Skip to content
Snippets Groups Projects
Commit 0ec4b3bc authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Merge branch '3.4' of https://github.com/Dolibarr/dolibarr.git into 3.4

parents 285ea8da f89860e0
No related branches found
No related tags found
No related merge requests found
...@@ -1235,13 +1235,16 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('\.meta$ ...@@ -1235,13 +1235,16 @@ function dol_most_recent_file($dir,$regexfilter='',$excludefilter=array('\.meta$
* *
* @param string $modulepart Module of document * @param string $modulepart Module of document
* @param string $original_file Relative path with filename * @param string $original_file Relative path with filename
* @param User $fuser User object (forced)
* @param string $entity Restrict onto entity * @param string $entity Restrict onto entity
* @return mixed Array with access information : accessallowed & sqlprotectagainstexternals & original_file (as full path name) * @return mixed Array with access information : accessallowed & sqlprotectagainstexternals & original_file (as full path name)
*/ */
function dol_check_secure_access_document($modulepart,$original_file,$entity) function dol_check_secure_access_document($modulepart,$original_file,$entity,$fuser='')
{ {
global $user, $conf; global $user, $conf;
if (! is_object($fuser)) $fuser=$user;
if (empty($modulepart)) return 'ErrorBadParameter'; if (empty($modulepart)) return 'ErrorBadParameter';
if (empty($entity)) $entity=0; if (empty($entity)) $entity=0;
dol_syslog('$modulepart='.$modulepart.' $original_file= '.$original_file); dol_syslog('$modulepart='.$modulepart.' $original_file= '.$original_file);
...@@ -1271,101 +1274,101 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1271,101 +1274,101 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les apercu factures // Wrapping pour les apercu factures
elseif ($modulepart == 'apercufacture') elseif ($modulepart == 'apercufacture')
{ {
if ($user->rights->facture->lire) $accessallowed=1; if ($fuser->rights->facture->lire) $accessallowed=1;
$original_file=$conf->facture->dir_output.'/'.$original_file; $original_file=$conf->facture->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu propal // Wrapping pour les apercu propal
elseif ($modulepart == 'apercupropal') elseif ($modulepart == 'apercupropal')
{ {
if ($user->rights->propale->lire) $accessallowed=1; if ($fuser->rights->propale->lire) $accessallowed=1;
$original_file=$conf->propal->dir_output.'/'.$original_file; $original_file=$conf->propal->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu commande // Wrapping pour les apercu commande
elseif ($modulepart == 'apercucommande') elseif ($modulepart == 'apercucommande')
{ {
if ($user->rights->commande->lire) $accessallowed=1; if ($fuser->rights->commande->lire) $accessallowed=1;
$original_file=$conf->commande->dir_output.'/'.$original_file; $original_file=$conf->commande->dir_output.'/'.$original_file;
} }
// Wrapping pour les apercu intervention // Wrapping pour les apercu intervention
elseif ($modulepart == 'apercufichinter') elseif ($modulepart == 'apercufichinter')
{ {
if ($user->rights->ficheinter->lire) $accessallowed=1; if ($fuser->rights->ficheinter->lire) $accessallowed=1;
$original_file=$conf->ficheinter->dir_output.'/'.$original_file; $original_file=$conf->ficheinter->dir_output.'/'.$original_file;
} }
// Wrapping pour les images des stats propales // Wrapping pour les images des stats propales
elseif ($modulepart == 'propalstats') elseif ($modulepart == 'propalstats')
{ {
if ($user->rights->propale->lire) $accessallowed=1; if ($fuser->rights->propale->lire) $accessallowed=1;
$original_file=$conf->propal->dir_temp.'/'.$original_file; $original_file=$conf->propal->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats commandes // Wrapping pour les images des stats commandes
elseif ($modulepart == 'orderstats') elseif ($modulepart == 'orderstats')
{ {
if ($user->rights->commande->lire) $accessallowed=1; if ($fuser->rights->commande->lire) $accessallowed=1;
$original_file=$conf->commande->dir_temp.'/'.$original_file; $original_file=$conf->commande->dir_temp.'/'.$original_file;
} }
elseif ($modulepart == 'orderstatssupplier') elseif ($modulepart == 'orderstatssupplier')
{ {
if ($user->rights->fournisseur->commande->lire) $accessallowed=1; if ($fuser->rights->fournisseur->commande->lire) $accessallowed=1;
$original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file; $original_file=$conf->fournisseur->dir_output.'/commande/temp/'.$original_file;
} }
// Wrapping pour les images des stats factures // Wrapping pour les images des stats factures
elseif ($modulepart == 'billstats') elseif ($modulepart == 'billstats')
{ {
if ($user->rights->facture->lire) $accessallowed=1; if ($fuser->rights->facture->lire) $accessallowed=1;
$original_file=$conf->facture->dir_temp.'/'.$original_file; $original_file=$conf->facture->dir_temp.'/'.$original_file;
} }
elseif ($modulepart == 'billstatssupplier') elseif ($modulepart == 'billstatssupplier')
