Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-09 02:58:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

New: Super clean of permissions checks

Browse Source
This commit is contained in:
Laurent Destailleur
2008-02-25 16:30:43 +00:00
parent 00dbfcb56b
commit b12d53e13f
60 changed files with 504 additions and 952 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
htdocs/comm/action/index.php
View File

@@ -38,12 +38,9 @@ $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;

3
htdocs/comm/clients.php
View File

@@ -27,7 +27,8 @@
require("./pre.inc.php");
// Security check
$result = restrictedArea($user, 'societe','','',1);
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];

4
htdocs/comm/contact.php
View File

@@ -38,11 +38,11 @@ if ($page < 0) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$type=$_GET["type"];
// Security check
$result = restrictedArea($user, 'societe');
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
/*

5
htdocs/comm/fiche.php
View File

@@ -41,10 +41,9 @@ $langs->load("bills");
$langs->load("contracts");
if ($conf->fichinter->enabled) $langs->load("interventions");
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
// Security check
$result = restrictedArea($user, 'societe', $socid);
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];

25
htdocs/comm/prospect/fiche.php
View File

@@ -35,28 +35,9 @@ $langs->load('companies');
$langs->load('projects');
$langs->load('propal');
$socid = isset($_GET["id"])?$_GET["id"]:$_GET["socid"]; // Fonctionne si on passe id ou socid
if ($socid == '') accessforbidden();
// Protection quand utilisateur externe
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.client = 2";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
/*

10
htdocs/comm/prospect/prospects.php
View File

@@ -32,13 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/prospect.class.php");
$langs->load("propal");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
$socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"];
$stcomm=isset($_GET["stcomm"])?$_GET["stcomm"]:$_POST["stcomm"];

19
htdocs/commande/liste.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
*
@@ -17,15 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/commande/liste.php
\ingroup commande
\brief Page liste des commandes
\version $Revision$
\version $Id$
*/
@@ -35,9 +33,6 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
$langs->load('orders');
$langs->load('companies');
if (!$user->rights->commande->lire)
accessforbidden();
$year=isset($_GET["year"])?$_GET["year"]:$_POST["year"];
$month=isset($_GET["month"])?$_GET["month"]:$_POST["month"];
$sref=isset($_GET['sref'])?$_GET['sref']:$_POST['sref'];
@@ -45,13 +40,9 @@ $sref_client=isset($_GET['sref_client'])?$_GET['sref_client']:(isset($_POST['sre
$snom=isset($_GET['snom'])?$_GET['snom']:$_POST['snom'];
$sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall'];
// S<EFBFBD>curit<EFBFBD> acc<63>s client
$socid = $_GET['socid'];
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
$result = restrictedArea($user, 'commande', $orderid,'',1);
/*

11
htdocs/compta/commande/liste.php
View File

@@ -42,13 +42,10 @@ if (! $sortorder) $sortorder="DESC";
$limit = $conf->liste_limit;
$offset = $limit * $_GET["page"] ;
// S<EFBFBD>curit<EFBFBD> acc<63>s client
$socid = $_GET["socid"];
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
$result = restrictedArea($user, 'commande',$orderid,'',1);
$langs->load('companies');

