forked from Wavyzz/dolibarr
Fix warning
This commit is contained in:
Laurent Destailleur
@@ -2545,54 +2545,54 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$original_file = $conf->adherent->dir_output.'/'.$original_file;
|
$original_file = $conf->adherent->dir_output.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'apercufacture' && !empty($conf->facture->multidir_output[$entity])) {
|
} elseif ($modulepart == 'apercufacture' && !empty($conf->facture->multidir_output[$entity])) {
|
||||||
// Wrapping pour les apercu factures
|
// Wrapping pour les apercu factures
|
||||||
if ($fuser->rights->facture->{$lire}) {
|
if ($fuser->hasRight('facture', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->facture->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->facture->multidir_output[$entity].'/'.$original_file;
|
||||||
} elseif ($modulepart == 'apercupropal' && !empty($conf->propal->multidir_output[$entity])) {
|
} elseif ($modulepart == 'apercupropal' && !empty($conf->propal->multidir_output[$entity])) {
|
||||||
// Wrapping pour les apercu propal
|
// Wrapping pour les apercu propal
|
||||||
if ($fuser->rights->propal->{$lire}) {
|
if ($fuser->hasRight('propal', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
|
||||||
} elseif ($modulepart == 'apercucommande' && !empty($conf->commande->multidir_output[$entity])) {
|
} elseif ($modulepart == 'apercucommande' && !empty($conf->commande->multidir_output[$entity])) {
|
||||||
// Wrapping pour les apercu commande
|
// Wrapping pour les apercu commande
|
||||||
if ($fuser->rights->commande->{$lire}) {
|
if ($fuser->hasRight('commande', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->commande->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->commande->multidir_output[$entity].'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercufichinter' || $modulepart == 'apercuficheinter') && !empty($conf->ficheinter->dir_output)) {
|
} elseif (($modulepart == 'apercufichinter' || $modulepart == 'apercuficheinter') && !empty($conf->ficheinter->dir_output)) {
|
||||||
// Wrapping pour les apercu intervention
|
// Wrapping pour les apercu intervention
|
||||||
if ($fuser->rights->ficheinter->{$lire}) {
|
if ($fuser->hasRight('ficheinter', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->ficheinter->dir_output.'/'.$original_file;
|
$original_file = $conf->ficheinter->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercucontract') && !empty($conf->contrat->multidir_output[$entity])) {
|
} elseif (($modulepart == 'apercucontract') && !empty($conf->contrat->multidir_output[$entity])) {
|
||||||
// Wrapping pour les apercu contrat
|
// Wrapping pour les apercu contrat
|
||||||
if ($fuser->rights->contrat->{$lire}) {
|
if ($fuser->hasRight('contrat', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->contrat->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->contrat->multidir_output[$entity].'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercusupplier_proposal' || $modulepart == 'apercusupplier_proposal') && !empty($conf->supplier_proposal->dir_output)) {
|
} elseif (($modulepart == 'apercusupplier_proposal' || $modulepart == 'apercusupplier_proposal') && !empty($conf->supplier_proposal->dir_output)) {
|
||||||
// Wrapping pour les apercu supplier proposal
|
// Wrapping pour les apercu supplier proposal
|
||||||
if ($fuser->rights->supplier_proposal->{$lire}) {
|
if ($fuser->hasRight('supplier_proposal', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->supplier_proposal->dir_output.'/'.$original_file;
|
$original_file = $conf->supplier_proposal->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercusupplier_order' || $modulepart == 'apercusupplier_order') && !empty($conf->fournisseur->commande->dir_output)) {
|
} elseif (($modulepart == 'apercusupplier_order' || $modulepart == 'apercusupplier_order') && !empty($conf->fournisseur->commande->dir_output)) {
|
||||||
// Wrapping pour les apercu supplier order
|
// Wrapping pour les apercu supplier order
|
||||||
if ($fuser->rights->fournisseur->commande->{$lire}) {
|
if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
|
$original_file = $conf->fournisseur->commande->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercusupplier_invoice' || $modulepart == 'apercusupplier_invoice') && !empty($conf->fournisseur->facture->dir_output)) {
|
