mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-07 16:41:48 +01:00
use user->hasRight
This commit is contained in:
Frédéric FRANCE
@@ -128,7 +128,7 @@ if (empty($user->socid)) {
|
||||
echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=edit&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans('Modify').'</a>';
|
||||
}
|
||||
|
||||
if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) {
|
||||
if (!$this->control->tpl['user_id'] && $user->hasRight('user', 'user', 'creer')) {
|
||||
echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=create_user&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans("CreateDolibarrLogin").'</a>';
|
||||
}
|
||||
|
||||
|
||||
@@ -342,7 +342,7 @@ if (empty($reshook)) {
|
||||
// Check if we need to also synchronize user information
|
||||
$nosyncuser = 0;
|
||||
if ($object->user_id) { // If linked to a user
|
||||
if ($user->id != $object->user_id && empty($user->rights->user->user->creer)) {
|
||||
if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'creer')) {
|
||||
$nosyncuser = 1; // Disable synchronizing
|
||||
}
|
||||
}
|
||||
@@ -350,7 +350,7 @@ if (empty($reshook)) {
|
||||
// Check if we need to also synchronize password information
|
||||
$nosyncuserpass = 0;
|
||||
if ($object->user_id) { // If linked to a user
|
||||
if ($user->id != $object->user_id && empty($user->rights->user->user->password)) {
|
||||
if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'password')) {
|
||||
$nosyncuserpass = 1; // Disable synchronizing
|
||||
}
|
||||
}
|
||||
|
||||
@@ -51,14 +51,14 @@ if ($id > 0 || !empty($ref)) {
|
||||
$result = $object->fetch($id, $ref);
|
||||
|
||||
// Define variables to know what current user can do on users
|
||||
$canadduser = (!empty($user->admin) || !empty($user->rights->user->user->creer));
|
||||
$canadduser = (!empty($user->admin) || $user->hasRight('user', 'user', 'creer'));
|
||||
// Define variables to know what current user can do on properties of user linked to edited member
|
||||
if ($object->user_id) {
|
||||
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
|
||||
$caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer))
|
||||
|| (($user->id != $object->user_id) && !empty($user->rights->user->user->creer)));
|
||||
|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer')));
|
||||
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|
||||
|| (($user->id != $object->user_id) && !empty($user->rights->user->user->password)));
|
||||
|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password')));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -262,7 +262,7 @@ if (empty($reshook)) {
|
||||
}
|
||||
|
||||
// Create external user
|
||||
if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) {
|
||||
if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->hasRight('user', 'user', 'creer')) {
|
||||
$tmpmember = new Adherent($db);
|
||||
$error = 0;
|
||||
$nbcreated = 0;
|
||||
|
||||
@@ -76,13 +76,13 @@ foreach ($object->fields as $key => $val) {
|
||||
// Load object
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
|
||||
|
||||
$permissiontoread = $user->rights->partnership->read;
|
||||
$permissiontoadd = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$permissiontodelete = $user->rights->partnership->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
|
||||
$permissionnote = $user->rights->partnership->write; // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->rights->partnership->write; // Used by the include of actions_dellink.inc.php
|
||||
$usercanclose = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1];
|
||||
$permissiontoread = $user->hasRight('partnership', 'read');
|
||||
$permissiontoadd = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$permissiontodelete = $user->hasRight('partnership', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
|
||||
$permissionnote = $user->hasRight('partnership', 'write'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('partnership', 'write'); // Used by the include of actions_dellink.inc.php
|
||||
$usercanclose = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1];
|
||||
|
||||
|
||||
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') {
|
||||
|
||||
@@ -151,9 +151,9 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) {
|
||||
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->hasRight('user', 'user', 'creer'))) {
|
||||
$error = 0;
|
||||
if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only
|
||||
if (!$user->hasRight('user', 'user', 'creer')) { // If can edit only itself user, we can link to itself only
|
||||
if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');
|
||||
|
||||
@@ -35,14 +35,14 @@ $id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alphanohtml');
|
||||
|
||||
$object = new adherent($db);
|
||||
global $user;
|
||||
|
||||
// Fetch object
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
// Load member
|
||||
$result = $object->fetch($id, $ref);
|
||||
|
||||
// Define variables to know what current user can do on users
|
||||
$canadduser = ($user->admin || $user->rights->user->user->creer);
|
||||
$canadduser = ($user->admin || $user->hasRight('user', 'user', 'creer'));
|
||||
// Define variables to know what current user can do on properties of user linked to edited member
|
||||
if ($object->user_id) {
|
||||
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
|
||||
|
||||
Reference in New Issue
Block a user