lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into 14.0

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-09 04:41:55 +02:00
commit ac8dfb2dd5
5 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/accountancy/journal/expensereportsjournal.php
View File

@ -610,7 +610,7 @@ if (empty($action) || $action == 'view') {
$userstatic->id = $tabuser[$key]['id'];
$userstatic->name = $tabuser[$key]['name'];
print "<td>".$userstatic->getNomUrl(0, 'user', 16).' - '.$accountingaccount->label."</td>";
print '<td class="right nowraponall amount amount">'.($mt >= 0 ? price($mt) : '')."</td>";
print '<td class="right nowraponall amount">'.($mt >= 0 ? price($mt) : '')."</td>";
print '<td class="right nowraponall amount">'.($mt < 0 ? price(-$mt) : '')."</td>";
print "</tr>";
}

2
htdocs/core/class/html.formother.class.php
View File

@ -1206,7 +1206,7 @@ class FormOther
async: false
});
// We force reload to be sure to get all boxes into list
window.location.search=\'mainmenu='.GETPOST("mainmenu", "aZ09").'&leftmenu='.GETPOST('leftmenu', "aZ09").'&action=delbox\';
window.location.search=\'mainmenu='.GETPOST("mainmenu", "aZ09").'&leftmenu='.GETPOST('leftmenu', "aZ09").'&action=delbox&token='.newToken().'\';
}
else
{

2
htdocs/core/lib/security.lib.php
View File

@ -611,7 +611,7 @@ function checkUserAccessToObject($user, array $featuresarray, $objectid = 0, $ta
$feature = 'projet_task';
}
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salary', 'website'); // Test on entity only (Objects with no link to company)
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object

14
htdocs/core/menus/standard/eldy.lib.php
View File

@ -382,12 +382,18 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout =
'submenus' => array(),
);
// Tickets and knwoledge base
// Tickets and knowledge base
$tmpentry = array(
'enabled'=>(!empty($conf->ticket->enabled) || !empty($conf->knwoledgemanagement->enabled)),
'perms'=>(!empty($user->rights->ticket->read) || !empty($user->rights->knwoledgemanagement->read)),
'module'=>'ticket|knwoledgemanagement'
'enabled'=>(!empty($conf->ticket->enabled) || !empty($conf->knowledgemanagement->enabled)),
'perms'=>(!empty($user->rights->ticket->read) || !empty($user->rights->knowledgemanagement->knowledgerecord->read)),
'module'=>'ticket|knowledgemanagement'
);
$link = '';
if (!empty($conf->ticket->enabled)) {
$link = '/ticket/index.php?mainmenu=ticket&amp;leftmenu=';
} else {
$link = '/knowledgemanagement/knowledgerecord_list.php?mainmenu=ticket&amp;leftmenu=';
}
$menu_arr[] = array(
'name' => 'Ticket',
'link' => '/ticket/index.php?mainmenu=ticket&amp;leftmenu=',

14
htdocs/salaries/card.php
View File

@ -67,6 +67,8 @@ $fk_user = GETPOSTINT('userid');
$object = new Salary($db);
$extrafields = new ExtraFields($db);
$childids = $user->getAllChildIds(1);
// fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
@ -76,6 +78,18 @@ $hookmanager->initHooks(array('salarycard', 'globalcard'));
$object = new Salary($db);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
// Check current user can read this salary
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
}
if (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {
accessforbidden();
}
}
// Security check