{ {
if ($user->rights->fournisseur->facture->lire) $accessallowed=1; if ($fuser->rights->fournisseur->facture->lire) $accessallowed=1;
$original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file; $original_file=$conf->fournisseur->dir_output.'/facture/temp/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'expeditionstats') elseif ($modulepart == 'expeditionstats')
{ {
if ($user->rights->expedition->lire) $accessallowed=1; if ($fuser->rights->expedition->lire) $accessallowed=1;
$original_file=$conf->expedition->dir_temp.'/'.$original_file; $original_file=$conf->expedition->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'tripsexpensesstats') elseif ($modulepart == 'tripsexpensesstats')
{ {
if ($user->rights->deplacement->lire) $accessallowed=1; if ($fuser->rights->deplacement->lire) $accessallowed=1;
$original_file=$conf->deplacement->dir_temp.'/'.$original_file; $original_file=$conf->deplacement->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats expeditions // Wrapping pour les images des stats expeditions
elseif ($modulepart == 'memberstats') elseif ($modulepart == 'memberstats')
{ {
if ($user->rights->adherent->lire) $accessallowed=1; if ($fuser->rights->adherent->lire) $accessallowed=1;
$original_file=$conf->adherent->dir_temp.'/'.$original_file; $original_file=$conf->adherent->dir_temp.'/'.$original_file;
} }
// Wrapping pour les images des stats produits // Wrapping pour les images des stats produits
elseif (preg_match('/^productstats_/i',$modulepart)) elseif (preg_match('/^productstats_/i',$modulepart))
{ {
if ($user->rights->produit->lire || $user->rights->service->lire) $accessallowed=1; if ($fuser->rights->produit->lire || $fuser->rights->service->lire) $accessallowed=1;
$original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file; $original_file=(!empty($conf->product->multidir_temp[$entity])?$conf->product->multidir_temp[$entity]:$conf->service->multidir_temp[$entity]).'/'.$original_file;
} }
// Wrapping for products or services // Wrapping for products or services
elseif ($modulepart == 'tax') elseif ($modulepart == 'tax')
{ {
if ($user->rights->tax->charges->lire) $accessallowed=1; if ($fuser->rights->tax->charges->lire) $accessallowed=1;
$original_file=$conf->tax->dir_output.'/'.$original_file; $original_file=$conf->tax->dir_output.'/'.$original_file;
} }
// Wrapping for products or services // Wrapping for products or services
elseif ($modulepart == 'actions') elseif ($modulepart == 'actions')
{ {
if ($user->rights->agenda->myactions->read) $accessallowed=1; if ($fuser->rights->agenda->myactions->read) $accessallowed=1;
$original_file=$conf->agenda->dir_output.'/'.$original_file; $original_file=$conf->agenda->dir_output.'/'.$original_file;
} }
// Wrapping for categories // Wrapping for categories
elseif ($modulepart == 'category') elseif ($modulepart == 'category')
{ {
if ($user->rights->categorie->lire) $accessallowed=1; if ($fuser->rights->categorie->lire) $accessallowed=1;
$original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file; $original_file=$conf->categorie->multidir_output[$entity].'/'.$original_file;
} }
// Wrapping pour les prelevements // Wrapping pour les prelevements
elseif ($modulepart == 'prelevement') elseif ($modulepart == 'prelevement')
{ {
if ($user->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->prelevement->bons->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1408,7 +1411,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1408,7 +1411,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
elseif ($modulepart == 'scanner_user_temp') elseif ($modulepart == 'scanner_user_temp')
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->scanner->dir_temp.'/'.$user->id.'/'.$original_file; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
} }
// Wrapping pour les images fckeditor // Wrapping pour les images fckeditor
elseif ($modulepart == 'fckeditor') elseif ($modulepart == 'fckeditor')
...@@ -1420,7 +1423,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1420,7 +1423,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping for third parties // Wrapping for third parties
else if ($modulepart == 'company' || $modulepart == 'societe') else if ($modulepart == 'company' || $modulepart == 'societe')
{ {
if ($user->rights->societe->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->societe->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1431,7 +1434,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1431,7 +1434,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping for invoices // Wrapping for invoices
else if ($modulepart == 'facture' || $modulepart == 'invoice') else if ($modulepart == 'facture' || $modulepart == 'invoice')
{ {
if ($user->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1441,7 +1444,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1441,7 +1444,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
else if ($modulepart == 'unpaid') else if ($modulepart == 'unpaid')
