diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e98484707c0..95d0637188a 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -176,7 +176,7 @@ function dol_verifyHash($chain, $hash, $type='0') * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @param int $isdraft 1=The object with id=$objectid is a draft * @return int Always 1, die process if not allowed - * @see dol_check_secure_access_document + * @see dol_check_secure_access_document() */ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0) { @@ -430,7 +430,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional) * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional) * @return bool True if user has access, False otherwise - * @see restrictedArea + * @see restrictedArea() */ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid') { @@ -450,13 +450,13 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'project') $feature='projet'; if ($feature == 'task') $feature='projet_task'; - $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource'); // Test on entity only (Objects with no link to company) + $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource','expensereport'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); $nocheck = array('barcode','stock'); // No test - $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). + //$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name if (empty($dbtablename))