Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Debug v18

Browse Source
This commit is contained in:
Laurent Destailleur
2023-05-10 04:11:41 +02:00
parent 283d6c9fe2
commit c3c162441f
4 changed files with 73 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/core/lib/security.lib.php
View File

@@ -363,9 +363,10 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
}
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", perm: ".$features."->".$feature2."=".($user->hasRight($features, $feature2, 'lire'))."<br>";
/*print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
print ", dbtablename=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
print ", perm: user->right->".$features.($feature2 ? "->".$feature2 : "")."=".($user->hasRight($features, $feature2, 'lire'))."<br>";
*/
$parentfortableentity = '';
@@ -839,13 +840,17 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
if ($feature == 'task') {
$feature = 'projet_task';
}
if ($feature == 'eventorganization') {
$feature = 'agenda';
$dbtablename = 'actioncomm';
}
$checkonentitydone = 0;
// Array to define rules of checks to do
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for object Societe
$checkother = array('contact', 'agenda', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkother = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
$checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
@@ -966,7 +971,6 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$sql .= " WHERE dbt.".$dbt_select." IN (".$db->sanitize($objectid, 1).")";
$sql .= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
}
$checkonentitydone = 1;
}
if (in_array($feature, $checktask) && $objectid > 0) {