diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 22faddacd84..79f7bc26081 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -32,6 +32,14 @@ require("./pre.inc.php"); +if ($user->id <> $_GET["id"]) +{ + if (! $user->rights->user->user->lire && !$user->admin) + { + accessforbidden(); + } +} + $langs->load("users"); $langs->load("companies"); diff --git a/htdocs/user/index.php b/htdocs/user/index.php index 4c498e77976..bbcb9c91e34 100644 --- a/htdocs/user/index.php +++ b/htdocs/user/index.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2002-2005 Rodolphe Quiedeville * Copyright (C) 2004-2005 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify @@ -29,6 +29,8 @@ require("./pre.inc.php"); +if (! $user->rights->user->user->lire && !$user->admin) accessforbidden(); + $langs->load("users"); $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; diff --git a/htdocs/user/pre.inc.php b/htdocs/user/pre.inc.php index 5bfe865d063..3ad72c00e83 100644 --- a/htdocs/user/pre.inc.php +++ b/htdocs/user/pre.inc.php @@ -28,6 +28,8 @@ require("../main.inc.php"); +$user->getrights('user'); + function llxHeader($head = "", $title = "") { global $user,$langs; @@ -41,8 +43,11 @@ function llxHeader($head = "", $title = "") $menu = new Menu(); $menu->add(DOL_URL_ROOT."/user/home.php", $langs->trans("Users")); - - $menu->add_submenu(DOL_URL_ROOT."/user/", $langs->trans("List")); + + if ($user->rights->user->user->lire || $user->admin) + { + $menu->add_submenu(DOL_URL_ROOT."/user/", $langs->trans("List")); + } if($user->admin) { @@ -51,7 +56,10 @@ function llxHeader($head = "", $title = "") $menu->add(DOL_URL_ROOT."/user/home.php", $langs->trans("Groups")); - $menu->add_submenu(DOL_URL_ROOT."/user/group/", $langs->trans("List")); + if ($user->rights->user->user->lire || $user->admin) + { + $menu->add_submenu(DOL_URL_ROOT."/user/group/", $langs->trans("List")); + } if($user->admin) {