diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 798ba265643..18db40e0d87 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -682,7 +682,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl // Array to define rules of checks to do $check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object - $checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). + $checkother = array('contact', 'agenda', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet', 'project'); // Test for project object $checktask = array('projet_task'); // Test for task object $checkhierarchy = array('expensereport', 'holiday'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 9a495a04a91..3329e4fe71e 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2359,7 +2359,7 @@ class User extends CommonObject /** * Send new password by email * - * @param User $user Object user that send the email (not the user we send too) + * @param User $user Object user that send the email (not the user we send to) @todo object $user is not used ! * @param string $password New password * @param int $changelater 0=Send clear passwod into email, 1=Change password only after clicking on confirm email. @todo Add method 2 = Send link to reset password * @return int < 0 si erreur, > 0 si ok @@ -2425,6 +2425,9 @@ class User extends CommonObject //print $password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id; $url = $urlwithroot.'/user/passwordforgotten.php?action=validatenewpassword'; $url .= '&username='.urlencode($this->login)."&passworduidhash=".urlencode(dol_hash($password.'-'.$this->id.'-'.$dolibarr_main_instance_unique_id)); + if (!empty($conf->multicompany->enabled)) { + $url .= '&entity='.(!empty($this->entity) ? $this->entity : 1); + } $msgishtml = 1; diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php index dabac0727dc..c529dcc0e19 100644 --- a/htdocs/user/passwordforgotten.php +++ b/htdocs/user/passwordforgotten.php @@ -87,7 +87,7 @@ if (empty($reshook)) { // Validate new password if ($action == 'validatenewpassword' && $username && $passworduidhash) { $edituser = new User($db); - $result = $edituser->fetch('', $username); + $result = $edituser->fetch('', $username, '', 0, $conf->entity); if ($result < 0) { $message = '
'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'
'; } else { @@ -122,9 +122,9 @@ if (empty($reshook)) { $isanemail = preg_match('/@/', $username); $edituser = new User($db); - $result = $edituser->fetch('', $username, '', 1); + $result = $edituser->fetch('', $username, '', 1, $conf->entity); if ($result == 0 && $isanemail) { - $result = $edituser->fetch('', '', '', 1, -1, $username); + $result = $edituser->fetch('', '', '', 1, $conf->entity, $username); } if ($result <= 0 && $edituser->error == 'USERNOTFOUND') {