Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25731 from hregis/fix_multicompany_broken_features

Browse Source 
FIX missing group "members" + multiple broken features for Multicompany
This commit is contained in:
Laurent Destailleur 2023-09-11 10:51:11 +02:00 committed by GitHub
commit 89c7369996
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/actions_fetchobject.inc.php
View File

@ -30,7 +30,11 @@
if (($id > 0 || (!empty($ref) && !in_array($action, array('create', 'createtask', 'add')))) && (empty($cancel) || $id > 0)) {
if (($id > 0 && is_numeric($id)) || !empty($ref)) { // To discard case when id is list of ids like '1,2,3...'
$ret = $object->fetch($id, (empty($ref)? '' : $ref));
if ($object->element == 'usergroup') {
$ret = $object->fetch($id, (empty($ref)? '' : $ref), true); // to load $object->members
} else {
$ret = $object->fetch($id, (empty($ref)? '' : $ref));
}
if ($ret > 0) {
$object->fetch_thirdparty();
$id = $object->id;

19
htdocs/user/perms.php
View File

@ -222,23 +222,8 @@ $permsgroupbyentity = array();
$sql = "SELECT DISTINCT gr.fk_id, gu.entity"; // fk_id are permission id and entity is entity of the group
$sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,";
$sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; // all groups of a user
$sql .= " WHERE 1 = 1";
// A very strange business rules. Must be same than into user->getrights() user/perms.php and user/group/perms.php
if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) {
if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
$sql .= " AND gu.entity IN (0,".$conf->entity.")";
} else {
//$sql .= " AND r.entity = ".((int) $conf->entity);
}
} else {
$sql .= " AND gr.entity = ".((int) $conf->entity); // Only groups created in current entity
// The entity on the table usergroup_user should be useless and should never be used because it is alreay into gr and r.
// but when using MULTICOMPANY_TRANSVERSE_MODE, we may insert record that make rubbish result due to duplicate record of
// other entities, so we are forced to add a filter here
$sql .= " AND gu.entity IN (0,".$conf->entity.")";
//$sql .= " AND r.entity = ".((int) $conf->entity); // Only permission of modules enabled in current entity
}
// End of strange business rule
$sql .= " WHERE gr.entity = ".((int) $entity);
$sql .= " AND gu.entity =".((int) $entity);
$sql .= " AND gr.fk_usergroup = gu.fk_usergroup";
$sql .= " AND gu.fk_user = ".((int) $object->id);