23 htdocs/user/perms.php
View file
@@ -32,8 +32,9 @@
$langs->load("admin");

$module=isset($_GET["module"])?$_GET["module"]:$_POST["module"];
$id = GETPOST('id','int');

if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden();
if (! $id) accessforbidden();

// Defini si peux lire les permissions
$canreaduser=($user->admin || $user->rights->user->user->lire);
@@ -43,20 +44,20 @@
if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
{
$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms));
$caneditselfperms=($user->id == $_GET["id"] && $user->rights->user->self_advance->writeperms);
$caneditselfperms=($user->id == $id && $user->rights->user->self_advance->writeperms);
$caneditperms = '('.$caneditperms.' || '.$caneditselfperms.')';
}

// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
if ($user->id == $_GET["id"]) // A user can always read its own card
if ($user->id == $id) // A user can always read its own card
{
$feature2='';
$canreaduser=1;
}
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
$result = restrictedArea($user, 'user', $id, '', $feature2);
if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden();


@@ -66,11 +67,11 @@
if ($_GET["action"] == 'addrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($_GET["id"]);
$edituser->fetch($id);
$edituser->addrights($_GET["rights"],$module);

// Si on a touche a ses propres droits, on recharge
if ($_GET["id"] == $user->id)
if ($id == $user->id)
{
$user->clearrights();
$user->getrights();
@@ -80,11 +81,11 @@
if ($_GET["action"] == 'delrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($_GET["id"]);
$edituser->fetch($id);
$edituser->delrights($_GET["rights"],$module);

// Si on a touche a ses propres droits, on recharge
if ($_GET["id"] == $user->id)
if ($id == $user->id)
{
$user->clearrights();
$user->getrights();
@@ -104,7 +105,7 @@
$form=new Form($db);

$fuser = new User($db);
$fuser->fetch($_GET["id"]);
$fuser->fetch($id);
$fuser->getrights();

/*
@@ -125,9 +126,9 @@
foreach ($conf->file->dol_document_root as $type => $dirroot)
{
$modulesdir[] = $dirroot . "/includes/modules/";

if ($type == 'alt')
{
{
$handle=@opendir($dirroot);
if (is_resource($handle))
{