noalyss-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 52/119: NEW Security : add tag

From: Dany De Bontridder
Subject: [Noalyss-commit] [noalyss] 52/119: NEW Security : add tag
Date: Mon, 26 Oct 2020 18:27:18 -0400 (EDT) 
sparkyx pushed a commit to branch master
in repository noalyss.

commit 5aba53e25f19a5b58cb0ce25bc12cdaa902c5311
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Mon Oct 5 16:58:26 2020 +0200

    NEW Security : add tag
---
 include/ajax/ajax_tag_detail.php | 4 +++-
 include/ajax/ajax_tag_list.php   | 2 +-
 include/ajax/ajax_tag_save.php   | 2 +-
 include/constant.security.php    | 1 +
 include/template/tag_select.php  | 2 +-
 sql/upgrade.sql                  | 5 ++++-
 6 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/include/ajax/ajax_tag_detail.php b/include/ajax/ajax_tag_detail.php
index cf6bec6..2004300 100644
--- a/include/ajax/ajax_tag_detail.php
+++ b/include/ajax/ajax_tag_detail.php
@@ -11,7 +11,9 @@ require_once NOALYSS_INCLUDE.'/lib/single_record.class.php';
 require_once NOALYSS_INCLUDE.'/class/tag.class.php';
 ob_start();
 $tag=new Tag($cn);
-$tag->data->t_id=$_GET['tag'];
+$http=new HttpInput();
+$tag->data->t_id=$http->get("tag","number");
+if ($tag->data->t_id == -1 &&  $g_user->check_action(TAGADD) == 0 ) return;
 $tag->data->load();
 echo HtmlInput::title_box(_("Détail du dossier ou étiquette"), 
"tag_div","close","","y");
 
diff --git a/include/ajax/ajax_tag_list.php b/include/ajax/ajax_tag_list.php
index 342a44b..5ce78c4 100644
--- a/include/ajax/ajax_tag_list.php
+++ b/include/ajax/ajax_tag_list.php
@@ -31,7 +31,7 @@ $tag->select();
 //------------------- Propose to add a tag
 
 $js=sprintf("onclick=\"show_tag('%s','%s','%s','j')\"",Dossier::id(),'','-1');
-echo HtmlInput::button("tag_add", _("Ajout d'un tag"), $js);
+if ( $g_user->check_action(TAGADD) == 1) { echo HtmlInput::button("tag_add", 
_("Ajout d'un tag"), $js);}
 echo HtmlInput::button_close("tag_div");
 
 $response=  ob_get_clean();
diff --git a/include/ajax/ajax_tag_save.php b/include/ajax/ajax_tag_save.php
index 59df25e..ade6981 100644
--- a/include/ajax/ajax_tag_save.php
+++ b/include/ajax/ajax_tag_save.php
@@ -12,7 +12,7 @@ $op=$http->request("op");
 global $g_user;
 $nDossier=Dossier::id();
 ///check security
-if ( $g_user->check_module('CFGTAG')==0)
+if ( $g_user->check_module('CFGTAG')==0  &&  $g_user->check_action(TAGADD) == 
0)
 {
     die(_("non permis"));
 }
diff --git a/include/constant.security.php b/include/constant.security.php
index baf161e..c395bed 100644
--- a/include/constant.security.php
+++ b/include/constant.security.php
@@ -22,6 +22,7 @@ define ('FICADD',800);         /* Ajout de fiche */
 define ("FIC",805);  //Création, modification et effacement de fiche
 define ("FICCAT",910);  //création, modification et effacement de catégorie de 
fiche
 define ('RMDOC',1020);   // Effacement de document pour follow up & 
comptabilité
+define ('TAGADD',1025);   // Ajout de tag
 define ('VIEWDOC',1010);   // Voir document pour follow up
 define ('PARCATDOC',1050);   // modifier type document pour follow up
 define ('RMRECEIPT',1110);   // Effacer un document d'une pièce comptable
diff --git a/include/template/tag_select.php b/include/template/tag_select.php
index 709c9ff..475e959 100644
--- a/include/template/tag_select.php
+++ b/include/template/tag_select.php
@@ -27,8 +27,8 @@ if ( $max == 0 ) {
     </tr>
 <?php
 $gDossier=Dossier::id();
-if (isNumber($_REQUEST['ag_id']) == 0 ) die ('ERROR : parameters invalid');
 $ag_id=$http->request("ag_id","number");
+if (isNumber($ag_id) == 0 ) die ('ERROR : parameters invalid');
     for ($i=0;$i<$max;$i++):
         $row=Database::fetch_array($ret, $i);
 ?>
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index f311690..1b20b77 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -172,4 +172,7 @@ COMMENT ON TABLE public.jnt_tag_group_tag IS 'Many to Many 
table betwwen tag and
 -- public.jnt_tag_group_tag foreign keys
 
 ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk 
FOREIGN KEY (tag_id) REFERENCES tags(t_id) ON UPDATE CASCADE ON DELETE CASCADE;
-ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk_1 
FOREIGN KEY (tag_group_id) REFERENCES tag_group(tg_id) ON UPDATE CASCADE ON 
DELETE CASCADE;
\ No newline at end of file
+ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk_1 
FOREIGN KEY (tag_group_id) REFERENCES tag_group(tg_id) ON UPDATE CASCADE ON 
DELETE CASCADE;
+
+
+insert into action values (1025,'Ajout d''étiquette','followup','TAGADD');
\ No newline at end of file
reply via email to
[Prev in Thread] Current Thread [Next in Thread]