From 8c317e127ce5bc7ae651b3fe6e633a18d0799aee Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Mon, 22 Feb 2021 15:50:43 +0100
Subject: [PATCH] LSattribute::addToForm(): fix checking user rights before
 adding/freezing it

---
 src/includes/class/class.LSattribute.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/includes/class/class.LSattribute.php b/src/includes/class/class.LSattribute.php
index 9413a6b5..b3105d71 100644
--- a/src/includes/class/class.LSattribute.php
+++ b/src/includes/class/class.LSattribute.php
@@ -227,6 +227,12 @@ class LSattribute extends LSlog_staticLoggerClass {
       return True;
     }
 
+    $myRights = $this -> myRights();
+    if($myRights == 'n') {
+      self :: log_debug("User can't read or write the attribute ".$this -> name.", don't add it to $idForm form.");
+      return True;
+    }
+
     $element = $this -> _addToForm($form, $idForm, $obj, $value);
     if(!$element)
       return false;
@@ -234,7 +240,7 @@ class LSattribute extends LSlog_staticLoggerClass {
     if($this -> getConfig('required', false, 'bool'))
       $form -> setRequired($this -> name);
 
-    if ( ($form_mode == 0) || ($this -> myRights() == 'r') ) {
+    if ( ($form_mode === false) || ($myRights != 'w') ) {
       self :: log_debug("Attribute ".$this -> name." is freeze in form $idForm.");
       $element -> freeze();
     }