Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX right access on salary card and tabs

Browse Source
This commit is contained in:
VESSILLER 2023-09-11 11:01:00 +02:00
parent 6df3661044
commit 03272b12b0
3 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/salaries/card.php
View File

@ -85,8 +85,7 @@ if ($id > 0 || !empty($ref)) {
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
}
if (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
} elseif (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {

13
htdocs/salaries/document.php
View File

@ -63,8 +63,21 @@ if (!$sortfield) {
}
$object = new Salary($db);
$childids = $user->getAllChildIds(1);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
// Check current user can read this salary
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
} elseif (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {
accessforbidden();
}
}
$upload_dir = $conf->salaries->dir_output.'/'.dol_sanitizeFileName($object->id);

13
htdocs/salaries/info.php
View File

@ -37,8 +37,21 @@ $ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'aZ09');
$object = new Salary($db);
$childids = $user->getAllChildIds(1);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
// Check current user can read this salary
$canread = 0;
if (!empty($user->rights->salaries->readall)) {
$canread = 1;
} elseif (!empty($user->rights->salaries->read) && $object->fk_user > 0 && in_array($object->fk_user, $childids)) {
$canread = 1;
}
if (!$canread) {
accessforbidden();
}
}
// Security check