FIX #15583
This commit is contained in:
Laurent Destailleur
parent
d8d825f615
commit
f06d920460
@ -86,6 +86,15 @@ $extrafields->fetch_name_optionals_label($object->table_element);
|
||||
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
|
||||
$hookmanager->initHooks(array('thirdpartycomm', 'globalcard'));
|
||||
|
||||
// Security check
|
||||
$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
|
||||
|
||||
if ($object->id > 0) {
|
||||
if (!($object->client > 0) || empty($user->rights->societe->lire)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
$now = dol_now();
|
||||
|
||||
|
||||
|
||||
@ -639,7 +639,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
|
||||
* @param int $printheader Show header before
|
||||
* @param int $printfooter Show footer after
|
||||
* @param int $showonlymessage Show only message parameter. Otherwise add more information.
|
||||
* @param array|null $params Send params
|
||||
* @param array|null $params More parameters provided to hook
|
||||
* @return void
|
||||
*/
|
||||
function accessforbidden($message = '', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params = null)
|
||||
|
||||
@ -865,8 +865,8 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
|
||||
if (!empty($conf->societe->enabled) && ((!empty($conf->fournisseur->enabled) && empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) || !empty($conf->supplier_order->enabled) || !empty($conf->supplier_invoice->enabled)) || !empty($conf->supplier_proposal->enabled)))
|
||||
{
|
||||
$langs->load("suppliers");
|
||||
$newmenu->add("/societe/list.php?type=f&leftmenu=suppliers", $langs->trans("ListSuppliersShort"), 2, ($user->rights->fournisseur->lire || $user->rights->supplier_proposal->lire), '', $mainmenu, 'suppliers');
|
||||
$newmenu->add("/societe/card.php?leftmenu=suppliers&action=create&type=f", $langs->trans("MenuNewSupplier"), 3, $user->rights->societe->creer && ($user->rights->fournisseur->lire || $user->rights->supplier_proposal->lire));
|
||||
$newmenu->add("/societe/list.php?type=f&leftmenu=suppliers", $langs->trans("ListSuppliersShort"), 2, ($user->rights->fournisseur->lire), '', $mainmenu, 'suppliers');
|
||||
$newmenu->add("/societe/card.php?leftmenu=suppliers&action=create&type=f", $langs->trans("MenuNewSupplier"), 3, $user->rights->societe->creer && ($user->rights->fournisseur->lire));
|
||||
}
|
||||
|
||||
// Categories
|
||||
|
||||
@ -65,6 +65,15 @@ $extrafields->fetch_name_optionals_label($object->table_element);
|
||||
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
|
||||
$hookmanager->initHooks(array('suppliercard', 'globalcard'));
|
||||
|
||||
// Security check
|
||||
$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
|
||||
|
||||
if ($object->id > 0) {
|
||||
if (!($object->fournisseur > 0) || empty($user->rights->fournisseur->lire)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Action
|
||||
|
||||
@ -97,6 +97,16 @@ if (!empty($canvas))
|
||||
// Security check
|
||||
$result = restrictedArea($user, 'societe', $socid, '&societe', '', 'fk_soc', 'rowid', 0);
|
||||
|
||||
/*
|
||||
if ($object->id > 0) {
|
||||
if ($object->client == 0 && $object->fournisseur > 0) {
|
||||
if (!empty($user->rights->fournisseur->lire)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
$permissiontoread = $user->rights->societe->lire;
|
||||
$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$permissiontodelete = $user->rights->societe->delete || ($permissiontoadd && isset($object->status) && $object->status == 0);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user