lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX Permission in list of holiday

Browse Source
This commit is contained in:
Laurent Destailleur 2018-03-20 14:31:33 +01:00
parent ca7122fe28
commit a12f884a7f
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
htdocs/holiday/list.php
View File

@ -48,6 +48,8 @@ $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectl
$backtopage = GETPOST('backtopage','alpha'); // Go back to a dedicated page
$optioncss = GETPOST('optioncss','aZ'); // Option for the css output (always '' except when 'print')
$childis = $user->getAllChildIds(1);
// Security check
$socid=0;
if ($user->societe_id > 0) // Protection if external user
@ -56,6 +58,7 @@ if ($user->societe_id > 0) // Protection if external user
accessforbidden();
}
$result = restrictedArea($user, 'holiday', $id, '');
$id = GETPOST('id','int');
// Load variable for pagination
$limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit;
@ -80,7 +83,6 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search
if (! $sortfield) $sortfield="cp.rowid";
if (! $sortorder) $sortorder="DESC";
$id = GETPOST('id','int');
$sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml'));
$search_ref = GETPOST('search_ref','alpha');
@ -411,22 +413,29 @@ $formother->select_year($search_year_create,'search_year_create',1, $min_year, 0
print '</td>';
// User
if ($user->rights->holiday->write_all)
$disabled=0;
// If into the tab holiday of a user ($id is set in such a case)
if ($id && ! GETPOSTISSET('search_employee'))
{
$search_employee=$id;
$disabled=1;
}
if (! empty($user->rights->holiday->read_all)) // Can see all
{
print '<td class="liste_titre maxwidthonsmartphone" align="left">';
print $form->select_dolusers($search_employee,"search_employee",1,"",0,'','',0,0,0,'',0,'','maxwidth200');
print $form->select_dolusers($search_employee,"search_employee",1,"",$disabled,'','',0,0,0,'',0,'','maxwidth200');
print '</td>';
}
else
{
//print '<td class="liste_titre">&nbsp;</td>';
print '<td class="liste_titre maxwidthonsmartphone" align="left">';
print $form->select_dolusers($user->id,"search_employee",1,"",1,'','',0,0,0,'',0,'','maxwidth200');
print $form->select_dolusers($search_employee,"search_employee",1,"",$disabled,'hierarchyme','',0,0,0,'',0,'','maxwidth200');
print '</td>';
}
// Approve
if($user->rights->holiday->write_all)
if ($user->rights->holiday->read_all)
{
print '<td class="liste_titre maxwidthonsmartphone" align="left">';
@ -499,8 +508,15 @@ print "</tr>\n";
$listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon"));
// If we ask a dedicated card and not allow to see it, we forc on user.
if ($id && empty($user->rights->holiday->read_all) && ! in_array($id, $childis))
{
print '<tr class="oddeven opacitymediuem"><td colspan="10">'.$langs->trans("NotEnoughPermission").'</td></tr>';
$result = 0;
}
// Lines
if (! empty($holiday->holiday))
elseif (! empty($holiday->holiday))
{
$userstatic = new User($db);
$approbatorstatic = new User($db);