lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: better rights management

Browse Source
This commit is contained in:
Regis Houssin 2010-11-05 15:36:43 +00:00
parent 3b26115be9
commit 464574cbae
2 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/contact/canvas/actions_contactcard_common.class.php
View File

@ -284,7 +284,7 @@ class ActionsContactCardCommon
global $conf, $user, $langs;
// Creation utilisateur depuis contact
if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes' && $user->rights->user->user->creer)
if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes')
{
// Recuperation contact actuel
$result = $this->object->fetch($id);
@ -307,7 +307,7 @@ class ActionsContactCardCommon
}
// Creation contact
if ($_POST["action"] == 'add' && $user->rights->societe->contact->creer)
if ($_POST["action"] == 'add')
{
$this->assign_post();
@ -333,7 +333,7 @@ class ActionsContactCardCommon
}
}
if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes' && $user->rights->societe->contact->supprimer)
if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes')
{
$result=$this->object->fetch($id);
@ -352,7 +352,7 @@ class ActionsContactCardCommon
}
}
if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact->creer)
if ($_POST["action"] == 'update' && ! $_POST["cancel"])
{
if (empty($_POST["name"]))
{

12
htdocs/lib/functions.lib.php
View File

@ -1679,9 +1679,19 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
//print "Write access is ok";
}
// Check create user permission
$createuserok=1;
if ( GETPOST("action") && (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') )
{
if (! $user->rights->user->user->creer) $createuserok=0;
if (! $createuserok) accessforbidden();
//print "Create user access is ok";
}
// Check delete permission from module
$deleteok=1;
if ( (GETPOST("action") && GETPOST("action") == 'confirm_delete') && (GETPOST("confirm") && GETPOST("confirm") == 'yes') )
if ( GETPOST("action") && ( (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") && GETPOST("confirm") == 'yes') || GETPOST("action") == 'delete') )
{
foreach ($features as $feature)
{