Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #12986

Browse Source
This commit is contained in:
Laurent Destailleur 2020-02-03 02:48:05 +01:00
parent 69a0a1410e
commit 90cde17bdb
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
htdocs/projet/class/project.class.php
View File

@ -1211,7 +1211,7 @@ class Project extends CommonObject
* Return array of projects a user has permission on, is affected to, or all projects
*
* @param User $user User object
* @param int $mode 0=All project I have permission on (assigned to me and public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts
* @param int $mode 0=All project I have permission on (assigned to me or public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts
* @param int $list 0=Return array, 1=Return string list
* @param int $socid 0=No filter on third party, id of third party
* @param string $filter additionnal filter on project (statut, ref, ...)
@ -1224,9 +1224,17 @@ class Project extends CommonObject
$sql = "SELECT ".(($mode == 0 || $mode == 1) ? "DISTINCT " : "")."p.rowid, p.ref";
$sql.= " FROM " . MAIN_DB_PREFIX . "projet as p";
if ($mode == 0 || $mode == 1)
if ($mode == 0)
{
$sql.= ", " . MAIN_DB_PREFIX . "element_contact as ec";
$sql.= " LEFT JOIN " . MAIN_DB_PREFIX . "element_contact as ec ON ec.element_id = p.rowid";
}
elseif ($mode == 1)
{
$sql.= ", " . MAIN_DB_PREFIX . "element_contact as ec";
}
elseif ($mode == 2)
{
// No filter. Use this if user has permission to see all project
}
$sql.= " WHERE p.entity IN (".getEntity('project').")";
// Internal users must see project he is contact to even if project linked to a third party he can't see.
@ -1251,13 +1259,12 @@ class Project extends CommonObject
if ($mode == 0)
{
$sql.= " AND ec.element_id = p.rowid";
$sql.= " AND ( p.public = 1";
$sql.= " OR ( ec.fk_c_type_contact IN (".join(',', array_keys($listofprojectcontacttype)).")";
$sql.= " AND ec.fk_socpeople = ".$user->id.")";
$sql.= " )";
}
if ($mode == 1)
elseif ($mode == 1)
{
$sql.= " AND ec.element_id = p.rowid";
$sql.= " AND (";
@ -1265,7 +1272,7 @@ class Project extends CommonObject
$sql.= " AND ec.fk_socpeople = ".$user->id.")";
$sql.= " )";
}
if ($mode == 2)
elseif ($mode == 2)
{
// No filter. Use this if user has permission to see all project
}

16
htdocs/user/perms.php
View File

@ -89,9 +89,13 @@ if (empty($reshook)) {
if ($action == 'addrights' && $caneditperms) {
$edituser = new User($db);
$edituser->fetch($object->id);
$edituser->addrights($rights, $module, '', $entity);
$result = $edituser->addrights($rights, $module, '', $entity);
if ($result < 0)
{
setEventMessages($edituser->error, $edituser->errors, 'errors');
}
// Si on a touche a ses propres droits, on recharge
// If we are changing our own permissions, we reload
if ($object->id == $user->id) {
$user->clearrights();
$user->getrights();
@ -105,9 +109,13 @@ if (empty($reshook)) {
if ($action == 'delrights' && $caneditperms) {
$edituser = new User($db);
$edituser->fetch($object->id);
$edituser->delrights($rights, $module, '', $entity);
$result = $edituser->delrights($rights, $module, '', $entity);
if ($result < 0)
{
setEventMessages($edituser->error, $edituser->errors, 'errors');
}
// Si on a touche a ses propres droits, on recharge
// If we are changing our own permissions, we reload
if ($object->id == $user->id) {
$user->clearrights();
$user->getrights();