diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index b0faa6170d0..67b97170895 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -67,7 +67,6 @@ $objecttype = 'fichinter_rec'; if ($action == "create" || $action == "add") { $objecttype = ''; } -$result = restrictedArea($user, 'ficheinter', $id, $objecttype); // Load variable for pagination $limit = GETPOSTINT('limit') ? GETPOSTINT('limit') : $conf->liste_limit; @@ -96,7 +95,6 @@ if ($sortfield == "") { $object = new FichinterRec($db); $extrafields = new ExtraFields($db); - $arrayfields = array( 'f.title' => array('label' => "Ref", 'checked' => 1), 's.nom' => array('label' => "ThirdParty", 'checked' => 1), @@ -111,6 +109,11 @@ $arrayfields = array( 'f.tms' => array('label' => "DateModificationShort", 'checked' => 0, 'position' => 500), ); +$result = restrictedArea($user, 'ficheinter', $id, $objecttype); + +$permissiontoadd = $user->hasRight('ficheinter', 'creer'); +$permissiontodelete = $user->hasRight('ficheinter', 'supprimer'); + /* * Actions @@ -129,7 +132,7 @@ if ($cancel) { } // Create predefined intervention -if ($action == 'add') { +if ($action == 'add' && $permissiontoadd) { if (!GETPOST('title')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->trans("Title")), null, 'errors'); $action = "create"; @@ -188,7 +191,7 @@ if ($action == 'add') { $action = "create"; } } -} elseif ($action == 'createfrommodel') { +} elseif ($action == 'createfrommodel' && $permissiontoadd) { $newinter = new Fichinter($db); // Fetch the stored data @@ -233,25 +236,25 @@ if ($action == 'add') { setEventMessages($newinter->error, $newinter->errors, 'errors'); $action = ''; } -} elseif ($action == 'delete' && $user->hasRight('ficheinter', 'supprimer')) { +} elseif ($action == 'delete' && $permissiontodelete) { // delete modele $object->fetch($id); $object->delete($user); $id = 0; header('Location: '.$_SERVER["PHP_SELF"]); exit; -} elseif ($action == 'setfrequency' && $user->hasRight('ficheinter', 'creer')) { +} elseif ($action == 'setfrequency' && $permissiontoadd) { // Set frequency and unit frequency $object->fetch($id); $object->setFrequencyAndUnit(GETPOST('frequency', 'int'), GETPOST('unit_frequency', 'alpha')); -} elseif ($action == 'setdate_when' && $user->hasRight('ficheinter', 'creer')) { +} elseif ($action == 'setdate_when' && $permissiontoadd) { // Set next date of execution $object->fetch($id); $date = dol_mktime(GETPOST('date_whenhour'), GETPOST('date_whenmin'), 0, GETPOST('date_whenmonth'), GETPOST('date_whenday'), GETPOST('date_whenyear')); if (!empty($date)) { $object->setNextDate($date); } -} elseif ($action == 'setnb_gen_max' && $user->hasRight('ficheinter', 'creer')) { +} elseif ($action == 'setnb_gen_max' && $permissiontoadd) { // Set max period $object->fetch($id); $object->setMaxPeriod(GETPOSTINT('nb_gen_max')); @@ -259,7 +262,7 @@ if ($action == 'add') { /* - * View + * View */ $help_url = ''; @@ -281,9 +284,8 @@ $today = dol_mktime(23, 59, 59, $tmparray['mon'], $tmparray['mday'], $tmparray[' -/* - * Create mode - */ +// Create mode + if ($action == 'create') { print load_fiche_titre($langs->trans("CreateRepeatableIntervention"), '', 'intervention'); @@ -490,10 +492,8 @@ if ($action == 'create') { print ''; } else { - /* - * View mode - * - */ + // View mode + if ($id > 0) { if ($object->fetch($id) > 0) { $object->fetch_thirdparty(); @@ -755,9 +755,7 @@ if ($action == 'create') { } print ''; - /* - * Action bar - */ + // Action bar print '
'; if ($user->hasRight('ficheinter', 'creer')) { @@ -775,9 +773,8 @@ if ($action == 'create') { print $langs->trans("ErrorRecordNotFound"); } } else { - /* - * List mode - */ + // List mode + $sql = "SELECT f.rowid as fich_rec, s.nom as name, s.rowid as socid, f.rowid as facid, f.title,"; $sql .= " f.duree, f.fk_contrat, f.fk_projet as fk_project, f.frequency, f.nb_gen_done, f.nb_gen_max,"; $sql .