Fix: Pb for a user to read its own card.
This commit is contained in:
Laurent Destailleur
parent
d9f32e729f
commit
8cc8844ed1
@ -59,6 +59,7 @@ print "<br>";
|
||||
print $langs->trans("SetupDescription2")."<br>";
|
||||
|
||||
print "<br>";
|
||||
print '<hr style="color: #DDDDDD;">';
|
||||
print img_picto('','puce').' '.$langs->trans("SetupDescription3")."<br>";
|
||||
//print '<br>';
|
||||
print '<hr style="color: #DDDDDD;">';
|
||||
@ -66,6 +67,7 @@ print img_picto('','puce').' '.$langs->trans("SetupDescription4")."<br>";
|
||||
//print '<br>';
|
||||
print '<hr style="color: #DDDDDD;">';
|
||||
print img_picto('','puce').' '.$langs->trans("SetupDescription5")."<br>";
|
||||
print '<hr style="color: #DDDDDD;">';
|
||||
print "<br>";
|
||||
|
||||
/*
|
||||
|
||||
@ -29,8 +29,15 @@ require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php");
|
||||
$langs->load("users");
|
||||
$langs->load("admin");
|
||||
|
||||
$form = new Form($db);
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -53,6 +60,8 @@ if ($_POST["action"] == 'update' && ! $_POST['cancel'])
|
||||
* View
|
||||
*/
|
||||
|
||||
$form = new Form($db);
|
||||
|
||||
llxHeader("","ClickToDial");
|
||||
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ if ($conf->adherent->enabled) require_once(DOL_DOCUMENT_ROOT."/adherents/adheren
|
||||
|
||||
// Define value to know what current user can do on users
|
||||
$canadduser=($user->admin || $user->rights->user->user->creer);
|
||||
$canreadperms=($user->admin || $user->rights->user->user->lire);
|
||||
$canreaduser=($user->admin || $user->rights->user->user->lire);
|
||||
$caneditperms=($user->admin || $user->rights->user->user->creer);
|
||||
$candisableperms=($user->admin || $user->rights->user->user->supprimer);
|
||||
// Define value to know what current user can do on properties of edited user
|
||||
@ -54,8 +54,13 @@ if ($_GET["id"])
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
$canreaduser=1;
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
if ($user->id <> $_GET["id"] && ! $canreadperms) accessforbidden();
|
||||
if ($user->id <> $_GET["id"] && ! $canreaduser) accessforbidden();
|
||||
|
||||
$langs->load("users");
|
||||
$langs->load("companies");
|
||||
@ -1225,7 +1230,7 @@ else
|
||||
|
||||
print "<tr ".$bc[$var].">";
|
||||
print '<td>';
|
||||
if ($canreadperms)
|
||||
if ($canreaduser)
|
||||
{
|
||||
print '<a href="'.DOL_URL_ROOT.'/user/group/fiche.php?id='.$group->id.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$group->nom.'</a>';
|
||||
}
|
||||
|
||||
@ -18,22 +18,25 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/user/home.php
|
||||
\brief Page acceuil de la zone utilisateurs et groupes
|
||||
\version $Id$
|
||||
*/
|
||||
* \file htdocs/user/home.php
|
||||
* \brief Page acceuil de la zone utilisateurs et groupes
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
require("./pre.inc.php");
|
||||
|
||||
if (! $user->rights->user->user->lire && !$user->admin)
|
||||
{
|
||||
// Redirection vers la page de l'utilisateur
|
||||
Header("Location: fiche.php?id=".$user->id);
|
||||
// Redirection vers la page de l'utilisateur
|
||||
Header("Location: fiche.php?id=".$user->id);
|
||||
}
|
||||
|
||||
$langs->load("users");
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
*/
|
||||
|
||||
llxHeader();
|
||||
|
||||
@ -73,7 +76,7 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
|
||||
|
||||
|
||||
/*
|
||||
* Derniers utilisateurs créés
|
||||
* Derniers utilisateurs crees
|
||||
*/
|
||||
$max=10;
|
||||
|
||||
@ -88,56 +91,56 @@ $sql.= " DESC limit $max";
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
$num = $db->num_rows($resql);
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre"><td colspan="4">'.$langs->trans("LastUsersCreated",min($num,$max)).'</td></tr>';
|
||||
$var = true;
|
||||
$i = 0;
|
||||
$num = $db->num_rows($resql);
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre"><td colspan="4">'.$langs->trans("LastUsersCreated",min($num,$max)).'</td></tr>';
|
||||
$var = true;
|
||||
$i = 0;
|
||||
|
||||
while ($i < $num && $i < $max)
|
||||
{
|
||||
$obj = $db->fetch_object($resql);
|
||||
$var=!$var;
|
||||
while ($i < $num && $i < $max)
|
||||
{
|
||||
$obj = $db->fetch_object($resql);
|
||||
$var=!$var;
|
||||
|
||||
print "<tr $bc[$var]>";
|
||||
print "<td><a href=\"".DOL_URL_ROOT."/user/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowUser"),"user")." ".$obj->firstname." ".$obj->name."</a>";
|
||||
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
