lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #yogosha5756

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-29 21:35:19 +02:00
parent 1d87f060dc
commit c4a8dca4ab
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/projet/ajax/projects.php
View File

@ -51,6 +51,9 @@ $htmlname = GETPOST('htmlname', 'aZ09');
$socid = GETPOST('socid', 'int');
$discard_closed = GETPOST('discardclosed', 'int');
// Security check
restrictedArea($user, 'projet', 0, 'projet&project');
/*
* View

10
htdocs/projet/card.php
View File

@ -78,17 +78,17 @@ if ($id > 0 || !empty($ref)) {
}
}
// Security check
$socid = GETPOST('socid', 'int');
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
$result = restrictedArea($user, 'projet', $object->id, 'projet&project');
// fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
$date_start = dol_mktime(0, 0, 0, GETPOST('projectstartmonth', 'int'), GETPOST('projectstartday', 'int'), GETPOST('projectstartyear', 'int'));
$date_end = dol_mktime(0, 0, 0, GETPOST('projectendmonth', 'int'), GETPOST('projectendday', 'int'), GETPOST('projectendyear', 'int'));
// Security check
$socid = GETPOST('socid', 'int');
//if ($user->socid > 0) $socid = $user->socid; // For external user, no check is done on company because readability is managed by public status of project and assignement.
restrictedArea($user, 'projet', $object->id, 'projet&project');
/*
* Actions