Skip to content
Snippets Groups Projects
Commit 76280f8a authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Fix #6365

parent d740bdbc
No related branches found
No related tags found
No related merge requests found
...@@ -171,9 +171,6 @@ class DolibarrApi ...@@ -171,9 +171,6 @@ class DolibarrApi
*/ */
static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') { static function _checkAccessToResource($resource, $resource_id=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid') {
// For backward compatibility
if ($resource == 'member') $resource='adherent';
// Features/modules to check // Features/modules to check
$featuresarray = array($resource); $featuresarray = array($resource);
if (preg_match('/&/', $resource)) { if (preg_match('/&/', $resource)) {
......
...@@ -343,7 +343,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu ...@@ -343,7 +343,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
* This function is also called by restrictedArea * This function is also called by restrictedArea
* *
* @param User $user User to check * @param User $user User to check
* @param array $featuresarray Features/modules to check * @param array $featuresarray Features/modules to check. Example: ('user','service')
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional). * @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional) * @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'. * @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
...@@ -365,6 +365,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh ...@@ -365,6 +365,9 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
{ {
$sql=''; $sql='';
// For backward compatibility
if ($feature == 'member') $feature='adherent';
$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object $checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...). $checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment