Fix: Permission check on event tabs

2013-09-24 11:11:59 +02:00 · 2013-09-24 11:11:59 +02:00 · a674af5bcd
commit a674af5bcd
parent b6d5ebf81d
3 changed files with 10 additions and 9 deletions
--- a/htdocs/comm/action/contact.php
+++ b/htdocs/comm/action/contact.php
@ -43,23 +43,24 @@ $confirm = GETPOST('confirm');
 $lineid  = GETPOST('lineid','int');

 // Security check
+$socid = GETPOST('socid','int');
+if ($user->societe_id) $socid=$user->societe_id;
 if ($user->societe_id > 0)
 {
 	unset($_GET["action"]);
 	$action='';
-	$socid = $user->societe_id;
 }
+$result = restrictedArea($user, 'agenda', $objectid, 'actioncomm&societe', 'myactions&allactions', 'fk_soc', 'id');
+

 $object = new ActionComm($db);

+
 /*
 * Actions
 */

-/*
- * Ajout d'un nouveau contact
- */
-
+// Add new nouveau contact
 if ($action == 'addcontact')
 {
 	$result = $object->fetch($id);
--- a/htdocs/comm/action/document.php
+++ b/htdocs/comm/action/document.php
@ -44,14 +44,14 @@ $objectid = GETPOST('id','int');
 $action=GETPOST('action','alpha');

 // Security check
+$socid = GETPOST('socid','int');
+if ($user->societe_id) $socid=$user->societe_id;
 if ($user->societe_id > 0)
 {
 	unset($_GET["action"]);
 	$action='';
-	$socid = $user->societe_id;
 }
-
-$result = restrictedArea($user, 'agenda', $objectid, 'actioncomm&societe', 'myactions&allactions', '', 'id');
+$result = restrictedArea($user, 'agenda', $objectid, 'actioncomm&societe', 'myactions&allactions', 'fk_soc', 'id');

 $act = new ActionComm($db);

--- a/htdocs/comm/action/info.php
+++ b/htdocs/comm/action/info.php
@ -40,7 +40,7 @@ if ($user->societe_id > 0)
  $socid = $user->societe_id;
 }

-$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', '', 'id');
+$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions&allactions', 'fk_soc', 'id');


 /*