From a118eb7a5e18d99dad5c7f7c3042e7aad44c5f24 Mon Sep 17 00:00:00 2001
From: rMalie <raphael.malie@prestashop.com>
Date: Wed, 30 May 2012 08:22:48 +0000
Subject: [PATCH] // Filter list of entities per shop in admin if employee is
 not super admin #PSCFV-2525

---
 classes/Employee.php                   | 20 +++++++++++++++-----
 classes/controller/AdminController.php |  2 +-
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/classes/Employee.php b/classes/Employee.php
index c77236c01..69f8aa068 100644
--- a/classes/Employee.php
+++ b/classes/Employee.php
@@ -174,7 +174,7 @@ class EmployeeCore extends ObjectModel
 		$this->id = $result['id_employee'];
 		$this->id_profile = $result['id_profile'];
 		foreach ($result as $key => $value)
-			if (key_exists($key, $this))
+			if (property_exists($this, $key))
 				$this->{$key} = $value;
 		return $this;
 	}
@@ -220,7 +220,7 @@ class EmployeeCore extends ObjectModel
 
 	public function isLastAdmin()
 	{
-		return ($this->id_profile == _PS_ADMIN_PROFILE_
+		return ($this->isSuperAdmin()
 			&& Employee::countProfile($this->id_profile, true) == 1
 			&& $this->active
 		);
@@ -272,7 +272,7 @@ class EmployeeCore extends ObjectModel
 	 */
 	public function hasAuthOnShop($id_shop)
 	{
-		return $this->id_profile == _PS_ADMIN_PROFILE_ || in_array($id_shop, $this->associated_shops);
+		return $this->isSuperAdmin() || in_array($id_shop, $this->associated_shops);
 	}
 
 	/**
@@ -284,7 +284,7 @@ class EmployeeCore extends ObjectModel
 	 */
 	public function hasAuthOnShopGroup($id_shop_group)
 	{
-		if ($this->id_profile == _PS_ADMIN_PROFILE_)
+		if ($this->isSuperAdmin())
 			return true;
 
 		foreach ($this->associated_shops as $id_shop)
@@ -301,7 +301,7 @@ class EmployeeCore extends ObjectModel
 	 */
 	public function getDefaultShopID()
 	{
-		if ($this->id_profile == _PS_ADMIN_PROFILE_ || in_array(Configuration::get('PS_SHOP_DEFAULT'), $this->associated_shops))
+		if ($this->isSuperAdmin() || in_array(Configuration::get('PS_SHOP_DEFAULT'), $this->associated_shops))
 			return Configuration::get('PS_SHOP_DEFAULT');
 		return $this->associated_shops[0];
 	}
@@ -314,4 +314,14 @@ class EmployeeCore extends ObjectModel
 		WHERE `id_profile` = '.(int)$id_profile.'
 		'.($active_only ? ' AND `active` = 1' : ''));
 	}
+
+	/**
+	 * Check if current employee is super administrator
+	 *
+	 * @return bool
+	 */
+	public function isSuperAdmin()
+	{
+		return $this->id_profile == _PS_ADMIN_PROFILE_;
+	}
 }
diff --git a/classes/controller/AdminController.php b/classes/controller/AdminController.php
index 910165ebb..2f9c6af5a 100644
--- a/classes/controller/AdminController.php
+++ b/classes/controller/AdminController.php
@@ -1988,7 +1988,7 @@ class AdminControllerCore extends Controller
 		if ($this->multishop_context && Shop::isTableAssociated($this->table) && !empty($this->className))
 		{
 			$def = ObjectModel::getDefinition($this->className);
-			if (Shop::getContext() != Shop::CONTEXT_ALL || !empty($def['multishop']))
+			if (Shop::getContext() != Shop::CONTEXT_ALL || !empty($def['multishop']) || !$this->context->employee->isSuperAdmin())
 			{
 				$idenfier_shop = Shop::getContextListShopID();
 				if (!$this->_group)