|
||||
{
|
||||
print img_redstar($langs->trans("SuperAdministrator"));
|
||||
}
|
||||
else if ($obj->admin)
|
||||
{
|
||||
print img_picto($langs->trans("Administrator"),'star');
|
||||
}
|
||||
print "</td>";
|
||||
print "<td align=\"left\">".$obj->login.'</td>';
|
||||
print "<td>";
|
||||
if ($obj->fk_societe)
|
||||
{
|
||||
print '<a href="'.DOL_URL_ROOT.'/soc.php?socid='.$obj->fk_societe.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
|
||||
}
|
||||
else if ($obj->ldap_sid)
|
||||
{
|
||||
print $langs->trans("DomainUser");
|
||||
}
|
||||
else print $langs->trans("InternalUser");
|
||||
print '</td>';
|
||||
print "<td align=\"right\">".dol_print_date($obj->datec,'dayhour')."</td>";
|
||||
print '</tr>';
|
||||
$i++;
|
||||
}
|
||||
print "</table><br>";
|
||||
print "<tr $bc[$var]>";
|
||||
print "<td><a href=\"".DOL_URL_ROOT."/user/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowUser"),"user")." ".$obj->firstname." ".$obj->name."</a>";
|
||||
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
|
||||
{
|
||||
print img_redstar($langs->trans("SuperAdministrator"));
|
||||
}
|
||||
else if ($obj->admin)
|
||||
{
|
||||
print img_picto($langs->trans("Administrator"),'star');
|
||||
}
|
||||
print "</td>";
|
||||
print "<td align=\"left\">".$obj->login.'</td>';
|
||||
print "<td>";
|
||||
if ($obj->fk_societe)
|
||||
{
|
||||
print '<a href="'.DOL_URL_ROOT.'/soc.php?socid='.$obj->fk_societe.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
|
||||
}
|
||||
else if ($obj->ldap_sid)
|
||||
{
|
||||
print $langs->trans("DomainUser");
|
||||
}
|
||||
else print $langs->trans("InternalUser");
|
||||
print '</td>';
|
||||
print "<td align=\"right\">".dol_print_date($obj->datec,'dayhour')."</td>";
|
||||
print '</tr>';
|
||||
$i++;
|
||||
}
|
||||
print "</table><br>";
|
||||
|
||||
$db->free($resql);
|
||||
$db->free($resql);
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
dol_print_error($db);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Derniers groupes créés
|
||||
* Derniers groupes cr<EFBFBD><EFBFBD>s
|
||||
*/
|
||||
$max=5;
|
||||
|
||||
@ -149,35 +152,35 @@ if ($max) $sql.= " LIMIT $max";
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
$num = $db->num_rows();
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("LastGroupsCreated",($num ? $num : $max)).'</td></tr>';
|
||||
$var = true;
|
||||
$i = 0;
|
||||
$num = $db->num_rows();
|
||||
print '<table class="noborder" width="100%">';
|
||||
print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("LastGroupsCreated",($num ? $num : $max)).'</td></tr>';
|
||||
$var = true;
|
||||
$i = 0;
|
||||
|
||||
while ($i < $num && (! $max || $i < $max))
|
||||
{
|
||||
$obj = $db->fetch_object();
|
||||
$var=!$var;
|
||||
while ($i < $num && (! $max || $i < $max))
|
||||
{
|
||||
$obj = $db->fetch_object();
|
||||
$var=!$var;
|
||||
|
||||
print "<tr $bc[$var]>";
|
||||
print '<td><a href="'.DOL_URL_ROOT.'/user/group/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';
|
||||
if (!$obj->entity)
|
||||
{
|
||||
print img_picto($langs->trans("GlobalGroup"),'redstar');
|
||||
}
|
||||
print "</td>";
|
||||
print "<td width=\"80\" align=\"center\">".dol_print_date($obj->datec)."</td>";
|
||||
print "</tr>";
|
||||
$i++;
|
||||
}
|
||||
print "</table><br>";
|
||||
print "<tr $bc[$var]>";
|
||||
print '<td><a href="'.DOL_URL_ROOT.'/user/group/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';
|
||||
if (!$obj->entity)
|
||||
{
|
||||
print img_picto($langs->trans("GlobalGroup"),'redstar');
|
||||
}
|
||||
print "</td>";
|
||||
print "<td width=\"80\" align=\"center\">".dol_print_date($obj->datec)."</td>";
|
||||
print "</tr>";
|
||||
$i++;
|
||||
}
|
||||
print "</table><br>";
|
||||
|
||||
$db->free();
|
||||
$db->free();
|
||||
}
|
||||
else
|
||||
{
|
||||
dol_print_error($db);
|
||||
dol_print_error($db);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -17,10 +17,10 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/user/info.php
|
||||
\ingroup core
|
||||
\brief Page des informations d'un utilisateur
|
||||
\version $Id$
|
||||
* \file htdocs/user/info.php
|
||||
* \ingroup core
|
||||
* \brief Page des informations d'un utilisateur
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
require("./pre.inc.php");
|
||||
@ -40,6 +40,10 @@ $fuser->fetch();
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
|
||||
// If user is not user read and no permission to read other users, we stop
|
||||
|
||||
