From d2ee00d4bb70d1682a5fe9098bf2247448c3e2d4 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 14 Feb 2019 15:21:01 +0100 Subject: [PATCH] Update security.lib.php Avoid regression on test of restrictArea --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 65a4a5bdc93..d12ee339909 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -451,12 +451,12 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'project') $feature='projet'; if ($feature == 'task') $feature='projet_task'; - $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','stock','categorie','resource'); // Test on entity only (Objects with no link to company) + $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode'); // No test + $nocheck = array('barcode','stock'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name