From c0c64d3bef8660d9421de3ed3ea40d5300902f05 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Thu, 23 Mar 2017 16:41:34 +0100
Subject: [PATCH] Fix view access to specific autorized LSobject even if
 LSobject type is not in menu

---
 public_html/view.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/public_html/view.php b/public_html/view.php
index 8429108a..d540e4e5 100644
--- a/public_html/view.php
+++ b/public_html/view.php
@@ -25,15 +25,16 @@ require_once 'core.php';
 if(LSsession :: startLSsession()) {
   if (isset($_REQUEST['LSobject'])) {
     $LSobject = $_REQUEST['LSobject'];
-    $dn = isset($_REQUEST['dn'])?urldecode($_REQUEST['dn']):null;
+    if ( $LSobject == 'SELF' ) {
+      $LSobject = LSsession :: getLSuserObject() -> getType();
+      $dn = LSsession :: getLSuserObjectDn();
+    }
+    else {
+      $dn = isset($_REQUEST['dn'])?urldecode($_REQUEST['dn']):null;
+    }
     
-    if (LSsession :: in_menu($LSobject)) {
+    if (LSsession :: in_menu($LSobject) || LSsession :: canAccess($LSobject,$dn)) {
     
-      if ( $LSobject == 'SELF' ) {
-        $LSobject = LSsession :: getLSuserObject() -> getType();
-        $dn = LSsession :: getLSuserObjectDn();
-      }
-      
       if ( LSsession :: loadLSobject($LSobject) ) {
         // Affichage d'un objet
         if ( $dn!='' ) {