diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 0c7ad11cb3c..c6ec428e68f 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -4,7 +4,8 @@ * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011-2017 Juanjo Menent * Copyright (C) 2015 Marcos GarcĂ­a - * + * Copyright (C) 2018 Nicolas ZABOURI + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -1220,7 +1221,10 @@ class ActionComm extends CommonObject if (! empty($conf->dol_no_mouse_hover)) $notooltip=1; // Force disable tooltips - $label = $this->label; + if ((!$user->rights->agenda->allactions->read && $this->author->id != $user->id) || (!$user->rights->agenda->myactions->read && $this->author->id == $user->id)) + $option = 'nolink'; + + $label = $this->label; if (empty($label)) $label=$this->libelle; // For backward compatibility $result=''; @@ -1286,6 +1290,10 @@ class ActionComm extends CommonObject $linkstart.=$linkclose.'>'; $linkend=''; + if ($option == 'nolink') { + $linkstart = ''; + $linkend = ''; + } //print 'rrr'.$this->libelle.'rrr'.$this->label.'rrr'.$withpicto; if ($withpicto == 2) diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index fd903c4fcfb..4202f44720b 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -3422,6 +3422,9 @@ class Commande extends CommonOrder if (! empty($conf->expedition->enabled) && ($option == '1' || $option == '2')) $url = DOL_URL_ROOT.'/expedition/shipment.php?id='.$this->id; else $url = DOL_URL_ROOT.'/commande/card.php?id='.$this->id; + if (!$user->rights->commande->lire) + $option = 'nolink'; + if ($option !== 'nolink') { // Add param to save lastsearch_values or not @@ -3465,6 +3468,11 @@ class Commande extends CommonOrder $linkstart.=$linkclose.'>'; $linkend=''; + if ($option == 'nolink') { + $linkstart = ''; + $linkend = ''; + } + $result .= $linkstart; if ($withpicto) $result.=img_object(($notooltip?'':$label), $this->picto, ($notooltip?(($withpicto != 2) ? 'class="paddingright"' : ''):'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip?0:1); if ($withpicto != 2) $result.= $this->ref; diff --git a/htdocs/compta/bank/class/account.class.php b/htdocs/compta/bank/class/account.class.php index 7228214e51c..117621d9197 100644 --- a/htdocs/compta/bank/class/account.class.php +++ b/htdocs/compta/bank/class/account.class.php @@ -1301,13 +1301,17 @@ class Account extends CommonObject */ function getNomUrl($withpicto=0, $mode='', $option='', $save_lastsearch_value=-1, $notooltip=0) { - global $conf, $langs; + global $conf, $langs, $user; $result=''; $label = '' . $langs->trans("ShowAccount") . ''; $label .= '
' . $langs->trans('BankAccount') . ': ' . $this->label; $label .= '
' . $langs->trans('AccountNumber') . ': ' . $this->number; $label .= '
' . $langs->trans("AccountCurrency") . ': ' . $this->currency_code; + + if (!$user->rights->accounting->read || !empty($user->socid)) + $option = 'nolink'; + if (! empty($conf->accounting->enabled)) { include_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php'; @@ -1338,6 +1342,11 @@ class Account extends CommonObject $linkstart = 'ref.($option == 'reflabel' && $this->label ? ' - '.$this->label : ''); diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index c6e43206c78..bb00620d056 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -1159,7 +1159,8 @@ class Facture extends CommonInvoice if ($option == 'withdraw') $url = DOL_URL_ROOT.'/compta/facture/prelevement.php?facid='.$this->id; else $url = DOL_URL_ROOT.'/compta/facture/card.php?facid='.$this->id; - if ($short) return $url; + if (!$user->rights->facture->lire) + $option = 'nolink'; if ($option !== 'nolink') { @@ -1214,6 +1215,11 @@ class Facture extends CommonInvoice $linkstart.=$linkclose.'>'; $linkend=''; + if ($option == 'nolink') { + $linkstart = ''; + $linkend = ''; + } + $result .= $linkstart; if ($withpicto) $result.=img_object(($notooltip?'':$label), $picto, ($notooltip?(($withpicto != 2) ? 'class="paddingright"' : ''):'class="'.(($withpicto != 2) ? 'paddingright ' : '').'classfortooltip"'), 0, 0, $notooltip?0:1); if ($withpicto != 2) $result.= ($max?dol_trunc($this->ref,$max):$this->ref); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 163d0cb065c..a126c1e942a 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -2158,10 +2158,12 @@ class User extends CommonObject */ function getNomUrl($withpictoimg=0, $option='', $infologin=0, $notooltip=0, $maxlen=24, $hidethirdpartylogo=0, $mode='',$morecss='', $save_lastsearch_value=-1) { - global $langs, $conf, $db, $hookmanager; + global $langs, $conf, $db, $hookmanager, $user; global $dolibarr_main_authentication, $dolibarr_main_demo; global $menumanager; + if(!$user->rights->user->user->lire && $user->id !=$this->id) $option='nolink'; + if (! empty($conf->global->MAIN_OPTIMIZEFORTEXTBROWSER) && $withpictoimg) $withpictoimg=0; $result=''; $label=''; @@ -2293,18 +2295,27 @@ class User extends CommonObject */ function getLoginUrl($withpicto=0,$option='') { - global $langs; + global $langs, $user; $result=''; $linkstart = ''; $linkend=''; + //Check user's rights to see an other user + if((!$user->rights->user->user->lire && $this->id !=$user->id)) $option='nolink'; + if ($option == 'xxx') { $linkstart = ''; $linkend=''; } + + if ($option == 'nolink') + { + $linkstart = ''; + $linkend=''; + } $result.=$linkstart; if ($withpicto) $result.=img_object($langs->trans("ShowUser"), 'user', 'class="paddingright"');