diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index f9f6efea8d5..437811d8e98 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -1639,14 +1639,14 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('(\.meta * * @param string $modulepart Module of document ('module', 'module_user_temp', 'module_user' or 'module_temp') * @param string $original_file Relative path with filename, relative to modulepart. - * @param string $entity Restrict onto entity + * @param string $entity Restrict onto entity (0=no restriction) * @param User $fuser User object (forced) * @param string $refname Ref of object to check permission for external users (autodetect if not provided) * @param string $more Check permission for 'read' or 'write' * @return mixed Array with access information : 'accessallowed' & 'sqlprotectagainstexternals' & 'original_file' (as a full path name) * @see restrictedArea */ -function dol_check_secure_access_document($modulepart,$original_file,$entity,$fuser='',$refname='',$mode='read') +function dol_check_secure_access_document($modulepart, $original_file, $entity, $fuser='', $refname='', $mode='read') { global $user, $conf, $db; global $dolibarr_main_data_root; @@ -1666,6 +1666,13 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu $relative_original_file = $original_file; + // Define possible keys to use for permission check + $lire='lire'; $read='read'; $download='download'; + if ($mode == 'write') + { + $lire='creer'; $read='write'; $download='upload'; + } + // Wrapping for some images if (($modulepart == 'mycompany' || $modulepart == 'companylogo') && !empty($conf->mycompany->dir_output)) { @@ -1687,125 +1694,125 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les apercu factures elseif ($modulepart == 'apercufacture' && !empty($conf->facture->dir_output)) { - if ($fuser->rights->facture->lire) $accessallowed=1; + if ($fuser->rights->facture->{$lire}) $accessallowed=1; $original_file=$conf->facture->dir_output.'/'.$original_file; } // Wrapping pour les apercu propal elseif ($modulepart == 'apercupropal' && !empty($conf->propal->dir_output)) { - if ($fuser->rights->propale->lire) $accessallowed=1; + if ($fuser->rights->propale->{$lire}) $accessallowed=1; $original_file=$conf->propal->dir_output.'/'.$original_file; } // Wrapping pour les apercu commande elseif ($modulepart == 'apercucommande' && !empty($conf->commande->dir_output)) { - if ($fuser->rights->commande->lire) $accessallowed=1; + if ($fuser->rights->commande->{$lire}) $accessallowed=1; $original_file=$conf->commande->dir_output.'/'.$original_file; } // Wrapping pour les apercu intervention elseif (($modulepart == 'apercufichinter' || $modulepart == 'apercuficheinter') && !empty($conf->ficheinter->dir_output)) { - if ($fuser->rights->ficheinter->lire) $accessallowed=1; + if ($fuser->rights->ficheinter->{$lire}) $accessallowed=1; $original_file=$conf->ficheinter->dir_output.'/'.$original_file; } // Wrapping pour les apercu conat elseif (($modulepart == 'apercucontract') && !empty($conf->contrat->dir_output)) { - if ($fuser->rights->contrat->lire) $accessallowed=1; + if ($fuser->rights->contrat->{$lire}) $accessallowed=1; $original_file=$conf->contrat->dir_output.'/'.$original_file; } // Wrapping pour les apercu supplier proposal elseif (($modulepart == 'apercusupplier_proposal' || $modulepart == 'apercusupplier_proposal') && !empty($conf->supplier_proposal->dir_output)) { - if ($fuser->rights->supplier_proposal->lire) $accessallowed=1; + if ($fuser->rights->supplier_proposal->{$lire}) $accessallowed=1; $original_file=$conf->supplier_proposal->dir_output.'/'.$original_file; } // Wrapping pour les apercu supplier order elseif (($modulepart == 'apercusupplier_order' || $modulepart == 'apercusupplier_order') && !empty($conf->fournisseur->commande->dir_output)) { - if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1; + if ($fuser->rights->fournisseur->commande->{$lire}) $accessallowed=1; $original_file=$conf->fournisseur->commande->dir_output.'/'.$original_file; } // Wrapping pour les apercu supplier invoice elseif (($modulepart == 'apercusupplier_invoice' || $modulepart == 'apercusupplier_invoice') && !empty($conf->fournisseur->facture->dir_output)) { - if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1; + if ($fuser->rights->fournisseur->facture->{$lire}) $accessallowed=1; $original_file=$conf->fournisseur->facture->dir_output.'/'.$original_file; } // Wrapping pour les images des stats propales elseif ($modulepart == 'propalstats' && !empty($conf->propal->dir_temp)) { - if ($fuser->rights->propale->lire) $accessallowed=1; + if ($fuser->rights->propale->{$lire}) $accessallowed=1; $original_file=$conf->propal->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats commandes elseif ($modulepart == 'orderstats' && !empty($conf->commande->dir_temp)) { - if ($fuser->rights->commande->lire) $accessallowed=1; + if ($fuser->rights->commande->{$lire}) $accessallowed=1; $original_file=$conf->commande->dir_temp.'/'.$original_file; } elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) { - if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1; + if ($fuser->rights->fournisseur->commande->{$lire}) $accessallowed=1; $original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file; } // Wrapping pour les images des stats factures elseif ($modulepart == 'billstats' && !empty($conf->facture->dir_temp)) { - if ($fuser->rights->facture->lire) $accessallowed=1; + if ($fuser->rights->facture->{$lire}) $accessallowed=1; $original_file=$conf->facture->dir_temp.'/'.$original_file; } elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) { - if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1; + if ($fuser->rights->fournisseur->facture->{$lire}) $accessallowed=1; $original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file; } // Wrapping pour les images des stats expeditions elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) { - if ($fuser->rights->expedition->lire) $accessallowed=1; + if ($fuser->rights->expedition->{$lire}) $accessallowed=1; $original_file=$conf->expedition->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats expeditions elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) { - if ($fuser->rights->deplacement->lire) $accessallowed=1; + if ($fuser->rights->deplacement->{$lire}) $accessallowed=1; $original_file=$conf->deplacement->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats expeditions elseif ($modulepart == 'memberstats' && !empty($conf->adherent->dir_temp)) { - if ($fuser->rights->adherent->lire) $accessallowed=1; + if ($fuser->rights->adherent->{$lire}) $accessallowed=1; $original_file=$conf->adherent->dir_temp.'