lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update card.php

Browse Source
This commit is contained in:
Laurent Destailleur 2021-09-09 03:02:18 +02:00 committed by GitHub
parent a5e670291e
commit b87ac639fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
htdocs/salaries/card.php
View File

@ -72,28 +72,24 @@ $childids = $user->getAllChildIds(1);
// fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
if (($id > 0) || $ref) {
$object->fetch($id, $ref);
// Check current user can read this leave request
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
}
if (!empty($user->rights->salaries->read) && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {
accessforbidden();
}
}
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('salarycard', 'globalcard'));
$object = new Salary($db);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
// Check current user can read this salary
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
}
if (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {
accessforbidden();
}
}
// Security check