{ {
if ($user->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1451,7 +1454,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1451,7 +1454,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les fiches intervention // Wrapping pour les fiches intervention
else if ($modulepart == 'ficheinter') else if ($modulepart == 'ficheinter')
{ {
if ($user->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->ficheinter->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1462,7 +1465,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1462,7 +1465,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les deplacements et notes de frais // Wrapping pour les deplacements et notes de frais
else if ($modulepart == 'deplacement') else if ($modulepart == 'deplacement')
{ {
if ($user->rights->deplacement->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->deplacement->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1472,7 +1475,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1472,7 +1475,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les propales // Wrapping pour les propales
else if ($modulepart == 'propal') else if ($modulepart == 'propal')
{ {
if ($user->rights->propale->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->propale->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1484,7 +1487,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1484,7 +1487,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les commandes // Wrapping pour les commandes
else if ($modulepart == 'commande' || $modulepart == 'order') else if ($modulepart == 'commande' || $modulepart == 'order')
{ {
if ($user->rights->commande->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->commande->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1495,7 +1498,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1495,7 +1498,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les projets // Wrapping pour les projets
else if ($modulepart == 'project') else if ($modulepart == 'project')
{ {
if ($user->rights->projet->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->projet->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1506,7 +1509,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1506,7 +1509,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les commandes fournisseurs // Wrapping pour les commandes fournisseurs
else if ($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier') else if ($modulepart == 'commande_fournisseur' || $modulepart == 'order_supplier')
{ {
if ($user->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->fournisseur->commande->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1517,7 +1520,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1517,7 +1520,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les factures fournisseurs // Wrapping pour les factures fournisseurs
else if ($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier') else if ($modulepart == 'facture_fournisseur' || $modulepart == 'invoice_supplier')
{ {
if ($user->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->fournisseur->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1528,18 +1531,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1528,18 +1531,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les rapport de paiements // Wrapping pour les rapport de paiements
else if ($modulepart == 'facture_paiement') else if ($modulepart == 'facture_paiement')
{ {
if ($user->rights->facture->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->facture->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
if ($user->societe_id > 0) $original_file=$conf->facture->dir_output.'/payments/private/'.$user->id.'/'.$original_file; if ($fuser->societe_id > 0) $original_file=$conf->facture->dir_output.'/payments/private/'.$fuser->id.'/'.$original_file;
else $original_file=$conf->facture->dir_output.'/payments/'.$original_file; else $original_file=$conf->facture->dir_output.'/payments/'.$original_file;
} }
// Wrapping pour les exports de compta // Wrapping pour les exports de compta
else if ($modulepart == 'export_compta') else if ($modulepart == 'export_compta')
{ {
if ($user->rights->compta->ventilation->creer || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->compta->ventilation->creer || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1549,7 +1552,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1549,7 +1552,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les expedition // Wrapping pour les expedition
else if ($modulepart == 'expedition') else if ($modulepart == 'expedition')
{ {
if ($user->rights->expedition->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->expedition->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1559,7 +1562,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1559,7 +1562,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les bons de livraison // Wrapping pour les bons de livraison
else if ($modulepart == 'livraison') else if ($modulepart == 'livraison')