/'.$original_file; } // Wrapping pour les images des stats produits elseif (preg_match('/^productstats_/i',$modulepart) && !empty($conf->product->dir_temp)) { - if ($fuser->rights->produit->lire || $fuser->rights->service->lire) $accessallowed=1; + if ($fuser->rights->produit->{$lire} || $fuser->rights->service->{$lire}) $accessallowed=1; $original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file; } // Wrapping for taxes elseif ($modulepart == 'tax' && !empty($conf->tax->dir_output)) { - if ($fuser->rights->tax->charges->lire) $accessallowed=1; + if ($fuser->rights->tax->charges->{$lire}) $accessallowed=1; $original_file=$conf->tax->dir_output.'/'.$original_file; } // Wrapping for events elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) { - if ($fuser->rights->agenda->myactions->read) $accessallowed=1; + if ($fuser->rights->agenda->myactions->{$read}) $accessallowed=1; $original_file=$conf->agenda->dir_output.'/'.$original_file; } // Wrapping for categories elseif ($modulepart == 'category' && !empty($conf->categorie->dir_output)) { - if ($fuser->rights->categorie->lire) $accessallowed=1; + if ($fuser->rights->categorie->{$lire}) $accessallowed=1; $original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file; } // Wrapping pour les prelevements elseif ($modulepart == 'prelevement' && !empty($conf->prelevement->dir_output)) { - if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file)) $accessallowed=1; + if ($fuser->rights->prelevement->bons->{$lire} || preg_match('/^specimen/i',$original_file)) $accessallowed=1; $original_file=$conf->prelevement->dir_output.'/'.$original_file; } // Wrapping pour les graph energie @@ -1856,7 +1863,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for users else if ($modulepart == 'user' && !empty($conf->user->dir_output)) { - $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->lire); + $canreaduser=(! empty($fuser->admin) || $fuser->rights->user->user->{$lire}); if ($fuser->id == (int) $refname) { $canreaduser=1; } // A user can always read its own card if ($canreaduser || preg_match('/^specimen/i',$original_file)) { @@ -1868,7 +1875,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for third parties else if (($modulepart == 'company' || $modulepart == 'societe') && !empty($conf->societe->dir_output)) { - if ($fuser->rights->societe->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->societe->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1879,7 +1886,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for contact else if ($modulepart == 'contact' && !empty($conf->societe->dir_output)) { - if ($fuser->rights->societe->lire) + if ($fuser->rights->societe->{$lire}) { $accessallowed=1; } @@ -1889,7 +1896,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for invoices else if (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->facture->dir_output)) { - if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1899,7 +1906,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for mass actions else if ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->dir_output)) { - if ($fuser->rights->propal->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->propal->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1907,7 +1914,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_orders') { - if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->commande->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1915,7 +1922,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_invoices') { - if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1923,7 +1930,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_expensereport') { - if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1931,7 +1938,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_interventions') { - if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->ficheinter->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1939,7 +1946,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_supplier_proposal' && !empty($conf->propal->dir_output)) { - if ($fuser->rights->supplier_proposal->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->supplier_proposal->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1947,7 +1954,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_supplier_order') { - if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->fournisseur->commande->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1955,7 +1962,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'massfilesarea_supplier_invoice') { - if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1965,7 +1972,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for interventions else if (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) { - if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->ficheinter->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1976,7 +1983,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les deplacements et notes de frais else if ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) { - if ($fuser->rights->deplacement->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->deplacement->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1986,7 +1993,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les propales else if ($modulepart == 'propal' && !empty($conf->propal->dir_output)) { - if ($fuser->rights->propale->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->propale->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -1998,7 +2005,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les commandes else if (($modulepart == 'commande' || $modulepart == 'order') && !empty($conf->commande->dir_output)) { - if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->commande->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2009,7 +2016,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les projets else if ($modulepart == 'project' && !empty($conf->projet->dir_output)) { - if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2018,7 +2025,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu } else if ($modulepart == 'project_task' && !empty($conf->projet->dir_output)) { - if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2029,7 +2036,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les commandes fournisseurs else if (($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') && !empty($conf->fournisseur->commande->dir_output)) { - if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->fournisseur->commande->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2040,7 +2047,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les factures fournisseurs else if (($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') && !empty($conf->fournisseur->facture->dir_output)) { - if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2050,7 +2057,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les rapport de paiements else if ($modulepart == 'supplier_payment') { - if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2061,7 +2068,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les rapport de paiements else if ($modulepart == 'facture_paiement' && !empty($conf->facture->dir_output)) { - if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2082,7 +2089,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les expedition else if ($modulepart == 'expedition' && !empty($conf->expedition->dir_output)) { - if ($fuser->rights->expedition->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->expedition->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2091,7 +2098,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les bons de livraison else if ($modulepart == 'livraison' && !empty($conf->expedition->dir_output)) { - if ($fuser->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->expedition->livraison->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2101,7 +2108,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les actions else if ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) { - if ($fuser->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->agenda->myactions->{$read} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2111,7 +2118,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les actions else if ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) { - if ($fuser->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->agenda->allactions->{$read} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2121,7 +2128,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les produits et services else if ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service' || $modulepart == 'produit|service') { - if (($fuser->rights->produit->lire || $fuser->rights->service->lire) || preg_match('/^specimen/i',$original_file)) + if (($fuser->rights->produit->{$lire} || $fuser->rights->service->{$lire}) || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2132,7 +2139,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les contrats else if ($modulepart == 'contract' && !empty($conf->contrat->dir_output)) { - if ($fuser->rights->contrat->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->contrat->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2143,7 +2150,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les dons else if ($modulepart == 'donation' && !empty($conf->don->dir_output)) { - if ($fuser->rights->don->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->don->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2153,7 +2160,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour les remises de cheques else if ($modulepart == 'remisecheque' && !empty($conf->banque->dir_output)) { - if ($fuser->rights->banque->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->banque->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2164,7 +2171,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping for bank else if ($modulepart == 'bank' && !empty($conf->bank->dir_output)) { - if ($fuser->rights->banque->lire) + if ($fuser->rights->banque->{$lire}) { $accessallowed=1; } @@ -2227,7 +2234,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // Wrapping pour Foundation module else if ($modulepart == 'member' && !empty($conf->adherent->dir_output)) { - if ($fuser->rights->adherent->lire || preg_match('/^specimen/i',$original_file)) + if ($fuser->rights->adherent->{$lire} || preg_match('/^specimen/i',$original_file)) { $accessallowed=1; } @@ -2248,12 +2255,6 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity,$fu // If modulepart=module Allows any module to open a file if file is in directory called DOL_DATA_ROOT/modulepart else { - $lire='lire'; $read='read'; $download='download'; - if ($mode == 'write') - { - $lire='creer'; $read='write'; $download='upload'; - } - if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a file called specimen. Test must be done before changing $original_file int full path. if ($fuser->admin) $accessallowed=1; // If user is admin diff --git a/test/phpunit/FilesLibTest.php b/test/phpunit/FilesLibTest.php index ddfcb8ed217..819c44216fe 100644 --- a/test/phpunit/FilesLibTest.php +++ b/test/phpunit/FilesLibTest.php @@ -434,9 +434,48 @@ class FilesLibTest extends PHPUnit_Framework_TestCase //$dummyuser=new User($db); //$result=restrictedArea($dummyuser,'societe'); + + $user->rights->facture->lire = 0; + $user->rights->facture->creer = 0; + $filename='SPECIMEN.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'read'); + $this->assertEquals(1,$result['accessallowed']); + + + // Check read permission + $user->rights->facture->lire = 1; + $user->rights->facture->creer = 1; + $filename='FA010101/FA010101.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'read'); + $this->assertEquals(1,$result['accessallowed']); + + $user->rights->facture->lire = 0; + $user->rights->facture->creer = 0; + $filename='FA010101/FA010101.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'read'); + $this->assertEquals(0,$result['accessallowed']); + + // Check write permission + $user->rights->facture->lire = 0; + $user->rights->facture->creer = 0; + $filename='FA010101/FA010101.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'write'); + var_dump($result); + $this->assertEquals(0,$result['accessallowed']); + + $user->rights->facture->lire = 1; + $user->rights->facture->creer = 1; + $filename='FA010101/FA010101.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'write'); + var_dump($result); + $this->assertEquals(1,$result['accessallowed']); - //$result=dol_check_secure_access_document($user,'societe'); - //$this->assertEquals(1,$result); + $user->rights->facture->lire = 1; + $user->rights->facture->creer = 0; + $filename='FA010101/FA010101.pdf'; // Filename relative to module part + $result=dol_check_secure_access_document('facture', $filename, 0, '', '', 'write'); + var_dump($result); + $this->assertEquals(0,$result['accessallowed']); } - + }