lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix permissions in module workstation

Browse Source
This commit is contained in:
Laurent Destailleur 2021-04-05 12:57:43 +02:00
parent 7cba3f8a0a
commit f03190e23b
5 changed files with 11 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/workstation/workstation_agenda.php
View File

@ -82,13 +82,11 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->workstation->multidir_output[$object->entity]."/".$object->id;
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'workstation', $object->id);
$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check
restrictedArea($user, $object->element, $object->id);
/*
* Actions

13
htdocs/workstation/workstation_card.php
View File

@ -82,15 +82,8 @@ $permissionnote = $user->rights->workstation->workstation->write; // Used by the
$permissiondellink = $user->rights->workstation->workstation->write; // Used by the include of actions_dellink.inc.php
$upload_dir = $conf->workstation->multidir_output[isset($object->entity) ? $object->entity : 1];
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0);
//$result = restrictedArea($user, 'workstation', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
if (!$permissiontoread) {
accessforbidden();
}
// Security check
restrictedArea($user, $object->element, $object->id);
/*
@ -343,7 +336,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
// Object card
// ------------------------------------------------------------
$linkback = '<a href="'.dol_buildpath('/workstation/workstation_list.php', 1).'?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
$linkback = '<a href="'.dol_buildpath('/workstation/workstation_list.php', 1).'?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
$morehtmlref = '<div class="refidno">';
/*

7
htdocs/workstation/workstation_document.php
View File

@ -74,13 +74,10 @@ if ($id > 0 || !empty($ref)) {
$upload_dir = $conf->workstation->multidir_output[$object->entity ? $object->entity : $conf->entity]."/workstation/".get_exdir(0, 0, 0, 1, $object);
}
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'workstation', $object->id);
$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check
restrictedArea($user, $object->element, $object->id);
/*

13
htdocs/workstation/workstation_list.php
View File

@ -146,18 +146,7 @@ $permissiontoadd = $user->rights->workstation->workstation->write;
$permissiontodelete = $user->rights->workstation->workstation->delete;
// Security check
if (empty($conf->workstation->enabled)) {
accessforbidden('Module not enabled');
}
$socid = 0;
if ($user->socid > 0) {
// Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'workstation', $id, '');
//if (!$permissiontoread) accessforbidden();
restrictedArea($user, $object->element, 0);
/*

2
htdocs/workstation/workstation_note.php
View File

@ -60,6 +60,8 @@ if ($id > 0 || !empty($ref)) {
$permissionnote = $user->rights->workstation->workstation->write; // Used by the include of actions_setnotes.inc.php
$permissiontoadd = $user->rights->workstation->workstation->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check
restrictedArea($user, $object->element, $object->id);
/*