lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #6365

Browse Source
This commit is contained in:
Laurent Destailleur 2017-02-03 11:42:49 +01:00
parent d740bdbc73
commit 76280f8ae2
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/api/class/api.class.php
View File

@ -171,9 +171,6 @@ class DolibarrApi
*/
static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
// For backward compatibility
if ($resource == 'member') $resource='adherent';
// Features/modules to check
$featuresarray = array($resource);
if (preg_match('/&/', $resource)) {
@ -188,7 +185,7 @@ class DolibarrApi
$feature2 = explode("|", $feature2);
}
return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray,$resource_id,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
return checkUserAccessToObject(DolibarrApiAccess::$user, $featuresarray, $resource_id, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
}
/**

5
htdocs/core/lib/security.lib.php
View File

@ -343,7 +343,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
* This function is also called by restrictedArea
*
* @param User $user User to check
* @param array $featuresarray Features/modules to check
* @param array $featuresarray Features/modules to check. Example: ('user','service')
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
@ -365,6 +365,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
{
$sql='';
// For backward compatibility
if ($feature == 'member') $feature='adherent';
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).