From ebf83fdab6c0454eaf944bbe03e0f13419c36ed3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20France?= Date: Mon, 19 Jun 2023 23:18:13 +0200 Subject: [PATCH] use user hasRight --- htdocs/api/class/api_documents.class.php | 2 +- htdocs/api/class/api_setup.class.php | 4 ++-- htdocs/comm/action/class/cactioncomm.class.php | 2 +- htdocs/compta/clients.php | 2 +- htdocs/compta/facture/class/api_invoices.class.php | 14 +++++++------- htdocs/compta/facture/prelevement.php | 2 +- htdocs/compta/facture/stats/index.php | 2 +- htdocs/compta/paiement/rapport.php | 2 +- htdocs/compta/paiement/tovalidate.php | 2 +- htdocs/core/boxes/box_factures.php | 2 +- htdocs/core/boxes/box_graph_invoices_permonth.php | 2 +- htdocs/core/boxes/box_graph_invoices_peryear.php | 2 +- .../core/boxes/box_graph_product_distribution.php | 2 +- htdocs/core/lib/security.lib.php | 2 +- htdocs/product/stats/card.php | 2 +- htdocs/societe/class/api_thirdparties.class.php | 4 ++-- 16 files changed, 24 insertions(+), 24 deletions(-) diff --git a/htdocs/api/class/api_documents.class.php b/htdocs/api/class/api_documents.class.php index 059802e9e88..3d45956a0cb 100644 --- a/htdocs/api/class/api_documents.class.php +++ b/htdocs/api/class/api_documents.class.php @@ -421,7 +421,7 @@ class Documents extends DolibarrApi } elseif ($modulepart == 'facture' || $modulepart == 'invoice') { require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index a494aab960f..fab4e0bfafe 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -193,7 +193,7 @@ class Setup extends DolibarrApi { $list = array(); - if (!DolibarrApiAccess::$user->rights->propal->lire && !DolibarrApiAccess::$user->rights->commande->lire && !DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->rights->propal->lire && !DolibarrApiAccess::$user->rights->commande->lire && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } @@ -1249,7 +1249,7 @@ class Setup extends DolibarrApi { $list = array(); - if (!DolibarrApiAccess::$user->rights->propal->lire && !DolibarrApiAccess::$user->rights->commande->lire && !DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->rights->propal->lire && !DolibarrApiAccess::$user->rights->commande->lire && !DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } diff --git a/htdocs/comm/action/class/cactioncomm.class.php b/htdocs/comm/action/class/cactioncomm.class.php index 89ed598fef0..ee2e6d2d38d 100644 --- a/htdocs/comm/action/class/cactioncomm.class.php +++ b/htdocs/comm/action/class/cactioncomm.class.php @@ -195,7 +195,7 @@ class CActionComm } if ($qualified && !empty($obj->module)) { - //var_dump($obj->type.' '.$obj->module.' '); var_dump($user->rights->facture->lire); + //var_dump($obj->type.' '.$obj->module.' '); var_dump($user->hasRight('facture', 'lire')); $qualified = 0; // Special cases if ($obj->module == 'invoice' && isModEnabled('facture') && $user->hasRight('facture', 'lire')) { diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 8db4516d3dd..c5fe5ae9868 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -36,7 +36,7 @@ if ($user->socid > 0) { $socid = $user->socid; } -if (!$user->rights->facture->lire) { +if (!$user->hasRight('facture', 'lire')) { accessforbidden(); } diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 96ecf3381b2..0964573d58f 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -127,7 +127,7 @@ class Invoices extends DolibarrApi */ private function _fetch($id, $ref = '', $ref_ext = '', $contact_list = 1) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } @@ -180,7 +180,7 @@ class Invoices extends DolibarrApi { global $db, $conf; - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } @@ -372,7 +372,7 @@ class Invoices extends DolibarrApi */ public function getLines($id) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } @@ -647,7 +647,7 @@ class Invoices extends DolibarrApi */ public function delete($id) { - if (!DolibarrApiAccess::$user->rights->facture->supprimer) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'supprimer')) { throw new RestException(401); } $result = $this->invoice->fetch($id); @@ -1029,7 +1029,7 @@ class Invoices extends DolibarrApi { require_once DOL_DOCUMENT_ROOT.'/core/class/discount.class.php'; - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } @@ -1331,7 +1331,7 @@ class Invoices extends DolibarrApi public function getPayments($id) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } if (empty($id)) { @@ -1741,7 +1741,7 @@ class Invoices extends DolibarrApi */ private function _fetchTemplateInvoice($id, $ref = '', $ref_ext = '', $contact_list = 1) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } diff --git a/htdocs/compta/facture/prelevement.php b/htdocs/compta/facture/prelevement.php index b571c8550f1..4962448f18c 100644 --- a/htdocs/compta/facture/prelevement.php +++ b/htdocs/compta/facture/prelevement.php @@ -81,7 +81,7 @@ if ($type == 'bank-transfer') { } } else { $result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid, $isdraft); - if (!