Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-12 02:42:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX Multicompany compatibility with "project_task"

Browse Source
This commit is contained in:
Regis Houssin
2025-10-16 19:10:32 +02:00
parent b1d57a6bd1
commit 0dbbd453e5
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/core/ajax/ajaxtooltip.php
View File

@@ -60,8 +60,15 @@ $module = $object->module;
$element = $object->element;
$usesublevelpermission = ($module != $element ? $element : '');
if ($usesublevelpermission && !isset($user->rights->$module->$element)) { // There is no permission on object defined, we will check permission on module directly
$usesublevelpermission = '';
$exclude = array('projet_task', 'project_task'); // for user rights compatibility
if ($usesublevelpermission) {
if (!in_array($usesublevelpermission, $exclude)) {
if (!isset($user->rights->$module->$element)) { // There is no permission on object defined, we will check permission on module directly
$usesublevelpermission = '';
}
} elseif (!isset($user->rights->$module)) {
$usesublevelpermission = '';
}
}
//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";

10
htdocs/core/lib/security.lib.php
View File

@@ -877,8 +877,11 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
if ($feature == 'project') {
$feature = 'projet';
}
if ($feature == 'task') {
$feature = 'projet_task';
if ($feature == 'projet' && !empty($feature2) && is_array($feature2) && (in_array('project_task', $feature2) || in_array('projet_task', $feature2))) {
$feature = 'project_task';
}
if ($feature == 'task' || $feature == 'projet_task') {
$feature = 'project_task';
}
if ($feature == 'eventorganization') {
$feature = 'agenda';
@@ -899,7 +902,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$checksoc = array('societe'); // Test for object Societe
$checkparentsoc = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
$checktask = array('projet_task', 'project_task'); // Test for task object
$checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
$checkuser = array('bookmark'); // check permission among the fk_user (must be myself or null)
$nocheck = array('barcode', 'stock'); // No test
@@ -1034,6 +1037,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
return false;
}
} else {
$sharedelement = 'project'; // for multicomany compatibility
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";
$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";