diff --git a/htdocs/admin/mails_templates.php b/htdocs/admin/mails_templates.php index 7c9e31cf496..7618a1f20b2 100644 --- a/htdocs/admin/mails_templates.php +++ b/htdocs/admin/mails_templates.php @@ -257,7 +257,7 @@ if (isModEnabled('expensereport') && $user->hasRight('expensereport', 'lire')) { if (isModEnabled('agenda')) { $elementList['actioncomm_send'] = img_picto('', 'action', 'class="pictofixedwidth"').dol_escape_htmltag($langs->trans('MailToSendEventPush')); } -if (isModEnabled('eventorganization') && $user->hasRight('eventorganization', 'read')) { +if (isModEnabled('eventorganization') && $user->hasRight('project', 'read')) { $elementList['conferenceorbooth'] = img_picto('', 'action', 'class="pictofixedwidth"').dol_escape_htmltag($langs->trans('MailToSendEventOrganization')); } if (isModEnabled('partnership') && $user->hasRight('partnership', 'read')) { diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php index b871096e148..7cb3d79cdda 100644 --- a/htdocs/admin/modules.php +++ b/htdocs/admin/modules.php @@ -512,12 +512,14 @@ $filename = array(); $modules = array(); $orders = array(); $categ = array(); -$publisherlogoarray = array(); +//$publisherlogoarray = array(); $i = 0; // is a sequencer of modules found $j = 0; // j is module number. Automatically affected if module number not defined. $modNameLoaded = array(); +$listOfOfficialModuleGroups = array('hr', 'technic', 'interface', 'technic', 'portal', 'financial', 'crm', 'base', 'products', 'srm', 'ecm', 'projects', 'other'); + //if ($mode == 'common' || $mode == 'commonkanban') { // Load $modules (required for the badge count) foreach ($modulesdir as $dir) { @@ -617,7 +619,6 @@ foreach ($modulesdir as $dir) { } $familyposition = (empty($familyinfo[$familykey]['position']) ? '0' : $familyinfo[$familykey]['position']); - $listOfOfficialModuleGroups = array('hr', 'technic', 'interface', 'technic', 'portal', 'financial', 'crm', 'base', 'products', 'srm', 'ecm', 'projects', 'other'); if ($external && !in_array($familykey, $listOfOfficialModuleGroups)) { // If module is extern and into a custom group (not into an official predefined one), it must appear at end (custom groups should not be before official groups). if (is_numeric($familyposition)) { diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 76b1269beb6..1490cf5d460 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -211,7 +211,7 @@ function print_eldy_menu($db, $atarget, $type_user, &$tabMenu, &$menu, $noout = // Projects $tmpentry = array( 'enabled' => (int) (isModEnabled('project') ? 1 : 0), - 'perms' => (string) (int) ($user->hasRight('projet', 'lire') ? 1 : 0), + 'perms' => (string) ($user->hasRight('project', 'read') ? 1 : 0), 'module' => 'projet' ); diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 37716ab18f9..eaccb8bccd9 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -1990,17 +1990,6 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it if ($obj !== null && !empty($obj->value) && !empty($this->rights)) { include_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; - // TODO rights parameters with integer indexes are deprecated - // $this->rights[$key][0] = $this->rights[$key][self::KEY_ID] - // $this->rights[$key][1] = $this->rights[$key][self::KEY_LABEL] - // $this->rights[$key][3] = $this->rights[$key][self::KEY_DEFAULT] - // $this->rights[$key][4] = $this->rights[$key][self::KEY_FIRST_LEVEL] - // $this->rights[$key][5] = $this->rights[$key][self::KEY_SECOND_LEVEL] - - // new parameters - // $this->rights[$key][self::KEY_MODULE] // possibility to define user right for an another module (default: current module name) - // $this->rights[$key][self::KEY_ENABLED] // condition to show or hide a user right (default: 1) (eg isModEnabled('anothermodule')) - // If the module is active foreach ($this->rights as $key => $value) { $r_id = $this->rights[$key][self::KEY_ID]; // permission id in llx_rights_def (not unique because primary key is couple id-entity) @@ -2010,6 +1999,10 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $r_perms = $this->rights[$key][self::KEY_FIRST_LEVEL] ?? ''; $r_subperms = $this->rights[$key][self::KEY_SECOND_LEVEL] ?? ''; + $r_module_position = $this->getModulePosition(); + $r_family = $this->family; + $r_family_position = 0; + // KEY_FIRST_LEVEL (perms) must not be empty if (empty($r_perms)) { continue; @@ -2046,7 +2039,10 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql .= ", libelle"; $sql .= ", module"; $sql .= ", module_origin"; - $sql .