Skip to content
Permalink
Browse files
Fix bug huntr.dev
  • Loading branch information
eldy committed Oct 25, 2021
1 parent d916fe1 commit ad2e567571f0ce0dbe17093612f27b0841286c76
Showing with 151 additions and 73 deletions.
  1. +2 −0 htdocs/compta/bank/account_statement_document.php
  2. +2 −0 htdocs/compta/bank/document.php
  3. +3 −0 htdocs/compta/bank/various_payment/document.php
  4. +8 −6 htdocs/compta/deplacement/document.php
  5. +2 −0 htdocs/compta/sociales/document.php
  6. +3 −1 htdocs/compta/tva/document.php
  7. +9 −6 htdocs/contact/document.php
  8. +2 −0 htdocs/contrat/document.php
  9. +2 −0 htdocs/don/document.php
  10. +1 −2 htdocs/expedition/card.php
  11. +2 −0 htdocs/expedition/document.php
  12. +2 −1 htdocs/expensereport/card.php
  13. +8 −7 htdocs/expensereport/document.php
  14. +6 −6 htdocs/fichinter/card.php
  15. +2 −0 htdocs/fichinter/document.php
  16. +9 −6 htdocs/fourn/commande/document.php
  17. +2 −0 htdocs/fourn/facture/document.php
  18. +3 −0 htdocs/fourn/paiement/document.php
  19. +1 −0 htdocs/holiday/document.php
  20. +1 −1 htdocs/knowledgemanagement/knowledgerecord_document.php
  21. +2 −0 htdocs/loan/document.php
  22. +3 −1 htdocs/mrp/mo_document.php
  23. +3 −3 htdocs/product/card.php
  24. +2 −2 htdocs/product/document.php
  25. +4 −4 htdocs/product/stock/card.php
  26. +1 −2 htdocs/product/stock/productlot_document.php
  27. +1 −0 htdocs/projet/document.php
  28. +1 −0 htdocs/projet/tasks/document.php
  29. +7 −3 htdocs/resource/agenda.php
  30. +8 −4 htdocs/resource/card.php
  31. +10 −3 htdocs/resource/contact.php
  32. +7 −1 htdocs/resource/document.php
  33. +1 −0 htdocs/resource/element_resource.php
  34. +6 −5 htdocs/resource/list.php
  35. +5 −3 htdocs/resource/note.php
  36. +2 −0 htdocs/salaries/document.php
  37. +2 −0 htdocs/societe/document.php
  38. +10 −0 htdocs/supplier_proposal/document.php
  39. +1 −1 htdocs/ticket/document.php
  40. +2 −3 htdocs/user/document.php
  41. +1 −0 htdocs/website/index.php
  42. +2 −2 htdocs/workstation/workstation_document.php
@@ -120,6 +120,8 @@
$found = true;
}

$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -74,6 +74,8 @@

$result = restrictedArea($user, 'banque', $object->id, 'bank_account', '', '');

$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -69,6 +69,9 @@
$upload_dir = $conf->bank->dir_output.'/'.dol_sanitizeFileName($object->id);
$modulepart = 'banque';

$permissiontoadd = $user->rights->banque->modifier; // Used by the include of actions_dellink.inc.php



/*
* Actions
@@ -42,12 +42,6 @@
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'deplacement', $id, '');


// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
@@ -74,6 +68,14 @@
$upload_dir = $conf->deplacement->dir_output.'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'trip';

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'deplacement', $id, '');

$permissiontoadd = $user->rights->deplacement->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -78,6 +78,8 @@
}
$result = restrictedArea($user, 'tax', $object->id, 'chargesociales', 'charges');

$permissiontoadd = $user->rights->tax->charges->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -79,14 +79,16 @@
}
$result = restrictedArea($user, 'tax', '', 'tva', 'charges');

$permissiontoadd = $user->rights->tax->charges->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
*/

include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';

if ($action == 'setlib' && $user->rights->tax->charges->creer) {
if ($action == 'setlib' && $permissiontoadd) {
$object->fetch($id);
$result = $object->setValueFrom('label', GETPOST('lib', 'alpha'), '', '', 'text', '', $user, 'TAX_MODIFY');
if ($result < 0) {
@@ -49,12 +49,6 @@
$objcanvas->getCanvas('contact', 'contactcard', $canvas);
}

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission

// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@@ -91,6 +85,15 @@
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('contactdocument'));

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', 'rowid', 0); // If we create a contact with no company (shared contacts), no check on write permission

$permissiontoadd = $user->rights->societe->contact->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
*/
@@ -84,6 +84,8 @@
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('contractcard', 'globalcard'));

$permissiontoadd = $user->rights->contrat->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -80,6 +80,8 @@
$upload_dir = $conf->don->dir_output.'/'.get_exdir($filename, 0, 0, 0, $object, 'donation').'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'don';

$permissiontoadd = $user->rights->don->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -122,7 +122,7 @@
$result = restrictedArea($user, 'expedition', $object->id, '');

