Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-09 11:08:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v18

Browse Source
This commit is contained in:
Laurent Destailleur
2023-04-03 12:06:16 +02:00
parent 254e785c47
commit 2f34f179b9
4 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/ajax/objectonoff.php
View File

@@ -54,6 +54,9 @@ $format = 'int';
// Load object according to $id and $element // Load object according to $id and $element
$object = fetchObjectByElement($id, $element); $object = fetchObjectByElement($id, $element);
if (!is_object($object)) {
httponly_accessforbidden("Bad value for combination of parameters element/field: Object not found."); // This includes the exit.
}
$object->fields[$field] = array('type' => $format, 'enabled' => 1); $object->fields[$field] = array('type' => $format, 'enabled' => 1);
@@ -81,7 +84,7 @@ if (preg_match('/status$/', $field)) {
} elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products } elseif ($element == 'product' && in_array($field, array('tosell', 'tobuy', 'tobatch'))) { // Special case for products
restrictedArea($user, 'produit|service', $object, 'product&product', '', '', 'rowid'); restrictedArea($user, 'produit|service', $object, 'product&product', '', '', 'rowid');
} else { } else {
httponly_accessforbidden("Bad value for combination of parameters element/field."); // This includes the exit. httponly_accessforbidden("Bad value for combination of parameters element/field: Field not supported."); // This includes the exit.
} }

8
htdocs/core/lib/functions.lib.php
View File

@@ -11357,6 +11357,12 @@ function getElementProperties($element_type)
$classname = 'Productlot'; $classname = 'Productlot';
$element = 'productlot'; $element = 'productlot';
$subelement = ''; $subelement = '';
} elseif ($element_type == 'websitepage') {
$classpath = 'website/class';
$classfile = 'websitepage';
$classname = 'Websitepage';
$module = 'website';
$subelement = 'websitepage';
} }
if (empty($classfile)) { if (empty($classfile)) {
@@ -11391,7 +11397,7 @@ function getElementProperties($element_type)
*/ */
function fetchObjectByElement($element_id, $element_type, $element_ref = '') function fetchObjectByElement($element_id, $element_type, $element_ref = '')
{ {
global $conf, $db; global $db;
$ret = 0; $ret = 0;

8
htdocs/core/lib/security.lib.php
View File

@@ -332,7 +332,7 @@ function dolGetLdapPasswordHash($password, $type = 'md5')
* This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user). * This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
* *
* @param User $user User to check * @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'. * @param string $features Features to check (it must be module name or $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...) * Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->... * This is used to check permission $user->rights->features->...
* @param int|string|object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param int|string|object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
@@ -364,7 +364,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft"); //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid; //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."<br>"; //print ", perm: ".$features."->".$feature2."=".($user->hasRight($features, $feature2, 'lire'))."<br>";
$parentfortableentity = ''; $parentfortableentity = '';
@@ -388,9 +388,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
$features = 'adherent'; $features = 'adherent';
$feature2 = 'cotisation'; $feature2 = 'cotisation';
} }
if ($features == 'websitepage') { if ($features == 'website' && is_object($object) && $object->element == 'websitepage') {
$features = 'website';
$tableandshare = 'website_page';
$parentfortableentity = 'fk_website@website'; $parentfortableentity = 'fk_website@website';
} }
if ($features == 'project') { if ($features == 'project') {

6
htdocs/core/modules/modWebhook.class.php
View File

@@ -260,17 +260,17 @@ class modWebhook extends DolibarrModules
// Add here entries to declare new permissions // Add here entries to declare new permissions
/* BEGIN MODULEBUILDER PERMISSIONS */ /* BEGIN MODULEBUILDER PERMISSIONS */
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = 'Read objects of Webhook'; // Permission label $this->rights[$r][1] = 'Read Webhooks'; // Permission label
$this->rights[$r][4] = 'webhook_target'; $this->rights[$r][4] = 'webhook_target';
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->read) $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->read)
$r++; $r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = 'Create/Update objects of Webhook'; // Permission label $this->rights[$r][1] = 'Create/Update Webhooks'; // Permission label
$this->rights[$r][4] = 'webhook_target'; $this->rights[$r][4] = 'webhook_target';
$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->write) $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->write)
$r++; $r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = 'Delete objects of Webhook'; // Permission label $this->rights[$r][1] = 'Delete Webhooks'; // Permission label
$this->rights[$r][4] = 'webhook_target'; $this->rights[$r][4] = 'webhook_target';
$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->delete) $this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->webhook->webhook_target->delete)
$r++; $r++;