Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix use permission to validate action.

Browse Source
This commit is contained in:
Laurent Destailleur 2024-08-22 13:24:05 +02:00
parent 38b9ae3038
commit 30d2003dfc
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/product/traduction.php
View File

@ -67,6 +67,9 @@ if ($object->id > 0) {
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('producttranslationcard', 'globalcard'));
// Permissions
$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'creer')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'creer')));
/*
* Actions
@ -83,7 +86,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == 'delete' && GETPOST('langtodelete', 'alpha')) {
if ($action == 'delete' && GETPOST('langtodelete', 'alpha') && $usercancreate) {
$object = new Product($db);
$object->fetch($id);
$object->delMultiLangs(GETPOST('langtodelete', 'alpha'), $user);
@ -92,7 +95,7 @@ if (empty($reshook)) {
}
// Add translation
if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {
if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $usercancreate) {
$object = new Product($db);
$object->fetch($id);
$current_lang = $langs->getDefaultLang();
@ -127,7 +130,7 @@ if (empty($reshook)) {
}
// Edit translation
if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {
if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $usercancreate) {
$object = new Product($db);
$object->fetch($id);
$current_lang = $langs->getDefaultLang();
@ -156,7 +159,7 @@ if (empty($reshook)) {
}
// Delete translation
if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {
if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && $usercancreate) {
$object = new Product($db);
$object->fetch($id);
$langtodelete = GETPOST('langdel', 'alpha');