forked from Wavyzz/dolibarr
Merge branch '18.0' of git@github.com:Dolibarr/dolibarr.git into 19.0
This commit is contained in:
ldestailleur
@@ -2645,7 +2645,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
||||
$original_file = $dolibarr_main_data_root.'/doctemplates/'.$original_file;
|
||||
} elseif ($modulepart == 'doctemplateswebsite' && !empty($dolibarr_main_data_root)) {
|
||||
// Wrapping for doctemplates of websites
|
||||
$accessallowed = ($fuser->rights->website->write && preg_match('/\.jpg$/i', basename($original_file)));
|
||||
$accessallowed = ($fuser->hasRight('website', 'write') && preg_match('/\.jpg$/i', basename($original_file)));
|
||||
$original_file = $dolibarr_main_data_root.'/doctemplates/websites/'.$original_file;
|
||||
} elseif ($modulepart == 'packages' && !empty($dolibarr_main_data_root)) {
|
||||
// Wrapping for *.zip package files, like when used with url http://.../document.php?modulepart=packages&file=module_myfile.zip
|
||||
@@ -2902,7 +2902,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
||||
$original_file = $conf->fckeditor->dir_output.'/'.$original_file;
|
||||
} elseif ($modulepart == 'user' && !empty($conf->user->dir_output)) {
|
||||
// Wrapping for users
|
||||
$canreaduser = (!empty($fuser->admin) || $fuser->rights->user->user->{$lire});
|
||||
$canreaduser = (!empty($fuser->admin) || $fuser->hasRight('user', 'user', $lire));
|
||||
if ($fuser->id == (int) $refname) {
|
||||
$canreaduser = 1;
|
||||
} // A user can always read its own card
|
||||
@@ -3174,11 +3174,11 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
||||
} elseif ($modulepart == 'export' && !empty($conf->export->dir_temp)) {
|
||||
// Wrapping for export module
|
||||
// Note that a test may not be required because we force the dir of download on the directory of the user that export
|
||||
$accessallowed = $user->rights->export->lire;
|
||||
$accessallowed = $user->hasRight('export', 'lire');
|
||||
$original_file = $conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file;
|
||||
} elseif ($modulepart == 'import' && !empty($conf->import->dir_temp)) {
|
||||
// Wrapping for import module
|
||||
$accessallowed = $user->rights->import->run;
|
||||
$accessallowed = $user->hasRight('import', 'run');
|
||||
$original_file = $conf->import->dir_temp.'/'.$original_file;
|
||||
} elseif ($modulepart == 'recruitment' && !empty($conf->recruitment->dir_output)) {
|
||||
// Wrapping for recruitment module
|
||||
@@ -3288,7 +3288,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
||||
exit;
|
||||
}
|
||||
|
||||
// Check fuser->rights->modulepart->myobject->read and fuser->rights->modulepart->read
|
||||
// Check fuser->hasRight('modulepart', 'myobject', 'read') and fuser->hasRight('modulepart', 'read')
|
||||
$partsofdirinoriginalfile = explode('/', $original_file);
|
||||
if (!empty($partsofdirinoriginalfile[1])) { // If original_file is xxx/filename (xxx is a part we will use)
|
||||
$partofdirinoriginalfile = $partsofdirinoriginalfile[0];
|
||||
|
||||
Reference in New Issue
Block a user