diff --git a/htdocs/bom/bom_agenda.php b/htdocs/bom/bom_agenda.php index d22f457df85..ddd57d34e76 100644 --- a/htdocs/bom/bom_agenda.php +++ b/htdocs/bom/bom_agenda.php @@ -92,7 +92,7 @@ if ($id > 0 || !empty($ref)) { //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); -restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +restrictedArea($user, 'bom', $object->id, $object->table_element, '', '', 'rowid', $isdraft); /* diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 33e562a8a20..e27cd0a2e1c 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -84,7 +84,7 @@ if ($object->id > 0) { //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); -$result = restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +$result = restrictedArea($user, 'bom', $object->id, $object->table_element, '', '', 'rowid', $isdraft); // Permissions $permissionnote = $user->hasRight('bom', 'write'); // Used by the include of actions_setnotes.inc.php diff --git a/htdocs/bom/bom_document.php b/htdocs/bom/bom_document.php index 03b9f416d43..88fbdde11c7 100644 --- a/htdocs/bom/bom_document.php +++ b/htdocs/bom/bom_document.php @@ -83,7 +83,7 @@ if ($id > 0 || !empty($ref)) { //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); -restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +restrictedArea($user, 'bom', $object->id, $object->table_element, '', '', 'rowid', $isdraft); $permissiontoadd = $user->hasRight('bom', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php diff --git a/htdocs/bom/bom_net_needs.php b/htdocs/bom/bom_net_needs.php index 56683e82338..f0e993d6eea 100644 --- a/htdocs/bom/bom_net_needs.php +++ b/htdocs/bom/bom_net_needs.php @@ -81,7 +81,7 @@ if ($object->id > 0) { //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); -$result = restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +$result = restrictedArea($user, 'bom', $object->id, $object->table_element, '', '', 'rowid', $isdraft); // Permissions $permissionnote = $user->hasRight('bom', 'write'); // Used by the include of actions_setnotes.inc.php diff --git a/htdocs/bom/bom_note.php b/htdocs/bom/bom_note.php index 10c64a1b104..188c34c8c05 100644 --- a/htdocs/bom/bom_note.php +++ b/htdocs/bom/bom_note.php @@ -67,7 +67,7 @@ $permissionnote = $user->hasRight('bom', 'write'); // Used by the include of act //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); -restrictedArea($user, 'bom', $object->id, 'bom_bom', '', '', 'rowid', $isdraft); +restrictedArea($user, 'bom', $object->id, $object->table_element, '', '', 'rowid', $isdraft); /* diff --git a/htdocs/mrp/ajax/ajax_bom.php b/htdocs/mrp/ajax/ajax_bom.php index 050385246b5..a023d34385d 100644 --- a/htdocs/mrp/ajax/ajax_bom.php +++ b/htdocs/mrp/ajax/ajax_bom.php @@ -46,6 +46,13 @@ require_once DOL_DOCUMENT_ROOT.'/bom/class/bom.class.php'; $idbom = GETPOST('idbom', 'alpha'); //$action = GETPOST('action', 'aZ09'); +$object = new BOM($db); +$result = $object->fetch($idbom); + +// Security check +$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'bom', $object, $object->table_element, '', '', 'rowid', $isdraft); + /* * View @@ -53,8 +60,6 @@ $idbom = GETPOST('idbom', 'alpha'); top_httphead('application/json'); -$object = new BOM($db); -$result = $object->fetch($idbom); if ($result > 0) { // We remove properties we don't need in answer unset($object->fields);