= " f.date_last_gen, f.date_when, f.datec, f.status"; diff --git a/htdocs/fourn/facture/card-rec.php b/htdocs/fourn/facture/card-rec.php index aa7e5ede40e..f264cea786f 100644 --- a/htdocs/fourn/facture/card-rec.php +++ b/htdocs/fourn/facture/card-rec.php @@ -114,6 +114,8 @@ $search_array_options = $extrafields->getOptionalsFromPost($object->table_elemen $permissionnote = $user->hasRight("fournisseur", "facture", "creer") || $user->hasRight("supplier_invoice", "creer"); // Used by the include of actions_setnotes.inc.php $permissiondellink = $user->hasRight("fournisseur", "facture", "creer") || $user->hasRight("supplier_invoice", "creer"); // Used by the include of actions_dellink.inc.php $permissiontoedit = $user->hasRight("fournisseur", "facture", "creer") || $user->hasRight("supplier_invoice", "creer"); // Used by the include of actions_lineupdonw.inc.php +$permissiontoadd = $user->hasRight("fournisseur", "facture", "creer") || $user->hasRight("supplier_invoice", "creer"); +$permissiontodelete = ($user->hasRight("fournisseur", "facture", "supprimer") || $user->hasRight("supplier_invoice", "supprimer")); $usercanread = $user->hasRight("fournisseur", "facture", "lire") || $user->hasRight("supplier_invoice", "lire"); $usercancreate = $user->hasRight("fournisseur", "facture", "creer") || $user->hasRight("supplier_invoice", "creer"); @@ -167,7 +169,7 @@ if (empty($reshook)) { include DOL_DOCUMENT_ROOT . '/core/actions_lineupdown.inc.php'; // Must be 'include', not 'include_once' // Create predefined invoice - if ($action == 'add') { + if ($action == 'add' && $permissiontoadd) { if (! GETPOST('title', 'alphanohtml')) { setEventMessages($langs->transnoentities("ErrorFieldRequired", $langs->trans("Title")), null, 'errors'); $action = "create"; @@ -257,7 +259,7 @@ if (empty($reshook)) { // Delete //TODO : Droits - if ($action == 'confirm_deleteinvoice' && $confirm == 'yes' && ($user->hasRight("fournisseur", "facture", "supprimer") || $user->hasRight("supplier_invoice", "supprimer"))) { + if ($action == 'confirm_deleteinvoice' && $confirm == 'yes' && $permissiontodelete) { $object->delete($user); header('Location: ' . DOL_URL_ROOT . '/fourn/facture/list-rec.php'); @@ -286,7 +288,7 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } - } elseif ($action == 'settitle' && $usercancreate) { + } elseif ($action == 'settitle' && $permissiontoadd) { $result = $object->setValueFrom('titre', $title, '', null, 'text', '', $user); if ($result > 0) { @@ -302,31 +304,31 @@ if (empty($reshook)) { setEventMessages($object->error, $object->errors, 'errors'); } } - } elseif ($action == 'setbankaccount' && $usercancreate) { + } elseif ($action == 'setbankaccount' && $permissiontoadd) { // Set bank account $result = $object->setBankAccount(GETPOSTINT('fk_account')); - } elseif ($action == 'setfrequency' && $usercancreate) { + } elseif ($action == 'setfrequency' && $permissiontoadd) { // Set frequency and unit frequency $object->setFrequencyAndUnit(GETPOST('frequency', 'int'), GETPOST('unit_frequency', 'alpha')); - } elseif ($action == 'setdate_when' && $usercancreate) { + } elseif ($action == 'setdate_when' && $permissiontoadd) { // Set next date of execution $date = dol_mktime(GETPOST('date_whenhour'), GETPOST('date_whenmin'), 0, GETPOST('date_whenmonth'), GETPOST('date_whenday'), GETPOST('date_whenyear')); if (!empty($date)) { $object->setNextDate($date); } - } elseif ($action == 'setnb_gen_max' && $usercancreate) { + } elseif ($action == 'setnb_gen_max' && $permissiontoadd) { // Set max period $object->setMaxPeriod(GETPOSTINT('nb_gen_max')); - } elseif ($action == 'setauto_validate' && $usercancreate) { + } elseif ($action == 'setauto_validate' && $permissiontoadd) { // Set auto validate $object->setAutoValidate(GETPOSTINT('auto_validate')); - } elseif ($action == 'setgenerate_pdf' && $usercancreate) { + } elseif ($action == 'setgenerate_pdf' && $permissiontoadd) { // Set generate pdf $object->setGeneratepdf(GETPOSTINT('generate_pdf')); - } elseif ($action == 'setmodelpdf' && $usercancreate) { + } elseif ($action == 'setmodelpdf' && $permissiontoadd) { // Set model pdf $object->setModelpdf(GETPOST('modelpdf', 'alpha')); - } elseif ($action == 'disable' && $usercancreate) { + } elseif ($action == 'disable' && $permissiontoadd) { // Set status disabled $db->begin(); @@ -343,7 +345,7 @@ if (empty($reshook)) { $db->rollback(); setEventMessages($object->error, $object->errors, 'errors'); } - } elseif ($action == 'enable' && $usercancreate) { + } elseif ($action == 'enable' && $permissiontoadd) { // Set status enabled $db->begin(); @@ -360,13 +362,13 @@ if (empty($reshook)) { $db->rollback(); setEventMessages($object->error, $object->errors, 'errors'); } - } elseif ($action == 'setmulticurrencycode' && $usercancreate) { + } elseif ($action == 