mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-11 20:11:26 +01:00
New: Task #10725
This commit is contained in:
Regis Houssin
@@ -164,6 +164,23 @@ class Canvas
|
|||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check permissions of a user to show a page and an object. Check read permission
|
||||||
|
* If $_REQUEST['action'] defined, we also check write permission.
|
||||||
|
* @param user User to check
|
||||||
|
* @param features Features to check (in most cases, it's module name)
|
||||||
|
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
|
||||||
|
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
|
||||||
|
* @param feature2 Feature to check (second level of permission)
|
||||||
|
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
|
||||||
|
* @param dbt_select Field name for select if not rowid. (optionnal)
|
||||||
|
* @return int 1
|
||||||
|
*/
|
||||||
|
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
|
||||||
|
{
|
||||||
|
return $this->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Assign templates values
|
* Assign templates values
|
||||||
|
|||||||
@@ -178,6 +178,23 @@ class ActionsCardDefault extends ActionsCardCommon
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check permissions of a user to show a page and an object. Check read permission
|
||||||
|
* If $_REQUEST['action'] defined, we also check write permission.
|
||||||
|
* @param user User to check
|
||||||
|
* @param features Features to check (in most cases, it's module name)
|
||||||
|
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
|
||||||
|
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
|
||||||
|
* @param feature2 Feature to check (second level of permission)
|
||||||
|
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
|
||||||
|
* @param dbt_select Field name for select if not rowid. (optionnal)
|
||||||
|
* @return int 1
|
||||||
|
*/
|
||||||
|
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
|
||||||
|
{
|
||||||
|
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -104,6 +104,23 @@ class ActionsCardIndividual extends ActionsCardCommon
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check permissions of a user to show a page and an object. Check read permission
|
||||||
|
* If $_REQUEST['action'] defined, we also check write permission.
|
||||||
|
* @param user User to check
|
||||||
|
* @param features Features to check (in most cases, it's module name)
|
||||||
|
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
|
||||||
|
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
|
||||||
|
* @param feature2 Feature to check (second level of permission)
|
||||||
|
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
|
||||||
|
* @param dbt_select Field name for select if not rowid. (optionnal)
|
||||||
|
* @return int 1
|
||||||
|
*/
|
||||||
|
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
|
||||||
|
{
|
||||||
|
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -44,10 +44,8 @@ $langs->load("banks");
|
|||||||
$langs->load("users");
|
$langs->load("users");
|
||||||
if ($conf->notification->enabled) $langs->load("mails");
|
if ($conf->notification->enabled) $langs->load("mails");
|
||||||
|
|
||||||
// Security check
|
|
||||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||||
if ($user->societe_id) $socid=$user->societe_id;
|
if ($user->societe_id) $socid=$user->societe_id;
|
||||||
$result = restrictedArea($user, 'societe', $socid);
|
|
||||||
|
|
||||||
$soc = new Societe($db);
|
$soc = new Societe($db);
|
||||||
|
|
||||||
@@ -58,6 +56,16 @@ if (! empty($canvas))
|
|||||||
{
|
{
|
||||||
require_once(DOL_DOCUMENT_ROOT."/core/class/canvas.class.php");
|
require_once(DOL_DOCUMENT_ROOT."/core/class/canvas.class.php");
|
||||||
$soccanvas = new Canvas($db);
|
$soccanvas = new Canvas($db);
|
||||||
|
|
||||||
|
$soccanvas->getCanvas('thirdparty','card',$canvas);
|
||||||
|
|
||||||
|
// Security check
|
||||||
|
$result = $soccanvas->restrictedArea($user, 'societe', $socid);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
// Security check
|
||||||
|
$result = restrictedArea($user, 'societe', $socid);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -74,7 +82,6 @@ if (! empty($canvas))
|
|||||||
// -----------------------------------------
|
// -----------------------------------------
|
||||||
