Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-11 20:11:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

New: Task #10725

Browse Source
This commit is contained in:
Regis Houssin
2010-10-29 14:22:35 +00:00
parent 7afdd8fd64
commit 8336d81c7b
5 changed files with 70 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
htdocs/core/class/canvas.class.php
View File

@@ -165,6 +165,23 @@ class Canvas
return 1; return 1;
} }
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return $this->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
/** /**
* Assign templates values * Assign templates values
* @param action Type of action * @param action Type of action

17
htdocs/societe/canvas/default/actions_card_default.class.php
View File

@@ -179,6 +179,23 @@ class ActionsCardDefault extends ActionsCardCommon
} }
} }
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
} }
?> ?>

17
htdocs/societe/canvas/individual/actions_card_individual.class.php
View File

@@ -105,6 +105,23 @@ class ActionsCardIndividual extends ActionsCardCommon
} }
} }
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
} }
?> ?>

13
htdocs/societe/soc.php
View File

@@ -44,10 +44,8 @@ $langs->load("banks");
$langs->load("users"); $langs->load("users");
if ($conf->notification->enabled) $langs->load("mails"); if ($conf->notification->enabled) $langs->load("mails");
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id) $socid=$user->societe_id; if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe', $socid);
$soc = new Societe($db); $soc = new Societe($db);
@@ -58,6 +56,16 @@ if (! empty($canvas))
{ {
require_once(DOL_DOCUMENT_ROOT."/core/class/canvas.class.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/canvas.class.php");
$soccanvas = new Canvas($db); $soccanvas = new Canvas($db);
$soccanvas->getCanvas('thirdparty','card',$canvas);
// Security check
$result = $soccanvas->restrictedArea($user, 'societe', $socid);
}
else
{
// Security check
$result = restrictedArea($user, 'societe', $socid);
} }
@@ -74,7 +82,6 @@ if (! empty($canvas))
// ----------------------------------------- // -----------------------------------------
// When used with CANVAS // When used with CANVAS
// ----------------------------------------- // -----------------------------------------
$soccanvas->getCanvas('thirdparty','card',$canvas);
// Load data control // Load data control
$soccanvas->doActions($socid); $soccanvas->doActions($socid);

17
htdocs/user/home.php
View File

@@ -61,7 +61,7 @@ print "</table><br>\n";
print '</form>'; print '</form>';
// Search Group // Search Group
if ($user->rights->user->group->read) if ($user->admin || $user->rights->user->group->read)
{ {
$var=false; $var=false;
print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">'; print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
@@ -84,7 +84,8 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
$max=10; $max=10;
$sql = "SELECT u.rowid, u.name, u.firstname, u.admin, u.login, u.fk_societe, u.datec,"; $sql = "SELECT u.rowid, u.name, u.firstname, u.admin, u.login, u.fk_societe, u.datec,";
$sql.= " u.entity, u.ldap_sid, s.nom"; $sql.= " u.entity, u.ldap_sid,";
$sql.= " s.nom, s.canvas";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_societe = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_societe = s.rowid";
$sql.= " WHERE u.entity IN (0,".$conf->entity.")"; $sql.= " WHERE u.entity IN (0,".$conf->entity.")";
@@ -106,7 +107,7 @@ if ($resql)
$var=!$var; $var=!$var;
print "<tr $bc[$var]>"; print "<tr $bc[$var]>";
print "<td><a href=\"".DOL_URL_ROOT."/user/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowUser"),"user")." ".$obj->firstname." ".$obj->name."</a>"; print '<td><a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowUser"),"user").' '.$obj->firstname.' '.$obj->name.'</a>';
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity) if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
{ {
print img_redstar($langs->trans("SuperAdministrator")); print img_redstar($langs->trans("SuperAdministrator"));
@@ -116,11 +117,11 @@ if ($resql)
print img_picto($langs->trans("Administrator"),'star'); print img_picto($langs->trans("Administrator"),'star');
} }
print "</td>"; print "</td>";
print "<td align=\"left\">".$obj->login.'</td>'; print '<td align="left">'.$obj->login.'</td>';
print "<td>"; print "<td>";
if ($obj->fk_societe) if ($obj->fk_societe)
{ {
print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>'; print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'&amp;canvas='.$obj->canvas.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
} }
else if ($obj->ldap_sid) else if ($obj->ldap_sid)
{ {
@@ -128,7 +129,7 @@ if ($resql)
} }
else print $langs->trans("InternalUser"); else print $langs->trans("InternalUser");
print '</td>'; print '</td>';
print "<td align=\"right\">".dol_print_date($db->jdate($obj->datec),'dayhour')."</td>"; print '<td align="right">'.dol_print_date($db->jdate($obj->datec),'dayhour').'</td>';
print '</tr>'; print '</tr>';
$i++; $i++;
} }
@@ -145,7 +146,7 @@ else
/* /*
* Derniers groupes crees * Derniers groupes crees
*/ */
if ($user->rights->user->group->read) if ($user->admin || $user->rights->user->group->read)
{ {
$max=5; $max=5;
@@ -176,7 +177,7 @@ if ($user->rights->user->group->read)
print img_picto($langs->trans("GlobalGroup"),'redstar'); print img_picto($langs->trans("GlobalGroup"),'redstar');
} }
print "</td>"; print "</td>";
print "<td width=\"80\" align=\"center\">".dol_print_date($db->jdate($obj->datec))."</td>"; print '<td width="80" align="center">'.dol_print_date($db->jdate($obj->datec)).'</td>';
print "</tr>"; print "</tr>";
$i++; $i++;
} }