$user->rights->facture->lire) { + if (!$user->hasRight('facture', 'lire')) { accessforbidden(); } } diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index b886c5595e1..8e81de43d1f 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -44,7 +44,7 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); $langs->loadLangs(array('bills', 'companies', 'other')); $mode = GETPOST("mode") ? GETPOST("mode") : 'customer'; -if ($mode == 'customer' && !$user->rights->facture->lire) { +if ($mode == 'customer' && !$user->hasRight('facture', 'lire')) { accessforbidden(); } if ($mode == 'supplier' && empty($user->rights->fournisseur->facture->lire)) { diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index eb27f948b2e..9a114c9a119 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -50,7 +50,7 @@ if (!$year) { } // Security check -if (empty($user->rights->facture->lire)) { +if (!$user->hasRight('facture', 'lire')) { accessforbidden(); } diff --git a/htdocs/compta/paiement/tovalidate.php b/htdocs/compta/paiement/tovalidate.php index 0839d51987e..901f648ba1d 100644 --- a/htdocs/compta/paiement/tovalidate.php +++ b/htdocs/compta/paiement/tovalidate.php @@ -53,7 +53,7 @@ if (!$sortfield) { } // Security check -if (empty($user->rights->facture->lire)) { +if (!$user->hasRight('facture', 'lire')) { accessforbidden(); } diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index a724f26c0c3..3991c95bc60 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -58,7 +58,7 @@ class box_factures extends ModeleBoxes $this->db = $db; - $this->hidden = empty($user->rights->facture->lire); + $this->hidden = !$user->hasRight('facture', 'lire'); } /** diff --git a/htdocs/core/boxes/box_graph_invoices_permonth.php b/htdocs/core/boxes/box_graph_invoices_permonth.php index 96b9fc63d84..556b3a7fe42 100644 --- a/htdocs/core/boxes/box_graph_invoices_permonth.php +++ b/htdocs/core/boxes/box_graph_invoices_permonth.php @@ -56,7 +56,7 @@ class box_graph_invoices_permonth extends ModeleBoxes $this->db = $db; - $this->hidden = empty($user->rights->facture->lire); + $this->hidden = !$user->hasRight('facture', 'lire'); } /** diff --git a/htdocs/core/boxes/box_graph_invoices_peryear.php b/htdocs/core/boxes/box_graph_invoices_peryear.php index 915fb0336fe..7a638f11b92 100644 --- a/htdocs/core/boxes/box_graph_invoices_peryear.php +++ b/htdocs/core/boxes/box_graph_invoices_peryear.php @@ -54,7 +54,7 @@ class box_graph_invoices_peryear extends ModeleBoxes $this->db = $db; - $this->hidden = empty($user->rights->facture->lire); + $this->hidden = !$user->hasRight('facture', 'lire'); } /** diff --git a/htdocs/core/boxes/box_graph_product_distribution.php b/htdocs/core/boxes/box_graph_product_distribution.php index 5dfa78690a2..e0e1498824a 100644 --- a/htdocs/core/boxes/box_graph_product_distribution.php +++ b/htdocs/core/boxes/box_graph_product_distribution.php @@ -107,7 +107,7 @@ class box_graph_product_distribution extends ModeleBoxes $showinvoicenb = 1; $showordernb = 1; } - if (!isModEnabled('facture') || empty($user->rights->facture->lire)) { + if (!isModEnabled('facture') || !$user->hasRight('facture', 'lire')) { $showinvoicenb = 0; } if (isModEnabled('propal') || empty($user->rights->propal->lire)) { diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 382e562b162..1dddac4d4f9 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -504,7 +504,7 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', $nbko++; } } elseif ($feature == 'payment') { - if (empty($user->rights->facture->lire)) { + if (!$user->hasRight('facture', 'lire')) { $readok = 0; $nbko++; } diff --git a/htdocs/product/stats/card.php b/htdocs/product/stats/card.php index ab7020a5df8..c986e489539 100644 --- a/htdocs/product/stats/card.php +++ b/htdocs/product/stats/card.php @@ -467,7 +467,7 @@ if ($result || !($id > 0)) { if ($graphfiles == 'order' && empty($user->rights->commande->lire)) { continue; } - if ($graphfiles == 'invoices' && empty($user->rights->facture->lire)) { + if ($graphfiles == 'invoices' && !$user->hasRight('facture', 'lire')) { continue; } if ($graphfiles == 'proposals_suppliers' && empty($user->rights->supplier_proposal->lire)) { diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index 16194feb950..418ecb4ab83 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -1084,7 +1084,7 @@ class Thirdparties extends DolibarrApi */ public function getInvoicesQualifiedForReplacement($id) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } if (empty($id)) { @@ -1127,7 +1127,7 @@ class Thirdparties extends DolibarrApi */ public function getInvoicesQualifiedForCreditNote($id) { - if (!DolibarrApiAccess::$user->rights->facture->lire) { + if (!DolibarrApiAccess::$user->hasRight('facture', 'lire')) { throw new RestException(401); } if (empty($id)) {