Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #32611

Browse Source
This commit is contained in:
Laurent Destailleur 2025-01-10 15:17:06 +01:00
parent fde52c9ae7
commit 1cdcf9beb4
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
htdocs/user/bank.php
View File

@ -94,6 +94,8 @@ $permissiontoreadhr = $user->hasRight('hrm', 'read_personal_information', 'read'
$permissiontowritehr = $user->hasRight('hrm', 'write_personal_information', 'write');
$permissiontosimpleedit = ($selfpermission || $canadduser);
$childids = $user->getAllChildIds(1);
// Ok if user->hasRight('salaries', 'readall') or user->hasRight('hrm', 'read')
//$result = restrictedArea($user, 'salaries|hrm', $object->id, 'user&user', $feature2);
$ok = false;
@ -106,9 +108,13 @@ if ($user->hasRight('salaries', 'readall')) {
if ($user->hasRight('hrm', 'read')) {
$ok = true;
}
if ($user->hasRight('expensereport', 'lire') && ($user->id == $object->id || $user->hasRight('expensereport', 'readall'))) {
if ($user->hasRight('expensereport', 'readall') || ($user->hasRight('expensereport', 'readall') && in_array($object->id, $childids))) {
$ok = true;
}
if ($user->hasRight('holiday', 'readall') || ($user->hasRight('holiday', 'read') && in_array($object->id, $childids))) {
$ok = true;
}
var_dump($ok);
if (!$ok) {
accessforbidden();
}
@ -277,8 +283,6 @@ if (getDolGlobalString('MAIN_USE_EXPENSE_IK')) {
$form = new Form($db);
$formcompany = new FormCompany($db);
$childids = $user->getAllChildIds(1);
$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname;
$title = $person_name." - ".$langs->trans('BankAccounts');
$help_url = '';