Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: [ bug #1208 ] Users without read permission on the tasks can still

Browse Source 
see all project tasks
This commit is contained in:
Laurent Destailleur
2014-01-06 12:42:50 +01:00
parent 283297294b
commit 7afdad60a0
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/core/lib/project.lib.php
View File

@@ -257,6 +257,22 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t
}
}
}
else
{
// Caller did not ask to filter on tasks of a specific user (this probably means he want also tasks of all users, into public project
// or into all other projects if user has permission to).
if (empty($user->rights->project->all->lire))
{
// User is not allowed on this project and project is not public, so we hide line
if (! in_array($lines[$i]->fk_project, $projectsArrayId))
{
// TODO
// If user is assigned to a task into a private project user has no permission on, we must use showlinegray=1 (to show task without showing project)
// if user is not assigned to any task into tree, we must use showline=0
$showline=0;
}
}
}
if ($showline)
{
@@ -367,7 +383,7 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t
if (! $showlineingray) $inc++;
$level++;
if ($lines[$i]->id) projectLinesa($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId);
if ($lines[$i]->id) projectLinesa($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId, 0, $showalsopublicproj);
$level--;
$total += $lines[$i]->duration;
}