Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-11 20:11:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

New: Task #10725

Browse Source
This commit is contained in:
Regis Houssin
2010-10-29 14:22:35 +00:00
parent 7afdd8fd64
commit 8336d81c7b
5 changed files with 70 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
htdocs/core/class/canvas.class.php
View File

@@ -164,6 +164,23 @@ class Canvas
return 1;
}
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return $this->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
/**
* Assign templates values

17
htdocs/societe/canvas/default/actions_card_default.class.php
View File

@@ -178,6 +178,23 @@ class ActionsCardDefault extends ActionsCardCommon
}
}
}
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
}

17
htdocs/societe/canvas/individual/actions_card_individual.class.php
View File

@@ -104,6 +104,23 @@ class ActionsCardIndividual extends ActionsCardCommon
}
}
}
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int 1
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
return restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select);
}
}

13
htdocs/societe/soc.php
View File

@@ -44,10 +44,8 @@ $langs->load("banks");
$langs->load("users");
if ($conf->notification->enabled) $langs->load("mails");
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'societe', $socid);
$soc = new Societe($db);
@@ -58,6 +56,16 @@ if (! empty($canvas))
{
require_once(DOL_DOCUMENT_ROOT."/core/class/canvas.class.php");
$soccanvas = new Canvas($db);
$soccanvas->getCanvas('thirdparty','card',$canvas);
// Security check
$result = $soccanvas->restrictedArea($user, 'societe', $socid);
}
else
{
// Security check
$result = restrictedArea($user, 'societe', $socid);
}
@@ -74,7 +82,6 @@ if (! empty($canvas))
// -----------------------------------------
// When used with CANVAS
// -----------------------------------------
$soccanvas->getCanvas('thirdparty','card',$canvas);
// Load data control
$soccanvas->doActions($socid);

17
htdocs/user/home.php
View File

@@ -61,7 +61,7 @@ print "</table><br>\n";
print '</form>';
// Search Group
if ($user->rights->user->group->read)
if ($user->admin || $user->rights->user->group->read)
{
$var=false;
print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
@@ -84,7 +84,8 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
$max=10;
$sql = "SELECT u.rowid, u.name, u.firstname, u.admin, u.login, u.fk_societe, u.datec,";
$sql.= " u.entity, u.ldap_sid, s.nom";
$sql.= " u.entity, u.ldap_sid,";
$sql.= " s.nom, s.canvas";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_societe = s.rowid";
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
@@ -106,7 +107,7 @@ if ($resql)
$var=!$var;
print "<tr $bc[$var]>";
print "<td><a href=\"".DOL_URL_ROOT."/user/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowUser"),"user")." ".$obj->firstname." ".$obj->name."</a>";
print '<td><a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowUser"),"user").' '.$obj->firstname.' '.$obj->name.'</a>';
if ($conf->global->MAIN_MODULE_MULTICOMPANY && $obj->admin && ! $obj->entity)
{
print img_redstar($langs->trans("SuperAdministrator"));
@@ -116,11 +117,11 @@ if ($resql)
print img_picto($langs->trans("Administrator"),'star');
}
print "</td>";
print "<td align=\"left\">".$obj->login.'</td>';
print '<td align="left">'.$obj->login.'</td>';
print "<td>";
if ($obj->fk_societe)
{
print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
print '<a href="'.DOL_URL_ROOT.'/societe/soc.php?socid='.$obj->fk_societe.'&amp;canvas='.$obj->canvas.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a>';
}
else if ($obj->ldap_sid)
{
@@ -128,7 +129,7 @@ if ($resql)
}
else print $langs->trans("InternalUser");
print '</td>';
print "<td align=\"right\">".dol_print_date($db->jdate($obj->datec),'dayhour')."</td>";
print '<td align="right">'.dol_print_date($db->jdate($obj->datec),'dayhour').'</td>';
print '</tr>';
$i++;
}
@@ -145,7 +146,7 @@ else
/*
* Derniers groupes crees
*/
if ($user->rights->user->group->read)
if ($user->admin || $user->rights->user->group->read)
{
$max=5;
@@ -176,7 +177,7 @@ if ($user->rights->user->group->read)
print img_picto($langs->trans("GlobalGroup"),'redstar');
}
print "</td>";
print "<td width=\"80\" align=\"center\">".dol_print_date($db->jdate($obj->datec))."</td>";
print '<td width="80" align="center">'.dol_print_date($db->jdate($obj->datec)).'</td>';
print "</tr>";
$i++;
}