Skip to content

Commit

Permalink
FIX better check for the "read" permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@hregis
hregis committed Apr 8, 2024
1 parent 70ea53e commit 77863c8
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 14 deletions.
2 changes: 1 addition & 1 deletion htdocs/core/menus/standard/eldy.lib.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1223,7 +1223,7 @@ function get_left_menu_home($mainmenu, &$newmenu, $usemenuhider = 1, $leftmenu =
}
$newmenu->add("", $langs->trans("Groups"), 1, ($user->hasRight('user', 'user', 'lire') || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
$newmenu->add("/user/group/card.php?leftmenu=users&action=create", $langs->trans("NewGroup"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight("user", "group_advance", "create") : $user->hasRight("user", "user", "creer")) || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
$newmenu->add("/user/group/list.php?leftmenu=users", $langs->trans("ListOfGroups"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('user', 'group_advance', 'read') : $user->hasRight('user', 'user', 'lire')) || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
$newmenu->add("/user/group/list.php?leftmenu=users", $langs->trans("ListOfGroups"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('user', 'group_advance', 'read') : $user->hasRight('user', 'user', 'lire')) || $user->admin));
}
}
}
Expand Down
13 changes: 4 additions & 9 deletions htdocs/user/group/list.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,21 +93,16 @@
}
}

// Users/Groups management only in master entity if transverse mode
if (isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')) {
accessforbidden();
}

if (!$user->hasRight("user", "user", "read") && !$user->admin) {
accessforbidden();
}

// Defini si peux lire/modifier utilisateurs et permissions
$caneditperms = ($user->admin || $user->hasRight("user", "user", "write"));
$permissiontodelete = ($user->admin || $user->hasRight("user", "user", "write"));
$caneditperms = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "write")));
$permissiontodelete = $caneditperms;
// Advanced permissions
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
$caneditperms = ($user->admin || $user->hasRight("user", "group_advance", "write"));
$caneditperms = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : ($user->admin || $user->hasRight("user", "group_advance", "write")));
}


Expand Down Expand Up @@ -287,7 +282,7 @@

if ($caneditperms) {
$newcardbutton .= dolGetButtonTitleSeparator();
$newcardbutton .= dolGetButtonTitle($langs->trans('NewGroup'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=');
$newcardbutton .= dolGetButtonTitle($langs->trans('NewGroup'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=', '', $caneditperms);
}

print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'object_'.$object->picto, 0, $newcardbutton, '', $limit, 0, 0, 1);
Expand Down
2 changes: 1 addition & 1 deletion htdocs/user/home.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
// Load translation files required by page
$langs->load("users");

$canreadperms = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : true);
$canreadperms = true;
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
$canreadperms = (!empty($user->admin) || !empty($user->rights->user->group_advance->read));
}
Expand Down
6 changes: 3 additions & 3 deletions htdocs/user/list.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -200,13 +200,13 @@
// Define value to know what current user can do on users
$permissiontoadd = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "write")));
$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
$canedituser = $permissiontoadd;
$candisableuser = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "delete")));
$canreadgroup = $canreaduser;
$caneditgroup = $canedituser;
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
$canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
$caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
$caneditgroup = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "group_advance", "write")));
}

$error = 0;
Expand Down

0 comments on commit 77863c8

Please sign in to comment.