fix(formanswer): more permissive READ access to formanswers

if a user is no longer a validator of a formanswer but was choosen as a validator, READ ccess should be still granted

Signed-off-by: Thierry Bugier <[email protected]>

Author: btry

inc/formanswer.class.php

@@ -72,7 +72,17 @@ public function canViewItem() {
          return true;
       }
 
-      if ($_SESSION['glpiID'] == $this->getField('requester_id')) {
+      if ($_SESSION['glpiID'] == $this->fields['requester_id']) {
+         return true;
+      }
+
+      if ($_SESSION['glpiID'] == $this->fields['users_id_validator']) {
+         return true;
+      }
+
+      $groupUser = new Group_User();
+      $groups = $groupUser->getUserGroups($_SESSION['glpiID']);
+      if (in_array($this->fields['users_id_validator'], $groups)) {
          return true;
       }
 
@@ -101,12 +111,8 @@ public function canViewItem() {
                return true;
             }
          } else {
-            $groupUser = new Group_User();
-            $groups = $groupUser->getUserGroups($_SESSION['glpiID']);
-            foreach ($groups as $group) {
-               if ($row['items_id'] == $group['id']) {
-                  return true;
-               }
+            if (in_array($row['items_id'], $groups)) {
+               return true;
             }
          }
       }