lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Works on enhancement of project tasks

Browse Source 
Fix: security check
This commit is contained in:
Regis Houssin 2010-02-04 10:40:18 +00:00
parent 6730445a50
commit cee5d7873b
6 changed files with 43 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
htdocs/projet/contact.php
View File

@ -176,26 +176,7 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = 0;
if (!empty($project->user_author_id) && $project->user_author_id == $user->id) $userAccess=1;
else
{
foreach(array('internal','external') as $source)
{
$userRole = $project->liste_contact(4,$source);
$num=sizeof($userRole);
$i = 0;
while ($i < $num)
{
if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
{
$userAccess++;
}
$i++;
}
}
}
$userAccess = $project->restrictedProjectArea($user);
$head = project_prepare_head($project);
dol_fiche_head($head, 'contact', $langs->trans("Project"), 0, 'project');

3
htdocs/projet/element.php
View File

@ -69,6 +69,9 @@ $project = new Project($db);
$project->fetch($_GET["id"],$_GET["ref"]);
$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
$head=project_prepare_head($project);
dol_fiche_head($head, 'element', $langs->trans("Project"),0,'project');

21
htdocs/projet/fiche.php
View File

@ -316,26 +316,7 @@ else
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = 0;
if (!empty($project->user_author_id) && $project->user_author_id == $user->id) $userAccess=1;
else
{
foreach(array('internal','external') as $source)
{
$userRole = $project->liste_contact(4,$source);
$num=sizeof($userRole);
$i = 0;
while ($i < $num)
{
if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
{
$userAccess++;
}
$i++;
}
}
}
$userAccess = $project->restrictedProjectArea($user);
$head=project_prepare_head($project);
dol_fiche_head($head, 'project', $langs->trans("Project"),0,'project');

24
htdocs/projet/note.php
View File

@ -100,33 +100,13 @@ if ($id > 0 || ! empty($ref))
$now=gmmktime();
$project = new Project($db);
$userstatic = new User($db);
if ($project->fetch($id, $ref))
{
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = 0;
if (!empty($project->user_author_id) && $project->user_author_id == $user->id) $userAccess=1;
else
{
foreach(array('internal','external') as $source)
{
$userRole = $project->liste_contact(4,$source);
$num=sizeof($userRole);
$i = 0;
while ($i < $num)
{
if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
{
$userAccess++;
}
$i++;
}
}
}
$userAccess = $project->restrictedProjectArea($user);
$head = project_prepare_head($project);
dol_fiche_head($head, 'note', $langs->trans('Project'), 0, 'project');

35
htdocs/projet/project.class.php
View File

@ -604,6 +604,41 @@ class Project extends CommonObject
$xnbp++;
}
}
/**
* \brief Check permissions
*/
function restrictedProjectArea($user)
{
// To verify role of users
$userAccess = 0;
if (!empty($this->user_author_id) && $this->user_author_id == $user->id)
{
$userAccess = 1;
}
else
{
foreach(array('internal','external') as $source)
{
$userRole = $this->liste_contact(4,$source);
$num=sizeof($userRole);
$i = 0;
while ($i < $num)
{
if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
{
$userAccess++;
}
$i++;
}
}
}
if (!$userAccess && !$this->public) accessforbidden('',0);
return $userAccess;
}
}
?>

21
htdocs/projet/tasks/fiche.php
View File

@ -119,26 +119,7 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = 0;
if (!empty($project->user_author_id) && $project->user_author_id == $user->id) $userAccess=1;
else
{
foreach(array('internal','external') as $source)
{
$userRole = $project->liste_contact(4,$source);
$num=sizeof($userRole);
$i = 0;
while ($i < $num)
{
if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
{
$userAccess++;
}
$i++;
}
}
}
$userAccess = $project->restrictedProjectArea($user);
}
if ($_GET["action"] == 'create' && $user->rights->projet->task->creer && $userAccess)