lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix permissions

Browse Source
This commit is contained in:
Laurent Destailleur 2021-05-06 11:25:46 +02:00
parent 644079ff00
commit 6f4e151b91
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
htdocs/user/list.php
View File

@ -181,8 +181,15 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
$error = 0;
if (!$user->rights->user->user->lire && !$user->admin) {
accessforbidden();
// Permission to list
if ($mode == 'employee') {
if (empty($user->rights->salaries->read)) {
accessforbidden();
}
} else {
if (!$user->rights->user->user->lire && !$user->admin) {
accessforbidden();
}
}
$childids = $user->getAllChildIds(1);
@ -411,7 +418,7 @@ if ($search_categ == -2) {
$sql .= " AND cu.fk_categorie IS NULL";
}
if ($mode == 'employee' && empty($user->rights->salaries->readall)) {
$sql .= " AND u.fk_user IN (".$db->sanitize(join(',', $childids)).")";
$sql .= " AND u.rowid IN (".$db->sanitize(join(',', $childids)).")";
}
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';