Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-05 09:08:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #33169 Anyone can cancel vacation requests (#33343)

Browse Source 
* fix anyone can cancel

* Fix cancel button visibility based on user permissions

* fix

---------

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
Mohamed DAOUD
2025-03-07 11:12:00 +01:00
committed by GitHub
parent b500efd6ff
commit 881b5eb631
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/holiday/card.php
View File

@@ -61,7 +61,7 @@ $backtopageforcancel = GETPOST('backtopageforcancel', 'alpha');
$id = GETPOSTINT('id');
$ref = GETPOST('ref', 'alpha');
$fuserid = (GETPOSTINT('fuserid') ? GETPOSTINT('fuserid') : $user->id);
$fuserid = (GETPOSTINT('fuserid') ? GETPOSTINT('fuserid') : ($action == 'create' ? $user->id : 0));
$socid = GETPOSTINT('socid');
// Load translation files required by the page
@@ -100,6 +100,9 @@ if (($id > 0) || $ref) {
if (!$canread) {
accessforbidden();
}
if ($fuserid == 0) {
$fuserid = $object->fk_user; // If $fuserid is not defined, set it to the owner of the leave request
}
}
// Initialize a technical object to manage hooks of page. Note that conf->hooks_modules contains an array of hook context