= ", type"; // TODO deprecated + $sql .= ", module_position"; // Not that module_position can be fixed eynamically when accessing page user/perms.php + $sql .= ", family"; + $sql .= ", family_position"; + $sql .= ", type"; // Not used yet $sql .= ", bydefault"; $sql .= ", perms"; $sql .= ", subperms"; @@ -2057,7 +2053,10 @@ class DolibarrModules // Can not be abstract, because we need to instantiate it $sql .= ", '".$this->db->escape($r_label)."'"; $sql .= ", '".$this->db->escape($r_module)."'"; $sql .= ", '".$this->db->escape($r_module_origin)."'"; - $sql .= ", '".$this->db->escape($r_type)."'"; // TODO deprecated + $sql .= ", '".$this->db->escape($r_module_position)."'"; + $sql .= ", '".$this->db->escape($r_family)."'"; + $sql .= ", '".$this->db->escape($r_family_position)."'"; + $sql .= ", '".$this->db->escape($r_type)."'"; // Not used yet $sql .= ", ".((int) $r_default); $sql .= ", '".$this->db->escape($r_perms)."'"; $sql .= ", '".$this->db->escape($r_subperms)."'"; diff --git a/htdocs/core/modules/modAccounting.class.php b/htdocs/core/modules/modAccounting.class.php index 6dc2c754176..214cec094e7 100644 --- a/htdocs/core/modules/modAccounting.class.php +++ b/htdocs/core/modules/modAccounting.class.php @@ -43,7 +43,7 @@ class modAccounting extends DolibarrModules $this->numero = 50400; $this->family = "financial"; - $this->module_position = '61'; + $this->module_position = '62'; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); $this->description = "Double entry accounting management"; diff --git a/htdocs/core/modules/modEventOrganization.class.php b/htdocs/core/modules/modEventOrganization.class.php index 46a7956158e..8bdfeea9431 100644 --- a/htdocs/core/modules/modEventOrganization.class.php +++ b/htdocs/core/modules/modEventOrganization.class.php @@ -208,6 +208,7 @@ class modEventOrganization extends DolibarrModules // Add here entries to declare new permissions /* BEGIN MODULEBUILDER PERMISSIONS */ + /* $this->rights[$r][0] = $this->numero + $r; // Permission id (must not be already used) $this->rights[$r][1] = 'Read objects of EventOrganization'; // Permission label $this->rights[$r][4] = 'read'; // In php code, permission will be checked by test if ($user->rights->eventorganization->level1) @@ -220,6 +221,7 @@ class modEventOrganization extends DolibarrModules $this->rights[$r][1] = 'Delete objects of EventOrganization'; // Permission label $this->rights[$r][4] = 'delete'; // In php code, permission will be checked by test if ($user->rights->eventorganization->level1) $r++; + */ /* END MODULEBUILDER PERMISSIONS */ // Main menu entries to add @@ -240,7 +242,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -252,7 +254,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization@eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -264,7 +266,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization@eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -279,7 +281,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -291,7 +293,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "write")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -303,7 +305,7 @@ class modEventOrganization extends DolibarrModules 'langs' => 'eventorganization', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position' => 1000 + $r, 'enabled' => 'isModEnabled("eventorganization")', // Define condition to show or hide menu entry. Use '$conf->eventorganization->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms' => '$user->hasRight("eventorganization", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules + 'perms' => '$user->hasRight("project", "read")', // Use 'perms'=>'$user->rights->eventorganization->level1->level2' if you want your menu with a permission rules 'target' => '', 'user' => 2, // 0=Menu for internal users, 1=external users, 2=both ); diff --git a/htdocs/core/modules/modIntracommreport.class.php b/htdocs/core/modules/modIntracommreport.class.php index 54fe87ced0d..c6a008a87b6 100644 --- a/htdocs/core/modules/modIntracommreport.class.php +++ b/htdocs/core/modules/modIntracommreport.class.php @@ -38,13 +38,13 @@ class modIntracommreport extends DolibarrModules */ public function __construct($db) { - global $conf, $langs; + global $conf; $this->db = $db; $this->numero = 68000; $this->family = "financial"; - $this->module_position = '62'; + $this->module_position = '64'; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); $this->description = "Intracomm report management (Support for French DEB/DES format)"; diff --git