lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX broken feature (better check)

Browse Source
This commit is contained in:
Regis Houssin 2019-01-16 19:39:57 +01:00
parent ffeeb782b0
commit f7703235c7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/user/perms.php
View File

@ -58,6 +58,10 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
$socid=0;
if (isset($user->societe_id) && $user->societe_id > 0) $socid = $user->societe_id;
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
if ($user->id == $id && (! empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->user->self_advance->readperms))) // A user can always read its own card if not advanced perms enabled, or if he has advanced perms
{
accessforbidden();
}
$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
if ($user->id <> $id && ! $canreaduser) accessforbidden();