From 033016da7fd5de610089ec59ae18513c9192c66c Mon Sep 17 00:00:00 2001 From: patrick Delcroix Date: Sun, 10 Dec 2017 20:02:26 +0100 Subject: [PATCH 1/2] fix: unable to remove salaries, plus correct default rights management --- htdocs/core/lib/security.lib.php | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e799579b181..c7d72e796ea 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -242,17 +242,17 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu { foreach($feature2 as $subfeature) { - if (empty($user->rights->$feature->$subfeature->creer) - && empty($user->rights->$feature->$subfeature->write) - && empty($user->rights->$feature->$subfeature->create)) { $createok=0; $nbko++; } + if (empty($user->rights->{$feature}->{$subfeature}->creer) + && empty($user->rights->{$feature}->{$subfeature}->write) + && empty($user->rights->{$feature}->{$subfeature}->create)) { $createok=0; $nbko++; } else { $createok=1; break; } // Break to bypass second test if the first is ok } } else if (! empty($feature)) // This is for old permissions ('creer' or 'write') { //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; - if (empty($user->rights->$feature->creer) - && empty($user->rights->$feature->write)) { $createok=0; $nbko++; } + if (empty($user->rights->{$feature}->creer) + && empty($user->rights->{$feature}->write)) { $createok=0; $nbko++; } } } @@ -306,21 +306,24 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu else if ($feature == 'ftp') { if (! $user->rights->ftp->write) $deleteok=0; + }else if ($feature == 'salaries') + { + if (! $user->rights->salaries->delete) $deleteok=0; } else if (! empty($feature2)) // This should be used for future changes { foreach($feature2 as $subfeature) { - if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; + if (empty($user->rights->{$feature}->{$subfeature}->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; else { $deleteok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions { //print '
feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete; - if (empty($user->rights->$feature->supprimer) - && empty($user->rights->$feature->delete) - && empty($user->rights->$feature->run)) $deleteok=0; + if (empty($user->rights->{$feature}->supprimer) + && empty($user->rights->{$feature}->delete) + && empty($user->rights->{$feature}->run)) $deleteok=0; } } From f18edd57879c83efee640a91464fe9d917d22eab Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 10 Dec 2017 21:08:13 +0100 Subject: [PATCH 2/2] Update security.lib.php --- htdocs/core/lib/security.lib.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index c7d72e796ea..0632f4d723f 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -242,17 +242,17 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu { foreach($feature2 as $subfeature) { - if (empty($user->rights->{$feature}->{$subfeature}->creer) - && empty($user->rights->{$feature}->{$subfeature}->write) - && empty($user->rights->{$feature}->{$subfeature}->create)) { $createok=0; $nbko++; } + if (empty($user->rights->$feature->$subfeature->creer) + && empty($user->rights->$feature->$subfeature->write) + && empty($user->rights->$feature->$subfeature->create)) { $createok=0; $nbko++; } else { $createok=1; break; } // Break to bypass second test if the first is ok } } else if (! empty($feature)) // This is for old permissions ('creer' or 'write') { //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; - if (empty($user->rights->{$feature}->creer) - && empty($user->rights->{$feature}->write)) { $createok=0; $nbko++; } + if (empty($user->rights->$feature->creer) + && empty($user->rights->$feature->write)) { $createok=0; $nbko++; } } } @@ -314,16 +314,16 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu { foreach($feature2 as $subfeature) { - if (empty($user->rights->{$feature}->{$subfeature}->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; + if (empty($user->rights->$feature->$subfeature->supprimer) && empty($user->rights->$feature->$subfeature->delete)) $deleteok=0; else { $deleteok=1; break; } // For bypass the second test if the first is ok } } else if (! empty($feature)) // This is for old permissions { //print '
feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete; - if (empty($user->rights->{$feature}->supprimer) - && empty($user->rights->{$feature}->delete) - && empty($user->rights->{$feature}->run)) $deleteok=0; + if (empty($user->rights->$feature->supprimer) + && empty($user->rights->$feature->delete) + && empty($user->rights->$feature->run)) $deleteok=0; } }