// When used with CANVAS
|
// When used with CANVAS
|
||||||
// -----------------------------------------
|
// -----------------------------------------
|
||||||
$soccanvas->getCanvas('thirdparty','card',$canvas);
|
|
||||||
|
|
||||||
// Load data control
|
// Load data control
|
||||||
$soccanvas->doActions($socid);
|
$soccanvas->doActions($socid);
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ print "</table><br>\n";
|
|||||||
print '</form>';
|
print '</form>';
|
||||||
|
|
||||||
// Search Group
|
// Search Group
|
||||||
if ($user->rights->user->group->read)
|
if ($user->admin || $user->rights->user->group->read)
|
||||||
{
|
{
|
||||||
$var=false;
|
$var=false;
|
||||||
print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
|
print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
|
||||||
@@ -84,7 +84,8 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
|
|||||||
$max=10;
|
$max=10;
|
||||||
|
|
||||||
$sql = "SELECT u.rowid, u.name, u.firstname, u.admin, u.login, u.fk_societe, u.datec,";
|
$sql = "SELECT u.rowid, u.name, u.firstname, u.admin, u.login, u.fk_societe, u.datec,";
|
||||||
$sql.= " u.entity, u.ldap_sid, s.nom";
|
$sql.= " u.entity, u.ldap_sid,";
|
||||||
|
$sql.= " s.nom, s.canvas";
|
||||||
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
|
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
|
||||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_societe = s.rowid";
|
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_societe = s.rowid";
|
||||||
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
|
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
|
||||||
@@ -106,7 +107,7 @@ if ($resql)
|
|||||||
$var=!$var;
|
$var=!$var;
|
||||||
|
|
||||||
print "<tr $bc[$var]>";
|
print "<tr $bc[$var]>";
|
||||||
print "<td><a href=\"".DOL_URL_ROOT."/user/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowUser"),"user")." ".$obj->firstname." ".$obj->name."</a>";
|
print '<td><a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowUser"),"user").' '.$obj->firstname.' '.$obj->name.'</a>';
|
||||||
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
|
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
|
||||||
{
|
{
|
||||||
print img_redstar($langs->trans("SuperAdministrator"));
|
print img_redstar($langs->trans("SuperAdministrator"));
|
||||||
@@ -116,11 +117,11 @@ if ($resql)
|
|||||||
print img_picto($langs->trans("Administrator"),'star');
|
print img_picto($langs->trans("Administrator"),'star');
|
||||||
}
|
}
|
||||||
print "</td>";
|
print "</td>";
|
||||||
print "<td align=\"left\">".$obj->login.'</td>';
|
print '<td align="left">'.$obj->login.'</td>';
|
||||||
print "<td>";
|
print "<td>";
|
||||||
if ($obj->fk_societe)
|
if ($obj->fk_societe)
|
||||||
{
|
{
|
||||||
print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
|
print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'&canvas='.$obj->canvas.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
|
||||||
}
|
}
|
||||||
else if ($obj->ldap_sid)
|
else if ($obj->ldap_sid)
|
||||||
{
|
{
|
||||||
@@ -128,7 +129,7 @@ if ($resql)
|
|||||||
}
|
}
|
||||||
else print $langs->trans("InternalUser");
|
else print $langs->trans("InternalUser");
|
||||||
print '</td>';
|
print '</td>';
|
||||||
print "<td align=\"right\">".dol_print_date($db->jdate($obj->datec),'dayhour')."</td>";
|
print '<td align="right">'.dol_print_date($db->jdate($obj->datec),'dayhour').'</td>';
|
||||||
print '</tr>';
|
print '</tr>';
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
@@ -145,7 +146,7 @@ else
|
|||||||
/*
|
/*
|
||||||
* Derniers groupes crees
|
* Derniers groupes crees
|
||||||
*/
|
*/
|
||||||
if ($user->rights->user->group->read)
|
if ($user->admin || $user->rights->user->group->read)
|
||||||
{
|
{
|
||||||
$max=5;
|
$max=5;
|
||||||
|
|
||||||
@@ -176,7 +177,7 @@ if ($user->rights->user->group->read)
|
|||||||
print img_picto($langs->trans("GlobalGroup"),'redstar');
|
print img_picto($langs->trans("GlobalGroup"),'redstar');
|
||||||
}
|
}
|
||||||
print "</td>";
|
print "</td>";
|
||||||
print "<td width=\"80\" align=\"center\">".dol_print_date($db->jdate($obj->datec))."</td>";
|
print '<td width="80" align="center">'.dol_print_date($db->jdate($obj->datec)).'</td>';
|
||||||
print "</tr>";
|
print "</tr>";
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user