lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: add entity 0 for users and groups

Browse Source
This commit is contained in:
Regis Houssin 2012-01-11 22:07:17 +08:00
parent 5b04d47d6c
commit b670de36a9
11 changed files with 40 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/comm/prospect/fiche.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -39,7 +39,7 @@ $langs->load('propal');
// Security check
$socid = GETPOST("socid");
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe',$socid,'');
$result = restrictedArea($user, 'societe', $socid, '&societe');
/*

9
htdocs/core/lib/functions.lib.php
View File

@ -210,7 +210,14 @@ function getEntity($element=false, $shared=false)
}
else
{
return $conf->entity;
$out='';
$addzero = array('user', 'usergroup');
if (in_array($element, $addzero)) $out.= '0,';
$out.= $conf->entity;
return $out;
}
}

6
htdocs/user/fiche.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005 Lionel Cousteix <etm_ltd@tiscali.co.uk>
* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>
*
@ -64,7 +64,7 @@ if ($id)
}
//Multicompany in mode transversal
if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
if (! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
{
accessforbidden();
}
@ -74,7 +74,7 @@ $socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2='user';
if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card
$result = restrictedArea($user, 'user', $id, '', $feature2);
$result = restrictedArea($user, 'user', $id, '&user', $feature2);
if ($user->id <> $id && ! $canreaduser) accessforbidden();
$langs->load("users");

4
htdocs/user/group/fiche.php
View File

@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2005-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>
*
* This program is free software; you can redistribute it and/or modify
@ -49,7 +49,7 @@ $confirm=GETPOST("confirm");
$userid=GETPOST("user","int");
// Security check
$result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user');
$result = restrictedArea($user, 'user', $id, 'usergroup&usergroup', 'user');
if(! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->multicompany->transverse_mode)
{

9
htdocs/user/group/ldap.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2006-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2006-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -39,8 +39,7 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
$canreadperms=($user->admin || $user->rights->user->group_advance->read);
}
// Protection quand utilisateur externe
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id', 'int');
$socid=0;
if ($user->societe_id > 0)
@ -48,8 +47,8 @@ if ($user->societe_id > 0)
$socid = $user->societe_id;
}
$fgroup = new Usergroup($db, $_GET["id"]);
$fgroup->fetch($_GET["id"]);
$fgroup = new Usergroup($db);
$fgroup->fetch($id);
$fgroup->getrights();

2
htdocs/user/group/perms.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

3
htdocs/user/info.php
View File

@ -1,5 +1,6 @@
<?php
/* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -41,7 +42,7 @@ if ($user->id == $id) // A user can always read its own card
{
$feature2='';
}
$result = restrictedArea($user, 'user', $id, '', $feature2);
$result = restrictedArea($user, 'user', $id, '&user', $feature2);
// If user is not user read and no permission to read other users, we stop
if (($fuser->id != $user->id) && (! $user->rights->user->user->lire))

16
htdocs/user/ldap.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006 Regis Houssin <regis@dolibarr.fr>
/* Copyright (C) 2006-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2006-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -32,21 +32,17 @@ $langs->load("admin");
$langs->load("companies");
$langs->load("ldap");
// Protection quand utilisateur externe
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id', 'int');
// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
if ($user->id == $_GET["id"]) // A user can always read its own card
{
$feature2='';
}
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
if ($user->id == $id) $feature2=''; // A user can always read its own card
$result = restrictedArea($user, 'user', $id, '&user', $feature2);
$fuser = new User($db);
$fuser->fetch($_GET["id"]);
$fuser->fetch($id);
$fuser->getrights();

11
htdocs/user/note.php
View File

@ -1,6 +1,7 @@
<?php
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -38,18 +39,14 @@ $fuser = new User($db);
$fuser->fetch($id);
// If user is not user read and no permission to read other users, we stop
if (($fuser->id != $user->id) && (! $user->rights->user->user->lire))
accessforbidden();
if (($fuser->id != $user->id) && (! $user->rights->user->user->lire)) accessforbidden();
// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
if ($user->id == $_GET["id"]) // A user can always read its own card
{
$feature2='';
}
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
if ($user->id == $id) $feature2=''; // A user can always read its own card
$result = restrictedArea($user, 'user', $id, '&user', $feature2);

4
htdocs/user/param_ihm.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2005-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2010 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2010-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -54,7 +54,7 @@ if ($user->id == $id) // A user can always read its own card
$feature2='';
$canreaduser=1;
}
$result = restrictedArea($user, 'user', $id, '', $feature2);
$result = restrictedArea($user, 'user', $id, '&user', $feature2);
if ($user->id <> $id && ! $canreaduser) accessforbidden();
$dirtop = "../core/menus/standard";

12
htdocs/user/perms.php
View File

@ -3,7 +3,7 @@
* Copyright (C) 2002-2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -30,10 +30,10 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/usergroups.lib.php");
$langs->load("users");
$langs->load("admin");
$id=GETPOST('id','int');
$action=GETPOST("action");
$confirm=GETPOST("confirm");
$module=GETPOST("module");
$id=GETPOST('id', 'int');
$action=GETPOST('action', 'alpha');
$confirm=GETPOST('confirm', 'alpha');
$module=GETPOST('module');
if (! isset($id) || empty($id)) accessforbidden();
@ -58,7 +58,7 @@ if ($user->id == $id) // A user can always read its own card
$feature2='';
$canreaduser=1;
}
$result = restrictedArea($user, 'user', $id, '', $feature2);
$result = restrictedArea($user, 'user', $id, '&user', $feature2);
if ($user->id <> $id && ! $canreaduser) accessforbidden();