a/htdocs/core/modules/modKnowledgeManagement.class.php b/htdocs/core/modules/modKnowledgeManagement.class.php index 71f163ec37a..36d5f6ba6c6 100644 --- a/htdocs/core/modules/modKnowledgeManagement.class.php +++ b/htdocs/core/modules/modKnowledgeManagement.class.php @@ -41,7 +41,7 @@ class modKnowledgeManagement extends DolibarrModules */ public function __construct($db) { - global $langs, $conf; + global $conf; $this->db = $db; // Id for module (must be unique). @@ -56,7 +56,7 @@ class modKnowledgeManagement extends DolibarrModules $this->family = "crm"; // Module position in the family on 2 digits ('01', '10', '20', ...) - $this->module_position = '90'; + $this->module_position = '61'; // Gives the possibility for the module, to provide his own family info and position of this family (Overwrite $this->family and $this->module_position. Avoid this) //$this->familyinfo = array('myownfamily' => array('position' => '01', 'label' => $langs->trans("MyOwnFamily"))); diff --git a/htdocs/eventorganization/class/api_eventattendees.class.php b/htdocs/eventorganization/class/api_eventattendees.class.php index dc27d4f3e2c..d701d3caa2d 100644 --- a/htdocs/eventorganization/class/api_eventattendees.class.php +++ b/htdocs/eventorganization/class/api_eventattendees.class.php @@ -599,11 +599,11 @@ class EventAttendees extends DolibarrApi { // what kind of access management do we need? $moduleaccess = false; - if (isModEnabled("eventorganization") && DolibarrApiAccess::$user->hasRight('eventorganization', $accesstype)) { + if (isModEnabled("eventorganization") && DolibarrApiAccess::$user->hasRight('project', $accesstype)) { $moduleaccess = true; } $fullprojectaccess = false; - if (DolibarrApiAccess::$user->hasRight('projet', 'all', $accesstype)) { + if (DolibarrApiAccess::$user->hasRight('project', 'all', $accesstype)) { $fullprojectaccess = true; } diff --git a/htdocs/eventorganization/conferenceorbooth_card.php b/htdocs/eventorganization/conferenceorbooth_card.php index 3658e5eeed1..45173293f41 100644 --- a/htdocs/eventorganization/conferenceorbooth_card.php +++ b/htdocs/eventorganization/conferenceorbooth_card.php @@ -97,11 +97,11 @@ if (empty($action) && empty($id) && empty($ref)) { include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be 'include', not 'include_once'. // Permissions -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->hasRight('eventorganization', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_dellink.inc.php +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('project', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('project', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('project', 'write'); // Used by the include of actions_dellink.inc.php $upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1]; // Security check @@ -645,9 +645,9 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $relativepath = $objref.'/'.$objref.'.pdf'; $filedir = $conf->eventorganization->dir_output.'/'.$object->element.'/'.$objref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->hasRight('eventorganization', 'read'); // If you can read, you can build the PDF to read content - $delallowed = $user->hasRight('eventorganization', 'write'); // If you can create/edit, you can remove a file on card - print $formfile->showdocuments('eventorganization', $object->element.'/'.$objref, $filedir, $urlsource, 0, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, '', '', '', $langs->defaultlang); + $genallowed = $user->hasRight('project', 'read'); // If you can read, you can build the PDF to read content + $delallowed = $user->hasRight('project', 'write'); // If you can create/edit, you can remove a file on card + print $formfile->showdocuments('eventorganization:ConferenceOrBooth', $object->element.'/'.$objref, $filedir, $urlsource, 0, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, '', '', '', $langs->defaultlang); } // Show links to link elements diff --git a/htdocs/eventorganization/conferenceorbooth_contact.php b/htdocs/eventorganization/conferenceorbooth_contact.php index 0c4dc10fb1c..a0b75572750 100644 --- a/htdocs/eventorganization/conferenceorbooth_contact.php +++ b/htdocs/eventorganization/conferenceorbooth_contact.php @@ -90,11 +90,11 @@ if ($user->socid > 0) { $isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'eventorganization', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->hasRight('eventorganization', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_dellink.inc.php +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('project', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('project', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('project', 'write'); // Used by the include of actions_dellink.inc.php $upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1]; // Security check diff --git a/htdocs/eventorganization/conferenceorbooth_document.php b/htdocs/eventorganization/conferenceorbooth_document.php index 8bc9ea5a936..5cb2ddb3afe 100644 --- a/htdocs/eventorganization/conferenceorbooth_document.php +++ b/htdocs/eventorganization/conferenceorbooth_document.php @@ -104,11 +104,11 @@ if ($id > 0 || !empty($ref)) { } // Permissions -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->hasRight('eventorganization', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_dellink.inc.php +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('project', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('project', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('project', 'write'); // Used by the include of actions_dellink.inc.php $upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1]; // Security check diff --git a/htdocs/eventorganization/conferenceorbooth_list.php b/htdocs/eventorganization/conferenceorbooth_list.php index 463d4060ebe..827c277a076 100644 --- a/htdocs/eventorganization/conferenceorbooth_list.php +++ b/htdocs/eventorganization/conferenceorbooth_list.php @@ -143,9 +143,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); -$permissiontodelete = $user->hasRight('eventorganization', 'delete'); +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); +$permissiontodelete = $user->hasRight('project', 'delete'); // Security check if (!isModEnabled('eventorganization')) { @@ -166,7 +166,7 @@ if (!$permissiontoread) { * Actions */ -if (preg_match('/^set/', $action) && ($projectid > 0 || $projectref) && $user->hasRight('eventorganization', 'write')) { +if (preg_match('/^set/', $action) && ($projectid > 0 || $projectref) && $user->hasRight('project', 'write')) { //If "set" fields keys is in projects fields $project_attr = preg_replace('/^set/', '', $action); if (array_key_exists($project_attr, $project->fields)) { diff --git a/htdocs/eventorganization/conferenceorboothattendee_card.php b/htdocs/eventorganization/conferenceorboothattendee_card.php index 6847f3e5a7c..19c0186b66b 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_card.php +++ b/htdocs/eventorganization/conferenceorboothattendee_card.php @@ -129,11 +129,11 @@ if ($object->fk_project > 0) { } // Permissions -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontodelete = $user->hasRight('eventorganization', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); -$permissionnote = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->hasRight('eventorganization', 'write'); // Used by the include of actions_dellink.inc.php +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontodelete = $user->hasRight('project', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); +$permissionnote = $user->hasRight('project', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiondellink = $user->hasRight('project', 'write'); // Used by the include of actions_dellink.inc.php $upload_dir = $conf->eventorganization->multidir_output[isset($object->entity) ? $object->entity : 1]; // Security check @@ -706,8 +706,8 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $relativepath = $objref.'/'.$objref.'.pdf'; $filedir = $conf->eventorganization->dir_output.'/'.$object->element.'/'.$objref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->hasRight('eventorganization', 'conferenceorboothattendee', 'read'); // If you can read, you can build the PDF to read content - $delallowed = $user->hasRight('eventorganization', 'conferenceorboothattendee', 'write'); // If you can create/edit, you can remove a file on card + $genallowed = $user->hasRight('project', 'conferenceorboothattendee', 'read'); // If you can read, you can build the PDF to read content + $delallowed = $user->hasRight('project', 'conferenceorboothattendee', 'write'); // If you can create/edit, you can remove a file on card print $formfile->showdocuments('eventorganization:ConferenceOrBoothAttendee', $object->element.'/'.