Sec: Securit sur gestion adhrents incomplete
This commit is contained in:
parent
f0701769c3
commit
846bf38c1f
@ -96,7 +96,7 @@ if ($_POST["action"] == 'confirm_sendinfo' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
|
||||
if ($user->rights->adherent->creer && $_REQUEST["action"] == 'update' && ! $_POST["cancel"])
|
||||
{
|
||||
$datenaiss='';
|
||||
if (isset($_POST["naissday"]) && $_POST["naissday"]
|
||||
@ -183,7 +183,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'add')
|
||||
if ($user->rights->adherent->creer && $_POST["action"] == 'add')
|
||||
{
|
||||
$datenaiss='';
|
||||
if (isset($_POST["naissday"]) && $_POST["naissday"]
|
||||
@ -350,7 +350,7 @@ if ($_POST["action"] == 'add')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
$result=$adh->delete($rowid);
|
||||
@ -365,7 +365,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
$result=$adh->validate($user);
|
||||
@ -418,7 +418,7 @@ if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
$result=$adh->resiliate($user);
|
||||
@ -459,7 +459,7 @@ if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
$adht = new AdherentType($db);
|
||||
@ -476,7 +476,7 @@ if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
$adht = new AdherentType($db);
|
||||
@ -493,7 +493,7 @@ if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
if ($result >= 0 && ! sizeof($adh->errors))
|
||||
@ -504,7 +504,7 @@ if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
|
||||
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
|
||||
{
|
||||
$result=$adh->fetch($rowid);
|
||||
if ($result >= 0 && ! sizeof($adh->errors))
|
||||
|
||||
@ -34,6 +34,8 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
|
||||
$langs->load("members");
|
||||
$langs->load("companies");
|
||||
|
||||
$user->getrights('adherent');
|
||||
|
||||
|
||||
/*
|
||||
* Affiche liste
|
||||
@ -231,9 +233,16 @@ if ($result)
|
||||
|
||||
// Actions
|
||||
print '<td align="center">';
|
||||
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a> ";
|
||||
print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
|
||||
print "</td>";
|
||||
if ($user->rights->adherent->creer)
|
||||
{
|
||||
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>";
|
||||
}
|
||||
print ' ';
|
||||
if ($user->rights->adherent->supprimer)
|
||||
{
|
||||
print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
|
||||
}
|
||||
print "</td>";
|
||||
|
||||
print "</tr>\n";
|
||||
$i++;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user