From 4ff373d2e06f32bc4ec8f90c6ce4f1e96384bc49 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 21 Jun 2007 18:10:45 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20mise=20en=20fonction=20de=20la=20v=E9rif?= =?UTF-8?q?ication=20des=20droits=20d'acc=E8s=20users,=20clients=20et=20co?= =?UTF-8?q?mmerciaux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/propal/apercu.php | 18 +++--------------- htdocs/comm/propal/document.php | 10 ++++------ htdocs/comm/propal/info.php | 10 +++------- htdocs/comm/propal/note.php | 13 +++---------- 4 files changed, 13 insertions(+), 38 deletions(-) diff --git a/htdocs/comm/propal/apercu.php b/htdocs/comm/propal/apercu.php index e5a8de58f6b..607a8e93c63 100644 --- a/htdocs/comm/propal/apercu.php +++ b/htdocs/comm/propal/apercu.php @@ -36,24 +36,14 @@ if ($conf->projet->enabled) { require_once(DOL_DOCUMENT_ROOT."/project.class.php"); } - -$user->getrights('propale'); - -if (!$user->rights->propale->lire) - accessforbidden(); - $langs->load('propal'); $langs->load("bills"); $langs->load('compta'); -// Sécurité accés client -if ($user->societe_id > 0) -{ - $action = ''; - $socid = $user->societe_id; -} - +$propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'propale', $propalid, 'propal'); llxHeader(); @@ -85,11 +75,9 @@ if ($_GET["propalid"] > 0) $sql.= ' p.fk_user_author, p.fk_user_valid, p.fk_user_cloture, p.datec, p.date_valid, p.date_cloture'; $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'propal as p'; $sql.= ' WHERE p.fk_soc = s.rowid AND p.rowid = '.$propal->id; - if ($socid) $sql .= ' AND s.rowid = '.$socid; $result = $db->query($sql); - if ($result) { if ($db->num_rows($result)) { $obj = $db->fetch_object($result); diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 5dbdb79438c..8423a558bc1 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -33,17 +33,15 @@ require('./pre.inc.php'); require_once(DOL_DOCUMENT_ROOT."/propal.class.php"); require_once(DOL_DOCUMENT_ROOT."/lib/propal.lib.php"); -$user->getrights('propale'); - -if (!$user->rights->propale->lire) - accessforbidden(); - $langs->load('compta'); $langs->load('other'); -$propalid=empty($_GET['propalid']) ? 0 : intVal($_GET['propalid']); $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action']; +$propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; + +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'propale', $propalid, 'propal'); /* diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php index 6277da81405..b9c1eeeb30f 100644 --- a/htdocs/comm/propal/info.php +++ b/htdocs/comm/propal/info.php @@ -35,14 +35,10 @@ require_once(DOL_DOCUMENT_ROOT."/lib/propal.lib.php"); $langs->load('propal'); $langs->load('compta'); -$user->getrights('propale'); -if (! $user->rights->propale->lire) - accessforbidden(); +$propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; -if (! $_GET['propalid']) -{ - accessforbidden(); -} +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'propale', $propalid, 'propal'); /* diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 81c126ccb97..b9bd7bf927c 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -37,17 +37,10 @@ $langs->load('propal'); $langs->load('compta'); $langs->load('bills'); -$user->getrights('propale'); -if (!$user->rights->propale->lire) - accessforbidden(); +$propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; - -// Sécurité accés client -if ($user->societe_id > 0) -{ - unset($_GET['action']); - $socid = $user->societe_id; -} +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'propale', $propalid, 'propal'); /******************************************************************************/ /* Actions */