mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-09 19:18:22 +01:00
New: Task #10725
This commit is contained in:
Regis Houssin
@@ -1573,6 +1573,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
|||||||
|
|
||||||
// More features to check
|
// More features to check
|
||||||
$features = explode("&",$features);
|
$features = explode("&",$features);
|
||||||
|
//var_dump($features);
|
||||||
|
|
||||||
// Check read permission from module
|
// Check read permission from module
|
||||||
// TODO Replace "feature" param by permission for reading
|
// TODO Replace "feature" param by permission for reading
|
||||||
@@ -1633,8 +1634,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
|||||||
|
|
||||||
// Check write permission from module
|
// Check write permission from module
|
||||||
$createok=1;
|
$createok=1;
|
||||||
if ( (isset($_GET["action"]) && $_GET["action"] == 'create')
|
if ( GETPOST("action") && GETPOST("action") == 'create')
|
||||||
|| (isset($_POST["action"]) && $_POST["action"] == 'create') )
|
|
||||||
{
|
{
|
||||||
foreach ($features as $feature)
|
foreach ($features as $feature)
|
||||||
{
|
{
|
||||||
@@ -1673,6 +1673,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
|||||||
}
|
}
|
||||||
else if (! empty($feature)) // This is for old permissions
|
else if (! empty($feature)) // This is for old permissions
|
||||||
{
|
{
|
||||||
|
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
|
||||||
if (empty($user->rights->$feature->creer)
|
if (empty($user->rights->$feature->creer)
|
||||||
&& empty($user->rights->$feature->write)) $createok=0;
|
&& empty($user->rights->$feature->write)) $createok=0;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -51,10 +51,16 @@ if ($_GET["id"])
|
|||||||
|| (($user->id != $_GET["id"]) && $user->rights->user->user->password) );
|
|| (($user->id != $_GET["id"]) && $user->rights->user->user->password) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$action=GETPOST("action");
|
||||||
|
$confirm=GETPOST("confirm");
|
||||||
|
|
||||||
// Security check
|
// Security check
|
||||||
$socid=0;
|
$socid=0;
|
||||||
if ($user->societe_id > 0) $socid = $user->societe_id;
|
if ($user->societe_id > 0)
|
||||||
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
|
{
|
||||||
|
$socid = $user->societe_id;
|
||||||
|
$feature2='user';
|
||||||
|
}
|
||||||
if ($user->id == $_GET["id"]) // A user can always read its own card
|
if ($user->id == $_GET["id"]) // A user can always read its own card
|
||||||
{
|
{
|
||||||
$feature2='';
|
$feature2='';
|
||||||
@@ -67,8 +73,6 @@ $langs->load("users");
|
|||||||
$langs->load("companies");
|
$langs->load("companies");
|
||||||
$langs->load("ldap");
|
$langs->load("ldap");
|
||||||
|
|
||||||
$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"];
|
|
||||||
|
|
||||||
$form = new Form($db);
|
$form = new Form($db);
|
||||||
|
|
||||||
// Define size of logo small and mini (might be set into other pages)
|
// Define size of logo small and mini (might be set into other pages)
|
||||||
@@ -95,7 +99,7 @@ if ($_GET["subaction"] == 'delrights' && $canedituser)
|
|||||||
$edituser->delrights($_GET["rights"]);
|
$edituser->delrights($_GET["rights"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_REQUEST["action"] == 'confirm_disable' && $_REQUEST["confirm"] == "yes")
|
if ($action == 'confirm_disable' && $confirm == "yes")
|
||||||
{
|
{
|
||||||
if ($_GET["id"] <> $user->id)
|
if ($_GET["id"] <> $user->id)
|
||||||
{
|
{
|
||||||
@@ -106,7 +110,7 @@ if ($_REQUEST["action"] == 'confirm_disable' && $_REQUEST["confirm"] == "yes")
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($_REQUEST["action"] == 'confirm_enable' && $_REQUEST["confirm"] == "yes")
|
if ($action == 'confirm_enable' && $confirm == "yes")
|
||||||
{
|
{
|
||||||
if ($_GET["id"] <> $user->id)
|
if ($_GET["id"] <> $user->id)
|
||||||
{
|
{
|
||||||
@@ -133,7 +137,7 @@ if ($_REQUEST["action"] == 'confirm_enable' && $_REQUEST["confirm"] == "yes")
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes")
|
if ($action == 'confirm_delete' && $confirm == "yes")
|
||||||
{
|
{
|
||||||
if ($_GET["id"] <> $user->id)
|
if ($_GET["id"] <> $user->id)
|
||||||
{
|
{
|
||||||
@@ -370,8 +374,8 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"])
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Change password with a new generated one
|
// Change password with a new generated one
|
||||||
if ((($_REQUEST["action"] == 'confirm_password' && $_REQUEST["confirm"] == 'yes')
|
if ((($action == 'confirm_password' && $confirm == 'yes')
|
||||||
|| ($_REQUEST["action"] == 'confirm_passwordsend' && $_REQUEST["confirm"] == 'yes')) && $caneditpassword)
|
|| ($action == 'confirm_passwordsend' && $confirm == 'yes')) && $caneditpassword)
|
||||||
{
|
{
|
||||||
$edituser = new User($db);
|
$edituser = new User($db);
|
||||||
$edituser->fetch($_GET["id"]);
|
$edituser->fetch($_GET["id"]);
|
||||||
@@ -385,7 +389,7 @@ if ((($_REQUEST["action"] == 'confirm_password' && $_REQUEST["confirm"] == 'yes'
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// Succes
|
// Succes
|
||||||
if ($_REQUEST["action"] == 'confirm_passwordsend' && $_REQUEST["confirm"] == 'yes')
|
if ($action == 'confirm_passwordsend' && $confirm == 'yes')
|
||||||
{
|
{
|
||||||
if ($edituser->send_password($user,$newpassword) > 0)
|
if ($edituser->send_password($user,$newpassword) > 0)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user