lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX impossible to edit user if you are admin

Browse Source 
Line 128 surcharged the line 111 even if you ard admin ou user->user->write.
So I was impossible to update user card if it was not yours...
This commit is contained in:
Sébastien NASSIET 2023-03-03 18:26:00 +01:00 committed by GitHub
parent 43826bde05
commit 412a1e1453
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/user/card.php
View File

@ -125,7 +125,7 @@ if ($user->id != $id && !$canreaduser) {
// Define value to know what current user can do on properties of edited user
if ($id > 0) {
// $user is the current logged user, $id is the user we want to edit
$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")); // can edit myself
$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (!empty($user->admin) || $user->hasRight("user", "user", "write")); // can edit myself
$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
}