From 68a9d86b4bbd513ce96f2bf2801dba5b98a68b42 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 30 Aug 2023 11:27:05 +0200 Subject: [PATCH 1/3] FIX multiple broken features for Multicompany !!!! --- htdocs/core/actions_fetchobject.inc.php | 6 +++++- htdocs/user/perms.php | 21 +++++++++++++-------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/htdocs/core/actions_fetchobject.inc.php b/htdocs/core/actions_fetchobject.inc.php index b73f6adbae8..c7ba2b9c37c 100644 --- a/htdocs/core/actions_fetchobject.inc.php +++ b/htdocs/core/actions_fetchobject.inc.php @@ -30,7 +30,11 @@ if (($id > 0 || (!empty($ref) && !in_array($action, array('create', 'createtask', 'add')))) && (empty($cancel) || $id > 0)) { if (($id > 0 && is_numeric($id)) || !empty($ref)) { // To discard case when id is list of ids like '1,2,3...' - $ret = $object->fetch($id, (empty($ref)? '' : $ref)); + if ($object->element == 'usergroup') { + $ret = $object->fetch($id, '', true); // to load $object->members + } else { + $ret = $object->fetch($id, (empty($ref)? '' : $ref)); + } if ($ret > 0) { $object->fetch_thirdparty(); $id = $object->id; diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 2b5261ed16f..1f8dbb6456c 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -225,22 +225,27 @@ $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; // all groups of a user $sql .= " WHERE 1 = 1"; // A very strange business rules. Must be same than into user->getrights() user/perms.php and user/group/perms.php if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) { - if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { - $sql .= " AND gu.entity IN (0,".$conf->entity.")"; - } else { - //$sql .= " AND r.entity = ".((int) $conf->entity); - } + $sql .= " AND gr.entity = ".((int) $entity); + $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; + $sql .= " AND gu.fk_user = ".((int) $object->id); + + /*if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { + $sql .= " AND gu.entity IN (0,".$conf->entity.")"; + } else { + //$sql .= " AND r.entity = ".((int) $conf->entity); + }*/ } else { + // TODO BROKEN FEATURES FOR MULTICOMPANY !!!!!!! $sql .= " AND gr.entity = ".((int) $conf->entity); // Only groups created in current entity // The entity on the table usergroup_user should be useless and should never be used because it is alreay into gr and r. // but when using MULTICOMPANY_TRANSVERSE_MODE, we may insert record that make rubbish result due to duplicate record of // other entities, so we are forced to add a filter here $sql .= " AND gu.entity IN (0,".$conf->entity.")"; //$sql .= " AND r.entity = ".((int) $conf->entity); // Only permission of modules enabled in current entity + // End of strange business rule + $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; + $sql .= " AND gu.fk_user = ".((int) $object->id); } -// End of strange business rule -$sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; -$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); From 6607f5f98e9784d79a92ac886bbac959213abd22 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 30 Aug 2023 12:43:03 +0200 Subject: [PATCH 2/3] FIX better sql request for all cases --- htdocs/user/perms.php | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 1f8dbb6456c..cbd0b22856b 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -222,30 +222,10 @@ $permsgroupbyentity = array(); $sql = "SELECT DISTINCT gr.fk_id, gu.entity"; // fk_id are permission id and entity is entity of the group $sql .= " FROM ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql .= " ".MAIN_DB_PREFIX."usergroup_user as gu"; // all groups of a user -$sql .= " WHERE 1 = 1"; -// A very strange business rules. Must be same than into user->getrights() user/perms.php and user/group/perms.php -if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) { - $sql .= " AND gr.entity = ".((int) $entity); - $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".((int) $object->id); - - /*if (isModEnabled('multicompany') && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) { - $sql .= " AND gu.entity IN (0,".$conf->entity.")"; - } else { - //$sql .= " AND r.entity = ".((int) $conf->entity); - }*/ -} else { - // TODO BROKEN FEATURES FOR MULTICOMPANY !!!!!!! - $sql .= " AND gr.entity = ".((int) $conf->entity); // Only groups created in current entity - // The entity on the table usergroup_user should be useless and should never be used because it is alreay into gr and r. - // but when using MULTICOMPANY_TRANSVERSE_MODE, we may insert record that make rubbish result due to duplicate record of - // other entities, so we are forced to add a filter here - $sql .= " AND gu.entity IN (0,".$conf->entity.")"; - //$sql .= " AND r.entity = ".((int) $conf->entity); // Only permission of modules enabled in current entity - // End of strange business rule - $sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; - $sql .= " AND gu.fk_user = ".((int) $object->id); -} +$sql .= " WHERE gr.entity = ".((int) $entity); +$sql .= " AND gu.entity =".((int) $entity); +$sql .= " AND gr.fk_usergroup = gu.fk_usergroup"; +$sql .= " AND gu.fk_user = ".((int) $object->id); dol_syslog("get user perms", LOG_DEBUG); $result = $db->query($sql); From 85aaac2fdf66542097fb918e09385fbe2315dfc8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 11 Sep 2023 10:48:49 +0200 Subject: [PATCH 3/3] Update actions_fetchobject.inc.php --- htdocs/core/actions_fetchobject.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/actions_fetchobject.inc.php b/htdocs/core/actions_fetchobject.inc.php index c7ba2b9c37c..73d37e2ece5 100644 --- a/htdocs/core/actions_fetchobject.inc.php +++ b/htdocs/core/actions_fetchobject.inc.php @@ -31,7 +31,7 @@ if (($id > 0 || (!empty($ref) && !in_array($action, array('create', 'createtask', 'add')))) && (empty($cancel) || $id > 0)) { if (($id > 0 && is_numeric($id)) || !empty($ref)) { // To discard case when id is list of ids like '1,2,3...' if ($object->element == 'usergroup') { - $ret = $object->fetch($id, '', true); // to load $object->members + $ret = $object->fetch($id, (empty($ref)? '' : $ref), true); // to load $object->members } else { $ret = $object->fetch($id, (empty($ref)? '' : $ref)); }