} elseif (($modulepart == 'apercusupplier_invoice' || $modulepart == 'apercusupplier_invoice') && !empty($conf->fournisseur->facture->dir_output)) {
|
||||||
// Wrapping pour les apercu supplier invoice
|
// Wrapping pour les apercu supplier invoice
|
||||||
if ($fuser->rights->fournisseur->facture->{$lire}) {
|
if ($fuser->hasRight('fournisseur', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
|
$original_file = $conf->fournisseur->facture->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) {
|
} elseif (($modulepart == 'holiday') && !empty($conf->holiday->dir_output)) {
|
||||||
if ($fuser->rights->holiday->{$read} || !empty($fuser->rights->holiday->readall) || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('holiday', $read) || !empty($fuser->rights->holiday->readall) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
// If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request
|
// If we known $id of holiday, call checkUserAccessToObject to check permission on properties and hierarchy of leave request
|
||||||
if ($refname && empty($fuser->rights->holiday->readall) && !preg_match('/^specimen/i', $original_file)) {
|
if ($refname && empty($fuser->rights->holiday->readall) && !preg_match('/^specimen/i', $original_file)) {
|
||||||
@@ -2604,7 +2604,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
}
|
}
|
||||||
$original_file = $conf->holiday->dir_output.'/'.$original_file;
|
$original_file = $conf->holiday->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) {
|
} elseif (($modulepart == 'expensereport') && !empty($conf->expensereport->dir_output)) {
|
||||||
if ($fuser->rights->expensereport->{$lire} || !empty($fuser->rights->expensereport->readall) || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('expensereport', $lire) || !empty($fuser->rights->expensereport->readall) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
// If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report
|
// If we known $id of expensereport, call checkUserAccessToObject to check permission on properties and hierarchy of expense report
|
||||||
if ($refname && empty($fuser->rights->expensereport->readall) && !preg_match('/^specimen/i', $original_file)) {
|
if ($refname && empty($fuser->rights->expensereport->readall) && !preg_match('/^specimen/i', $original_file)) {
|
||||||
@@ -2617,72 +2617,72 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$original_file = $conf->expensereport->dir_output.'/'.$original_file;
|
$original_file = $conf->expensereport->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'apercuexpensereport') && !empty($conf->expensereport->dir_output)) {
|
} elseif (($modulepart == 'apercuexpensereport') && !empty($conf->expensereport->dir_output)) {
|
||||||
// Wrapping pour les apercu expense report
|
// Wrapping pour les apercu expense report
|
||||||
if ($fuser->rights->expensereport->{$lire}) {
|
if ($fuser->hasRight('expensereport', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expensereport->dir_output.'/'.$original_file;
|
$original_file = $conf->expensereport->dir_output.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'propalstats' && !empty($conf->propal->multidir_temp[$entity])) {
|
} elseif ($modulepart == 'propalstats' && !empty($conf->propal->multidir_temp[$entity])) {
|
||||||
// Wrapping pour les images des stats propales
|
// Wrapping pour les images des stats propales
|
||||||
if ($fuser->rights->propal->{$lire}) {
|
if ($fuser->hasRight('propal', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->propal->multidir_temp[$entity].'/'.$original_file;
|
$original_file = $conf->propal->multidir_temp[$entity].'/'.$original_file;
|
||||||
} elseif ($modulepart == 'orderstats' && !empty($conf->commande->dir_temp)) {
|
} elseif ($modulepart == 'orderstats' && !empty($conf->commande->dir_temp)) {
|
||||||
// Wrapping pour les images des stats commandes
|
// Wrapping pour les images des stats commandes
|
||||||
if ($fuser->rights->commande->{$lire}) {
|
if ($fuser->hasRight('commande', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->commande->dir_temp.'/'.$original_file;
|
$original_file = $conf->commande->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) {
|
} elseif ($modulepart == 'orderstatssupplier' && !empty($conf->fournisseur->dir_output)) {
|
||||||
if ($fuser->rights->fournisseur->commande->{$lire}) {
|
if ($fuser->hasRight('fournisseur', 'commande', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->commande->dir_temp.'/'.$original_file;
