Skip to content
Snippets Groups Projects
Commit 846bf38c authored by Laurent Destailleur's avatar Laurent Destailleur
Browse files

Sec: Securit sur gestion adhrents incomplete

parent f0701769
Branches
Tags 3.8.0-beta
No related merge requests found
...@@ -96,7 +96,7 @@ if ($_POST["action"] == 'confirm_sendinfo' && $_POST["confirm"] == 'yes') ...@@ -96,7 +96,7 @@ if ($_POST["action"] == 'confirm_sendinfo' && $_POST["confirm"] == 'yes')
} }
} }
if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"]) if ($user->rights->adherent->creer && $_REQUEST["action"] == 'update' && ! $_POST["cancel"])
{ {
$datenaiss=''; $datenaiss='';
if (isset($_POST["naissday"]) && $_POST["naissday"] if (isset($_POST["naissday"]) && $_POST["naissday"]
...@@ -183,7 +183,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"]) ...@@ -183,7 +183,7 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"])
} }
} }
if ($_POST["action"] == 'add') if ($user->rights->adherent->creer && $_POST["action"] == 'add')
{ {
$datenaiss=''; $datenaiss='';
if (isset($_POST["naissday"]) && $_POST["naissday"] if (isset($_POST["naissday"]) && $_POST["naissday"]
...@@ -350,7 +350,7 @@ if ($_POST["action"] == 'add') ...@@ -350,7 +350,7 @@ if ($_POST["action"] == 'add')
} }
} }
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
$result=$adh->delete($rowid); $result=$adh->delete($rowid);
...@@ -365,7 +365,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes') ...@@ -365,7 +365,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
$result=$adh->validate($user); $result=$adh->validate($user);
...@@ -418,7 +418,7 @@ if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes') ...@@ -418,7 +418,7 @@ if ($_POST["action"] == 'confirm_valid' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
$result=$adh->resiliate($user); $result=$adh->resiliate($user);
...@@ -459,7 +459,7 @@ if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes') ...@@ -459,7 +459,7 @@ if ($_POST["action"] == 'confirm_resign' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
$adht = new AdherentType($db); $adht = new AdherentType($db);
...@@ -476,7 +476,7 @@ if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes') ...@@ -476,7 +476,7 @@ if ($_POST["action"] == 'confirm_add_glasnost' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
$adht = new AdherentType($db); $adht = new AdherentType($db);
...@@ -493,7 +493,7 @@ if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes') ...@@ -493,7 +493,7 @@ if ($_POST["action"] == 'confirm_del_glasnost' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->supprimer && $_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
if ($result >= 0 && ! sizeof($adh->errors)) if ($result >= 0 && ! sizeof($adh->errors))
...@@ -504,7 +504,7 @@ if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes') ...@@ -504,7 +504,7 @@ if ($_POST["action"] == 'confirm_del_spip' && $_POST["confirm"] == 'yes')
} }
} }
if ($_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes') if ($user->rights->adherent->creer && $_POST["action"] == 'confirm_add_spip' && $_POST["confirm"] == 'yes')
{ {
$result=$adh->fetch($rowid); $result=$adh->fetch($rowid);
if ($result >= 0 && ! sizeof($adh->errors)) if ($result >= 0 && ! sizeof($adh->errors))
......
...@@ -34,6 +34,8 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php"); ...@@ -34,6 +34,8 @@ require_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
$langs->load("members"); $langs->load("members");
$langs->load("companies"); $langs->load("companies");
$user->getrights('adherent');
/* /*
* Affiche liste * Affiche liste
...@@ -231,8 +233,15 @@ if ($result) ...@@ -231,8 +233,15 @@ if ($result)
// Actions // Actions
print '<td align="center">'; print '<td align="center">';
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>&nbsp;"; if ($user->rights->adherent->creer)
{
print "<a href=\"fiche.php?rowid=$objp->rowid&action=edit&return=liste.php\">".img_edit()."</a>";
}
print '&nbsp;';
if ($user->rights->adherent->supprimer)
{
print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>"; print "<a href=\"fiche.php?rowid=$objp->rowid&action=resign&return=liste.php\">".img_disable($langs->trans("Resiliate"))."</a>";
}
print "</td>"; print "</td>";
print "</tr>\n"; print "</tr>\n";
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment