Fix #yogosha5679
This commit is contained in:
Laurent Destailleur
parent
6e8a4bbc48
commit
f6145a119f
@ -25,7 +25,7 @@ $langs->loadLangs(array("admin", "products"));
|
||||
$action = GETPOST('action', 'alphanohtml');
|
||||
|
||||
// Security check
|
||||
if (!$user->admin || (empty($conf->product->enabled) && empty($conf->service->enabled))) {
|
||||
if (!$user->admin || empty($conf->variants->enabled)) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
@ -36,7 +36,24 @@ require '../../main.inc.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductCombination.class.php';
|
||||
|
||||
header('Content-Type: application/json');
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
*/
|
||||
|
||||
top_httphead('application/json');
|
||||
|
||||
$id = GETPOST('id', 'int');
|
||||
|
||||
|
||||
@ -36,7 +36,24 @@ require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttribute.class.php';
|
||||
require_once DOL_DOCUMENT_ROOT.'/variants/class/ProductAttributeValue.class.php';
|
||||
|
||||
header('Content-Type: application/json');
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
*/
|
||||
|
||||
top_httphead('application/json');
|
||||
|
||||
$id = GETPOST('id', 'int');
|
||||
|
||||
|
||||
@ -37,6 +37,18 @@ if (!defined('NOREQUIRETRAN')) {
|
||||
|
||||
require '../../main.inc.php';
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
|
||||
@ -36,6 +36,18 @@ if ($object->fetch($id) < 1) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -64,6 +64,18 @@ if ($id > 0 || $ref) {
|
||||
|
||||
$selectedvariant = $_SESSION['addvariant_'.$object->id];
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -24,6 +24,18 @@ $label = GETPOST('label', 'alpha');
|
||||
$backtopage = GETPOST('backtopage', 'alpha');
|
||||
$action = GETPOST('action', 'alpha');
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -36,6 +36,18 @@ if ($object->fetch($id) < 1) {
|
||||
exit();
|
||||
}
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -21,6 +21,18 @@ require DOL_DOCUMENT_ROOT.'/variants/class/ProductAttribute.class.php';
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$object = new ProductAttribute($db);
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire || $user->rights->service->lire;
|
||||
|
||||
// Security check
|
||||
if (empty($conf->variants->enabled)) {
|
||||
accessforbidden('Module not enabled');
|
||||
}
|
||||
if ($user->socid > 0) { // Protection if external user
|
||||
accessforbidden();
|
||||
}
|
||||
//$result = restrictedArea($user, 'variant');
|
||||
if (!$permissiontoread) accessforbidden();
|
||||
|
||||
|
||||
|
||||
/*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user