From 817a09c77dad693e3ce98e1043337f61acf975ed Mon Sep 17 00:00:00 2001 From: pit <pit> Date: Wed, 21 Apr 2010 08:47:58 +0000 Subject: [PATCH] Modifying general wrapping to be more modular/generic. --- htdocs/document.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/htdocs/document.php b/htdocs/document.php index 7f3e7b1939c..fc047d13056 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -3,6 +3,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2005 Simon Tosser <simon@kornog-computing.com> * Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr> + * Copyright (C) 2010 Pierre Morin <pierre.morin@auguria.net> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -448,12 +449,17 @@ if ($modulepart) else { $user->getrights($modulepart); - if ($user->rights->$modulepart->lire || $user->rights->$modulepart->read || preg_match('/^specimen/i',$original_file)) + $subPermCategoryConstName = strtoupper($modulepart).'_SUBPERMCATEGORY_FOR_DOCUMENTS'; + if(isset($conf->global->$subPermCategoryConstName)) $subPermCategory = $conf->global->$subPermCategoryConstName; + if ( ((isset($subPermCategory)==false) && (($user->rights->$modulepart->lire) || ($user->rights->$modulepart->read) || ($user->rights->$modulepart->download))) || (isset($subPermCategory) && (($user->rights->$modulepart->$subPermCategory->lire) || ($user->rights->$modulepart->$subPermCategory->read) || ($user->rights->$modulepart->$subPermCategory->download))) || preg_match('/^specimen/i',$original_file) ) { $accessallowed=1; } $original_file=$conf->$modulepart->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$refname."' AND entity=".$conf->entity; + $sqlProtectConstName = strtoupper($modulepart).'_SQLPROTECTAGAINSTEXTERNALS_FOR_DOCUMENTS'; + if(isset($conf->global->$sqlProtectConstName)) eval('$sqlprotectagainstexternals = "'.$conf->global->$sqlProtectConstName.'";'); + //less generic/modular than the 2 lines upper : + //$sqlprotectagainstexternals = "SELECT fk_soc FROM ".MAIN_DB_PREFIX.$modulepart." WHERE ref='".$refname."' AND entity=".$conf->entity; } } -- GitLab