{ {
if ($user->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->expedition->livraison->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1569,7 +1572,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1569,7 +1572,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les actions // Wrapping pour les actions
else if ($modulepart == 'actions') else if ($modulepart == 'actions')
{ {
if ($user->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->agenda->myactions->read || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1579,7 +1582,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1579,7 +1582,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les actions // Wrapping pour les actions
else if ($modulepart == 'actionsreport') else if ($modulepart == 'actionsreport')
{ {
if ($user->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->agenda->allactions->read || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1589,7 +1592,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1589,7 +1592,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les produits et services // Wrapping pour les produits et services
else if ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service') else if ($modulepart == 'product' || $modulepart == 'produit' || $modulepart == 'service')
{ {
if (($user->rights->produit->lire || $user->rights->service->lire) || preg_match('/^specimen/i',$original_file)) if (($fuser->rights->produit->lire || $fuser->rights->service->lire) || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1600,7 +1603,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1600,7 +1603,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les contrats // Wrapping pour les contrats
else if ($modulepart == 'contract') else if ($modulepart == 'contract')
{ {
if ($user->rights->contrat->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->contrat->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1610,7 +1613,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1610,7 +1613,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les dons // Wrapping pour les dons
else if ($modulepart == 'donation') else if ($modulepart == 'donation')
{ {
if ($user->rights->don->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->don->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1620,7 +1623,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1620,7 +1623,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les remises de cheques // Wrapping pour les remises de cheques
else if ($modulepart == 'remisecheque') else if ($modulepart == 'remisecheque')
{ {
if ($user->rights->banque->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->banque->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1634,7 +1637,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1634,7 +1637,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Aucun test necessaire car on force le rep de download sur // Aucun test necessaire car on force le rep de download sur
// le rep export qui est propre a l'utilisateur // le rep export qui est propre a l'utilisateur
$accessallowed=1; $accessallowed=1;
$original_file=$conf->export->dir_temp.'/'.$user->id.'/'.$original_file; $original_file=$conf->export->dir_temp.'/'.$fuser->id.'/'.$original_file;
} }
// Wrapping for import module // Wrapping for import module
...@@ -1658,7 +1661,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1658,7 +1661,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour les backups // Wrapping pour les backups
else if ($modulepart == 'systemtools') else if ($modulepart == 'systemtools')
{ {
if ($user->admin) if ($fuser->admin)
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1668,7 +1671,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1668,7 +1671,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping for upload file test // Wrapping for upload file test
else if ($modulepart == 'admin_temp') else if ($modulepart == 'admin_temp')
{ {
if ($user->admin) if ($fuser->admin)
$accessallowed=1; $accessallowed=1;
$original_file=$conf->admin->dir_temp.'/'.$original_file; $original_file=$conf->admin->dir_temp.'/'.$original_file;
} }
...@@ -1685,7 +1688,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1685,7 +1688,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Wrapping pour Foundation module // Wrapping pour Foundation module
else if ($modulepart == 'member') else if ($modulepart == 'member')
{ {
if ($user->rights->adherent->lire || preg_match('/^specimen/i',$original_file)) if ($fuser->rights->adherent->lire || preg_match('/^specimen/i',$original_file))
{ {
$accessallowed=1; $accessallowed=1;
} }
...@@ -1696,7 +1699,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1696,7 +1699,7 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
else if ($modulepart == 'scanner_user_temp') else if ($modulepart == 'scanner_user_temp')
{ {
$accessallowed=1; $accessallowed=1;
