lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX A user may read holiday and expense report without permissions

Browse Source
This commit is contained in:
Laurent Destailleur 2019-06-18 16:04:25 +02:00
parent 6e9874b95a
commit 81bca34a08
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/expensereport/list.php
View File

@ -58,8 +58,8 @@ if ($id > 0)
{
$canread=0;
if ($id == $user->id) $canread=1;
if (! empty($user->rights->holiday->read_all)) $canread=1;
if (! empty($user->rights->holiday->read) && in_array($id, $childids)) $canread=1;
if (! empty($user->rights->expensereport->readall)) $canread=1;
if (! empty($user->rights->expensereport->lire) && in_array($id, $childids)) $canread=1;
if (! $canread)
{
accessforbidden();