Skip to content
Snippets Groups Projects
Commit 74c1fa22 authored by Regis Houssin's avatar Regis Houssin
Browse files

Fix: bad rights

parent 4aa8d0eb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
htdocs/projet/tasks/note.php
+ 4
3
View file @ 74c1fa22
...@@ -78,18 +78,20 @@ if (! empty($project_ref) && ! empty($withproject)) ...@@ -78,18 +78,20 @@ if (! empty($project_ref) && ! empty($withproject))
} }
} }
$permission=($user->rights->projet->creer || $user->rights->projet->all->creer);
/* /*
* Actions * Actions
*/ */
if ($action == 'setnote_public' && $user->rights->ficheinter->creer) if ($action == 'setnote_public' && ! empty($permission))
{ {
$result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES)); $result=$object->update_note_public(dol_html_entity_decode(GETPOST('note_public'), ENT_QUOTES));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
} }
else if ($action == 'setnote_private' && $user->rights->ficheinter->creer) else if ($action == 'setnote_private' && ! empty($permission))
{ {
$result=$object->update_note(dol_html_entity_decode(GETPOST('note_private'), ENT_QUOTES)); $result=$object->update_note(dol_html_entity_decode(GETPOST('note_private'), ENT_QUOTES));
if ($result < 0) dol_print_error($db,$object->error); if ($result < 0) dol_print_error($db,$object->error);
...@@ -203,7 +205,6 @@ if ($object->id > 0) ...@@ -203,7 +205,6 @@ if ($object->id > 0)
print '<br>'; print '<br>';
$colwidth=30; $colwidth=30;
$permission=($user->rights->projet->creer || $user->rights->projet->all->creer);
$moreparam=$param; $moreparam=$param;
include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'); include(DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php');
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment