dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

// Stock controllers : added permissions check on employees

Browse Source
This commit is contained in:
bMancone
2011-10-26 12:35:28 +00:00
parent 51310f9f4b
commit 3d46b57d4b
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controllers/admin/AdminStockManagementController.php
+18
View File
@@ -513,6 +513,17 @@ class AdminStockManagementControllerCore extends AdminController
{
parent::postProcess();
// Checks access
if (Tools::isSubmit('addStock') && !($this->tabAccess['add'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to add stock.');
if (Tools::isSubmit('removeStock') && !($this->tabAccess['delete'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to delete stock.');
if (Tools::isSubmit('transferStock') && !($this->tabAccess['edit'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to transfer stock.');
if (count($this->_errors))
return;
// Global checks when add / remove / transfer product
if ((Tools::isSubmit('addstock') || Tools::isSubmit('removestock') || Tools::isSubmit('transferstock') ) && Tools::isSubmit('is_post'))
{
@@ -785,6 +796,13 @@ class AdminStockManagementControllerCore extends AdminController
// specify actions in function of stock
$this->skipActionByStock($item, false);
}
// Checks access
if (!($this->tabAccess['add'] === '1'))
$this->addRowActionSkipList('addstock', array($item['id']));
if (!($this->tabAccess['delete'] === '1'))
$this->addRowActionSkipList('removestock', array($item['id']));
if (!($this->tabAccess['edit'] === '1'))
$this->addRowActionSkipList('transferstock', array($item['id']));
}
}
}