Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: miscellaneous bugs

Browse Source
This commit is contained in:
Laurent Destailleur
2014-10-03 12:15:21 +02:00
parent bc1279ccfa
commit 166853dd56
6 changed files with 164 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
htdocs/core/lib/security.lib.php
View File

@@ -100,7 +100,7 @@ function dol_hash($chain,$type=0)
* @param string $features Features to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param Canvas $objcanvas Object canvas
@@ -140,7 +140,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
// Check read permission from module
$readok=1; $nbko=0;
foreach ($featuresarray as $feature)
foreach ($featuresarray as $feature) // first we check nb of test ko
{
if (! empty($user->societe_id) && ! empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && ! in_array($feature,$listofmodules)) // If limits on modules for external users, module must be into list of modules for external users
{
@@ -174,11 +174,17 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
}
else if (! empty($feature2)) // This should be used for future changes
{
$tmpreadok=1;
foreach($feature2 as $subfeature)
{
if (! empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) { $readok=0; $nbko++; }
else if (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) { $readok=0; $nbko++; }
else { $readok=1; break; } // Break is to bypass second test if the first is ok
if (! empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) { $tmpreadok=0; }
else if (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) { $tmpreadok=0; }
else { $tmpreadok=1; break; } // Break is to bypass second test if the first is ok
}
if (! $tmpreadok) // We found a test on feature that is ko
{
$readok=0; // All tests are ko (we manage here the and, the or will be managed later using $nbko).
$nbko++;
}
}
else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions