forked from Wavyzz/dolibarr
fix Objectlink api (#35402)
* fix objectlink api * fix objectlink api * fix objectlink api --------- Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
Frédéric FRANCE
committed by
ldestailleur
ldestailleur
parent
977f552d8b
commit
74596bbdc2
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2025 Jon Bendtsen<jon.bendtsen.github@jonb.dk>
|
||||
/* Copyright (C) 2025 Jon Bendtsen <jon.bendtsen.github@jonb.dk>
|
||||
* Copyright (C) 2025 MDW <mdeweerd@users.noreply.github.com>
|
||||
* Copyright (C) 2025 Frédéric France <frederic.france@free.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@@ -155,10 +156,10 @@ class ObjectLinks extends DolibarrApi
|
||||
if ($this->objectlink->targettype == 'subscription') {
|
||||
$tgttype = 'adherent';
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $srctype, 'write')) {
|
||||
throw new RestException(403, 'denied access to create the objectlinks sourcetype='.$this->objectlink->sourcetype);
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $tgttype, 'write')) {
|
||||
throw new RestException(403, 'denied access to create the objectlinks targettype='.$this->objectlink->targettype);
|
||||
}
|
||||
|
||||
@@ -207,10 +208,10 @@ class ObjectLinks extends DolibarrApi
|
||||
if ($this->objectlink->targettype == 'subscription') {
|
||||
$tgttype = 'adherent';
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $srctype), 'lire')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $srctype), 'lire') && !DolibarrApiAccess::$user->hasRight(((string) $srctype), 'read')) {
|
||||
throw new RestException(403, 'denied access to the objectlinks sourcetype');
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'lire')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'lire') && !DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'read')) {
|
||||
throw new RestException(403, 'denied access to the objectlinks targettype');
|
||||
}
|
||||
} else {
|
||||
@@ -273,10 +274,10 @@ class ObjectLinks extends DolibarrApi
|
||||
if ($this->objectlink->targettype == 'subscription') {
|
||||
$tgttype = 'adherent';
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $srctype, 'write')) {
|
||||
throw new RestException(403, 'denied access to get the objectlinks sourcetype='.$this->objectlink->sourcetype);
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $tgttype, 'write')) {
|
||||
throw new RestException(403, 'denied access to get the objectlinks targettype='.$this->objectlink->targettype);
|
||||
}
|
||||
|
||||
@@ -337,10 +338,10 @@ class ObjectLinks extends DolibarrApi
|
||||
if ($this->objectlink->targettype == 'subscription') {
|
||||
$tgttype = 'adherent';
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $srctype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $srctype, 'write')) {
|
||||
throw new RestException(403, 'denied access to delete the objectlinks sourcetype='.$this->objectlink->sourcetype);
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight((string) $tgttype, 'creer') && !DolibarrApiAccess::$user->hasRight((string) $tgttype, 'write')) {
|
||||
throw new RestException(403, 'denied access to delete the objectlinks targettype='.$this->objectlink->targettype);
|
||||
}
|
||||
|
||||
@@ -391,10 +392,10 @@ class ObjectLinks extends DolibarrApi
|
||||
if ($this->objectlink->targettype == 'subscription') {
|
||||
$tgttype = 'adherent';
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $srctype), 'lire')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $srctype), 'lire') && !DolibarrApiAccess::$user->hasRight(((string) $srctype), 'read')) {
|
||||
throw new RestException(403, 'denied access to the objectlinks sourcetype');
|
||||
}
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'lire')) {
|
||||
if (!DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'lire') && !DolibarrApiAccess::$user->hasRight(((string) $tgttype), 'read')) {
|
||||
throw new RestException(403, 'denied access to the objectlinks targettype');
|
||||
}
|
||||
} else {
|
||||
|
||||
Reference in New Issue
Block a user