From 860611c1039e3fcb42fad5a0801bcb7eba8eb8e8 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 10 Feb 2010 15:55:29 +0000
Subject: [PATCH] Works on enhancement of project tasks Fix: security check
---
htdocs/projet/tasks/contact.php | 14 +++++++-------
htdocs/projet/tasks/fiche.php | 4 ++--
htdocs/projet/tasks/index.php | 2 +-
htdocs/projet/tasks/note.php | 8 ++++----
htdocs/projet/tasks/task.php | 12 ++++++------
htdocs/projet/tasks/time.php | 2 +-
6 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index 29a74d1a918..add9f35dec8 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -38,7 +38,7 @@ $taskid = isset($_GET["id"])?$_GET["id"]:'';
// Security check
if ($user->societe_id) $socid=$user->societe_id;
//$result = restrictedArea($user, 'projet', $taskid, 'projet_task');
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
/*
@@ -46,7 +46,7 @@ if (!$user->rights->projet->task->lire) accessforbidden();
*/
// Add new contact
-if ($_POST["action"] == 'addcontact' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
{
$result = 0;
@@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->task->creer)
}
}
// modification d'un contact. On enregistre le type
-if ($_POST["action"] == 'updateline' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'updateline' && $user->rights->projet->creer)
{
$task = new Task($db);
if ($task->fetch($taskid))
@@ -103,7 +103,7 @@ if ($_POST["action"] == 'updateline' && $user->rights->projet->task->creer)
}
// bascule du statut d'un contact
-if ($_GET["action"] == 'swapstatut' && $user->rights->projet->task->creer)
+if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
{
$task = new Task($db);
if ($task->fetch($taskid))
@@ -129,7 +129,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->projet->task->creer)
}
// Efface un contact
-if ($_GET["action"] == 'deleteline' && $user->rights->projet->task->creer)
+if ($_GET["action"] == 'deleteline' && $user->rights->projet->creer)
{
$task = new Task($db);
$task->fetch($taskid);
@@ -221,7 +221,7 @@ if ($id > 0 || ! empty($ref))
* Ajouter une ligne de contact
* Non affiche en mode modification de ligne
*/
- if ($_GET["action"] != 'editline' && $user->rights->projet->task->creer)
+ if ($_GET["action"] != 'editline' && $user->rights->projet->creer)
{
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Source").'</td>';
@@ -377,7 +377,7 @@ if ($id > 0 || ! empty($ref))
// Icon update et delete
print '<td align="center" nowrap>';
- if ($user->rights->projet->task->creer)
+ if ($user->rights->projet->creer)
{
print ' ';
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$task->id.'&action=deleteline&lineid='.$tab[$i]['rowid'].'">';
diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php
index 0fafd70ec8a..0517d4f5545 100644
--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks/fiche.php
@@ -125,7 +125,7 @@ if ($id > 0 || ! empty($ref))
$userAccess = $project->restrictedProjectArea($user);
}
-if ($_GET["action"] == 'create' && $user->rights->projet->task->creer && (empty($project->societe->id) || $userAccess))
+if ($_GET["action"] == 'create' && $user->rights->projet->creer && (empty($project->societe->id) || $userAccess))
{
print_fiche_titre($langs->trans("NewTask"));
@@ -238,7 +238,7 @@ else
*/
print '<div class="tabsAction">';
- if ($user->rights->projet->task->creer)
+ if ($user->rights->projet->creer)
{
if ($userAccess)
{
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index 6dcab6117a3..496ec8d9097 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -92,7 +92,7 @@ print '</div>';
/*
* Actions
*/
-if ($user->rights->projet->task->creer)
+if ($user->rights->projet->creer)
{
print '<div class="tabsAction">';
print '<a class="butAction" href="'.DOL_URL_ROOT.'/projet/tasks/fiche.php?action=create">'.$langs->trans('AddTask').'</a>';
diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php
index 79f64cfa52e..15b00607be2 100644
--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -33,7 +33,7 @@ $id = isset($_GET["id"])?$_GET["id"]:'';
// Security check
if ($user->societe_id) $socid=$user->societe_id;
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
//$result = restrictedArea($user, 'projet', $id, '', 'task'); // TODO ameliorer la verification
@@ -42,7 +42,7 @@ if (!$user->rights->projet->task->lire) accessforbidden();
/* Actions */
/******************************************************************************/
-if ($_POST["action"] == 'update_public' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'update_public' && $user->rights->projet->creer)
{
$task = new Task($db);
$task->fetch($_GET['id']);
@@ -61,7 +61,7 @@ if ($_POST["action"] == 'update_public' && $user->rights->projet->task->creer)
}
}
-if ($_POST['action'] == 'update_private' && $user->rights->projet->task->creer)
+if ($_POST['action'] == 'update_private' && $user->rights->projet->creer)
{
$task = new Task($db);
$task->fetch($_GET['id']);
@@ -198,7 +198,7 @@ if ($id > 0 || ! empty($ref))
*/
print '<div class="tabsAction">';
- if ($user->rights->projet->task->creer && $_GET['action'] <> 'edit')
+ if ($user->rights->projet->creer && $_GET['action'] <> 'edit')
{
if ($userAccess)
{
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index c3785ced8ee..d5723d55125 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -32,13 +32,13 @@ require_once(DOL_DOCUMENT_ROOT."/html.formother.class.php");
$taskid = (isset($_GET["id"])?$_GET["id"]:(isset($_POST["id"])?$_POST["id"]:''));
$taskref = (isset($_GET["ref"])?$_GET["ref"]:'');
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
/*
* Actions
*/
-if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
{
$error=0;
@@ -74,7 +74,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet-
}
}
-if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->projet->creer)
{
$task = new Task($db);
if ($task->fetch($_GET["id"]) >= 0 )
@@ -125,7 +125,7 @@ if ($taskid)
dol_fiche_head($head, 'task', $langs->trans("Task"),0,'projecttask');
- if ($_GET["action"] == 'edit' && $user->rights->projet->task->creer)
+ if ($_GET["action"] == 'edit' && $user->rights->projet->creer)
{
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@@ -252,7 +252,7 @@ if ($taskid)
print '<div class="tabsAction">';
// Modify
- if ($user->rights->projet->task->creer)
+ if ($user->rights->projet->creer)
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$task->id.'&action=edit">'.$langs->trans('Modify').'</a>';
}
@@ -262,7 +262,7 @@ if ($taskid)
}
// Delete
- if ($user->rights->projet->task->supprimer)
+ if ($user->rights->projet->supprimer)
{
print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$task->id.'&action=delete">'.$langs->trans('Delete').'</a>';
}
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index d37992a192d..3ace472fa3b 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -28,7 +28,7 @@
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
/*
* Actions
--
GitLab