FIX #yogosha5738

htdocs/hrm/admin/admin_establishment.php

@@ -27,13 +27,18 @@ require_once DOL_DOCUMENT_ROOT.'/hrm/class/establishment.class.php';
 // Load translation files required by the page
 $langs->loadLangs(array('admin', 'hrm'));
 
+$error = 0;
+
+$permissiontoread = $user->admin;
 $permissiontoadd = $user->admin;
 
-if (!$user->admin) {
-	accessforbidden();
-}
-
-$error = 0;
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', 0);
+if (empty($conf->hrm->enabled)) accessforbidden();
+if (empty($permissiontoread)) accessforbidden();
 
 
 /*

htdocs/hrm/admin/admin_hrm.php

@@ -34,9 +34,16 @@ $list = array(
 //		'HRM_EMAIL_EXTERNAL_SERVICE'   // To prevent your public accountant for example
 );
 
-if (!$user->admin) {
-	accessforbidden();
-}
+$permissiontoread = $user->admin;
+$permissiontoadd = $user->admin;
+
+// Security check - Protection if external user
+//if ($user->socid > 0) accessforbidden();
+//if ($user->socid > 0) $socid = $user->socid;
+//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', 0);
+if (empty($conf->hrm->enabled)) accessforbidden();
+if (empty($permissiontoread)) accessforbidden();
 
 
 /*

htdocs/hrm/establishment/card.php

@@ -51,7 +51,8 @@ $object = new Establishment($db);
 // Load object
 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once
 
-$permissiontoadd = $user->rights->hrm->write; // Used by the include of actions_addupdatedelete.inc.php
+$permissiontoread = $user->admin;
+$permissiontoadd = $user->admin; // Used by the include of actions_addupdatedelete.inc.php
 $upload_dir = $conf->hrm->multidir_output[isset($object->entity) ? $object->entity : 1];
 
 // Security check - Protection if external user
@@ -59,13 +60,8 @@ $upload_dir = $conf->hrm->multidir_output[isset($object->entity) ? $object->enti
 //if ($user->socid > 0) $socid = $user->socid;
 //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
 //restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', 0);
-//if (empty($conf->mymodule->enabled)) accessforbidden();
-//if (empty($permissiontoread)) accessforbidden();
-
-// Security check
-if (!$user->admin) {
-	accessforbidden();
-}
+if (empty($conf->hrm->enabled)) accessforbidden();
+if (empty($permissiontoread)) accessforbidden();
 
 
 /*

htdocs/hrm/establishment/info.php

@@ -76,18 +76,17 @@ if ($id > 0 || !empty($ref)) {
 	$upload_dir = $conf->hrm->multidir_output[$object->entity]."/".$object->id;
 }
 
+$permissiontoread = $user->admin;
 $permissiontoadd = $user->rights->hrm->write; // Used by the include of actions_addupdatedelete.inc.php
 $upload_dir = $conf->hrm->multidir_output[isset($object->entity) ? $object->entity : 1];
 
 // Security check - Protection if external user
 //if ($user->socid > 0) accessforbidden();
 //if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'mymodule', $object->id);
-
-// Security check
-if (!$user->admin) {
-	accessforbidden();
-}
+//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
+if (empty($conf->hrm->enabled)) accessforbidden();
+if (empty($permissiontoread)) accessforbidden();
 
 
 /*