|
$original_file = $conf->fournisseur->commande->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'billstats' && !empty($conf->facture->dir_temp)) {
|
} elseif ($modulepart == 'billstats' && !empty($conf->facture->dir_temp)) {
|
||||||
// Wrapping pour les images des stats factures
|
// Wrapping pour les images des stats factures
|
||||||
if ($fuser->rights->facture->{$lire}) {
|
if ($fuser->hasRight('facture', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->facture->dir_temp.'/'.$original_file;
|
$original_file = $conf->facture->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) {
|
} elseif ($modulepart == 'billstatssupplier' && !empty($conf->fournisseur->dir_output)) {
|
||||||
if ($fuser->rights->fournisseur->facture->{$lire}) {
|
if ($fuser->hasRight('fournisseur', 'facture', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->facture->dir_temp.'/'.$original_file;
|
$original_file = $conf->fournisseur->facture->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) {
|
} elseif ($modulepart == 'expeditionstats' && !empty($conf->expedition->dir_temp)) {
|
||||||
// Wrapping pour les images des stats expeditions
|
// Wrapping pour les images des stats expeditions
|
||||||
if ($fuser->rights->expedition->{$lire}) {
|
if ($fuser->hasRight('expedition', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expedition->dir_temp.'/'.$original_file;
|
$original_file = $conf->expedition->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) {
|
} elseif ($modulepart == 'tripsexpensesstats' && !empty($conf->deplacement->dir_temp)) {
|
||||||
// Wrapping pour les images des stats expeditions
|
// Wrapping pour les images des stats expeditions
|
||||||
if ($fuser->rights->deplacement->{$lire}) {
|
if ($fuser->hasRight('deplacement', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->deplacement->dir_temp.'/'.$original_file;
|
$original_file = $conf->deplacement->dir_temp.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'memberstats' && !empty($conf->adherent->dir_temp)) {
|
} elseif ($modulepart == 'memberstats' && !empty($conf->adherent->dir_temp)) {
|
||||||
// Wrapping pour les images des stats expeditions
|
// Wrapping pour les images des stats expeditions
|
||||||
if ($fuser->rights->adherent->{$lire}) {
|
if ($fuser->hasRight('adherent', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->adherent->dir_temp.'/'.$original_file;
|
$original_file = $conf->adherent->dir_temp.'/'.$original_file;
|
||||||
} elseif (preg_match('/^productstats_/i', $modulepart) && !empty($conf->product->dir_temp)) {
|
} elseif (preg_match('/^productstats_/i', $modulepart) && !empty($conf->product->dir_temp)) {
|
||||||
// Wrapping pour les images des stats produits
|
// Wrapping pour les images des stats produits
|
||||||
if ($fuser->rights->produit->{$lire} || $fuser->rights->service->{$lire}) {
|
if ($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = (!empty($conf->product->multidir_temp[$entity]) ? $conf->product->multidir_temp[$entity] : $conf->service->multidir_temp[$entity]).'/'.$original_file;
|
$original_file = (!empty($conf->product->multidir_temp[$entity]) ? $conf->product->multidir_temp[$entity] : $conf->service->multidir_temp[$entity]).'/'.$original_file;
|
||||||
} elseif (in_array($modulepart, array('tax', 'tax-vat', 'tva')) && !empty($conf->tax->dir_output)) {
|
} elseif (in_array($modulepart, array('tax', 'tax-vat', 'tva')) && !empty($conf->tax->dir_output)) {
|
||||||
// Wrapping for taxes
|
// Wrapping for taxes
|
||||||
if ($fuser->rights->tax->charges->{$lire}) {
|
if ($fuser->hasRight('tax', 'charges', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$modulepartsuffix = str_replace('tax-', '', $modulepart);
|
$modulepartsuffix = str_replace('tax-', '', $modulepart);
|
||||||
$original_file = $conf->tax->dir_output.'/'.($modulepartsuffix != 'tax' ? $modulepartsuffix.'/' : '').$original_file;
|
$original_file = $conf->tax->dir_output.'/'.($modulepartsuffix != 'tax' ? $modulepartsuffix.'/' : '').$original_file;
|
||||||
} elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
|
} elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
|
||||||
// Wrapping for events
|
// Wrapping for events
|
||||||
if ($fuser->rights->agenda->myactions->{$read}) {
|
if ($fuser->hasRight('agenda', 'myactions', $read)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
// If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users
|
