[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 04/06: Task #1215 - Administrateur globaux p
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 04/06: Task #1215 - Administrateur globaux phpcompta n'a pas accès à tous les profiles #1215 : security , filter the profiles , |
|
Date: |
Fri, 06 Nov 2015 18:06:37 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 4b00276e82db554c627a87eb91d2943ad846db8f
Author: Dany De Bontridder <address@hidden>
Date: Fri Nov 6 18:44:29 2015 +0100
Task #1215 - Administrateur globaux phpcompta n'a pas accès à tous les
profiles
#1215 : security , filter the profiles ,
---
include/class/class_follow_up.php | 7 ++++-
include/class/class_user.php | 38 +++++++++++++++++++++++++++++
include/template/action_display_short.php | 4 +--
3 files changed, 44 insertions(+), 5 deletions(-)
diff --git a/include/class/class_follow_up.php
b/include/class/class_follow_up.php
index 92b9c48..68f8c76 100644
--- a/include/class/class_follow_up.php
+++ b/include/class/class_follow_up.php
@@ -290,7 +290,7 @@ class Follow_Up
// select profile
$aAg_dest=$this->db->make_array("select p_id as value, ".
"p_name as label ".
- " from profile where p_id in (select p_granted from
user_sec_action_profile where ua_right='W' and p_id=".$g_user->get_profile().")
order by 2");
+ " from profile where p_id in
".$g_user->get_writable_profile()."order by 2");
$ag_dest->value=$aAg_dest;
$ag_dest->selected=$this->ag_dest;
@@ -1172,6 +1172,7 @@ class Follow_Up
*/
static function display_search($cn, $inner=false)
{
+ global $g_user;
$a=(isset($_GET['action_query']))?$_GET['action_query']:"";
$qcode=(isset($_GET['qcode']))?$_GET['qcode']:"";
@@ -1246,7 +1247,9 @@ class Follow_Up
// select profile
$aAg_dest=$cn->make_array("select p_id as value, ".
"p_name as label ".
- " from profile order by 2");
+ " from profile where p_id in ".
+ $g_user->get_readable_profile().
+ "order by 2");
$aAg_dest[]=array('value'=>'-2', 'label'=>_('Tous les profiles'));
$ag_dest=new ISelect();
$ag_dest->name="ag_dest_query";
diff --git a/include/class/class_user.php b/include/class/class_user.php
index aaf412d..124628d 100644
--- a/include/class/class_user.php
+++ b/include/class/class_user.php
@@ -1103,6 +1103,44 @@ class User
return $profile;
}
/**
+ * Compute the SQL string for the writable profile,
+ * the subselect for p_id , example
+ * p_id in $g_user->get_writable_profile.
+ * The administrator can access all the profiles
+ * @return SQL string with the subselect for p_id
+ */
+ function get_writable_profile()
+ {
+ if ( $this->admin != 1)
+ {
+ $sql = " (select p_granted "
+ . " from user_sec_action_profile "
+ . " where ua_right='W' and
p_id=".$this->get_profile().") ";
+ } else {
+ $sql = "(select p_id from profile)";
+ }
+ return $sql;
+ }
+ /**
+ * Compute the SQL string for the readable profile,
+ * the subselect for p_id , example
+ * p_id in $g_user->get_readable_profile.
+ * The administrator can read all the profiles
+ * @return SQL string with the subselect for p_id
+ */
+ function get_readable_profile()
+ {
+ if ( $this->admin != 1)
+ {
+ $sql = " (select p_granted "
+ . " from user_sec_action_profile "
+ . " where ua_right in ('W','R') and
p_id=".$this->get_profile().") ";
+ } else {
+ $sql = "(select p_id from profile)";
+ }
+ return $sql;
+ }
+ /**
* Check if the current user can add an action in the profile given
* in parameter
* @param type $p_profile profile.p_id = action_gestion.ag_dest
diff --git a/include/template/action_display_short.php
b/include/template/action_display_short.php
index 080f8f7..f9dc76b 100644
--- a/include/template/action_display_short.php
+++ b/include/template/action_display_short.php
@@ -48,9 +48,7 @@ $profile->value=$cn->make_array("select p_id as value, ".
" from profile "
. "where "
. "p_id in "
- . " (select p_granted "
- . " from user_sec_action_profile "
- . " where ua_right='W' and p_id=".$g_user->get_profile().") "
+ . $g_user->get_writable_profile()
. "order by 2");
// priority
- [Noalyss-commit] [noalyss] branch master updated (df090f0 -> 20cf9fe), Dany De Bontridder, 2015/11/06
- [Noalyss-commit] [noalyss] 02/06: Task #1212 - CARD : Historique lettré et montants différents #1212 : CARD -> Historique et balance agée, Dany De Bontridder, 2015/11/06
- [Noalyss-commit] [noalyss] 03/06: Warning mode strict, Dany De Bontridder, 2015/11/06
- [Noalyss-commit] [noalyss] 05/06: #1213 : Preop 4 decimales, Dany De Bontridder, 2015/11/06
- [Noalyss-commit] [noalyss] 01/06: translate, Dany De Bontridder, 2015/11/06
- [Noalyss-commit] [noalyss] 04/06: Task #1215 - Administrateur globaux phpcompta n'a pas accès à tous les profiles #1215 : security , filter the profiles ,,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 06/06: Task #1214 - REPORT : mise à jour renvoit à liste #1214 : update must not return to list, Dany De Bontridder, 2015/11/06