forked from Wavyzz/dolibarr
Fix missing several test on permission on actions
This commit is contained in:
ldestailleur
@@ -142,6 +142,7 @@ $tabrowid[31] = "";
|
|||||||
$tabhelp = array();
|
$tabhelp = array();
|
||||||
$tabhelp[31] = array('pcg_version' => $langs->trans("EnterAnyCode"));
|
$tabhelp[31] = array('pcg_version' => $langs->trans("EnterAnyCode"));
|
||||||
|
|
||||||
|
$permissiontoeditchart = $user->hasRight('accounting', 'chartofaccount');
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -301,7 +302,7 @@ if (GETPOST('actionadd', 'alpha') || GETPOST('actionmodify', 'alpha')) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_delete' && $confirm == 'yes') { // delete
|
if ($action == 'confirm_delete' && $confirm == 'yes' && $permissiontoeditchart) { // delete
|
||||||
if ($tabrowid[$id]) {
|
if ($tabrowid[$id]) {
|
||||||
$rowidcol = $tabrowid[$id];
|
$rowidcol = $tabrowid[$id];
|
||||||
} else {
|
} else {
|
||||||
@@ -322,7 +323,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes') { // delete
|
|||||||
}
|
}
|
||||||
|
|
||||||
// activate
|
// activate
|
||||||
if ($action == 'activate') {
|
if ($action == 'activate' && $permissiontoeditchart) {
|
||||||
$sql = "UPDATE ".$db->sanitize($tabname[$id])." SET active = 1 WHERE rowid = ".((int) $rowid);
|
$sql = "UPDATE ".$db->sanitize($tabname[$id])." SET active = 1 WHERE rowid = ".((int) $rowid);
|
||||||
$result = $db->query($sql);
|
$result = $db->query($sql);
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
@@ -331,7 +332,7 @@ if ($action == 'activate') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// disable
|
// disable
|
||||||
if ($action == $acts[1]) {
|
if ($action == $acts[1] && $permissiontoeditchart) {
|
||||||
$sql = "UPDATE ".$db->sanitize($tabname[$id])." SET active = 0 WHERE rowid = ".((int) $rowid);
|
$sql = "UPDATE ".$db->sanitize($tabname[$id])." SET active = 0 WHERE rowid = ".((int) $rowid);
|
||||||
$result = $db->query($sql);
|
$result = $db->query($sql);
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
|
|||||||
@@ -135,8 +135,9 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
// Actions cancel, add, update, delete or clone
|
// Actions cancel, add, update, delete or clone
|
||||||
include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php';
|
include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php';
|
||||||
|
|
||||||
// The fetch/fetch_lines was redone into the inc.php so we must recall the calculateCosts()
|
// The fetch/fetch_lines was redone into the inc.php so we must recall the calculateCosts()
|
||||||
if ($action == 'confirm_validate' && $object->id > 0) {
|
if ($action == 'confirm_validate' && $object->id > 0) { // Test on permission not required
|
||||||
$object->calculateCosts();
|
$object->calculateCosts();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -122,6 +122,7 @@ if (!$permissiontoread) {
|
|||||||
/*
|
/*
|
||||||
* Actions
|
* Actions
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
$parameters = array();
|
$parameters = array();
|
||||||
@@ -150,7 +151,7 @@ if (empty($reshook)) {
|
|||||||
$startyear = GETPOSTINT('startyear');
|
$startyear = GETPOSTINT('startyear');
|
||||||
$starthour = GETPOSTINT('startHour');
|
$starthour = GETPOSTINT('startHour');
|
||||||
|
|
||||||
if (GETPOST('startHour') == "" && ($action == 'add' || $action == 'update')) {
|
if (GETPOST('startHour') == "" && ($action == 'add' || $action == 'update')) { // Test on permission not required
|
||||||
$error++;
|
$error++;
|
||||||
setEventMessages($langs->trans("ErrorStartHourIsNull"), $hookmanager->errors, 'errors');
|
setEventMessages($langs->trans("ErrorStartHourIsNull"), $hookmanager->errors, 'errors');
|
||||||
}
|
}
|
||||||
@@ -162,7 +163,7 @@ if (empty($reshook)) {
|
|||||||
$endyear = GETPOSTINT('endyear');
|
$endyear = GETPOSTINT('endyear');
|
||||||
$endhour = GETPOSTINT('endHour');
|
$endhour = GETPOSTINT('endHour');
|
||||||
|
|
||||||
if (GETPOST('endHour') == "" && ($action == 'add' || $action == 'update')) {
|
if (GETPOST('endHour') == "" && ($action == 'add' || $action == 'update')) { // Test on permission not required
|
||||||
$error++;
|
$error++;
|
||||||
setEventMessages($langs->trans("ErrorEndHourIsNull"), $hookmanager->errors, 'errors');
|
setEventMessages($langs->trans("ErrorEndHourIsNull"), $hookmanager->errors, 'errors');
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1172,7 +1172,7 @@ if (empty($reshook) && $action == 'update' && $usercancreate) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Delete event
|
// Delete event
|
||||||
if (empty($reshook) && $action == 'confirm_delete' && GETPOST("confirm") == 'yes') {
|
if (empty($reshook) && $action == 'confirm_delete' && GETPOST("confirm") == 'yes' && $usercancreate) {
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
$object->fetch_optionals();
|
$object->fetch_optionals();
|
||||||
$object->fetch_userassigned();
|
$object->fetch_userassigned();
|
||||||
@@ -1195,7 +1195,7 @@ if (empty($reshook) && $action == 'confirm_delete' && GETPOST("confirm") == 'yes
|
|||||||
* Action move update, used when user move an event in calendar by drag'n drop
|
* Action move update, used when user move an event in calendar by drag'n drop
|
||||||
* TODO Move this into page comm/action/index that trigger this call by the drag and drop of event.
|
* TODO Move this into page comm/action/index that trigger this call by the drag and drop of event.
|
||||||
*/
|
*/
|
||||||
if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate') {
|
if (empty($reshook) && GETPOST('actionmove', 'alpha') == 'mupdate' && $usercancreate) {
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
$shour = (int) dol_print_date($object->datep, "%H", 'tzuserrel'); // We take the date visible by user $newdate is also date visible by user.
|
$shour = (int) dol_print_date($object->datep, "%H", 'tzuserrel'); // We take the date visible by user $newdate is also date visible by user.
