Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update consumption.php

Browse Source 
security access fix : we don't have right to access of invoice and order if we are not agreed
This commit is contained in:
BENKE Charles 2014-07-29 11:28:46 +02:00
parent c9d27383a4
commit fb4e64fdab
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/societe/consumption.php
View File

@ -67,7 +67,12 @@ if (GETPOST("button_removefilter"))
}
// Customer or supplier selected in drop box
$thirdTypeSelect = GETPOST("third_select_id");
$type_element = GETPOST('type_element')?GETPOST('type_element'):'invoice';
if ($conf->facture->enabled && $user->rights->facture->lire)
$type_element = 'invoice';
elseif ($conf->commande->enabled && $user->rights->commande->lire)
$type_element = 'order';
$type_element = GETPOST('type_element')?GETPOST('type_element'):$type_element;
$langs->load("companies");
$langs->load("bills");
@ -126,8 +131,8 @@ if ($object->client)
$obj = $db->fetch_object($resql);
$nbFactsClient = $obj->nb;
$thirdTypeArray['customer']=$langs->trans("customer");
if ($conf->facture->enabled) $elementTypeArray['invoice']=$langs->trans('Invoices');
if ($conf->commande->enabled) $elementTypeArray['order']=$langs->trans('Orders');
if($conf->facture->enabled && $user->rights->facture->lire) $elementTypeArray['invoice']=$langs->trans('Invoices');
if ($conf->commande->enabled && $user->rights->commande->lire) $elementTypeArray['order']=$langs->trans('Orders');
}
if ($object->fournisseur)
@ -144,8 +149,8 @@ if ($object->fournisseur)
$obj = $db->fetch_object($resql);
$nbCmdsFourn = $obj->nb;
$thirdTypeArray['supplier']=$langs->trans("supplier");
if ($conf->fournisseur->enabled) $elementTypeArray['supplier_invoice']=$langs->trans('SuppliersInvoices');
if ($conf->fournisseur->enabled) $elementTypeArray['supplier_order']=$langs->trans('SuppliersOrders');
if ($conf->fournisseur->enabled && $user->rights->fournisseur->facture->lire) $elementTypeArray['supplier_invoice']=$langs->trans('SuppliersInvoices');
if ($conf->fournisseur->enabled && $user->rights->fournisseur->commande->lire) $elementTypeArray['supplier_order']=$langs->trans('SuppliersOrders');
}
print '</table>';