@ -41,6 +41,10 @@ $contactid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
|
||||
$fuser = new User($db, $_GET["id"]);
|
||||
|
||||
@ -15,16 +15,14 @@
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*
|
||||
* $Id$
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/user/note.php
|
||||
\ingroup usergroup
|
||||
\brief Fiche de notes sur un utilisateur Dolibarr
|
||||
\version $Revision$
|
||||
*/
|
||||
* \file htdocs/user/note.php
|
||||
* \ingroup usergroup
|
||||
* \brief Fiche de notes sur un utilisateur Dolibarr
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT.'/lib/usergroups.lib.php');
|
||||
@ -45,11 +43,15 @@ $fuser->fetch();
|
||||
// If user is not user read and no permission to read other users, we stop
|
||||
if (($fuser->id != $user->id) && (! $user->rights->user->user->lire))
|
||||
accessforbidden();
|
||||
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
|
||||
|
||||
|
||||
@ -17,10 +17,10 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/user/param_ihm.php
|
||||
\brief Onglet parametrage de la fiche utilisateur
|
||||
\version $Id$
|
||||
*/
|
||||
* \file htdocs/user/param_ihm.php
|
||||
* \brief Onglet parametrage de la fiche utilisateur
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php");
|
||||
@ -33,11 +33,11 @@ $langs->load("admin");
|
||||
$langs->load("users");
|
||||
|
||||
// Defini si peux lire/modifier permisssions
|
||||
$canreadperms=($user->admin || $user->rights->user->user->lire);
|
||||
$canreaduser=($user->admin || $user->rights->user->user->lire);
|
||||
|
||||
if ($_REQUEST["id"])
|
||||
{
|
||||
// $user est le user qui edite, $_REQUEST["id"] est l'id de l'utilisateur edité
|
||||
// $user est le user qui edite, $_REQUEST["id"] est l'id de l'utilisateur edit<EFBFBD>
|
||||
$caneditfield=( (($user->id == $_REQUEST["id"]) && $user->rights->user->self->creer)
|
||||
|| (($user->id != $_REQUEST["id"]) && $user->rights->user->user->creer));
|
||||
}
|
||||
@ -46,8 +46,13 @@ if ($_REQUEST["id"])
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
$canreaduser=1;
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
if ($user->id <> $_REQUEST["id"] && ! $canreadperms) accessforbidden();
|
||||
if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden();
|
||||
|
||||
|
||||
$id=isset($_GET["id"])?$_GET["id"]:$_POST["id"];
|
||||
@ -55,12 +60,12 @@ $dirtop = "../includes/menus/barre_top";
|
||||
$dirleft = "../includes/menus/barre_left";
|
||||
$dirtheme = "../theme";
|
||||
|
||||
// Charge utilisateur edité
|
||||
// Charge utilisateur edit<EFBFBD>
|
||||
$fuser = new User($db, $id);
|
||||
$fuser->fetch();
|
||||
$fuser->getrights();
|
||||
|
||||
// Liste des zone de recherche permanantes supportées
|
||||
// Liste des zone de recherche permanantes support<EFBFBD>es
|
||||
$searchform=array("main_searchform_societe","main_searchform_contact","main_searchform_produitservice");
|
||||
$searchformconst=array($conf->global->MAIN_SEARCHFORM_SOCIETE,$conf->global->MAIN_SEARCHFORM_CONTACT,$conf->global->MAIN_SEARCHFORM_PRODUITSERVICE);
|
||||
$searchformtitle=array($langs->trans("Companies"),$langs->trans("Contacts"),$langs->trans("ProductsAndServices"));
|
||||
@ -227,7 +232,7 @@ else
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($caneditfield || $user->admin) // Si utilisateur édité = utilisateur courant ayant les droits de créer ou admin
|
||||
if ($caneditfield || $user->admin) // Si utilisateur <EFBFBD>dit<EFBFBD> = utilisateur courant ayant les droits de cr<63>er ou admin
|
||||
{
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?action=edit&id='.$_GET["id"].'">'.$langs->trans("Modify").'</a>';
|
||||
}
|
||||
|
||||
@ -36,6 +36,8 @@ $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"];
|
||||
|
||||
if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden();
|
||||
|
||||
// Defini si peux lire/modifier permisssions
|
||||
$canreaduser=($user->admin || $user->rights->user->user->lire);
|
||||
|
||||
// Defini si peux modifier utilisateurs et permisssions
|
||||
$caneditperms=($user->admin || $user->rights->user->user->creer);
|
||||
@ -44,8 +46,13 @@ $caneditperms=($user->admin || $user->rights->user->user->creer);
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||
{
|
||||
$feature2='';
|
||||
$canreaduser=1;
|
||||
}
|
||||
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
|
||||
if ($user->id <> $_REQUEST["id"] && ! $canreadperms) accessforbidden();
|
||||
if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden();
|
||||
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user