|
||||||
|
|||||||
@@ -184,7 +184,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// set accountancy code
|
// set accountancy code
|
||||||
if ($action == 'setcustomeraccountancycodegeneral') {
|
if ($action == 'setcustomeraccountancycodegeneral' && $permissiontoadd) {
|
||||||
$result = $object->fetch($id);
|
$result = $object->fetch($id);
|
||||||
$object->accountancy_code_customer_general = GETPOST("customeraccountancycodegeneral");
|
$object->accountancy_code_customer_general = GETPOST("customeraccountancycodegeneral");
|
||||||
$result = $object->update($object->id, $user, 1, 1, 0);
|
$result = $object->update($object->id, $user, 1, 1, 0);
|
||||||
|
|||||||
@@ -1196,9 +1196,8 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$id);
|
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$id);
|
||||||
exit();
|
exit();
|
||||||
} elseif ( $action == 'addline' && !GETPOST('submitforalllines', 'alpha')
|
} elseif ($action == 'addline' && !GETPOST('submitforalllines', 'alpha') && !GETPOST('submitforallmargins', 'alpha') && !GETPOST('markforalllines', 'alpha') && $usercancreate) {
|
||||||
&& !GETPOST('submitforallmargins', 'alpha') && !GETPOST('markforalllines', 'alpha')
|
// Add line
|
||||||
&& $usercancreate) { // Add line
|
|
||||||
// Set if we used free entry or predefined product
|
// Set if we used free entry or predefined product
|
||||||
$predef = '';
|
$predef = '';
|
||||||
$line_desc = (GETPOSTISSET('dp_desc') ? GETPOST('dp_desc', 'restricthtml') : '');
|
$line_desc = (GETPOSTISSET('dp_desc') ? GETPOST('dp_desc', 'restricthtml') : '');
|
||||||
|
|||||||
@@ -1952,11 +1952,8 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// add lines from objectlinked
|
// Add lines from objectlinked
|
||||||
if ($action == 'import_lines_from_object'
|
if ($action == 'import_lines_from_object' && $usercancreate && $object->status == Commande::STATUS_DRAFT) {
|
||||||
&& $usercancreate
|
|
||||||
&& $object->status == Commande::STATUS_DRAFT
|
|
||||||
) {
|
|
||||||
$fromElement = GETPOST('fromelement');
|
$fromElement = GETPOST('fromelement');
|
||||||
$fromElementid = GETPOST('fromelementid');
|
$fromElementid = GETPOST('fromelementid');
|
||||||
$importLines = GETPOST('line_checkbox');
|
$importLines = GETPOST('line_checkbox');
|
||||||
|
|||||||
@@ -295,7 +295,7 @@ if (empty($reshook)) {
|
|||||||
setEventMessages($object->error, $object->errors, 'errors');
|
setEventMessages($object->error, $object->errors, 'errors');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} elseif ($action == 'confirm_delete' && $confirm == 'yes') {
|
} elseif ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) {
|
||||||
// Delete invoice
|
// Delete invoice
|
||||||
$result = $object->fetch($id);
|
$result = $object->fetch($id);
|
||||||
$object->fetch_thirdparty();
|
$object->fetch_thirdparty();
|
||||||
@@ -652,7 +652,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $usercancreate) { // Set incoterm
|
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $usercancreate) { // Set incoterm
|
||||||
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
||||||
} elseif ($action == 'settags' && isModEnabled('category')) { // Set tags
|
} elseif ($action == 'settags' && isModEnabled('category') && $usercancreate) { // Set tags
|
||||||
$result = $object->setCategories(GETPOST('categories', 'array'));
|
$result = $object->setCategories(GETPOST('categories', 'array'));
|
||||||
} elseif ($action == 'setbankaccount' && $usercancreate) { // bank account
|
} elseif ($action == 'setbankaccount' && $usercancreate) { // bank account
|
||||||
$result = $object->setBankAccount(GETPOSTINT('fk_account'));
|
$result = $object->setBankAccount(GETPOSTINT('fk_account'));
|
||||||
@@ -3491,7 +3491,7 @@ if (empty($reshook)) {
|
|||||||
if (empty($id)) {
|
if (empty($id)) {
|
||||||
$id = $facid;
|
$id = $facid;
|
||||||
}
|
}
|
||||||
if (!empty($object->id) && $action == 'send') {
|
if (!empty($object->id) && $action == 'send') { // Test on permission not required
|
||||||
// load sumpayed, sumdeposit, sumcreditnote that can be used in email templates
|
// load sumpayed, sumdeposit, sumcreditnote that can be used in email templates
|
||||||
$object->getSommePaiement(-1);
|
$object->getSommePaiement(-1);
|
||||||
$object->getSumCreditNotesUsed(-1);
|
$object->getSumCreditNotesUsed(-1);
|
||||||
|
|||||||
@@ -218,7 +218,7 @@ if (empty($reshook)) {
|
|||||||
/*
|
/*
|
||||||
* Action add_paiement
|
* Action add_paiement
|
||||||
*/
|
*/
|
||||||
if ($action == 'add_paiement') {
|
if ($action == 'add_paiement') { // Test on permission not required
|
||||||
if ($error) {
|
if ($error) {
|
||||||
$action = 'create';
|
$action = 'create';
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -91,14 +91,12 @@ $outputlangs = $langs;
|
|||||||
|
|
||||||
// Validate social contribution
|
// Validate social contribution
|
||||||
/*
|
/*
|
||||||
if ($action == 'confirm_valide' && $confirm == 'yes' && $user->rights->tax->charges->creer)
|
if ($action == 'confirm_valide' && $confirm == 'yes' && $user->hasRight('tax', 'charges', '>creer') {
|
||||||
{
|
|
||||||
$db->begin();
|
$db->begin();
|
||||||
|
|
||||||
$result=$object->valide();
|
$result=$object->valide();
|
||||||
|
|
||||||
if ($result > 0)
|
if ($result > 0) {
|
||||||
{
|
|
||||||
$db->commit();
|
$db->commit();
|
||||||
|
|
||||||
$factures=array(); // TODO Get all id of invoices linked to this payment
|
$factures=array(); // TODO Get all id of invoices linked to this payment
|
||||||
@@ -120,9 +118,7 @@ if ($action == 'confirm_valide' && $confirm == 'yes' && $user->rights->tax->char
|
|||||||
|
|
||||||
header('Location: card.php?id='.$object->id);
|
header('Location: card.php?id='.$object->id);
|
||||||
exit;
|
exit;
|
||||||
}
|
} else {
|
||||||
else
|
|
||||||
{
|
|
||||||
setEventMessages($object->error, $object->errors, 'errors');
|
setEventMessages($object->error, $object->errors, 'errors');
|
||||||
$db->rollback();
|
$db->rollback();
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -418,8 +418,8 @@ if ($action == 'confirm_resize' && GETPOSTISSET("file") && GETPOSTISSET("sizex")
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Crop d'une image
|
// Crop if image
|
||||||
if ($action == 'confirm_crop') {
|
if ($action == 'confirm_crop') { // Test on permission already done
|
||||||
if (empty($dir)) {
|
if (empty($dir)) {
|
||||||
print 'Bug: Value for $dir could not be defined.';
|
print 'Bug: Value for $dir could not be defined.';
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -214,7 +214,7 @@ if ($action == 'setdate_delivery' && $permissiontoadd) {
|
|||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
$mesg = '<div class="error">'.$object->error.'</div>';
|
$mesg = '<div class="error">'.$object->error.'</div>';
|
||||||
}
|
}
|
||||||
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm')) {
|
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) {
|
||||||
// Set incoterm
|
// Set incoterm
|
||||||
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -184,10 +184,7 @@ if (preg_match('/^set/', $action) && ($projectid > 0 || $projectref) && $user->h