// If we known $id of project, call checkUserAccessToObject to check permission on the given agenda event on properties and assigned users
|
||||||
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
||||||
@@ -2766,85 +2766,85 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
|
if (empty($entity) || empty($conf->societe->multidir_output[$entity])) {
|
||||||
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
||||||
}
|
}
|
||||||
if ($fuser->rights->societe->{$lire}) {
|
if ($fuser->hasRight('societe', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->societe->multidir_output[$entity].'/contact/'.$original_file;
|
$original_file = $conf->societe->multidir_output[$entity].'/contact/'.$original_file;
|
||||||
} elseif (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->facture->multidir_output[$entity])) {
|
} elseif (($modulepart == 'facture' || $modulepart == 'invoice') && !empty($conf->facture->multidir_output[$entity])) {
|
||||||
// Wrapping for invoices
|
// Wrapping for invoices
|
||||||
if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->facture->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->facture->multidir_output[$entity].'/'.$original_file;
|
||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('invoice').")";
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."facture WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('invoice').")";
|
||||||
} elseif ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->multidir_output[$entity])) {
|
} elseif ($modulepart == 'massfilesarea_proposals' && !empty($conf->propal->multidir_output[$entity])) {
|
||||||
// Wrapping for mass actions
|
// Wrapping for mass actions
|
||||||
if ($fuser->rights->propal->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->propal->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->propal->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_orders') {
|
} elseif ($modulepart == 'massfilesarea_orders') {
|
||||||
if ($fuser->rights->commande->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('commande', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->commande->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->commande->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_sendings') {
|
} elseif ($modulepart == 'massfilesarea_sendings') {
|
||||||
if ($fuser->rights->expedition->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expedition->dir_output.'/sending/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->expedition->dir_output.'/sending/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_invoices') {
|
} elseif ($modulepart == 'massfilesarea_invoices') {
|
||||||
if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->facture->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->facture->multidir_output[$entity].'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_expensereport') {
|
} elseif ($modulepart == 'massfilesarea_expensereport') {
|
||||||
if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expensereport->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->expensereport->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_interventions') {
|
} elseif ($modulepart == 'massfilesarea_interventions') {
|
||||||
if ($fuser->rights->ficheinter->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->ficheinter->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->ficheinter->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_supplier_proposal' && !empty($conf->supplier_proposal->dir_output)) {
|
} elseif ($modulepart == 'massfilesarea_supplier_proposal' && !empty($conf->supplier_proposal->dir_output)) {
|
||||||
if ($fuser->rights->supplier_proposal->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('supplier_proposal', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->supplier_proposal->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->supplier_proposal->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_supplier_order') {
|
} elseif ($modulepart == 'massfilesarea_supplier_order') {
|
||||||
if ($fuser->rights->fournisseur->commande->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('fournisseur', 'commande', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->commande->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->fournisseur->commande->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_supplier_invoice') {
|
} elseif ($modulepart == 'massfilesarea_supplier_invoice') {
|
||||||
if ($fuser->rights->fournisseur->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('fournisseur', 'facture', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->fournisseur->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->fournisseur->facture->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'massfilesarea_contract' && !empty($conf->contrat->dir_output)) {
|
} elseif ($modulepart == 'massfilesarea_contract' && !empty($conf->contrat->dir_output)) {
|
||||||
if ($fuser->rights->contrat->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('contrat', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->contrat->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
$original_file = $conf->contrat->dir_output.'/temp/massgeneration/'.$user->id.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) {
|
} elseif (($modulepart == 'fichinter' || $modulepart == 'ficheinter') && !empty($conf->ficheinter->dir_output)) {
|
||||||
// Wrapping for interventions
|
// Wrapping for interventions
|
||||||
if ($fuser->rights->ficheinter->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('ficheinter', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->ficheinter->dir_output.'/'.$original_file;
|
$original_file = $conf->ficheinter->dir_output.'/'.$original_file;
|
||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
||||||
} elseif ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) {
|
} elseif ($modulepart == 'deplacement' && !empty($conf->deplacement->dir_output)) {
|
||||||
// Wrapping pour les deplacements et notes de frais
|
// Wrapping pour les deplacements et notes de frais
|
||||||
if ($fuser->rights->deplacement->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('deplacement', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->deplacement->dir_output.'/'.$original_file;
|
$original_file = $conf->deplacement->dir_output.'/'.$original_file;
|
||||||
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
||||||
} elseif (($modulepart == 'propal' || $modulepart == 'propale') && !empty($conf->propal->multidir_output[$entity])) {
|
} elseif (($modulepart == 'propal' || $modulepart == 'propale') && !empty($conf->propal->multidir_output[$entity])) {
|
||||||
// Wrapping pour les propales
|
// Wrapping pour les propales
|
||||||
if ($fuser->rights->propal->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('propal', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
|
$original_file = $conf->propal->multidir_output[$entity].'/'.$original_file;
|
||||||
@@ -2858,7 +2858,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('order').")";
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."commande WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('order').")";
|
||||||
} elseif ($modulepart == 'project' && !empty($conf->project->dir_output)) {
|
} elseif ($modulepart == 'project' && !empty($conf->project->dir_output)) {
|
||||||
// Wrapping pour les projets
|
// Wrapping pour les projets
|
||||||
if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
|
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
|
||||||
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
||||||
@@ -2871,7 +2871,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$original_file = $conf->project->dir_output.'/'.$original_file;
|
$original_file = $conf->project->dir_output.'/'.$original_file;
|
||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."projet WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('project').")";
|
||||||
} elseif ($modulepart == 'project_task' && !empty($conf->project->dir_output)) {
|
} elseif ($modulepart == 'project_task' && !empty($conf->project->dir_output)) {
|
||||||
if ($fuser->rights->projet->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('projet', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
|
// If we known $id of project, call checkUserAccessToObject to check permission on properties and contact of project
|
||||||
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
if ($refname && !preg_match('/^specimen/i', $original_file)) {
|
||||||
@@ -2906,7 +2906,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."paiementfournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."paiementfournisseur WHERE ref='".$db->escape($refname)."' AND entity=".$conf->entity;
|
||||||
} elseif ($modulepart == 'facture_paiement' && !empty($conf->facture->dir_output)) {
