FIX user without permission can set ticket subject

Dolibarr · Sep 18, 2021 · facd6ab · facd6ab
1 parent 052511d
commit facd6ab
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/htdocs/ticket/card.php b/htdocs/ticket/card.php
@@ -492,7 +492,7 @@
 		}
 	}
 
-	if ($action == 'setsubject') {
+	if ($action == 'setsubject' && $user->rights->ticket->write) {
 		if ($object->fetch(GETPOST('id', 'int'))) {
 			if ($action == 'setsubject') {
 				$object->subject = GETPOST('subject', 'alphanohtml');