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/*if ($action=='setaccept_conference_suggestions' && !empty(GETPOST('cancel', 'alpha'))) {
|
|
||||||
|
|
||||||
}*/
|
|
||||||
//setaccept_booth_suggestions
|
|
||||||
if (GETPOST('cancel', 'alpha')) {
|
if (GETPOST('cancel', 'alpha')) {
|
||||||
$action = 'list';
|
$action = 'list';
|
||||||
$massaction = '';
|
$massaction = '';
|
||||||
@@ -200,8 +197,6 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend'
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
$parameters = array();
|
$parameters = array();
|
||||||
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
|
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
|
||||||
if ($reshook < 0) {
|
if ($reshook < 0) {
|
||||||
|
|||||||
@@ -635,27 +635,27 @@ if (empty($reshook)) {
|
|||||||
// Action update
|
// Action update
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
if ($action == 'settracking_number') {
|
if ($action == 'settracking_number') { // Test on permission not required
|
||||||
$object->tracking_number = trim(GETPOST('tracking_number', 'alpha'));
|
$object->tracking_number = trim(GETPOST('tracking_number', 'alpha'));
|
||||||
}
|
}
|
||||||
if ($action == 'settracking_url') {
|
if ($action == 'settracking_url') { // Test on permission not required
|
||||||
$object->tracking_url = trim(GETPOST('tracking_url', 'restricthtml'));
|
$object->tracking_url = trim(GETPOST('tracking_url', 'restricthtml'));
|
||||||
}
|
}
|
||||||
if ($action == 'settrueWeight') {
|
if ($action == 'settrueWeight') { // Test on permission not required
|
||||||
$object->trueWeight = GETPOSTINT('trueWeight');
|
$object->trueWeight = GETPOSTINT('trueWeight');
|
||||||
$object->weight_units = GETPOSTINT('weight_units');
|
$object->weight_units = GETPOSTINT('weight_units');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueWidth') {
|
if ($action == 'settrueWidth') { // Test on permission not required
|
||||||
$object->trueWidth = GETPOSTINT('trueWidth');
|
$object->trueWidth = GETPOSTINT('trueWidth');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueHeight') {
|
if ($action == 'settrueHeight') { // Test on permission not required
|
||||||
$object->trueHeight = GETPOSTINT('trueHeight');
|
$object->trueHeight = GETPOSTINT('trueHeight');
|
||||||
$object->size_units = GETPOSTINT('size_units');
|
$object->size_units = GETPOSTINT('size_units');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueDepth') {
|
if ($action == 'settrueDepth') { // Test on permission not required
|
||||||
$object->trueDepth = GETPOSTINT('trueDepth');
|
$object->trueDepth = GETPOSTINT('trueDepth');
|
||||||
}
|
}
|
||||||
if ($action == 'setshipping_method_id') {
|
if ($action == 'setshipping_method_id') { // Test on permission not required
|
||||||
$object->shipping_method_id = GETPOSTINT('shipping_method_id');
|
$object->shipping_method_id = GETPOSTINT('shipping_method_id');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -171,7 +171,7 @@ if (empty($reshook)) {
|
|||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
setEventMessages($object->error, $object->errors, 'errors');
|
setEventMessages($object->error, $object->errors, 'errors');
|
||||||
}
|
}
|
||||||
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm')) {
|
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) {
|
||||||
// Set incoterm
|
// Set incoterm
|
||||||
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
|
|||||||
@@ -467,7 +467,8 @@ if (empty($reshook)) {
|
|||||||
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $usercancreate) {
|
} elseif ($action == 'set_incoterms' && isModEnabled('incoterm') && $usercancreate) {
|
||||||
// Set incoterm
|
// Set incoterm
|
||||||
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
$result = $object->setIncoterms(GETPOSTINT('incoterm_id'), GETPOST('location_incoterms'));
|
||||||
} elseif ($action == 'settags' && isModEnabled('category')) { // Set tags
|
} elseif ($action == 'settags' && isModEnabled('category') && $usercancreate) {
|
||||||
|
// Set tags
|
||||||
$result = $object->setCategories(GETPOST('categories', 'array'));
|
$result = $object->setCategories(GETPOST('categories', 'array'));
|
||||||
} elseif ($action == 'setmode' && $usercancreate) {
|
} elseif ($action == 'setmode' && $usercancreate) {
|
||||||
// payment mode
|
// payment mode
|
||||||
|
|||||||
@@ -270,7 +270,7 @@ if (empty($reshook)) {
|
|||||||
/*
|
/*
|
||||||
* Action add_paiement
|
* Action add_paiement
|
||||||
*/
|
*/
|
||||||
if ($action == 'add_paiement') {
|
if ($action == 'add_paiement') { // Test on permission not required
|
||||||
if ($error) {
|
if ($error) {
|
||||||
$action = 'create';
|
$action = 'create';
|
||||||
}
|
}
|
||||||
@@ -281,7 +281,7 @@ if (empty($reshook)) {
|
|||||||
/*
|
/*
|
||||||
* Action confirm_paiement
|
* Action confirm_paiement
|
||||||
*/
|
*/
|
||||||
if ($action == 'confirm_paiement' && $confirm == 'yes') {
|
if ($action == 'confirm_paiement' && $confirm == 'yes' && $permissiontoadd) {
|
||||||
$datepaye = dol_mktime(12, 0, 0, GETPOSTINT('remonth'), GETPOSTINT('reday'), GETPOSTINT('reyear'));
|
$datepaye = dol_mktime(12, 0, 0, GETPOSTINT('remonth'), GETPOSTINT('reday'), GETPOSTINT('reyear'));
|
||||||
|
|
||||||
$multicurrency_code = array();
|
$multicurrency_code = array();
|
||||||
|
|||||||
@@ -618,7 +618,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Approve leave request
|
// Approve leave request
|
||||||
if ($action == 'confirm_valid') {
|
if ($action == 'confirm_valid' && $permissiontoapprove) { // Test on permission done later
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
|
|
||||||
// If status is waiting approval and approver is also user
|
// If status is waiting approval and approver is also user
|
||||||
@@ -726,7 +726,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes') {
|
if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes' && $permissiontoapprove) { // Test on permission done later
|
||||||
if (GETPOST('detail_refuse')) {
|
if (GETPOST('detail_refuse')) {
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
|
|
||||||
@@ -819,7 +819,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
|
|
||||||
// If the request is validated
|
// If the request is validated
|
||||||
if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes') {
|
if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes' && $permissiontoadd) { // Test on permission done later
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
@@ -845,7 +845,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// If confirmation of cancellation
|
// If confirmation of cancellation
|
||||||
if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') {
|
if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') { // Test on permission done later
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
$object->fetch($id);
|
$object->fetch($id);
|
||||||
|
|||||||
@@ -130,7 +130,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
if (empty($backtopage) || ($cancel && empty($id))) {
|
if (empty($backtopage) || ($cancel && empty($id))) {
|
||||||
if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) {
|
if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) {
|
||||||
if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) {
|
if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { // Test on permission not required
|
||||||
$backtopage = $backurlforlist;
|
$backtopage = $backurlforlist;
|
||||||
} else {
|
} else {
|
||||||
$backtopage = dol_buildpath('/hrm/evaluation_card.php', 1).'?id='.($id > 0 ? $id : '__ID__');
|
$backtopage = dol_buildpath('/hrm/evaluation_card.php', 1).'?id='.($id > 0 ? $id : '__ID__');
|
||||||
@@ -166,7 +166,7 @@ if (empty($reshook)) {
|
|||||||
$trackid = 'evaluation'.$object->id;
|
$trackid = 'evaluation'.$object->id;
|
||||||
include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
|
include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
|
||||||
|
|
||||||
if ($action == 'saveSkill') {
|
if ($action == 'saveSkill' && $permissiontoadd) {
|
||||||
$TNote = GETPOST('TNote', 'array');
|
$TNote = GETPOST('TNote', 'array');
|
||||||
if (!empty($TNote)) {
|
if (!empty($TNote)) {
|
||||||
foreach ($object->lines as $line) {
|
foreach ($object->lines as $line) {
|
||||||
|
|||||||
@@ -124,7 +124,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
if (empty($backtopage) || ($cancel && empty($id))) {
|
if (empty($backtopage) || ($cancel && empty($id))) {
|
||||||
if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) {
|
if (empty($backtopage) || ($cancel && strpos($backtopage, '__ID__'))) {
|
||||||
if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) {
|
if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { // Test on permission not required
|
||||||
$backtopage = $backurlforlist;
|
$backtopage = $backurlforlist;
|
||||||
} else {
|
} else {
|
||||||
$backtopage = dol_buildpath('/hrm/job_card.php', 1) . '?id=' . ($id > 0 ? $id : '__ID__');
|
$backtopage = dol_buildpath('/hrm/job_card.php', 1) . '?id=' . ($id > 0 ? $id : '__ID__');
|
||||||
@@ -165,7 +165,7 @@ if (empty($reshook)) {
|
|||||||
$trackid = 'job' . $object->id;
|
$trackid = 'job' . $object->id;
|
||||||
include DOL_DOCUMENT_ROOT . '/core/actions_sendmails.inc.php';
|
include DOL_DOCUMENT_ROOT . '/core/actions_sendmails.inc.php';
|
||||||
|
|
||||||
if ($action == 'confirm_clone' && $confirm != 'yes') {
|
if ($action == 'confirm_clone' && $confirm != 'yes') { // Test on permission not required
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -193,8 +193,6 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// Actions when linking object each other
|
// Actions when linking object each other
|
||||||
include DOL_DOCUMENT_ROOT . '/core/actions_dellink.inc.php';
|
include DOL_DOCUMENT_ROOT . '/core/actions_dellink.inc.php';
|
||||||
|
|
||||||
@@ -220,7 +218,7 @@ if (empty($reshook)) {
|
|||||||
$trackid = 'skill' . $object->id;
|
$trackid = 'skill' . $object->id;
|
||||||
include DOL_DOCUMENT_ROOT . '/core/actions_sendmails.inc.php';
|
include DOL_DOCUMENT_ROOT . '/core/actions_sendmails.inc.php';
|
||||||
|
|
||||||
if ($action == 'confirm_clone' && $confirm != 'yes') {
|
if ($action == 'confirm_clone' && $confirm != 'yes') { // Test on permission not required
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -248,7 +248,7 @@ if ($step == 3 && $datatoimport) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Delete file
|
// Delete file
|
||||||
if ($action == 'confirm_deletefile' && $confirm == 'yes') {
|
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $user->hasRight('import', 'run')) {
|
||||||
$langs->load("other");
|
$langs->load("other");
|
||||||
|
|
||||||
$param = '&datatoimport='.urlencode($datatoimport).'&format='.urlencode($format);
|
$param = '&datatoimport='.urlencode($datatoimport).'&format='.urlencode($format);
|
||||||
|
|||||||
@@ -161,10 +161,11 @@ if (empty($reshook)) {
|
|||||||
$trackid = 'knowledgerecord'.$object->id;
|
$trackid = 'knowledgerecord'.$object->id;
|
||||||
include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
|
include DOL_DOCUMENT_ROOT.'/core/actions_sendmails.inc.php';
|
||||||
}
|
}
|
||||||
if ($action == 'confirm_validate') {
|
if ($action == 'confirm_validate') { // Test on permission already done into actions_addupdatedelete.inc.php
|
||||||
$action = 'edit';
|
$action = 'edit';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* View
|
* View
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -255,14 +255,14 @@ if (empty($reshook)) {
|
|||||||
if ($objMo->fetch($idMo)) {
|
if ($objMo->fetch($idMo)) {
|
||||||
if ($objMo->status == Mo::STATUS_DRAFT) {
|
if ($objMo->status == Mo::STATUS_DRAFT) {
|
||||||
if (!empty($changeDate)) {
|
if (!empty($changeDate)) {
|
||||||
if ($action == 'changedatestart_confirm') {
|
if ($action == 'changedatestart_confirm') { // Test on permission not required
|
||||||
if ($newDate < $objMo->date_end_planned) {
|
if ($newDate < $objMo->date_end_planned) {
|
||||||
$objMo->date_start_planned = $newDate;
|
$objMo->date_start_planned = $newDate;
|
||||||
} else {
|
} else {
|
||||||
setEventMessages($langs->trans('ErrorModifyMoDateStart', $objMo->ref), null, 'errors');
|
setEventMessages($langs->trans('ErrorModifyMoDateStart', $objMo->ref), null, 'errors');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} elseif ($action == 'changedateend_confirm') {
|
} elseif ($action == 'changedateend_confirm') { // Test on permission not required
|
||||||
if ($newDate > $objMo->date_start_planned) {
|
if ($newDate > $objMo->date_start_planned) {
|
||||||
$objMo->date_end_planned = $newDate;
|
$objMo->date_end_planned = $newDate;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -254,7 +254,7 @@ if (empty($reshook)) {
|
|||||||
$object->setProject(GETPOSTINT('projectid'));
|
$object->setProject(GETPOSTINT('projectid'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_reopen') {
|
if ($action == 'confirm_reopen' && $permissiontoadd) {
|
||||||
$result = $object->setStatut($object::STATUS_INPROGRESS, 0, '', 'MRP_REOPEN');
|
$result = $object->setStatut($object::STATUS_INPROGRESS, 0, '', 'MRP_REOPEN');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -960,7 +960,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Action clone object
|
// Action clone object
|
||||||
if ($action == 'confirm_clone' && $confirm != 'yes') {
|
if ($action == 'confirm_clone' && $confirm != 'yes') { // Test on permission not required
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
if ($action == 'confirm_clone' && $confirm == 'yes' && $usercancreate) {
|
if ($action == 'confirm_clone' && $confirm == 'yes' && $usercancreate) {
|
||||||
@@ -1085,7 +1085,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Delete a product
|
// Delete a product
|
||||||
if ($action == 'confirm_delete' && $confirm != 'yes') {
|
if ($action == 'confirm_delete' && $confirm != 'yes') { // Test on permission not required
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
if ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) {
|
if ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) {
|
||||||
|
|||||||
@@ -110,6 +110,13 @@ if ($object->id > 0) {
|
|||||||
|
|
||||||
$maxpricesupplier = 0;
|
$maxpricesupplier = 0;
|
||||||
|
|
||||||
|
if ($object->id > 0) {
|
||||||
|
$permissiontoadd = $object->getRights()->creer;
|
||||||
|
} else {
|
||||||
|
$permissiontoadd = ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Actions
|
* Actions
|
||||||
*/
|
*/
|
||||||
@@ -136,7 +143,7 @@ if (empty($reshook)) {
|
|||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
if (($action == 'update_vat') && !$cancel && ($user->hasRight('produit', 'creer') || $user->hasRight('service', 'creer'))) {
|
if (($action == 'update_vat') && !$cancel && $permissiontoadd) {
|
||||||
$tva_tx_txt = GETPOST('tva_tx', 'alpha'); // tva_tx can be '8.5' or '8.5*' or '8.5 (XXX)' or '8.5* (XXX)'
|
$tva_tx_txt = GETPOST('tva_tx', 'alpha'); // tva_tx can be '8.5' or '8.5*' or '8.5 (XXX)' or '8.5* (XXX)'
|
||||||
|
|
||||||
$price_label = GETPOST('price_label', 'alpha');
|
$price_label = GETPOST('price_label', 'alpha');
|
||||||
@@ -278,7 +285,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
$maxpricesupplier = 0;
|
$maxpricesupplier = 0;
|
||||||
|
|
||||||
if (($action == 'update_price' || $action == 'update_level_price') && !$cancel && $object->getRights()->creer) {
|
if (($action == 'update_price' || $action == 'update_level_price') && !$cancel && $permissiontoadd) {
|
||||||
$error = 0;
|
$error = 0;
|
||||||
$pricestoupdate = array();
|
$pricestoupdate = array();
|
||||||
|
|
||||||
@@ -305,7 +312,8 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Multiprices
|
// Multiprices
|
||||||
if (!$error && (getDolGlobalString('PRODUIT_MULTIPRICES') || getDolGlobalString('PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES') || ($action == 'update_level_price' && getDolGlobalString('PRODUIT_CUSTOMER_PRICES_AND_MULTIPRICES')))) {
|
if (!$error && (getDolGlobalString('PRODUIT_MULTIPRICES') || getDolGlobalString('PRODUIT_CUSTOMER_PRICES_BY_QTY_MULTIPRICES')
|
||||||
|
|| ($action == 'update_level_price' && getDolGlobalString('PRODUIT_CUSTOMER_PRICES_AND_MULTIPRICES')))) { // Test on permission already done
|
||||||
$newprice = GETPOST('price', 'array');
|
$newprice = GETPOST('price', 'array');
|
||||||
$newprice_min = GETPOST('price_min', 'array');
|
$newprice_min = GETPOST('price_min', 'array');
|
||||||
$newpricebase = GETPOST('multiprices_base_type', 'array');
|
$newpricebase = GETPOST('multiprices_base_type', 'array');
|
||||||
@@ -626,7 +634,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Set Price by quantity
|
// Set Price by quantity
|
||||||
if ($action == 'activate_price_by_qty') {
|
if ($action == 'activate_price_by_qty' && $permissiontoadd) {
|
||||||
// Activating product price by quantity add a new price line with price_by_qty set to 1
|
// Activating product price by quantity add a new price line with price_by_qty set to 1
|
||||||
$level = GETPOSTINT('level');
|
$level = GETPOSTINT('level');
|
||||||
$basePrice = ($object->price_base_type == 'HT') ? $object->price : $object->price_ttc;
|
$basePrice = ($object->price_base_type == 'HT') ? $object->price : $object->price_ttc;
|
||||||
@@ -638,7 +646,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Unset Price by quantity
|
// Unset Price by quantity
|
||||||
if ($action == 'disable_price_by_qty') {
|
if ($action == 'disable_price_by_qty' && $permissiontoadd) {
|
||||||
// Disabling product price by quantity add a new price line with price_by_qty set to 0
|
// Disabling product price by quantity add a new price line with price_by_qty set to 0
|
||||||
$level = GETPOSTINT('level');
|
$level = GETPOSTINT('level');
|
||||||
$basePrice = ($object->price_base_type == 'HT') ? $object->price : $object->price_ttc;
|
$basePrice = ($object->price_base_type == 'HT') ? $object->price : $object->price_ttc;
|
||||||
@@ -650,12 +658,12 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'edit_price_by_qty') { // Edition d'un prix par quantité
|
if ($action == 'edit_price_by_qty') { // Test on permission not required
|
||||||
$rowid = GETPOSTINT('rowid');
|
$rowid = GETPOSTINT('rowid');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add or update price by quantity
|
// Add or update price by quantity
|
||||||
if ($action == 'update_price_by_qty') {
|
if ($action == 'update_price_by_qty' && $permissiontoadd) {
|
||||||
// Récupération des variables
|
// Récupération des variables
|
||||||
$rowid = GETPOSTINT('rowid');
|
$rowid = GETPOSTINT('rowid');
|
||||||
$priceid = GETPOSTINT('priceid');
|
$priceid = GETPOSTINT('priceid');
|
||||||
@@ -712,7 +720,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'delete_price_by_qty') {
|
if ($action == 'delete_price_by_qty' && $permissiontoadd) {
|
||||||
$rowid = GETPOSTINT('rowid');
|
$rowid = GETPOSTINT('rowid');
|
||||||
if (!empty($rowid)) {
|
if (!empty($rowid)) {
|
||||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
|
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
|
||||||
@@ -724,7 +732,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'delete_all_price_by_qty') {
|
if ($action == 'delete_all_price_by_qty' && $permissiontoadd) {
|
||||||
$priceid = GETPOSTINT('priceid');
|
$priceid = GETPOSTINT('priceid');
|
||||||
if (!empty($rowid)) {
|
if (!empty($rowid)) {
|
||||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
|
$sql = "DELETE FROM ".MAIN_DB_PREFIX."product_price_by_qty";
|
||||||
|
|||||||
@@ -103,6 +103,8 @@ if (!empty($_SESSION['massstockmove'])) {
|
|||||||
|
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
|
$permissiontodelete = $user->hasRight('stock', 'mouvement', 'creer');
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Actions
|
* Actions
|
||||||
@@ -522,17 +524,9 @@ if ($action == 'importCSV' && $user->hasRight('stock', 'mouvement', 'creer')) {
|
|||||||
$_SESSION['massstockmove'] = json_encode($listofdata);
|
$_SESSION['massstockmove'] = json_encode($listofdata);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_deletefile' && $confirm == 'yes') {
|
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permissiontodelete) {
|
||||||
$langs->load("other");
|
$langs->load("other");
|
||||||
|
|
||||||
$param = '&datatoimport='.urlencode($datatoimport).'&format='.urlencode($format);
|
|
||||||
if ($excludefirstline) {
|
|
||||||
$param .= '&excludefirstline='.urlencode($excludefirstline);
|
|
||||||
}
|
|
||||||
if ($endatlinenb) {
|
|
||||||
$param .= '&endatlinenb='.urlencode($endatlinenb);
|
|
||||||
}
|
|
||||||
|
|
||||||
$file = $conf->stock->dir_temp.'/'.GETPOST('urlfile');
|
$file = $conf->stock->dir_temp.'/'.GETPOST('urlfile');
|
||||||
$ret = dol_delete_file($file);
|
$ret = dol_delete_file($file);
|
||||||
if ($ret) {
|
if ($ret) {
|
||||||
|
|||||||
@@ -286,9 +286,8 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($permissiontoadd) {
|
// Decrease
|
||||||
// Décrémentation
|
if ($action == 'confirm_destock' && $confirm == 'yes' && $object->status == $object::STATUS_VALIDATED && $permissiontoadd) {
|
||||||
if ($action == 'confirm_destock' && $confirm == 'yes' && $object->status == $object::STATUS_VALIDATED) {
|
|
||||||
$lines = $object->getLinesArray();
|
$lines = $object->getLinesArray();
|
||||||
if (!empty($lines)) {
|
if (!empty($lines)) {
|
||||||
$db->begin();
|
$db->begin();
|
||||||
@@ -315,7 +314,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Annulation décrémentation
|
// Annulation décrémentation
|
||||||
if ($action == 'confirm_destockcancel' && $confirm == 'yes' && $object->status == $object::STATUS_TRANSFERED) {
|
if ($action == 'confirm_destockcancel' && $confirm == 'yes' && $object->status == $object::STATUS_TRANSFERED && $permissiontoadd) {
|
||||||
$lines = $object->getLinesArray();
|
$lines = $object->getLinesArray();
|
||||||
if (!empty($lines)) {
|
if (!empty($lines)) {
|
||||||
$db->begin();
|
$db->begin();
|
||||||
@@ -342,7 +341,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Incrémentation
|
// Incrémentation
|
||||||
if ($action == 'confirm_addstock' && $confirm == 'yes' && $object->status == $object::STATUS_TRANSFERED) {
|
if ($action == 'confirm_addstock' && $confirm == 'yes' && $object->status == $object::STATUS_TRANSFERED && $permissiontoadd) {
|
||||||
$lines = $object->getLinesArray();
|
$lines = $object->getLinesArray();
|
||||||
if (!empty($lines)) {
|
if (!empty($lines)) {
|
||||||
$db->begin();
|
$db->begin();
|
||||||
@@ -369,7 +368,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Annulation incrémentation
|
// Annulation incrémentation
|
||||||
if ($action == 'confirm_addstockcancel' && $confirm == 'yes' && $object->status == $object::STATUS_CLOSED) {
|
if ($action == 'confirm_addstockcancel' && $confirm == 'yes' && $object->status == $object::STATUS_CLOSED && $permissiontoadd) {
|
||||||
$lines = $object->getLinesArray();
|
$lines = $object->getLinesArray();
|
||||||
if (!empty($lines)) {
|
if (!empty($lines)) {
|
||||||
$db->begin();
|
$db->begin();
|
||||||
@@ -394,7 +393,6 @@ if (empty($reshook)) {
|
|||||||
setEventMessage('StockStransferIncrementedShortCancel', 'warnings');
|
setEventMessage('StockStransferIncrementedShortCancel', 'warnings');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Set incoterm
|
// Set incoterm
|
||||||
if ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) {
|
if ($action == 'set_incoterms' && isModEnabled('incoterm') && $permissiontoadd) {
|
||||||
|
|||||||
@@ -180,7 +180,7 @@ if ($action == 'confirm_merge' && $confirm == 'yes' && $user->hasRight('projet',
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_clone' && $confirm == 'yes') {
|
if ($action == 'confirm_clone' && $confirm == 'yes' && $user->hasRight('projet', 'creer')) {
|
||||||
//$clone_contacts = GETPOST('clone_contacts') ? 1 : 0;
|
//$clone_contacts = GETPOST('clone_contacts') ? 1 : 0;
|
||||||
$clone_prog = GETPOST('clone_prog') ? 1 : 0;
|
$clone_prog = GETPOST('clone_prog') ? 1 : 0;
|
||||||
$clone_time = GETPOST('clone_time') ? 1 : 0;
|
$clone_time = GETPOST('clone_time') ? 1 : 0;
|
||||||
|
|||||||
@@ -417,7 +417,7 @@ if ($id <= 0 && $projectidforalltimes == 0) {
|
|||||||
$allprojectforuser = $user->id;
|
$allprojectforuser = $user->id;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_generateinvoice') {
|
if ($action == 'confirm_generateinvoice' && $user->hasRight('facture', 'creer')) {
|
||||||
if (!empty($projectstatic->socid)) {
|
if (!empty($projectstatic->socid)) {
|
||||||
$projectstatic->fetch_thirdparty();
|
$projectstatic->fetch_thirdparty();
|
||||||
}
|
}
|
||||||
@@ -799,7 +799,7 @@ if ($action == 'confirm_generateinvoice') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_generateinter') {
|
if ($action == 'confirm_generateinter' && $user->hasRight('fichinter', 'creer')) {
|
||||||
$langs->load('interventions');
|
$langs->load('interventions');
|
||||||
|
|
||||||
if (!empty($projectstatic->socid)) {
|
if (!empty($projectstatic->socid)) {
|
||||||
|
|||||||
@@ -550,36 +550,31 @@ if (empty($reshook)) {
|
|||||||
if ($result < 0) {
|
if ($result < 0) {
|
||||||
setEventMessages($object->error, $object->errors, 'errors');
|
setEventMessages($object->error, $object->errors, 'errors');
|
||||||
}
|
}
|
||||||
} elseif (($action == 'settracking_number' || $action == 'settracking_url'
|
} elseif (in_array($action, array('settracking_number', 'settracking_url', 'settrueWeight', 'settrueWidth', 'settrueHeight', 'settrueDepth', 'setshipping_method_id')) && $permissiontoadd) {
|
||||||
|| $action == 'settrueWeight'
|
|
||||||
|| $action == 'settrueWidth'
|
|
||||||
|| $action == 'settrueHeight'
|
|
||||||
|| $action == 'settrueDepth'
|
|
||||||
|| $action == 'setshipping_method_id') && $permissiontoadd) {
|
|
||||||
// Action update
|
// Action update
|
||||||
$error = 0;
|
$error = 0;
|
||||||
|
|
||||||
if ($action == 'settracking_number') { // Test on permission to add
|
if ($action == 'settracking_number') { // Test on permission already done
|
||||||
$object->tracking_number = trim(GETPOST('tracking_number', 'alpha'));
|
$object->tracking_number = trim(GETPOST('tracking_number', 'alpha'));
|
||||||
}
|
}
|
||||||
if ($action == 'settracking_url') { // Test on permission to add
|
if ($action == 'settracking_url') { // Test on permission already done
|
||||||
$object->tracking_url = trim(GETPOST('tracking_url', 'restricthtml'));
|
$object->tracking_url = trim(GETPOST('tracking_url', 'restricthtml'));
|
||||||
}
|
}
|
||||||
if ($action == 'settrueWeight') { // Test on permission to add
|
if ($action == 'settrueWeight') { // Test on permission already done
|
||||||
$object->trueWeight = GETPOSTINT('trueWeight');
|
$object->trueWeight = GETPOSTINT('trueWeight');
|
||||||
$object->weight_units = GETPOSTINT('weight_units');
|
$object->weight_units = GETPOSTINT('weight_units');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueWidth') { // Test on permission to add
|
if ($action == 'settrueWidth') { // Test on permission already done
|
||||||
$object->trueWidth = GETPOSTINT('trueWidth');
|
$object->trueWidth = GETPOSTINT('trueWidth');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueHeight') { // Test on permission to add
|
if ($action == 'settrueHeight') { // Test on permission already done
|
||||||
$object->trueHeight = GETPOSTINT('trueHeight');
|
$object->trueHeight = GETPOSTINT('trueHeight');
|
||||||
$object->size_units = GETPOSTINT('size_units');
|
$object->size_units = GETPOSTINT('size_units');
|
||||||
}
|
}
|
||||||
if ($action == 'settrueDepth') { // Test on permission to add
|
if ($action == 'settrueDepth') { // Test on permission already done
|
||||||
$object->trueDepth = GETPOSTINT('trueDepth');
|
$object->trueDepth = GETPOSTINT('trueDepth');
|
||||||
}
|
}
|
||||||
if ($action == 'setshipping_method_id') { // Test on permission to add
|
if ($action == 'setshipping_method_id') { // Test on permission already done
|
||||||
$object->shipping_method_id = GETPOSTINT('shipping_method_id');
|
$object->shipping_method_id = GETPOSTINT('shipping_method_id');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -108,6 +108,12 @@ if ($element == 'product' || $element == 'service') { // When RESOURCE_ON_PRODUC
|
|||||||
$result = restrictedArea($user, 'produit|service', $element_id, 'product&product', '', '', (string) $fieldtype);
