diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 896291fddef..ea2f58299ef 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -150,10 +150,6 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature { if (! $user->rights->prelevement->bons->lire) $readok=0; } - else if ($feature == 'commande_fournisseur') - { - if (! $user->rights->fournisseur->commande->lire) $readok=0; - } else if ($feature == 'cheque') { if (! $user->rights->banque->cheque) $readok=0; diff --git a/htdocs/fourn/commande/contact.php b/htdocs/fourn/commande/contact.php index 3d183a2392d..7840ae22042 100644 --- a/htdocs/fourn/commande/contact.php +++ b/htdocs/fourn/commande/contact.php @@ -40,7 +40,7 @@ $action = GETPOST('action', 'alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); $object = new CommandeFournisseur($db); @@ -166,10 +166,10 @@ if ($id > 0 || ! empty($ref)) print ''; print '
'; - + // Contacts lines include DOL_DOCUMENT_ROOT.'/core/tpl/contacts.tpl.php'; - + } else { diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 911e6b7fd90..1a41324479c 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -44,7 +44,7 @@ $langs->load('stocks'); // Security check $id = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); if (empty($conf->stock->enabled)) { @@ -84,7 +84,7 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece } } } - + if (! $notrigger) { global $conf, $langs, $user; @@ -94,7 +94,7 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece $result_trigger=$interface->run_triggers('ORDER_SUPPLIER_DISPATCH',$this,$user,$langs,$conf); if ($result_trigger < 0) { $error++; $this->errors=$interface->errors; } // Fin appel triggers - + $this->db->commit(); } @@ -282,7 +282,7 @@ if ($id > 0 || ! empty($ref)) print ''.img_object($langs->trans("ShowProduct"),'product').' '.$objp->ref.''; print ' - '.$objp->label; // To show detail cref and description value, we must make calculation by cref - //print ($objp->cref?' ('.$objp->cref.')':''); + //print ($objp->cref?' ('.$objp->cref.')':''); //if ($objp->description) print '
'.nl2br($objp->description); print ''; print ''; diff --git a/htdocs/fourn/commande/document.php b/htdocs/fourn/commande/document.php index 394d234e47b..d1fdaeb113e 100644 --- a/htdocs/fourn/commande/document.php +++ b/htdocs/fourn/commande/document.php @@ -49,7 +49,7 @@ $confirm = GETPOST('confirm','alpha'); // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); // Get parameters $sortfield = GETPOST("sortfield",'alpha'); diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php index 6a369873755..856c92c88bf 100644 --- a/htdocs/fourn/commande/fiche.php +++ b/htdocs/fourn/commande/fiche.php @@ -67,7 +67,7 @@ $hideref = (GETPOST('hideref','int') ? GETPOST('hideref','int') : (! empty($co // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array('ordersuppliercard')); @@ -683,7 +683,7 @@ else if ($action == 'add' && $user->rights->fournisseur->commande->creer) { $error++; } - + if ($error) { $langs->load("errors"); @@ -840,7 +840,7 @@ if ($action == 'send' && ! GETPOST('addfile') && ! GETPOST('removedfile') && ! G else { // Redirect here - // This avoid sending mail twice if going out and then back to page + // This avoid sending mail twice if going out and then back to page header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit; } @@ -959,28 +959,28 @@ $now=dol_now(); if ($action=="create") { print_fiche_titre($langs->trans('NewOrder')); - + dol_htmloutput_mesg($mesg); - + $societe=''; if ($socid>0) { $societe=new Societe($db); $societe->fetch($socid); } - + print '
'; print ''; print ''; print ''; - + // Ref print ''; - + // Third party print ''; print ''; - + // Ref supplier print ''; print ''; - + print ''; - + print ''; print ''; print ''; - + print ''; print ''; print ''; - + // Other options $parameters=array(); $reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action); // Note that $action and $object may have been modified by hook - + // Bouton "Create Draft" print "
'.$langs->trans('Ref').''.$langs->trans('Draft').'
'.$langs->trans('Supplier').''; - + if ($socid > 0) { print $societe->getNomUrl(1); @@ -991,30 +991,30 @@ if ($action=="create") print $form->select_company((empty($socid)?'':$socid),'socid','s.fournisseur = 1',1); } print '
'.$langs->trans('RefSupplier').'
'.$langs->trans('Note').'
'.$langs->trans('NotePublic').'
\n"; - + print '
'; - + print "
\n"; } elseif (! empty($object->id)) @@ -1909,12 +1909,12 @@ elseif (! empty($object->id)) $formmail->substit['__SIGNATURE__']=$user->signature; $formmail->substit['__PERSONALIZED__']=''; $formmail->substit['__CONTACTCIVNAME__']=''; - + //Find the good contact adress $custcontact=''; $contactarr=array(); $contactarr=$object->liste_contact(-1,'external'); - + if (is_array($contactarr) && count($contactarr)>0) { foreach($contactarr as $contact) { if ($contact['libelle']==$langs->trans('TypeContact_order_supplier_external_BILLING')) { @@ -1924,12 +1924,12 @@ elseif (! empty($object->id)) $custcontact=$contactstatic->getFullName($langs,1); } } - + if (!empty($custcontact)) { $formmail->substit['__CONTACTCIVNAME__']=$custcontact; } } - + // Tableau des parametres complementaires $formmail->param['action']='send'; $formmail->param['models']='order_supplier_send'; diff --git a/htdocs/fourn/commande/history.php b/htdocs/fourn/commande/history.php index 80a68650d48..77e5ddccf49 100644 --- a/htdocs/fourn/commande/history.php +++ b/htdocs/fourn/commande/history.php @@ -38,7 +38,7 @@ $ref=GETPOST('ref','alpha'); // Security check $socid=''; if (! empty($user->societe_id)) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); /* diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php index c55765fd238..f8101a185fe 100755 --- a/htdocs/fourn/commande/index.php +++ b/htdocs/fourn/commande/index.php @@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; // Security check $orderid = GETPOST('orderid'); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $orderid,''); +$result = restrictedArea($user, 'fournisseur', $orderid, '', 'commande'); $langs->load("suppliers"); $langs->load("orders"); diff --git a/htdocs/fourn/commande/liste.php b/htdocs/fourn/commande/liste.php index 3dd246b75df..da493a8cd17 100644 --- a/htdocs/fourn/commande/liste.php +++ b/htdocs/fourn/commande/liste.php @@ -43,7 +43,7 @@ $sortfield = GETPOST('sortfield','alpha'); // Security check $orderid = GETPOST('orderid'); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $orderid,''); +$result = restrictedArea($user, 'fournisseur', $orderid, '', 'commande'); /* diff --git a/htdocs/fourn/commande/note.php b/htdocs/fourn/commande/note.php index 17a23ef990d..63cd69a89a0 100644 --- a/htdocs/fourn/commande/note.php +++ b/htdocs/fourn/commande/note.php @@ -39,7 +39,7 @@ $action = GETPOST('action'); // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'commande_fournisseur', $id,''); +$result = restrictedArea($user, 'fournisseur', $id, '', 'commande'); $object = new CommandeFournisseur($db); $object->fetch($id, $ref);