key)) {
print '';
- print showValueWithClipboardCPButton($object->api_key, 1, $langs->trans("Hidden"));
+ print showValueWithClipboardCPButton($object->api_key, 1, $langs->trans("Hidden")); // TODO Add an option to also reveal the hash, not only copy paste
print '';
}
- if ($user->admin || $user->id == $object->id) {
- // TODO Add a feature to reveal the hash
- }
print '
';
}
@@ -2303,7 +2301,7 @@ if ($action == 'create' || $action == 'adduserldap') {
print "\n";
// API key
- if (!empty($conf->api->enabled) && $user->admin) {
+ if (!empty($conf->api->enabled) && ($user->id == $id || $user->admin)) {
print '