$original_file=$conf->scanner->dir_temp.'/'.$user->id.'/'.$original_file; $original_file=$conf->scanner->dir_temp.'/'.$fuser->id.'/'.$original_file;
} }
// GENERIC Wrapping // GENERIC Wrapping
...@@ -1709,18 +1712,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1709,18 +1712,18 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
// Define $accessallowed // Define $accessallowed
if (preg_match('/^([a-z]+)_user_temp$/i',$modulepart,$reg)) if (preg_match('/^([a-z]+)_user_temp$/i',$modulepart,$reg))
{ {
if ($user->rights->$reg[1]->lire || $user->rights->$reg[1]->read || ($user->rights->$reg[1]->download)) $accessallowed=1; if ($fuser->rights->$reg[1]->lire || $fuser->rights->$reg[1]->read || ($fuser->rights->$reg[1]->download)) $accessallowed=1;
$original_file=$conf->$reg[1]->dir_temp.'/'.$user->id.'/'.$original_file; $original_file=$conf->$reg[1]->dir_temp.'/'.$fuser->id.'/'.$original_file;
} }
else if (preg_match('/^([a-z]+)_temp$/i',$modulepart,$reg)) else if (preg_match('/^([a-z]+)_temp$/i',$modulepart,$reg))
{ {
if ($user->rights->$reg[1]->lire || $user->rights->$reg[1]->read || ($user->rights->$reg[1]->download)) $accessallowed=1; if ($fuser->rights->$reg[1]->lire || $fuser->rights->$reg[1]->read || ($fuser->rights->$reg[1]->download)) $accessallowed=1;
$original_file=$conf->$reg[1]->dir_temp.'/'.$original_file; $original_file=$conf->$reg[1]->dir_temp.'/'.$original_file;
} }
else if (preg_match('/^([a-z]+)_user$/i',$modulepart,$reg)) else if (preg_match('/^([a-z]+)_user$/i',$modulepart,$reg))
{ {
if ($user->rights->$reg[1]->lire || $user->rights->$reg[1]->read || ($user->rights->$reg[1]->download)) $accessallowed=1; if ($fuser->rights->$reg[1]->lire || $fuser->rights->$reg[1]->read || ($fuser->rights->$reg[1]->download)) $accessallowed=1;
$original_file=$conf->$reg[1]->dir_output.'/'.$user->id.'/'.$original_file; $original_file=$conf->$reg[1]->dir_output.'/'.$fuser->id.'/'.$original_file;
} }
else else
{ {
...@@ -1728,24 +1731,24 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity) ...@@ -1728,24 +1731,24 @@ function dol_check_secure_access_document($modulepart,$original_file,$entity)
$subperm=GETPOST('subperm'); $subperm=GETPOST('subperm');
if ($perm || $subperm) if ($perm || $subperm)
{ {
if (($perm && ! $subperm && $user->rights->$modulepart->$perm) || ($perm && $subperm && $user->rights->$modulepart->$perm->$subperm)) $accessallowed=1; if (($perm && ! $subperm && $fuser->rights->$modulepart->$perm) || ($perm && $subperm && $fuser->rights->$modulepart->$perm->$subperm)) $accessallowed=1;
$original_file=$conf->$modulepart->dir_output.'/'.$original_file; $original_file=$conf->$modulepart->dir_output.'/'.$original_file;
} }
else else
{ {
if ($user->rights->$modulepart->lire || $user->rights->$modulepart->read) $accessallowed=1; if ($fuser->rights->$modulepart->lire || $fuser->rights->$modulepart->read) $accessallowed=1;
$original_file=$conf->$modulepart->dir_output.'/'.$original_file; $original_file=$conf->$modulepart->dir_output.'/'.$original_file;
} }
} }
if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a specimen if (preg_match('/^specimen/i',$original_file)) $accessallowed=1; // If link to a specimen
if ($user->admin) $accessallowed=1; // If user is admin if ($fuser->admin) $accessallowed=1; // If user is admin
// For modules who wants to manage different levels of permissions for documents // For modules who wants to manage different levels of permissions for documents
$subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS';
if (! empty($conf->global->$subPermCategoryConstName)) if (! empty($conf->global->$subPermCategoryConstName))
{ {
$subPermCategory = $conf->global->$subPermCategoryConstName; $subPermCategory = $conf->global->$subPermCategoryConstName;
if (! empty($subPermCategory) && (($user->rights->$modulepart->$subPermCategory->lire) || ($user->rights->$modulepart->$subPermCategory->read) || ($user->rights->$modulepart->$subPermCategory->download))) if (! empty($subPermCategory) && (($fuser->rights->$modulepart->$subPermCategory->lire) || ($fuser->rights->$modulepart->$subPermCategory->read) || ($fuser->rights->$modulepart->$subPermCategory->download)))
{ {
$accessallowed=1; $accessallowed=1;
} }
......
...@@ -221,7 +221,7 @@ function getDocument($authentication, $modulepart, $file) ...@@ -221,7 +221,7 @@ function getDocument($authentication, $modulepart, $file)
$refname=basename(dirname($original_file)."/"); $refname=basename(dirname($original_file)."/");
// Security check // Security check
$check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity); $check_access = dol_check_secure_access_document($modulepart,$original_file,$conf->entity,$fuser);
$accessallowed = $check_access['accessallowed']; $accessallowed = $check_access['accessallowed'];
$sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals']; $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];
$original_file = $check_access['original_file']; $original_file = $check_access['original_file'];
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment