diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 7c4e9a76712..9cbfb403397 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1207,6 +1207,7 @@ class User extends CommonObject $sql .= " ".$this->db->prefix()."usergroup_user as gu,"; $sql .= " ".$this->db->prefix()."rights_def as r"; $sql .= " WHERE r.id = gr.fk_id"; + // A very strange business rules. Must be same than into user->getrights() user/perms.php and user/group/perms.php if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) { if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { $sql .= " AND gu.entity IN (0,".$conf->entity.")"; @@ -1215,12 +1216,13 @@ class User extends CommonObject } } else { $sql .= " AND gr.entity = ".((int) $conf->entity); // Only groups created in current entity - // The entity on the table usergroup_user should be useless and shoumd never be used because it is alreay into gr and r. + // The entity on the table usergroup_user should be useless and should never be used because it is alreay into gr and r. // but when using MULTICOMPANY_TRANSVERSE_MODE, we may insert record that make rubbish result due to duplicate record of // other entities, so we are forced to add a filter here $sql .= " AND gu.entity IN (0,".$conf->entity.")"; $sql .= " AND r.entity = ".((int) $conf->entity); // Only permission of modules enabled in current entity } + // End of strange business rule $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; $sql .= " AND gu.fk_user = ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL"; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 1cd094d882d..17bd708f2e0 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -216,13 +216,29 @@ if ($result) { dol_print_error($db); } -// Lecture des droits groupes +// Read the permissions of a user inherited by its groups $permsgroupbyentity = array(); -$sql = "SELECT DISTINCT gr.fk_id, gu.entity"; +$sql = "SELECT DISTINCT gr.fk_id, gu.entity"; // fk_id are permission id and entity is entity of the group $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; -$sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; -$sql .= " WHERE gr.entity = ".((int) $entity); +$sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; // all groups of a user +$sql .= " WHERE 1 = 1"; +// A very strange business rules. Must be same than into user->getrights() user/perms.php and user/group/perms.php +if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) { + if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= " AND gu.entity IN (0,".$conf->entity.")"; + } else { + //$sql .= " AND r.entity = ".((int) $conf->entity); + } +} else { + $sql .= " AND gr.entity = ".((int) $conf->entity); // Only groups created in current entity + // The entity on the table usergroup_user should be useless and should never be used because it is alreay into gr and r. + // but when using MULTICOMPANY_TRANSVERSE_MODE, we may insert record that make rubbish result due to duplicate record of + // other entities, so we are forced to add a filter here + $sql .= " AND gu.entity IN (0,".$conf->entity.")"; + //$sql .= " AND r.entity = ".((int) $conf->entity); // Only permission of modules enabled in current entity +} +// End of strange business rule $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; $sql .= " AND gu.fk_user = ".((int) $object->id); @@ -245,6 +261,7 @@ if ($result) { } + /* * Part to add/remove permissions */ @@ -496,6 +513,15 @@ if ($result) { $isexpanded = ! $ishidden; //var_dump("isexpanded=".$isexpanded); + $permsgroupbyentitypluszero = array(); + if (!empty($permsgroupbyentity[0])) { + $permsgroupbyentitypluszero = array_merge($permsgroupbyentitypluszero, $permsgroupbyentity[0]); + } + if (!empty($permsgroupbyentity[$entity])) { + $permsgroupbyentitypluszero = array_merge($permsgroupbyentitypluszero, $permsgroupbyentity[$entity]); + } + //var_dump($permsgroupbyentitypluszero); + // Break found, it's a new module to catch if (isset($obj->module) && ($oldmod <> $obj->module)) { $oldmod = $obj->module; @@ -603,8 +629,8 @@ if ($result) { //print img_picto($langs->trans("Active"), 'tick'); } print ''; - } elseif (isset($permsgroupbyentity[$entity]) && is_array($permsgroupbyentity[$entity])) { - if (in_array($obj->id, $permsgroupbyentity[$entity])) { // Permission granted by group + } elseif (isset($permsgroupbyentitypluszero) && is_array($permsgroupbyentitypluszero)) { + if (in_array($obj->id, $permsgroupbyentitypluszero)) { // Permission granted by group if ($caneditperms) { print ''; print $form->textwithtooltip($langs->trans("Inherited"), $langs->trans("PermissionInheritedFromAGroup"));