Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 17:18:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX REST api to get project when user has permission to read all.

Browse Source
This commit is contained in:
Laurent Destailleur
2017-06-01 17:29:47 +02:00
parent f4cdb6b254
commit 76e1438fe6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/core/lib/security.lib.php
View File

@@ -372,7 +372,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet'); // Test for project object
$checkproject = array('projet','project'); // Test for project object
$nocheck = array('barcode','stock','fournisseur'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
@@ -462,6 +462,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
}
else
{
if ($dbtablename == 'project') $dbtablename='projet';
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;