Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-24 10:21:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v18

Browse Source
This commit is contained in:
Laurent Destailleur
2023-06-29 12:10:31 +02:00
parent 024b86e864
commit 5fd7bcaae9
3 changed files with 32 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
htdocs/core/lib/security.lib.php
View File

@@ -476,12 +476,12 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
continue;
}
if ($feature == 'societe') {
if ($feature == 'societe' && !in_array('contact', $feature2)) {
if (!$user->hasRight('societe', 'lire') && !$user->hasRight('fournisseur', 'lire')) {
$readok = 0;
$nbko++;
}
} elseif ($feature == 'contact') {
} elseif (($feature == 'societe' && in_array('contact', $feature2)) || $feature == 'contact') {
if (empty($user->rights->societe->contact->lire)) {
$readok = 0;
$nbko++;
@@ -845,6 +845,10 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
//var_dump($feature);exit;
// For backward compatibility
if ($feature == 'societe' && in_array('contact', $feature2)) {
$feature = 'contact';
$feature2 = '';
}
if ($feature == 'member') {
$feature = 'adherent';
}
@@ -868,7 +872,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
// Array to define rules of checks to do
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment', 'chargesociales'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for object Societe
$checkother = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkparentsoc = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
$checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
@@ -946,7 +950,7 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$checkonentitydone = 1;
}
if (in_array($feature, $checkother) && $objectid > 0) { // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...).
if (in_array($feature, $checkparentsoc) && $objectid > 0) { // Test on entity + link to thirdparty. Allowed if link is empty (Ex: contacts...).
// If external user: Check permission for external users
if ($user->socid > 0) {
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";