From a47e015f165e5043232d5764b2e5ce56e0906003 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 16 Mar 2011 10:55:23 +0000 Subject: [PATCH] Fix: Permission check on bank account --- htdocs/lib/functions.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 429a7510da7..4b88df870ca 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1905,12 +1905,12 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' { $sql=''; - $check = array('user','usergroup','produit','service','produit|service'); // Test on entity only (Objects with no link to company) + $check = array('banque','user','usergroup','produit','service','produit|service'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet'); // Test for project object $nocheck = array('categorie','barcode','stock','fournisseur'); // No test - $checkdefault = 'all other not already defined'; // Test on entity and link to societe. Not allowed if link is empty (Ex: invoice, orders...). + $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtable not defined, we use same name for table than module name if (empty($dbtablename)) $dbtablename = $feature; @@ -1990,7 +1990,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' if (! in_array($objectid,$tmparray)) accessforbidden(); } } - else if (!in_array($feature,$nocheck)) + else if (!in_array($feature,$nocheck)) // By default we check with link to third party { // If external user: Check permission for external users if ($user->societe_id > 0)