lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sec: Securit sur gestion adhrents incomplete

Browse Source
This commit is contained in:
Laurent Destailleur 2007-05-26 15:36:46 +00:00
parent f0701769c3
commit 846bf38c1f
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/adherents/fiche.php
View File

@ -96,7 +96,7 @@ if ($_POST["action"] == 'confirm_sendinfo' && $_POST["confirm"] == 'yes')
}
}
if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
if ($user->rights->adherent->creer && $_REQUEST["action"] == 'update' && ! $_POST["cancel"])
{
$datenaiss='';
if (isset($_POST["naissday"]) && $_POST["naissday"]
@ -183,7 +183,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
}
}
if ($_POST["action"] == 'add')
if ($user->rights->adherent->creer && $_POST["action"] == 'add')
{
$datenaiss='';
if (isset($_POST["naissday"]) && $_POST["naissday"]
@ -350,7 +350,7 @@ if ($_POST["action"] == 'add')
}
}
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
$result=$adh->delete($rowid);
@ -365,7 +365,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
$result=$adh->validate($user);
@ -418,7 +418,7 @@ if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
$result=$adh->resiliate($user);
@ -459,7 +459,7 @@ if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
$adht = new AdherentType($db);
@ -476,7 +476,7 @@ if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
$adht = new AdherentType($db);
@ -493,7 +493,7 @@ if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
if ($result >= 0 && ! sizeof($adh->errors))
@ -504,7 +504,7 @@ if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
}
}
if ($_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
{
$result=$adh->fetch($rowid);
if ($result >= 0 && ! sizeof($adh->errors))

15
htdocs/adherents/liste.php
View File

@ -34,6 +34,8 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
$langs->load("members");
$langs->load("companies");
$user->getrights('adherent');
/*
* Affiche liste
@ -231,9 +233,16 @@ if ($result)
// Actions
print '<td align="center">';
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>&nbsp;";
print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
print "</td>";
if ($user->rights->adherent->creer)
{
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>";
}
print '&nbsp;';
if ($user->rights->adherent->supprimer)
{
print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
}
print "</td>";
print "</tr>\n";
$i++;