Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 00:53:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0

Browse Source
This commit is contained in:
Laurent Destailleur
2019-03-15 11:00:52 +01:00
parent c44d9bf8e2 84bff41543
commit 074ba0729a
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/lib/security.lib.php
View File

@@ -176,7 +176,7 @@ function dol_verifyHash($chain, $hash, $type='0')
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @return int Always 1, die process if not allowed
* @see dol_check_secure_access_document
* @see dol_check_secure_access_document()
*/
function restrictedArea($user, $features, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0)
{
@@ -430,7 +430,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @return bool True if user has access, False otherwise
* @see restrictedArea
* @see restrictedArea()
*/
function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='', $dbt_select='rowid')
{
@@ -450,13 +450,13 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
if ($feature == 'project') $feature='projet';
if ($feature == 'task') $feature='projet_task';
$check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource'); // Test on entity only (Objects with no link to company)
$check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource','expensereport'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet','project'); // Test for project object
$checktask = array('projet_task');
$nocheck = array('barcode','stock'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
//$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtablename not defined, we use same name for table than module name
if (empty($dbtablename))