|
$result = restrictedArea($user, 'produit|service', $element_id, 'product&product', '', '', (string) $fieldtype);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO
|
||||||
|
//$permissiontoadd should be set according to $element
|
||||||
|
//$permissiontodelete should be set according to $element
|
||||||
|
$permissiontoadd = $user->hasRight('resource', 'write');
|
||||||
|
$permissiontodelete = $user->hasRight('resource', 'delete');
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Actions
|
* Actions
|
||||||
@@ -123,7 +129,7 @@ if (empty($reshook)) {
|
|||||||
$error = 0;
|
$error = 0;
|
||||||
$objstat = null;
|
$objstat = null;
|
||||||
|
|
||||||
if ($action == 'add_element_resource' && !$cancel) {
|
if ($action == 'add_element_resource' && !$cancel && $permissiontoadd) { // Test on permission already done in header before actions
|
||||||
$res = 0;
|
$res = 0;
|
||||||
if (!($resource_id > 0)) {
|
if (!($resource_id > 0)) {
|
||||||
$error++;
|
$error++;
|
||||||
@@ -204,7 +210,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Update resource
|
// Update resource
|
||||||
if ($action == 'update_linked_resource' && $user->hasRight('resource', 'write') && !GETPOST('cancel', 'alpha') && is_object($objstat)) {
|
if ($action == 'update_linked_resource' && $permissiontoadd && !GETPOST('cancel', 'alpha') && is_object($objstat)) {
|
||||||
$res = $object->fetchElementResource($lineid);
|
$res = $object->fetchElementResource($lineid);
|
||||||
if ($res) {
|
if ($res) {
|
||||||
$object->busy = $busy;
|
$object->busy = $busy;
|
||||||
@@ -283,7 +289,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Delete a resource linked to an element
|
// Delete a resource linked to an element
|
||||||
if ($action == 'confirm_delete_linked_resource' && $user->hasRight('resource', 'delete') && $confirm === 'yes') {
|
if ($action == 'confirm_delete_linked_resource' && $permissiontodelete && $confirm === 'yes') {
|
||||||
$result = $object->delete_resource($lineid, $element);
|
$result = $object->delete_resource($lineid, $element);
|
||||||
|
|
||||||
if ($result >= 0) {
|
if ($result >= 0) {
|
||||||
|
|||||||
@@ -402,7 +402,7 @@ if (empty($reshook)) {
|
|||||||
$object->client = $prospectcustomer;
|
$object->client = $prospectcustomer;
|
||||||
$object->fournisseur = (GETPOSTINT('supplier') > 0 ? 1 : 0);
|
$object->fournisseur = (GETPOSTINT('supplier') > 0 ? 1 : 0);
|
||||||
|
|
||||||
if ($action == 'add') {
|
if ($action == 'add') { // Test on permission already done
|
||||||
// for prospect, customer or supplier
|
// for prospect, customer or supplier
|
||||||
if ($object->client > 0 || $object->fournisseur > 0) {
|
if ($object->client > 0 || $object->fournisseur > 0) {
|
||||||
$form = new Form($db);
|
$form = new Form($db);
|
||||||
@@ -865,7 +865,7 @@ if (empty($reshook)) {
|
|||||||
$result = $object->setWarehouse(GETPOSTINT('fk_warehouse'));
|
$result = $object->setWarehouse(GETPOSTINT('fk_warehouse'));
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_clone' && $confirm != 'yes') {
|
if ($action == 'confirm_clone' && $confirm != 'yes') { // Test on permission not required here
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
//clone company essential info
|
//clone company essential info
|
||||||
|
|||||||
@@ -32,7 +32,6 @@
|
|||||||
* \brief Tab of payment modes for the customer
|
* \brief Tab of payment modes for the customer
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// Load Dolibarr environment
|
// Load Dolibarr environment
|
||||||
require '../main.inc.php';
|
require '../main.inc.php';
|
||||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
|
||||||
@@ -648,7 +647,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
$tmpservice = 'StripeTest';
|
$tmpservice = 'StripeTest';
|
||||||
$tmpservicestatus = 0;
|
$tmpservicestatus = 0;
|
||||||
if ($action == 'setkey_account') {
|
if ($action == 'setkey_account') { // Test on permission not required
|
||||||
$tmpservice = 'StripeLive';
|
$tmpservice = 'StripeLive';
|
||||||
$tmpservicestatus = 1;
|
$tmpservicestatus = 1;
|
||||||
}
|
}
|
||||||
@@ -657,7 +656,7 @@ if (empty($reshook)) {
|
|||||||
global $stripearrayofkeysbyenv;
|
global $stripearrayofkeysbyenv;
|
||||||
$tmpsite_account = $stripearrayofkeysbyenv[$tmpservicestatus]['publishable_key'];
|
$tmpsite_account = $stripearrayofkeysbyenv[$tmpservicestatus]['publishable_key'];
|
||||||
|
|
||||||
if ($action == 'setkey_account') {
|
if ($action == 'setkey_account') { // Test on permission not required
|
||||||
$newcu = GETPOST('key_account', 'alpha');
|
$newcu = GETPOST('key_account', 'alpha');
|
||||||
} else {
|
} else {
|
||||||
$newcu = GETPOST('key_accounttest', 'alpha');
|
$newcu = GETPOST('key_accounttest', 'alpha');
|
||||||
@@ -717,7 +716,7 @@ if (empty($reshook)) {
|
|||||||
|
|
||||||
$tmpservice = 'StripeTest';
|
$tmpservice = 'StripeTest';
|
||||||
$tmpservicestatus = 0;
|
$tmpservicestatus = 0;
|
||||||
if ($action == 'setkey_account_supplier') {
|
if ($action == 'setkey_account_supplier') { // Test on permission not required
|
||||||
$tmpservice = 'StripeLive';
|
$tmpservice = 'StripeLive';
|
||||||
$tmpservicestatus = 1;
|
$tmpservicestatus = 1;
|
||||||
}
|
}
|
||||||
@@ -726,7 +725,7 @@ if (empty($reshook)) {
|
|||||||
global $stripearrayofkeysbyenv;
|
global $stripearrayofkeysbyenv;
|
||||||
$tmpsite_account = $stripearrayofkeysbyenv[$tmpservicestatus]['publishable_key'];
|
$tmpsite_account = $stripearrayofkeysbyenv[$tmpservicestatus]['publishable_key'];
|
||||||
|
|
||||||
if ($action == 'setkey_account_supplier') {
|
if ($action == 'setkey_account_supplier') { // Test on permission not required
|
||||||
$newsup = GETPOST('key_account_supplier', 'alpha');
|
$newsup = GETPOST('key_account_supplier', 'alpha');
|
||||||
} else {
|
} else {
|
||||||
$newsup = GETPOST('key_account_suppliertest', 'alpha');
|
$newsup = GETPOST('key_account_suppliertest', 'alpha');
|
||||||
@@ -931,7 +930,7 @@ if ($socid && ($action == 'edit' || $action == 'editcard') && $permissiontoaddup
|
|||||||
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
|
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
|
||||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||||
$actionforadd = 'update';
|
$actionforadd = 'update';
|
||||||
if ($action == 'editcard') {
|
if ($action == 'editcard') { // Test on permission not required
|
||||||
$actionforadd = 'updatecard';
|
$actionforadd = 'updatecard';
|
||||||
}
|
}
|
||||||
print '<input type="hidden" name="action" value="'.$actionforadd.'">';
|
print '<input type="hidden" name="action" value="'.$actionforadd.'">';
|
||||||
@@ -941,7 +940,7 @@ if ($socid && ($action == 'create' || $action == 'createcard') && $permissiontoa
|
|||||||
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
|
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
|
||||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||||
$actionforadd = 'add';
|
$actionforadd = 'add';
|
||||||
if ($action == 'createcard') {
|
if ($action == 'createcard') { // Test on permission not required
|
||||||
$actionforadd = 'addcard';
