Fix: problme de droit d'accs, mise en place de la fonction restrictedArea
This commit is contained in:
Regis Houssin
parent
164dc8a577
commit
8e43e47126
File diff suppressed because it is too large
Load Diff
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -33,41 +34,18 @@ require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/commande/commande.class.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
|
||||
|
||||
if ($conf->projet->enabled) $langs->load("projects");
|
||||
$langs->load("projects");
|
||||
$langs->load("companies");
|
||||
$langs->load("orders");
|
||||
|
||||
$user->getrights('projet');
|
||||
|
||||
if (!$user->rights->projet->lire) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
$projetid='';
|
||||
if ($_GET["id"]) { $projetid=$_GET["id"]; }
|
||||
|
||||
if ($projetid == '') accessforbidden();
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($projetid)
|
||||
{
|
||||
$sql = "SELECT p.rowid, p.fk_soc";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
|
||||
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
|
||||
$sql.= " WHERE p.rowid = ".$projetid;
|
||||
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
if ($socid) $sql .= " AND p.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'projet', $projetid);
|
||||
|
||||
llxHeader("","../");
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -37,38 +38,14 @@ $langs->load("projects");
|
||||
$langs->load("companies");
|
||||
$langs->load("bills");
|
||||
|
||||
|
||||
$user->getrights('projet');
|
||||
|
||||
if (!$user->rights->projet->lire) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
$projetid='';
|
||||
if ($_GET["id"]) { $projetid=$_GET["id"]; }
|
||||
|
||||
if ($projetid == '') accessforbidden();
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($projetid)
|
||||
{
|
||||
$sql = "SELECT p.rowid, p.fk_soc";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
|
||||
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
|
||||
$sql.= " WHERE p.rowid = ".$projetid;
|
||||
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
if ($socid) $sql .= " AND p.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'projet', $projetid);
|
||||
|
||||
llxHeader("","../");
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -33,11 +34,6 @@ require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/commande/commande.class.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
|
||||
|
||||
if (!$user->rights->projet->lire) accessforbidden();
|
||||
|
||||
/*
|
||||
* Sécurité accés client
|
||||
*/
|
||||
$projetid='';
|
||||
if ($_GET["id"]) { $projetid=$_GET["id"]; }
|
||||
|
||||
@ -46,6 +42,7 @@ if ($projetid == '' && ($_GET['action'] != "create" && $_POST['action'] != "add"
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'projet', $projetid);
|
||||
|
||||
|
||||
if ($_POST["action"] == 'add' && $user->rights->projet->creer)
|
||||
{
|
||||
$pro = new Project($db);
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -37,37 +38,14 @@ $langs->load("projects");
|
||||
$langs->load("companies");
|
||||
$langs->load("propal");
|
||||
|
||||
$user->getrights('projet');
|
||||
|
||||
if (!$user->rights->projet->lire) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
$projetid='';
|
||||
if ($_GET["id"]) { $projetid=$_GET["id"]; }
|
||||
|
||||
if ($projetid == '') accessforbidden();
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($projetid)
|
||||
{
|
||||
$sql = "SELECT p.rowid, p.fk_soc";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
|
||||
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
|
||||
$sql.= " WHERE p.rowid = ".$projetid;
|
||||
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
|
||||
if ($socid) $sql .= " AND p.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'projet', $projetid);
|
||||
|
||||
llxHeader("","../");
|
||||
|
||||
|
||||
@ -30,37 +30,17 @@
|
||||
require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
|
||||
|
||||
$user->getrights('projet');
|
||||
|
||||
if (!$user->rights->projet->lire) accessforbidden();
|
||||
|
||||
/*
|
||||
* S<EFBFBD>curit<EFBFBD> acc<EFBFBD>s client
|
||||
* Securite acces client
|
||||
*/
|
||||
$projetid='';
|
||||
if ($_GET["id"]) { $projetid=$_GET["id"]; }
|
||||
|
||||
if ($projetid == '') accessforbidden();
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
// Sécurité d'accès client et commerciaux
|
||||
$socid = restrictedArea($user, 'projet', $projetid);
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($projetid && !$user->rights->commercial->client->voir)
|
||||
{
|
||||
$sql = "SELECT p.rowid, p.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
|
||||
$sql .= " WHERE p.rowid = ".$projetid;
|
||||
if (!$user->rights->commercial->client->voir) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
|
||||
if ($socid) $sql .= " AND p.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
Function PLines(&$inc, $parent, $lines, &$level, $tasksrole)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user