diff --git a/htdocs/core/modules/oauth/generic_oauthcallback.php b/htdocs/core/modules/oauth/generic_oauthcallback.php index 787b730e0a5..c5993d99cd9 100644 --- a/htdocs/core/modules/oauth/generic_oauthcallback.php +++ b/htdocs/core/modules/oauth/generic_oauthcallback.php @@ -156,7 +156,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken($genericstring); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/github_oauthcallback.php b/htdocs/core/modules/oauth/github_oauthcallback.php index 6f5a895b6c3..fe77dcb3dd0 100644 --- a/htdocs/core/modules/oauth/github_oauthcallback.php +++ b/htdocs/core/modules/oauth/github_oauthcallback.php @@ -107,7 +107,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken('GitHub'); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/google_oauthcallback.php b/htdocs/core/modules/oauth/google_oauthcallback.php index 0a6ce5def56..1be7463ac42 100644 --- a/htdocs/core/modules/oauth/google_oauthcallback.php +++ b/htdocs/core/modules/oauth/google_oauthcallback.php @@ -144,7 +144,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken('Google'); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/microsoft2_oauthcallback.php b/htdocs/core/modules/oauth/microsoft2_oauthcallback.php index 38405c680ec..10146a1be44 100644 --- a/htdocs/core/modules/oauth/microsoft2_oauthcallback.php +++ b/htdocs/core/modules/oauth/microsoft2_oauthcallback.php @@ -130,7 +130,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken($genericstring); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/microsoft_oauthcallback.php b/htdocs/core/modules/oauth/microsoft_oauthcallback.php index d315b7903bb..6d32b4047c9 100644 --- a/htdocs/core/modules/oauth/microsoft_oauthcallback.php +++ b/htdocs/core/modules/oauth/microsoft_oauthcallback.php @@ -130,7 +130,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken($genericstring); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/stripelive_oauthcallback.php b/htdocs/core/modules/oauth/stripelive_oauthcallback.php index 3fde132ea25..6de062f2dfa 100644 --- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php @@ -110,8 +110,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ - -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken('StripeLive'); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/core/modules/oauth/stripetest_oauthcallback.php b/htdocs/core/modules/oauth/stripetest_oauthcallback.php index a9f50b95fc4..78b8007d986 100644 --- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php +++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php @@ -110,8 +110,8 @@ if (!getDolGlobalString($keyforparamsecret)) { * Actions */ - -if ($action == 'delete') { +if ($action == 'delete' && (!empty($user->admin) || $user->id == GETPOSTINT('userid'))) { + $storage->userid = GETPOSTINT('userid'); $storage->clearToken('StripeTest'); setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs'); diff --git a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php index 1da2151cb24..bae563c7dff 100644 --- a/htdocs/includes/OAuth/Common/Storage/DoliStorage.php +++ b/htdocs/includes/OAuth/Common/Storage/DoliStorage.php @@ -65,6 +65,8 @@ class DoliStorage implements TokenStorageInterface public $date_creation; public $date_modification; + public $userid; // ID of user for user specific OAuth entries + /** * @param DoliDB $db Database handler @@ -226,6 +228,9 @@ class DoliStorage implements TokenStorageInterface $sql = "DELETE FROM ".MAIN_DB_PREFIX."oauth_token"; $sql .= " WHERE service = '".$this->db->escape($servicepluskeyforprovider)."'"; $sql .= " AND entity IN (".getEntity('oauth_token').")"; + if (!empty($this->userid)) { + $sql .= " AND fk_user = ".((int) $this->userid); + } $resql = $this->db->query($sql); //} diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index 2a21db5745a..b27300d1437 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -653,6 +653,7 @@ class CodingPhpTest extends CommonClassTest && !preg_match('/\$permto/', $val[0]) && !preg_match('/\$usercan/', $val[0]) && !preg_match('/\$canedit/', $val[0]) + && !preg_match('/\$user->admin/', $val[0]) && !preg_match('/already done/i', $val[0]) && !preg_match('/not required/i', $val[0])) { $ok = false;