|
$actionforadd = 'addcard';
|
||||||
}
|
}
|
||||||
print '<input type="hidden" name="action" value="'.$actionforadd.'">';
|
print '<input type="hidden" name="action" value="'.$actionforadd.'">';
|
||||||
|
|||||||
@@ -61,6 +61,13 @@ if (!$user->hasRight('takepos', 'run')) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Actions
|
||||||
|
*/
|
||||||
|
|
||||||
|
// None
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* View
|
* View
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -72,6 +72,12 @@ if (!$user->hasRight('takepos', 'run')) {
|
|||||||
accessforbidden();
|
accessforbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Actions
|
||||||
|
*/
|
||||||
|
|
||||||
|
// None
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* View
|
* View
|
||||||
|
|||||||
@@ -458,7 +458,7 @@ if (empty($reshook)) {
|
|||||||
if (($action == "confirm_close" || $action == "confirm_abandon") && GETPOST('confirm', 'alpha') == 'yes' && $permissiontoadd) {
|
if (($action == "confirm_close" || $action == "confirm_abandon") && GETPOST('confirm', 'alpha') == 'yes' && $permissiontoadd) {
|
||||||
$object->fetch(GETPOSTINT('id'), '', GETPOST('track_id', 'alpha'));
|
$object->fetch(GETPOSTINT('id'), '', GETPOST('track_id', 'alpha'));
|
||||||
|
|
||||||
if ($object->close($user, ($action == "confirm_abandon" ? 1 : 0))) {
|
if ($object->close($user, ($action == "confirm_abandon" ? 1 : 0))) { // Test on pemrission already done
|
||||||
setEventMessages($langs->trans('TicketMarkedAsClosed'), null, 'mesgs');
|
setEventMessages($langs->trans('TicketMarkedAsClosed'), null, 'mesgs');
|
||||||
|
|
||||||
$url = 'card.php?track_id=' . GETPOST('track_id', 'alpha');
|
$url = 'card.php?track_id=' . GETPOST('track_id', 'alpha');
|
||||||
|
|||||||
@@ -84,6 +84,7 @@ $confirm = GETPOST('confirm', 'alpha');
|
|||||||
$group = GETPOSTINT("group", 3);
|
$group = GETPOSTINT("group", 3);
|
||||||
$cancel = GETPOST('cancel', 'alpha');
|
$cancel = GETPOST('cancel', 'alpha');
|
||||||
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'useracard'; // To manage different context of search
|
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'useracard'; // To manage different context of search
|
||||||
|
$backtopage = GETPOST('backtopage');
|
||||||
|
|
||||||
if (empty($id) && $action != 'add' && $action != 'create') {
|
if (empty($id) && $action != 'add' && $action != 'create') {
|
||||||
$id = $user->id;
|
$id = $user->id;
|
||||||
@@ -710,7 +711,7 @@ if (empty($reshook)) {
|
|||||||
setEventMessages($langs->trans("ErrorFailedToSetNewPassword"), null, 'errors');
|
setEventMessages($langs->trans("ErrorFailedToSetNewPassword"), null, 'errors');
|
||||||
} else {
|
} else {
|
||||||
// Success
|
// Success
|
||||||
if ($action == 'confirm_passwordsend' && $confirm == 'yes') {
|
if ($action == 'confirm_passwordsend' && $confirm == 'yes') { // Test on permission already done
|
||||||
if ($object->send_password($user, $newpassword) > 0) {
|
if ($object->send_password($user, $newpassword) > 0) {
|
||||||
setEventMessages($langs->trans("PasswordChangedAndSentTo", $object->email), null, 'mesgs');
|
setEventMessages($langs->trans("PasswordChangedAndSentTo", $object->email), null, 'mesgs');
|
||||||
} else {
|
} else {
|
||||||
@@ -786,7 +787,7 @@ if (empty($reshook)) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($action == 'confirm_clone' && $confirm != 'yes') {
|
if ($action == 'confirm_clone' && $confirm != 'yes') { // Test on permission not required
|
||||||
$action = '';
|
$action = '';
|
||||||
}
|
}
|
||||||
if ($action == 'confirm_clone' && $confirm == 'yes' && $permissiontocloneuser) {
|
if ($action == 'confirm_clone' && $confirm == 'yes' && $permissiontocloneuser) {
|
||||||
@@ -1633,9 +1634,7 @@ if ($action == 'create' || $action == 'adduserldap') {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/*
|
// View mode
|
||||||
* View mode
|
|
||||||
*/
|
|
||||||
if ($action != 'edit') {
|
if ($action != 'edit') {
|
||||||
print dol_get_fiche_head($head, 'user', $title, -1, 'user', 0, '', '', 0, '', 1);
|
print dol_get_fiche_head($head, 'user', $title, -1, 'user', 0, '', '', 0, '', 1);
|
||||||
|
|
||||||
|
|||||||
@@ -708,27 +708,43 @@ class CodingPhpTest extends CommonClassTest
|
|||||||
|
|
||||||
// Get the part of string to use for analysis
|
// Get the part of string to use for analysis
|
||||||
$reg = array();
|
$reg = array();
|
||||||
if (preg_match('/\*\s+Action(.*)\*\s+View/ims', $filecontentorigin, $reg)) {
|
if (preg_match('/\*\s+Action(.*)\*\s+View/ims', $filecontentorigin, $reg)) { // search '* Action... * View'
|
||||||
$filecontentaction = $reg[1];
|
$filecontentaction = $reg[1];
|
||||||
} else {
|
} else {
|
||||||
$filecontentaction = $filecontent;
|
$filecontentaction = $filecontent;
|
||||||
}
|
}
|
||||||
|
|
||||||
preg_match_all('/if.*\$action\s*==\s*[\'"][a-z\-_]+[\'"].*$/si', $filecontentaction, $matches, PREG_SET_ORDER);
|
// Uncomment this for a scan on one given file
|
||||||
|
// if ($file['fullname'] != '/home/ldestailleur/git/dolibarr_22.0/htdocs/holiday/card.php') return;
|
||||||
|
// if ($file['fullname'] != '/home/ldestailleur/git/dolibarr_22.0/htdocs/bom/bom_card.php') return;
|
||||||
|
|
||||||
|
/*
|
||||||
|
$filecontentaction = <<<'EOT'
|
||||||
|
Note that $action and $object may have been modified by some hooks
|
||||||
|
|
||||||
|
if ($action == 'add' && $permissiontoadd) {
|
||||||
|
// aaa
|
||||||
|
|
||||||
|
EOT;
|
||||||
|
*/
|
||||||
|
//var_dump($filecontentaction);
|
||||||
|
preg_match_all('/if\s[^\n\r]+\$action\s*==\s*[\'"][a-z\-_]+[\'"].*$/mi', $filecontentaction, $matches, PREG_SET_ORDER);
|
||||||
|
|
||||||
foreach ($matches as $key => $val) {
|
foreach ($matches as $key => $val) {
|
||||||
if (!preg_match('/\$user->hasR/', $val[0])
|
if (!preg_match('/\$user->hasR/', $val[0])
|
||||||
&& !preg_match('/\$permission/', $val[0])
|
&& !preg_match('/\$permission/', $val[0])
|
||||||
&& !preg_match('/\$permto/', $val[0])
|
&& !preg_match('/\$permto/', $val[0])
|
||||||
&& !preg_match('/\$usercan/', $val[0])
|
&& !preg_match('/\$usercan/', $val[0])
|
||||||
|
&& !preg_match('/\$candelete/', $val[0])
|
||||||
&& !preg_match('/\$canedit/', $val[0])
|
&& !preg_match('/\$canedit/', $val[0])
|
||||||
&& !preg_match('/\$user->admin/', $val[0])
|
&& !preg_match('/\$user->admin/', $val[0])
|
||||||
|
&& !preg_match('/\->getRights\(\)->/', $val[0])
|
||||||
&& !preg_match('/already done/i', $val[0])
|
&& !preg_match('/already done/i', $val[0])
|
||||||
&& !preg_match('/done later/i', $val[0])
|
&& !preg_match('/done later/i', $val[0])
|
||||||
&& !preg_match('/not required/i', $val[0])) {
|
&& !preg_match('/not required/i', $val[0])) {
|
||||||
$ok = false;
|
$ok = false;
|
||||||
|
|
||||||
//var_dump($file['fullname'].' '.$filecontentaction);exit;
|
var_dump($file['fullname'].' '.$val[0].' '.$filecontentaction);exit;
|
||||||
|
|
||||||
print "File ".$file['relativename']." - Line: ".$val[0]."\n";
|
print "File ".$file['relativename']." - Line: ".$val[0]."\n";
|
||||||
break;
|
break;
|
||||||
|
|||||||
Reference in New Issue
Block a user