$objref, $filedir, $urlsource, $genallowed, $delallowed, (string) $object->model_pdf, 1, 0, 0, 28, 0, '', '', '', $langs->defaultlang); } diff --git a/htdocs/eventorganization/conferenceorboothattendee_list.php b/htdocs/eventorganization/conferenceorboothattendee_list.php index 38a7efe1626..a15358c8be0 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_list.php +++ b/htdocs/eventorganization/conferenceorboothattendee_list.php @@ -73,6 +73,7 @@ $conf_or_booth_id = GETPOSTINT('conforboothid'); $withproject = GETPOSTINT('withproject'); $fk_project = GETPOSTINT('fk_project') ? GETPOSTINT('fk_project') : GETPOSTINT('projectid'); $projectid = $fk_project; +$projectref = GETPOST('projectref'); $withProjectUrl = ''; @@ -155,9 +156,9 @@ $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); // Permissions -$permissiontoread = $user->hasRight('eventorganization', 'read'); -$permissiontoadd = $user->hasRight('eventorganization', 'write'); -$permissiontodelete = $user->hasRight('eventorganization', 'delete'); +$permissiontoread = $user->hasRight('project', 'read'); +$permissiontoadd = $user->hasRight('project', 'write'); +$permissiontodelete = $user->hasRight('project', 'delete'); // Security check if (!isModEnabled('eventorganization')) { @@ -178,7 +179,7 @@ if (!$permissiontoread) { * Actions */ -if (preg_match('/^set/', $action) && ($projectid > 0 || $projectref) && $user->hasRight('eventorganization', 'write')) { +if (preg_match('/^set/', $action) && ($projectid > 0 || $projectref) && $user->hasRight('project', 'write')) { //If "set" fields keys is in projects fields $project_attr = preg_replace('/^set/', '', $action); if (array_key_exists($project_attr, $project->fields)) { diff --git a/htdocs/eventorganization/conferenceorboothattendee_note.php b/htdocs/eventorganization/conferenceorboothattendee_note.php index 61afed3bf09..f87ce7b34f8 100644 --- a/htdocs/eventorganization/conferenceorboothattendee_note.php +++ b/htdocs/eventorganization/conferenceorboothattendee_note.php @@ -68,8 +68,8 @@ if ($id > 0 || !empty($ref)) { } // Permissions -$permissionnote = $user->hasRight('eventorganization', 'conferenceorboothattendee', 'write'); // Used by the include of actions_setnotes.inc.php -$permissiontoadd = $user->hasRight('eventorganization', 'conferenceorboothattendee', 'write'); // Used by the include of actions_addupdatedelete.inc.php +$permissionnote = $user->hasRight('project', 'conferenceorboothattendee', 'write'); // Used by the include of actions_setnotes.inc.php +$permissiontoadd = $user->hasRight('project', 'conferenceorboothattendee', 'write'); // Used by the include of actions_addupdatedelete.inc.php diff --git a/htdocs/install/mysql/migration/22.0.0-23.0.0.sql b/htdocs/install/mysql/migration/22.0.0-23.0.0.sql index 759d5870d84..c4ba6acf34f 100644 --- a/htdocs/install/mysql/migration/22.0.0-23.0.0.sql +++ b/htdocs/install/mysql/migration/22.0.0-23.0.0.sql @@ -172,11 +172,21 @@ ALTER TABLE llx_adherent ADD COLUMN birth_place varchar(64) after birth; ALTER TABLE llx_societe ADD COLUMN birth date DEFAULT NULL after fk_forme_juridique; ALTER TABLE llx_societe ADD vatexemptcode varchar(24) DEFAULT NULL; +-- Remove deprecated permissions DELETE FROM llx_user_rights WHERE fk_id IN (SELECT id FROM llx_rights_def WHERE module = 'webhook' AND perms = 'webhook_target'); DELETE FROM llx_usergroup_rights WHERE fk_id IN (SELECT id FROM llx_rights_def WHERE module = 'webhook' AND perms = 'webhook_target'); - DELETE FROM llx_rights_def WHERE module = 'webhook' AND perms = 'webhook_target'; +DELETE FROM llx_user_rights WHERE fk_id IN (SELECT id FROM llx_rights_def WHERE module = 'eventorganization'); +DELETE FROM llx_usergroup_rights WHERE fk_id IN (SELECT id FROM llx_rights_def WHERE module = 'eventorganization'); +DELETE FROM llx_rights_def WHERE module = 'eventorganization'; + +ALTER TABLE llx_rights_def ADD COLUMN family VARCHAR(16) AFTER module_position; + +-- Reorder some permission +UPDATE llx_rights_def SET module_position = 64 WHERE module = 'intracommreport' AND module_position <> 64; +UPDATE llx_rights_def SET module_position = 62 WHERE module = 'accounting' AND module_position <> 62; + ALTER TABLE llx_prelevement_lignes ADD COLUMN bic varchar(11); -- 11 according to ISO 9362 ALTER TABLE llx_prelevement_lignes ADD COLUMN iban varchar(80); -- full iban. 34 according to ISO 13616 but we set 80 to allow to store it with encryption information ALTER TABLE llx_prelevement_lignes ADD COLUMN rum varchar(32); -- rum used diff --git a/htdocs/install/mysql/tables/llx_rights_def.sql b/htdocs/install/mysql/tables/llx_rights_def.sql index 8533ebfe64f..7e33aadfabf 100644 --- a/htdocs/install/mysql/tables/llx_rights_def.sql +++ b/htdocs/install/mysql/tables/llx_rights_def.sql @@ -25,6 +25,7 @@ create table llx_rights_def module