Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 17:18:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: Security does not need special case

Browse Source
This commit is contained in:
Laurent Destailleur
2013-03-24 21:06:45 +01:00
parent 2b03420445
commit 4e029bf2ca
9 changed files with 33 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/security.lib.php
View File

@@ -150,10 +150,6 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
{
if (! $user->rights->prelevement->bons->lire) $readok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->lire) $readok=0;
}
else if ($feature == 'cheque')
{
if (! $user->rights->banque->cheque) $readok=0;

2
htdocs/fourn/commande/contact.php
View File

@@ -40,7 +40,7 @@ $action = GETPOST('action', 'alpha');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
$object = new CommandeFournisseur($db);

2
htdocs/fourn/commande/dispatch.php
View File

@@ -44,7 +44,7 @@ $langs->load('stocks');
// Security check
$id = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
if (empty($conf->stock->enabled))
{

2
htdocs/fourn/commande/document.php
View File

@@ -49,7 +49,7 @@ $confirm = GETPOST('confirm','alpha');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
// Get parameters
$sortfield = GETPOST("sortfield",'alpha');

2
htdocs/fourn/commande/fiche.php
View File

@@ -67,7 +67,7 @@ $hideref = (GETPOST('hideref','int') ? GETPOST('hideref','int') : (! empty($co
// Security check
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('ordersuppliercard'));

2
htdocs/fourn/commande/history.php
View File

@@ -38,7 +38,7 @@ $ref=GETPOST('ref','alpha');
// Security check
$socid='';
if (! empty($user->societe_id)) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
/*

2
htdocs/fourn/commande/index.php
View File

@@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php';
// Security check
$orderid = GETPOST('orderid');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $orderid,'');
$result = restrictedArea($user, 'fournisseur', $orderid, '', 'commande');
$langs->load("suppliers");
$langs->load("orders");

2
htdocs/fourn/commande/liste.php
View File

@@ -43,7 +43,7 @@ $sortfield = GETPOST('sortfield','alpha');
// Security check
$orderid = GETPOST('orderid');
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $orderid,'');
$result = restrictedArea($user, 'fournisseur', $orderid, '', 'commande');
/*

2
htdocs/fourn/commande/note.php
View File

@@ -39,7 +39,7 @@ $action = GETPOST('action');
// Security check
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'commande_fournisseur', $id,'');
$result = restrictedArea($user, 'fournisseur', $id, '', 'commande');
$object = new CommandeFournisseur($db);
$object->fetch($id, $ref);