forked from Wavyzz/dolibarr
FIX #24174
This commit is contained in:
Laurent Destailleur
@@ -1053,7 +1053,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
// Force mandatory order method
|
||||
if ($action == 'commande') {
|
||||
if ($action == 'commande') { // Not a real action so no permission test
|
||||
$methodecommande = GETPOSTINT('methodecommande');
|
||||
|
||||
if ($cancel) {
|
||||
@@ -1189,11 +1189,10 @@ if (empty($reshook)) {
|
||||
|
||||
// Actions to build doc
|
||||
$upload_dir = $conf->fournisseur->commande->dir_output;
|
||||
$permissiontoadd = $usercancreate;
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
|
||||
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $permissiontoadd) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
@@ -1221,7 +1220,7 @@ if (empty($reshook)) {
|
||||
/*
|
||||
* Create an order
|
||||
*/
|
||||
if ($action == 'add' && $usercancreate) {
|
||||
if ($action == 'add' && $permissiontoadd) {
|
||||
$error = 0;
|
||||
$selectedLines = GETPOST('toselect', 'array');
|
||||
if ($socid < 1) {
|
||||
@@ -1430,7 +1429,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($action == 'webservice' && GETPOST('mode', 'alpha') == "send" && !GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'webservice' && $permissiontoadd && GETPOST('mode', 'alpha') == "send" && !GETPOST('cancel', 'alpha')) {
|
||||
$ws_url = $object->thirdparty->webservices_url;
|
||||
$ws_key = $object->thirdparty->webservices_key;
|
||||
$ws_user = GETPOST('ws_user', 'alpha');
|
||||
@@ -1448,8 +1447,8 @@ if (empty($reshook)) {
|
||||
'entity' => $ws_entity
|
||||
);
|
||||
|
||||
//Is sync supplier web services module activated? and everything filled?
|
||||
if (empty($conf->syncsupplierwebservices->enabled)) {
|
||||
// Is sync supplier web services module activated? and everything filled?
|
||||
if (isModEnabled('syncsupplierwebservices')) {
|
||||
setEventMessages($langs->trans("WarningModuleNotActive", $langs->transnoentities("Module2650Name")), null, 'mesgs');
|
||||
} elseif (empty($ws_url) || empty($ws_key)) {
|
||||
setEventMessages($langs->trans("ErrorWebServicesFieldsRequired"), null, 'errors');
|
||||
@@ -1513,7 +1512,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
}
|
||||
|
||||
if (getDolGlobalString('MAIN_DISABLE_CONTACTS_TAB') && $usercancreate) {
|
||||
if (getDolGlobalString('MAIN_DISABLE_CONTACTS_TAB') && $permissiontoadd) {
|
||||
if ($action == 'addcontact') {
|
||||
if ($object->id > 0) {
|
||||
$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
|
||||
@@ -2165,7 +2164,7 @@ if ($action == 'create') {
|
||||
print '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
|
||||
print $langs->trans('PaymentConditions');
|
||||
print '<td>';
|
||||
if ($action != 'editconditions') {
|
||||
if ($action != 'editconditions' && $permissiontoadd) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editconditions&token='.newToken().'&id='.$object->id.'">'.img_edit($langs->trans('SetConditions'), 1).'</a></td>';
|
||||
}
|
||||
print '</tr></table>';
|
||||
@@ -2184,7 +2183,7 @@ if ($action == 'create') {
|
||||
print '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
|
||||
print $langs->trans('PaymentMode');
|
||||
print '</td>';
|
||||
if ($action != 'editmode') {
|
||||
if ($action != 'editmode' && $permissiontoadd) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editmode&token='.newToken().'&id='.$object->id.'">'.img_edit($langs->trans('SetMode'), 1).'</a></td>';
|
||||
}
|
||||
print '</tr></table>';
|
||||
@@ -2204,7 +2203,7 @@ if ($action == 'create') {
|
||||
print '<table class="nobordernopadding centpercent"><tr><td>';
|
||||
print $form->editfieldkey('Currency', 'multicurrency_code', '', $object, 0);
|
||||
print '</td>';
|
||||
if ($action != 'editmulticurrencycode' && $object->statut == $object::STATUS_DRAFT) {
|
||||
if ($action != 'editmulticurrencycode' && $object->statut == $object::STATUS_DRAFT && $permissiontoadd) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editmulticurrencycode&token='.newToken().'&id='.$object->id.'">'.img_edit($langs->transnoentitiesnoconv('SetMultiCurrencyCode'), 1).'</a></td>';
|
||||
}
|
||||
print '</tr></table>';
|
||||
@@ -2252,7 +2251,7 @@ if ($action == 'create') {
|
||||
print '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
|
||||
print $langs->trans('BankAccount');
|
||||
print '<td>';
|
||||
if ($action != 'editbankaccount' && $usercancreate) {
|
||||
if ($action != 'editbankaccount' && $permissiontoadd) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editbankaccount&token='.newToken().'&id='.$object->id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'</a></td>';
|
||||
}
|
||||
print '</tr></table>';
|
||||
|
||||
Reference in New Issue
Block a user