Fix: bad rights

2012-02-20 21:17:05 +01:00 · 2012-02-20 21:17:05 +01:00 · cd23f8a040
commit cd23f8a040
parent 47eaaf5905
2 changed files with 8 additions and 6 deletions
--- a/htdocs/core/ajax/loadinplace.php
+++ b/htdocs/core/ajax/loadinplace.php
@ -63,9 +63,10 @@ if((isset($_GET['field']) && ! empty($_GET['field']))
 	if ($element == 'propal') $element = 'propale';
 	else if ($element == 'fichinter') $element = 'ficheinter';
-	if (($element == 'payment' && $user->rights->facture->paiement)
+	if ($user->rights->$element->lire || $user->rights->$element->read
-	|| $user->rights->$element->lire || $user->rights->$element->read
+	|| $user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read
-	|| $user->rights->$element->$subelement->lire || $user->rights->$element->$subelement->read)
+	|| ($element == 'payment' && $user->rights->facture->lire)
 	|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->lire))
 	{
 		if ($type == 'select')
 		{
--- a/htdocs/core/ajax/saveinplace.php
+++ b/htdocs/core/ajax/saveinplace.php
@ -69,9 +69,10 @@ if((isset($_POST['field']) && ! empty($_POST['field']))
 	if ($element == 'propal') $element = 'propale';
 	else if ($element == 'fichinter') $element = 'ficheinter';
-	if (($element == 'payment' && $user->rights->facture->paiement)
+	if ($user->rights->$element->creer || $user->rights->$element->write
-	|| $user->rights->$element->creer || $user->rights->$element->write
+	|| $user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write
-	|| $user->rights->$element->$subelement->creer || $user->rights->$element->$subelement->write)
+	|| ($element == 'payment' && $user->rights->facture->paiement)
 	|| ($element == 'payment_supplier' && $user->rights->fournisseur->facture->creer))
 	{
 		// Clean parameters
 		$newvalue = trim($value);