Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: problem wht perms

Browse Source 
Fix: remove linked usergroup if user is deleted
This commit is contained in:
Regis Houssin
2010-11-10 10:53:39 +00:00
parent 6cbae5ad30
commit 200319137b
3 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/lib/functions.lib.php
View File

@@ -1577,9 +1577,9 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", object_id=".$objectid;
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", user_societe_contact_lire=".$user->rights->societe->contact->lire."<br>";
//print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";
// More features to check
$features = explode("&",$features);
@@ -1738,6 +1738,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
}
}
//print "Delete access is ko";
if (! $deleteok) accessforbidden();
//print "Delete access is ok";
}

7
htdocs/user/class/user.class.php
View File

@@ -636,6 +636,13 @@ class User extends CommonObject
}
// Remove group
$sql = "DELETE FROM ".MAIN_DB_PREFIX."usergroup_user WHERE fk_user = ".$this->id;
if ($this->db->query($sql))
{
}
// Si contact, supprime lien
if ($this->contact_id)
{

19
htdocs/user/fiche.php
View File

@@ -63,16 +63,9 @@ $confirm=GETPOST("confirm");
// Security check
$socid=0;
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
$feature2='user';
}
if ($user->id == $_GET["id"]) // A user can always read its own card
{
$feature2='';
$canreaduser=1;
}
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2='user';
if ($user->id == $_GET["id"]) { $feature2=''; $canreaduser=1; } // A user can always read its own card
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
if ($user->id <> $_GET["id"] && ! $canreaduser) accessforbidden();
@@ -106,7 +99,7 @@ if ($_GET["subaction"] == 'delrights' && $canedituser)
$edituser->delrights($_GET["rights"]);
}
if ($action == 'confirm_disable' && $confirm == "yes")
if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser)
{
if ($_GET["id"] <> $user->id)
{
@@ -117,7 +110,7 @@ if ($action == 'confirm_disable' && $confirm == "yes")
exit;
}
}
if ($action == 'confirm_enable' && $confirm == "yes")
if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser)
{
if ($_GET["id"] <> $user->id)
{
@@ -144,7 +137,7 @@ if ($action == 'confirm_enable' && $confirm == "yes")
}
}
if ($action == 'confirm_delete' && $confirm == "yes")
if ($action == 'confirm_delete' && $confirm == "yes" && $candisableuser)
{
if ($_GET["id"] <> $user->id)
{