From 846bf38c1f0dc90fd5241b7781a8e352cd2a36a7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sat, 26 May 2007 15:36:46 +0000
Subject: [PATCH] =?UTF-8?q?Sec:=20Securit=E9=20sur=20gestion=20adh=E9rents?=
 =?UTF-8?q?=20incomplete?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/adherents/fiche.php | 18 +++++++++---------
 htdocs/adherents/liste.php | 15 ++++++++++++---
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index 83d13baeb44..9ac3d03cf35 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -96,7 +96,7 @@ if ($_POST["action"] == 'confirm_sendinfo' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
+if ($user->rights->adherent->creer && $_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 {
 	$datenaiss='';
 	if (isset($_POST["naissday"]) && $_POST["naissday"]
@@ -183,7 +183,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
 	}
 }
 
-if ($_POST["action"] == 'add')
+if ($user->rights->adherent->creer && $_POST["action"] == 'add')
 {
 	$datenaiss='';
 	if (isset($_POST["naissday"]) && $_POST["naissday"]
@@ -350,7 +350,7 @@ if ($_POST["action"] == 'add')
     }
 }
 
-if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
 {
 	$result=$adh->fetch($rowid);
     $result=$adh->delete($rowid);
@@ -365,7 +365,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
     }
 }
 
-if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
 {
 	$result=$adh->fetch($rowid);
     $result=$adh->validate($user);
@@ -418,7 +418,7 @@ if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
 {
     $result=$adh->fetch($rowid);
     $result=$adh->resiliate($user);
@@ -459,7 +459,7 @@ if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
 {
     $result=$adh->fetch($rowid);
     $adht = new AdherentType($db);
@@ -476,7 +476,7 @@ if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
 {
     $result=$adh->fetch($rowid);
     $adht = new AdherentType($db);
@@ -493,7 +493,7 @@ if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
 {
     $result=$adh->fetch($rowid);
 	if ($result >= 0 && ! sizeof($adh->errors))
@@ -504,7 +504,7 @@ if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
 	}
 }
 
-if ($_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
+if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
 {
     $result=$adh->fetch($rowid);
 	if ($result >= 0 && ! sizeof($adh->errors))
diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php
index 16e6e533c8f..915531c5b0d 100644
--- a/htdocs/adherents/liste.php
+++ b/htdocs/adherents/liste.php
@@ -34,6 +34,8 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
 $langs->load("members");
 $langs->load("companies");
 
+$user->getrights('adherent');
+
 
 /*
  * Affiche liste
@@ -231,9 +233,16 @@ if ($result)
 
         // Actions
         print '<td align="center">';
-        print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>&nbsp;";
-        print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
-        print "</td>";
+		if ($user->rights->adherent->creer)
+		{
+			print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>";
+		}
+		print '&nbsp;';
+		if ($user->rights->adherent->supprimer)
+		{
+			print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
+        }
+		print "</td>";
 
         print "</tr>\n";
         $i++;
-- 
GitLab