|
} elseif ($modulepart == 'facture_paiement' && !empty($conf->facture->dir_output)) {
|
||||||
// Wrapping pour les rapport de paiements
|
// Wrapping pour les rapport de paiements
|
||||||
if ($fuser->rights->facture->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('facture', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
if ($fuser->socid > 0) {
|
if ($fuser->socid > 0) {
|
||||||
@@ -2922,26 +2922,26 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$original_file = $conf->accounting->dir_output.'/'.$original_file;
|
$original_file = $conf->accounting->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'expedition' || $modulepart == 'shipment') && !empty($conf->expedition->dir_output)) {
|
} elseif (($modulepart == 'expedition' || $modulepart == 'shipment') && !empty($conf->expedition->dir_output)) {
|
||||||
// Wrapping pour les expedition
|
// Wrapping pour les expedition
|
||||||
if ($fuser->rights->expedition->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('expedition', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expedition->dir_output."/".(strpos('sending/', $original_file) === 0 ? '' : 'sending/').$original_file;
|
$original_file = $conf->expedition->dir_output."/".(strpos('sending/', $original_file) === 0 ? '' : 'sending/').$original_file;
|
||||||
//$original_file = $conf->expedition->dir_output."/".$original_file;
|
//$original_file = $conf->expedition->dir_output."/".$original_file;
|
||||||
} elseif (($modulepart == 'livraison' || $modulepart == 'delivery') && !empty($conf->expedition->dir_output)) {
|
} elseif (($modulepart == 'livraison' || $modulepart == 'delivery') && !empty($conf->expedition->dir_output)) {
|
||||||
// Delivery Note Wrapping
|
// Delivery Note Wrapping
|
||||||
if ($fuser->rights->expedition->delivery->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('expedition', 'delivery', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->expedition->dir_output."/".(strpos('receipt/', $original_file) === 0 ? '' : 'receipt/').$original_file;
|
$original_file = $conf->expedition->dir_output."/".(strpos('receipt/', $original_file) === 0 ? '' : 'receipt/').$original_file;
|
||||||
} elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
|
} elseif ($modulepart == 'actions' && !empty($conf->agenda->dir_output)) {
|
||||||
// Wrapping pour les actions
|
// Wrapping pour les actions
|
||||||
if ($fuser->rights->agenda->myactions->{$read} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('agenda', 'myactions', $read) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->agenda->dir_output.'/'.$original_file;
|
$original_file = $conf->agenda->dir_output.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) {
|
} elseif ($modulepart == 'actionsreport' && !empty($conf->agenda->dir_temp)) {
|
||||||
// Wrapping pour les actions
|
// Wrapping pour les actions
|
||||||
if ($fuser->rights->agenda->allactions->{$read} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('agenda', 'allactions', $read) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->agenda->dir_temp."/".$original_file;
|
$original_file = $conf->agenda->dir_temp."/".$original_file;
|
||||||
@@ -2950,7 +2950,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
if (empty($entity) || (empty($conf->product->multidir_output[$entity]) && empty($conf->service->multidir_output[$entity]))) {
|
if (empty($entity) || (empty($conf->product->multidir_output[$entity]) && empty($conf->service->multidir_output[$entity]))) {
|
||||||
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
||||||
}
|
}
|
||||||
if (($fuser->rights->produit->{$lire} || $fuser->rights->service->{$lire}) || preg_match('/^specimen/i', $original_file)) {
|
if (($fuser->hasRight('produit', $lire) || $fuser->hasRight('service', $lire)) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
if (isModEnabled("product")) {
|
if (isModEnabled("product")) {
|
||||||
@@ -2963,7 +2963,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
if (empty($entity) || (empty($conf->productbatch->multidir_output[$entity]))) {
|
if (empty($entity) || (empty($conf->productbatch->multidir_output[$entity]))) {
|
||||||
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
||||||
}
|
}
|
||||||
if (($fuser->rights->produit->{$lire} ) || preg_match('/^specimen/i', $original_file)) {
|
if (($fuser->hasRight('produit', $lire)) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
