Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: [ bug #1208 ] Users without read permission on the tasks can still

Browse Source 
see all project tasks
This commit is contained in:
Laurent Destailleur
2014-01-06 12:42:50 +01:00
parent 283297294b
commit 7afdad60a0
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/core/lib/project.lib.php
View File

@@ -257,6 +257,22 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t
} }
} }
} }
else
{
// Caller did not ask to filter on tasks of a specific user (this probably means he want also tasks of all users, into public project
// or into all other projects if user has permission to).
if (empty($user->rights->project->all->lire))
{
// User is not allowed on this project and project is not public, so we hide line
if (! in_array($lines[$i]->fk_project, $projectsArrayId))
{
// TODO
// If user is assigned to a task into a private project user has no permission on, we must use showlinegray=1 (to show task without showing project)
// if user is not assigned to any task into tree, we must use showline=0
$showline=0;
}
}
}
if ($showline) if ($showline)
{ {
@@ -367,7 +383,7 @@ function projectLinesa(&$inc, $parent, &$lines, &$level, $var, $showproject, &$t
if (! $showlineingray) $inc++; if (! $showlineingray) $inc++;
$level++; $level++;
if ($lines[$i]->id) projectLinesa($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId); if ($lines[$i]->id) projectLinesa($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId, 0, $showalsopublicproj);
$level--; $level--;
$total += $lines[$i]->duration; $total += $lines[$i]->duration;
} }

4
htdocs/projet/tasks/index.php
View File

@@ -80,7 +80,7 @@ else
else print $langs->trans("ProjectsPublicDesc").'<br><br>'; else print $langs->trans("ProjectsPublicDesc").'<br><br>';
} }
// Get list of project id allowed to user // Get list of project id allowed to user (in a string list separated by coma)
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid); $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);
// Get list of tasks in tasksarray and taskarrayfiltered // Get list of tasks in tasksarray and taskarrayfiltered
@@ -121,7 +121,7 @@ print "</tr>\n";
// Show all lines in taskarray (recursive function to go down on tree) // Show all lines in taskarray (recursive function to go down on tree)
$j=0; $level=0; $j=0; $level=0;
$nboftaskshown=projectLinesa($j, 0, $tasksarray, $level, true, 1, $tasksrole, $projectsListId); $nboftaskshown=projectLinesa($j, 0, $tasksarray, $level, true, 1, $tasksrole, $projectsListId, 0);
print "</table>"; print "</table>";
print '</form>'; print '</form>';