Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 17:48:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check parameter to make bug detection seasier

Browse Source
This commit is contained in:
Laurent Destailleur
2013-09-23 19:53:21 +02:00
parent 9a475e9ed2
commit 890c96355d
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/lib/security.lib.php
View File

@@ -411,7 +411,8 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
// If external user: Check permission for external users // If external user: Check permission for external users
if ($user->societe_id > 0) if ($user->societe_id > 0)
{ {
$sql = "SELECT dbt.".$dbt_keyfield; if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT dbt.".$dbt_keyfield;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid; $sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id; $sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
@@ -419,6 +420,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
// If internal user: Check permission for internal users that are restricted on their objects // If internal user: Check permission for internal users that are restricted on their objects
else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir)) else if (! empty($conf->societe->enabled) && ($user->rights->societe->lire && ! $user->rights->societe->client->voir))
{ {
if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined');
$sql = "SELECT sc.fk_soc"; $sql = "SELECT sc.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."societe as s";