$permissiondellink = $user->rights->expedition->delivery->creer; // Used by the include of actions_dellink.inc.php
//var_dump($object->lines[0]->detail_batch);
$permissiontoadd = $user->rights->expedition->creer;


/*
@@ -152,7 +152,6 @@

// Actions to build doc
$upload_dir = $conf->expedition->dir_output.'/sending';
$permissiontoadd = $user->rights->expedition->creer;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';

// Reopen
@@ -76,6 +76,8 @@
}
$result = restrictedArea($user, 'expedition', $object->id, '');

$permissiontoadd = $user->rights->expedition->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -139,6 +139,8 @@
}
$result = restrictedArea($user, 'expensereport', $object->id, 'expensereport');

$permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -1339,7 +1341,6 @@

// Actions to build doc
$upload_dir = $conf->expensereport->dir_output;
$permissiontoadd = $user->rights->expensereport->creer;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
}

@@ -44,13 +44,6 @@

$childids = $user->getAllChildIds(1);

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'expensereport', $id, 'expensereport');


// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@@ -81,6 +74,12 @@
// Load object
//include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'expensereport', $id, 'expensereport');

if ($object->id > 0) {
// Check current user can read this expense report
$canread = 0;
@@ -95,6 +94,8 @@
}
}

$permissiontoadd = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php


/*
* Actions
@@ -71,12 +71,6 @@
$hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0));
$hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0));

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');

// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('interventioncard', 'globalcard'));

@@ -96,6 +90,12 @@
}
}

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'ficheinter', $id, 'fichinter');

$permissionnote = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->ficheinter->creer; // Used by the include of actions_dellink.inc.php

@@ -78,6 +78,8 @@
$upload_dir = $conf->ficheinter->dir_output.'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'fichinter';

$permissiontoadd = $user->rights->ficheinter->creer; // Used by the include of actions_setnotes.inc.php


/*
* Actions
@@ -46,12 +46,6 @@
$action = GETPOST('action', 'aZ09');
$confirm = GETPOST('confirm', 'alpha');

// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

// Get parameters
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
@@ -81,6 +75,15 @@
$upload_dir = $conf->fournisseur->commande->dir_output.'/'.dol_sanitizeFileName($object->ref);
$object->fetch_thirdparty();

// Security check
$socid = 0;
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

$permissiontoadd = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); // Used by the include of actions_setnotes.inc.php


/*
* Actions
@@ -77,6 +77,8 @@
$upload_dir = $conf->fournisseur->facture->dir_output.'/'.get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref;
}

$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php


/*
* Actions
@@ -79,6 +79,9 @@
$upload_dir = $conf->fournisseur->payment->dir_output.'/'.dol_sanitizeFileName($object->ref);
}

$permissiontoadd = ($user->rights->fournisseur->facture->creer || $user->rights->supplier_invoice->creer); // Used by the include of actions_setnotes.inc.php


/*
* Actions
*/
@@ -120,6 +120,7 @@
}
$result = restrictedArea($user, 'holiday', $object->id, 'holiday');

$permissiontoadd = $user->rights->holiday->write; // Used by the include of actions_setnotes.inc.php


/*
@@ -80,7 +80,7 @@
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'knowledgemanagement', $object->id);

$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php



@@ -71,6 +71,8 @@
$upload_dir = $conf->loan->dir_output.'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'loan';

$permissiontoadd = $user->rights->loan->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php


/*
* Actions
@@ -83,12 +83,14 @@
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'mrp', $object->id, 'mrp_mo', '', 'fk_soc', 'rowid', $isdraft);

$permissiontoadd = $user->rights->mrp->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php


/*
* Actions
*/

include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php


/*
@@ -179,6 +179,9 @@
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('productcard', 'globalcard'));

$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire));
$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer));


/*
@@ -189,9 +192,6 @@
$action = '';
}

$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->lire) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->lire));
$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));
$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->supprimer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->supprimer));
$createbarcode = empty($conf->barcode->enabled) ? 0 : 1;
if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->barcode->creer_advance)) {
$createbarcode = 0;
@@ -96,8 +96,6 @@
$modulepart = 'produit';


$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));

if ($object->id > 0) {
if ($object->type == $object::TYPE_PRODUCT) {
restrictedArea($user, 'produit', $object->id, 'product&product', '', '');
@@ -109,6 +107,8 @@
restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype);
}

$permissiontoadd = (($object->type == Product::TYPE_PRODUCT && $user->rights->produit->creer) || ($object->type == Product::TYPE_SERVICE && $user->rights->service->creer));


/*
* Actions
@@ -87,17 +87,17 @@
}
}

$usercanread = (($user->rights->stock->lire));
$usercancreate = (($user->rights->stock->creer));
$usercandelete = (($user->rights->stock->supprimer));


/*
* Actions
*/

$error = 0;

$usercanread = (($user->rights->stock->lire));
$usercancreate = (($user->rights->stock->creer));
$usercandelete = (($user->rights->stock->supprimer));

$parameters = array('id'=>$id, 'ref'=>$ref);
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {

0 comments on commit ad2e567

Please sign in to comment.