'setmulticurrencycode' && $permissiontoadd) { // Multicurrency Code $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); - } elseif ($action == 'setmulticurrencyrate' && $usercancreate) { + } elseif ($action == 'setmulticurrencyrate' && $permissiontoadd) { // Multicurrency rate $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx')), GETPOSTINT('calculation_mode')); - } elseif ($action == 'setlibelle' && $usercancreate) { + } elseif ($action == 'setlibelle' && $permissiontoadd) { // Set label $object->fetch($id); $object->libelle = GETPOST('libelle'); @@ -379,7 +381,7 @@ if (empty($reshook)) { } // Delete line - if ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { + if ($action == 'confirm_deleteline' && $confirm == 'yes' && $permissiontoadd) { $object->fetch($id); $object->fetch_thirdparty(); @@ -404,7 +406,7 @@ if (empty($reshook)) { $db->rollback(); setEventMessages($line->error, $line->errors, 'errors'); } - } elseif ($action == 'update_extras' && $usercancreate) { + } elseif ($action == 'update_extras' && $permissiontoadd) { $object->oldcopy = dol_clone($object, 2); // Fill array 'array_options' with data from update form @@ -423,7 +425,7 @@ if (empty($reshook)) { } // Add a new line - if ($action == 'addline' && $usercancreate) { + if ($action == 'addline' && $permissiontoadd) { $langs->load('errors'); $error = 0; @@ -729,7 +731,7 @@ if (empty($reshook)) { $action = ''; } } - } elseif ($action == 'updateline' && $usercancreate && ! GETPOST('cancel', 'alpha')) { + } elseif ($action == 'updateline' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) { if (! $object->fetch($id) > 0) { dol_print_error($db); } @@ -871,6 +873,7 @@ if (empty($reshook)) { } } + /* * View */ @@ -1127,9 +1130,7 @@ if ($action == 'create') { dol_print_error(null, "Error, no invoice " . $object->id); } } else { - /* - * View mode - */ + // View mode if ($object->id > 0) { $object->fetch($object->id); $object->fetch_thirdparty(); diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 10a5536a845..78727c97006 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -2953,9 +2953,8 @@ if ($action == 'create') { $absolute_discount = price2num($absolute_discount, 'MT'); $absolute_creditnote = price2num($absolute_creditnote, 'MT'); - /* - * View card - */ + // View card + $objectidnext = $object->getIdReplacingInvoice(); $head = facturefourn_prepare_head($object); @@ -4022,9 +4021,7 @@ if ($action == 'create') { if ($action != 'presend') { - /* - * Buttons actions - */ + // Buttons actions print '
'; @@ -4142,8 +4139,7 @@ if ($action == 'create') { } // Create event - /*if (isModEnabled('agenda') && getDolGlobalString('MAIN_ADD_EVENT_ON_ELEMENT_CARD')) // Add hidden condition because this is not a "workflow" action so should appears somewhere else on page. - { + /*if (isModEnabled('agenda') && getDolGlobalString('MAIN_ADD_EVENT_ON_ELEMENT_CARD')) { // Add hidden condition because this is not a "workflow" action so should appears somewhere else on page. print '
' . $langs->trans("AddAction") . '
'; }*/ diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 373ddd3d4cc..18b69c014c7 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1746,10 +1746,10 @@ if ($dirins && ($action == 'droptable' || $action == 'droptableextrafields') && $objectname = $tabobj; $arrayoftables = array(); - if ($action == 'droptable') { + if ($action == 'droptable') { // Test on permission already done $arrayoftables[] = MAIN_DB_PREFIX.strtolower($module).'_'.strtolower($tabobj); } - if ($action == 'droptableextrafields') { + if ($action == 'droptableextrafields') { // Test on permission already done $arrayoftables[] = MAIN_DB_PREFIX.strtolower($module).'_'.strtolower($tabobj).'_extrafields'; } diff --git a/test/phpunit/CodingPhpTest.php b/test/phpunit/CodingPhpTest.php index b65fc5d1459..b29c7299115 100644 --- a/test/phpunit/CodingPhpTest.php +++ b/test/phpunit/CodingPhpTest.php @@ -665,7 +665,8 @@ class CodingPhpTest extends CommonClassTest break; } } - //$this->assertTrue($ok, 'Found a test on action without check on permission and without comment to say this is expected, in file '.$file['relativename'].'.'); + + $this->assertTrue($ok, 'Found a test on $action, without check on permission on same line and without the comment "// Test on permission already done", in file '.$file['relativename'].'.'); } }