varchar(64), module_origin varchar(64), -- if the permission is for a module but provided by another module, we add here the name of the module that provides the permission module_position integer DEFAULT 0 NOT NULL, + family varchar(16) NULL, family_position integer DEFAULT 0 NOT NULL, perms varchar(50), subperms varchar(50), diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 0d2d1ac3c5e..e9f3fc652e9 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -2541,7 +2541,7 @@ AtBottomOfPage=At bottom of page FailedAuth=failed authentications MaxNumberOfFailedAuth=Max number of failed authentication in 24h to deny login. AllowPasswordResetBySendingANewPassByEmail=If a user A has this permission, and even if the user A is not an "admin" user, A is allowed to reset the password of any other user B, the new password will be send to the email of the other user B but it won't be visible to A. If the user A has the "admin" flag, he will also be able to know what is the new generated password of B so he will be able to take control of the B user account. -AllowAnyPrivileges=If a user A has this permission, he can create a user B with all privileges then use this user B, or grant himself any other group with any permission. So it means user A owns all business privileges (only system access to setup pages will be forbidden) +AllowAnyPrivileges=If a user A has this permission, he can create a user B with all privileges then use this user B, or grant himself any other group with any permission. So granting this permission to a user A means user A owns all business privileges (only system access to setup pages will be forbidden) ThisValueCanBeReadBecauseInstanceIsNotInProductionMode=This value is readable from user interface because your instance is NOT set in production mode SeeConfFile=See inside conf.php file on the server ReEncryptDesc=Reencrypt data if not yet encrypted diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index ae2aafe2d0b..c36b875955d 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -38,6 +38,7 @@ require '../main.inc.php'; * @var Conf $conf * @var DoliDB $db * @var HookManager $hookmanager + * @var MenuManager $menumanager * @var Translate $langs * @var User $user */ @@ -96,6 +97,7 @@ $object->loadRights(); $entity = $conf->entity; + /* * Actions */ @@ -148,24 +150,6 @@ if (empty($reshook)) { } } - -/* - * View - */ - -$form = new Form($db); - -$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname; -$title = $person_name." - ".$langs->trans('Permissions'); -$help_url = ''; -llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-user page-card_perms'); - -$head = user_prepare_head($object); - -$title = $langs->trans("User"); -print dol_get_fiche_head($head, 'rights', $title, -1, 'user'); - - $db->begin(); // Search all modules with permission and reload permissions def. @@ -193,7 +177,7 @@ foreach ($modulesdir as $dir) { } // Load all permissions if ($objMod->rights_class) { - $ret = $objMod->insert_permissions(0, $entity); + $objMod->insert_permissions(0, $entity); $modules[$objMod->rights_class] = $objMod; //print "modules[".$objMod->rights_class."]=$objMod;"; } @@ -207,10 +191,102 @@ $db->commit(); '@phan-var-force DolibarrModules[] $modules'; + +// Fix bad value for module_position in table +// ------------------------------------------ +$sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.family, r.family_position, r.bydefault"; +$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r"; +$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // We ignore permission "tous les tiers". Why ? +$sql .= " AND r.entity = ".((int) $entity); +$sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id"; + +$result = $db->query($sql); +if ($result) { + $num = $db->num_rows($result); + $i = 0; + $oldmod = ''; + + while ($i < $num) { + $obj = $db->fetch_object($result); + + // If line is for a module that does not exist anymore (absent of includes/module), we ignore it + if (!isset($obj->module) || empty($modules[$obj->module])) { + $i++; + continue; + } + + // Special cases + if (isModEnabled("reception")) { + // The 2 permissions in vendor modules are replaced by the 2 permissions into reception module + if ($obj->module == 'fournisseur' && $obj->perms == 'commande' && $obj->subperms == 'receptionner') { + $i++; + continue; + } + if ($obj->module == 'fournisseur' && $obj->perms == 'commande_advance' && $obj->subperms == 'check') { + $i++; + continue; + } + } + + $objMod = $modules[$obj->module]; + + // Save field