Skip to content

Commit

Permalink
FIX better method to check user rights AND usergroup rights !
Browse files Browse the repository at this point in the history
  • Loading branch information
@hregis
hregis committed Feb 18, 2020
1 parent a5de331 commit f6f0d9d
Showing 1 changed file with 16 additions and 17 deletions.
33 changes: 16 additions & 17 deletions htdocs/fourn/commande/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,8 +251,6 @@
}
$sql.= " u.rowid, u.lastname, u.firstname, u.email";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
$sql.= ",".MAIN_DB_PREFIX."user_rights as ur";
$sql.= ",".MAIN_DB_PREFIX."rights_def as rd";
if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
{
$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
Expand All @@ -263,13 +261,7 @@
else
{
$sql.= " WHERE (u.entity IN (".getEntity('user').")";
$sql.= " AND ur.entity = ".$conf->entity.")";
}
$sql.= " AND u.rowid = ur.fk_user";
$sql.= " AND ur.fk_id = rd.id";
$sql.= " AND module = 'fournisseur'";
$sql.= " AND perms = 'commande'";
$sql.= " AND subperms = 'approuver'";

$resql = $db->query($sql);
if ($resql)
Expand All @@ -285,15 +277,22 @@
{
$obj = $db->fetch_object($resql);

print '<tr class="oddeven">';
print '<td>';
$userstatic->id=$obj->rowid;
$userstatic->lastname=$obj->lastname;
$userstatic->firstname=$obj->firstname;
$userstatic->email=$obj->email;
print $userstatic->getNomUrl(1);
print '</td>';
print "</tr>\n";
$userstatic = new User($db);
$userstatic->id = $obj->rowid;
$userstatic->getrights('fournisseur');

if (! empty($userstatic->rights->fournisseur->commande->approuver))
{
print '<tr class="oddeven">';
print '<td>';
$userstatic->lastname = $obj->lastname;
$userstatic->firstname = $obj->firstname;
$userstatic->email = $obj->email;
print $userstatic->getNomUrl(1);
print '</td>';
print "</tr>\n";
}

$i++;
}
print "</table><br>";
Expand Down

0 comments on commit f6f0d9d

Please sign in to comment.