if (isModEnabled('productbatch')) {
|
if (isModEnabled('productbatch')) {
|
||||||
@@ -2974,7 +2974,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
if (empty($entity) || empty($conf->stock->multidir_output[$entity])) {
|
if (empty($entity) || empty($conf->stock->multidir_output[$entity])) {
|
||||||
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
return array('accessallowed'=>0, 'error'=>'Value entity must be provided');
|
||||||
}
|
}
|
||||||
if (($fuser->rights->stock->{$lire} || $fuser->rights->stock->movement->{$lire} || $fuser->rights->stock->mouvement->{$lire}) || preg_match('/^specimen/i', $original_file)) {
|
if (($fuser->hasRight('stock', $lire) || $fuser->hasRight('stock', 'movement', $lire) || $fuser->hasRight('stock', 'mouvement', $lire)) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
if (isModEnabled('stock')) {
|
if (isModEnabled('stock')) {
|
||||||
@@ -2989,26 +2989,26 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."contrat WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('contract').")";
|
$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."contrat WHERE ref='".$db->escape($refname)."' AND entity IN (".getEntity('contract').")";
|
||||||
} elseif ($modulepart == 'donation' && !empty($conf->don->dir_output)) {
|
} elseif ($modulepart == 'donation' && !empty($conf->don->dir_output)) {
|
||||||
// Wrapping pour les dons
|
// Wrapping pour les dons
|
||||||
if ($fuser->rights->don->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('don', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->don->dir_output.'/'.$original_file;
|
$original_file = $conf->don->dir_output.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'dolresource' && !empty($conf->resource->dir_output)) {
|
} elseif ($modulepart == 'dolresource' && !empty($conf->resource->dir_output)) {
|
||||||
// Wrapping pour les dons
|
// Wrapping pour les dons
|
||||||
if ($fuser->rights->resource->{$read} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('resource', $read) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->resource->dir_output.'/'.$original_file;
|
$original_file = $conf->resource->dir_output.'/'.$original_file;
|
||||||
} elseif (($modulepart == 'remisecheque' || $modulepart == 'chequereceipt') && !empty($conf->bank->dir_output)) {
|
} elseif (($modulepart == 'remisecheque' || $modulepart == 'chequereceipt') && !empty($conf->bank->dir_output)) {
|
||||||
// Wrapping pour les remises de cheques
|
// Wrapping pour les remises de cheques
|
||||||
if ($fuser->rights->banque->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('banque', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
$original_file = $conf->bank->dir_output.'/checkdeposits/'.$original_file; // original_file should contains relative path so include the get_exdir result
|
$original_file = $conf->bank->dir_output.'/checkdeposits/'.$original_file; // original_file should contains relative path so include the get_exdir result
|
||||||
} elseif (($modulepart == 'banque' || $modulepart == 'bank') && !empty($conf->bank->dir_output)) {
|
} elseif (($modulepart == 'banque' || $modulepart == 'bank') && !empty($conf->bank->dir_output)) {
|
||||||
// Wrapping for bank
|
// Wrapping for bank
|
||||||
if ($fuser->rights->banque->{$lire}) {
|
if ($fuser->hasRight('banque', $lire)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->bank->dir_output.'/'.$original_file;
|
$original_file = $conf->bank->dir_output.'/'.$original_file;
|
||||||
@@ -3051,7 +3051,7 @@ function dol_check_secure_access_document($modulepart, $original_file, $entity,
|
|||||||
$original_file = $conf->bittorrent->dir_output.'/'.$dir.'/'.$original_file;
|
$original_file = $conf->bittorrent->dir_output.'/'.$dir.'/'.$original_file;
|
||||||
} elseif ($modulepart == 'member' && !empty($conf->adherent->dir_output)) {
|
} elseif ($modulepart == 'member' && !empty($conf->adherent->dir_output)) {
|
||||||
// Wrapping pour Foundation module
|
// Wrapping pour Foundation module
|
||||||
if ($fuser->rights->adherent->{$lire} || preg_match('/^specimen/i', $original_file)) {
|
if ($fuser->hasRight('adherent', $lire) || preg_match('/^specimen/i', $original_file)) {
|
||||||
$accessallowed = 1;
|
$accessallowed = 1;
|
||||||
}
|
}
|
||||||
$original_file = $conf->adherent->dir_output.'/'.$original_file;
|
$original_file = $conf->adherent->dir_output.'/'.$original_file;
|
||||||
|
|||||||
Reference in New Issue
Block a user