Fix: Permissions for click2dial tab

2012-06-16 00:07:24 +02:00 · 2012-06-16 00:07:24 +02:00 · 7e46ddd5b0
commit 7e46ddd5b0
parent 81eadcd426
2 changed files with 4 additions and 3 deletions
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@ -90,7 +90,7 @@ function dol_hash($chain,$type=0)
 *	@param	User	$user      	  	User to check
 *	@param  string	$features	    Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
 *	@param  int		$objectid      	Object ID if we want to check permission on a particular record (optionnal)
- *	@param  string	$dbtablename    Table name where object is stored. Not used if objectid is null (optionnal)
+ *	@param  string	$dbtablename    'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
 *	@param  string	$feature2		Feature to check, second level of permission (optionnal)
 *  @param  string	$dbt_keyfield   Field name for socid foreign key if not fk_soc (optionnal)
 *  @param  string	$dbt_select     Field name for select if not rowid (optionnal)
--- a/htdocs/user/clicktodial.php
+++ b/htdocs/user/clicktodial.php
@ -34,11 +34,12 @@ $id=GETPOST('id','int');
 $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
 $feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
-if ($user->id == $_GET["id"])	// A user can always read its own card
+if ($user->id == $id)	// A user can always read its own card
 {
 	$feature2='';
 }
-$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
+$result = restrictedArea($user, $feature, $id, '&user', $feature2);
+

 /*
 * Actions