Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 17:13:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix missing test on permissions

Browse Source
This commit is contained in:
Laurent Destailleur
2024-09-01 13:48:58 +02:00
parent e3c9f1db7c
commit 2e2ab9d84d
20 changed files with 208 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/user/home.php
View File

@@ -38,9 +38,9 @@ if (!$user->hasRight('user', 'user', 'lire') && !$user->admin) {
// Load translation files required by page
$langs->load("users");
$canreadperms = true;
$permissiontoreadgroup = true;
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
$canreadperms = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
$permissiontoreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
}
// Security check (for external users)
@@ -98,7 +98,7 @@ $searchbox .= '<tr><td>';
$searchbox .= $langs->trans("User").':</td><td><input class="flat inputsearch width200" type="text" name="search_user"></td></tr>';
// Search Group
if ($canreadperms) {
if ($permissiontoreadgroup) {
$searchbox .= '<tr><td>';
$searchbox .= $langs->trans("Group").':</td><td><input class="flat inputsearch width200" type="text" name="search_group"></td></tr>';
}
@@ -231,7 +231,7 @@ if ($resql) {
* Last groups created
*/
$lastgroupbox = '';
if ($canreadperms) {
if ($permissiontoreadgroup) {
$sql = "SELECT g.rowid, g.nom as name, g.note, g.entity, g.datec";
$sql .= " FROM ".MAIN_DB_PREFIX."usergroup as g";
if (isModEnabled('multicompany') && $conf->entity == 1 && (getDolGlobalInt('MULTICOMPANY_TRANSVERSE_MODE') || ($user->admin && !$user->entity))) {