lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix permission test

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-24 17:24:23 +02:00
parent ca7b9efec2
commit 9a831e3249
5 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/asset/card.php
View File

@ -65,6 +65,9 @@ if (empty($action) && empty($id) && empty($ref)) $action = 'view';
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
$permissiontoread = $user->rights->asset->read;
$permissiontoadd = $user->rights->asset->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php

4
htdocs/asset/document.php
View File

@ -68,6 +68,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
//if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/packages/" . dol_sanitizeFileName($object->id);
if ($id > 0 || !empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/packages/".dol_sanitizeFileName($object->ref);

4
htdocs/asset/info.php
View File

@ -35,15 +35,17 @@ $action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id, '');
$result = restrictedArea($user, 'asset', $id);
$object = new Asset($db);
$object->fetch($id);
/*
* Actions
*/
// None
/*

5
htdocs/asset/list.php
View File

@ -73,12 +73,15 @@ if (!$sortorder) $sortorder = "ASC";
// Security check
$socid = 0;
if ($user->socid) $socid = $user->socid;
if ($user->socid > 0) // Protection if external user
{
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'asset', $id,'');
// Security check
$result = restrictedArea($user, 'asset', $id, '');
// Initialize array of search criterias
$search_all = GETPOST("search_all", 'alpha');

4
htdocs/asset/note.php
View File

@ -54,6 +54,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
if ($id > 0 || !empty($ref)) $upload_dir = $conf->asset->multidir_output[$object->entity]."/".$object->id;
// Security check
if (!empty($user->socid)) $socid = $user->socid;
$result = restrictedArea($user, 'asset', $id);
$permissionnote = 1;
//$permissionnote=$user->rights->asset->creer; // Used by the include of actions_setnotes.inc.php