module_position in database if value is undefined or wrong (old data/version) + if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $obj->module_position < 100000)) { + if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) { + // TODO Define familyposition + //$familyposition = $modules[$obj->module]->family_position; + $familyposition = 0; + + $newmoduleposition = $modules[$obj->module]->module_position; + + // Correct $newmoduleposition position for external modules + $objMod = $modules[$obj->module]; + if (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $newmoduleposition < 100000) { + $newmoduleposition += 100000; + } + + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $newmoduleposition).","; + $sqlupdate .= " family_position = ".((int) $familyposition); + $sqlupdate .= " WHERE module_position = ".((int) $obj->module_position)." AND module = '".$db->escape($obj->module)."'"; + + $db->query($sqlupdate); + } + } + + // Save field family in database if value is undefined (old data/version) + if (empty($obj->family) && is_object($objMod) && !empty($objMod->family)) { + $newfamily = $objMod->family; + $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET family = '".$db->escape($newfamily)."'"; + $sqlupdate .= " WHERE id = ".((int) $obj->id); + + $db->query($sqlupdate); + } + } +} else { + dol_print_error($db); +} + + +/* + * View + */ + +$form = new Form($db); + +$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname; +$title = $person_name." - ".$langs->trans('Permissions'); +$help_url = ''; +llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-user page-card_perms'); + +$head = user_prepare_head($object); + +$title = $langs->trans("User"); +print dol_get_fiche_head($head, 'rights', $title, -1, 'user'); + // Read permissions of edited user $permsuser = array(); -$sql = "SELECT DISTINCT ur.fk_id"; +$sql = "SELECT ur.fk_id"; $sql .= " FROM ".MAIN_DB_PREFIX."user_rights as ur"; $sql .= " WHERE ur.entity = ".((int) $entity); $sql .= " AND ur.fk_user = ".((int) $object->id); @@ -387,71 +463,6 @@ print ''; print ''."\n"; -// Fix bad value for module_position in table -// ------------------------------------------ -$sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault"; -$sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r"; -$sql .= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" -$sql .= " AND r.entity = ".((int) $entity); -$sql .= " ORDER BY r.family_position, r.module_position, r.module, r.id"; - -$result = $db->query($sql); -if ($result) { - $num = $db->num_rows($result); - $i = 0; - $oldmod = ''; - - while ($i < $num) { - $obj = $db->fetch_object($result); - - // If line is for a module that does not exist anymore (absent of includes/module), we ignore it - if (!isset($obj->module) || empty($modules[$obj->module])) { - $i++; - continue; - } - - // Special cases - if (isModEnabled("reception")) { - // The 2 permissions in fournisseur modules are replaced by permissions into reception module - if ($obj->module == 'fournisseur' && $obj->perms == 'commande' && $obj->subperms == 'receptionner') { - $i++; - continue; - } - if ($obj->module == 'fournisseur' && $obj->perms == 'commande_advance' && $obj->subperms == 'check') { - $i++; - continue; - } - } - - $objMod = $modules[$obj->module]; - - // Save field module_position in database if value is wrong - if (empty($obj->module_position) || (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $obj->module_position < 100000)) { - if (is_object($modules[$obj->module]) && ($modules[$obj->module]->module_position > 0)) { - // TODO Define familyposition - //$familyposition = $modules[$obj->module]->family_position; - $familyposition = 0; - - $newmoduleposition = $modules[$obj->module]->module_position; - - // Correct $newmoduleposition position for external modules - $objMod = $modules[$obj->module]; - if (is_object($objMod) && $objMod->isCoreOrExternalModule() == 'external' && $newmoduleposition < 100000) { - $newmoduleposition += 100000; - } - - $sqlupdate = 'UPDATE '.MAIN_DB_PREFIX."rights_def SET module_position = ".((int) $newmoduleposition).","; - $sqlupdate .= " family_position = ".((int) $familyposition); - $sqlupdate .= " WHERE module_position = ".((int) $obj->module_position)." AND module = '".$db->escape($obj->module)."'"; - - $db->query($sqlupdate); - } - } - } -} - - - //print "xx".$conf->global->MAIN_USE_ADVANCED_PERMS; $sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position, r.bydefault"; $sql .= " FROM ".MAIN_DB_PREFIX."rights_def as r";