fix(formanswer): more permissive READ access to formanswers

if a user is no longer a validator of a formanswer but was choosen as a validator, READ ccess should be still granted Signed-off-by: Thierry Bugier <tbugier@teclib.com>
pluginsGLPI · Aug 22, 2019 · e4d4c24 · e4d4c24
1 parent cacd832
commit e4d4c24
Showing 1 changed file with 13 additions and 7 deletions.
diff --git a/inc/formanswer.class.php b/inc/formanswer.class.php
@@ -76,7 +76,17 @@ public function canViewItem() {
          return true;
       }
 
-      if ($_SESSION['glpiID'] == $this->getField('requester_id')) {
+      if ($_SESSION['glpiID'] == $this->fields['requester_id']) {
+         return true;
+      }
+
+      if ($_SESSION['glpiID'] == $this->fields['users_id_validator']) {
+         return true;
+      }
+
+      $groupUser = new Group_User();
+      $groups = $groupUser->getUserGroups($_SESSION['glpiID']);
+      if (in_array($this->fields['users_id_validator'], $groups)) {
          return true;
       }
 
@@ -105,12 +115,8 @@ public function canViewItem() {
                return true;
             }
          } else {
-            $groupUser = new Group_User();
-            $groups = $groupUser->getUserGroups($_SESSION['glpiID']);
-            foreach ($groups as $group) {
-               if ($row['items_id'] == $group['id']) {
-                  return true;
-               }
+            if (in_array($row['items_id'], $groups)) {
+               return true;
             }
          }
       }