34
htdocs/compta/deplacement/fiche.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,21 +15,21 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/compta/deplacement/fiche.php
\brief Page fiche d'un d<>placement
\version $Id$
*/
require("./pre.inc.php");
$langs->load("trips");
// Security check
$id=isset($_GET["id"])?$_GET["id"]:$_POST["id"];
$result = restrictedArea($user, 'deplacement', $id,'',1);
$mesg = '';
@@ -38,7 +38,7 @@ $mesg = '';
/*
* Actions
*/
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->deplacement->supprimer)
{
$deplacement = new Deplacement($db);
$deplacement->delete($_GET["id"]);
@@ -46,11 +46,13 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
exit;
}
if ($_POST["action"] == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
if ($_POST["action"] == 'add' && $user->rights->deplacement->creer)
{
if (! $_POST["cancel"])
{
$deplacement = new Deplacement($db);
$deplacement->date = mktime(12, 1 , 1,
$deplacement->date = dolibarr_mktime(12, 0, 0,
$_POST["remonth"],
$_POST["reday"],
$_POST["reyear"]);
@@ -69,14 +71,22 @@ if ($_POST["action"] == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
{
dolibarr_print_error($db,$deplacement->error);
}
}
else
{
Header ( "Location: index.php");
exit;
}
}
if ($_POST["action"] == 'update' && $_POST["cancel"] <> $langs->trans("Cancel"))
if ($_POST["action"] == 'update' && $user->rights->deplacement->creer)
{
if (! $_POST["cancel"])
{
$deplacement = new Deplacement($db);
$result = $deplacement->fetch($_POST["id"]);
$deplacement->date = mktime(12, 1 , 1,
$deplacement->date = dolibarr_mktime(12, 0 , 0,
$_POST["remonth"],
$_POST["reday"],
$_POST["reyear"]);
@@ -94,6 +104,12 @@ if ($_POST["action"] == 'update' && $_POST["cancel"] <> $langs->trans("Cancel"))
{
print $mesg=$langs->trans("ErrorUnknown");
}
}
else
{
Header ( "Location: index.php");
exit;
}
}

7
htdocs/compta/deplacement/index.php
View File

@@ -17,14 +17,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/compta/deplacement/index.php
\brief Page liste des d<>placements
\version $Id$
*/
require("./pre.inc.php");
@@ -34,6 +32,9 @@ $langs->load("companies");
$langs->load("users");
$langs->load("trips");
// Security check
$result = restrictedArea($user, 'deplacement','','',1);
llxHeader();

16
htdocs/compta/facture/impayees.php
View File

@@ -32,21 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
require_once(DOL_DOCUMENT_ROOT."/paiement.class.php");
if (!$user->rights->facture->lire)
accessforbidden();
$langs->load("bills");
if ($_GET["socid"]) { $socid=$_GET["socid"]; }
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
$result = restrictedArea($user, 'facture',$facid,'',1);
llxHeader('',$langs->trans("BillsCustomersUnpayed"));

25
htdocs/compta/fiche.php
View File

@@ -33,30 +33,9 @@ $langs->load("companies");
if ($conf->facture->enabled) $langs->load("bills");
if ($conf->projet->enabled) $langs->load("projects");
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($socid == '') accessforbidden();
// Protection quand utilisateur externe
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
//print "eeeee".$socid."rr".$user->societe_id."oo".$user->rights->commercial->client->voir;
$sql = "SELECT sc.fk_soc, s.client";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$result = restrictedArea($user, 'societe',$socid,'',1);
/*

7
htdocs/compta/paiement/cheque/fiche.php
View File

@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/compta/paiement/cheque/fiche.php
\ingroup facture
\brief Onglet paiement cheque
\version $Revision$
\version $Id$
*/
require('./pre.inc.php');
@@ -36,6 +34,9 @@ $langs->load('bills');
$langs->load('banks');
$langs->load('companies');
// Security check
$result = restrictedArea($user, 'banque', '','',0);
$mesg='';
$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];

17
htdocs/compta/paiement/cheque/index.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2007-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/compta/paiement/cheque/index.php
\ingroup compta
\brief Page liste des bordereau de remise de cheque
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -32,16 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("banks");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if (! $user->rights->banque)
accessforbidden();
// Security check
$result = restrictedArea($user, 'banque', '','',1);
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
$checkdepositstatic=new RemiseCheque($db);
$accountstatic=new Account($db);

12
htdocs/compta/paiement/cheque/liste.php
View File

@@ -30,16 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("bills");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if (! $user->rights->facture->lire && ! $user->rights->adherent->cotisation->lire)
accessforbidden();
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$result = restrictedArea($user, 'banque', '','',1);
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];

17
htdocs/compta/paiement/liste.php
View File

@@ -33,16 +33,10 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("bills");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if (! $user->rights->facture->lire)
accessforbidden();
// Security check
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
$result = restrictedArea($user, 'facture',$facid,'',1);
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
$paymentstatic=new Paiement($db);
$accountstatic=new Account($db);
@@ -50,8 +44,9 @@ $companystatic=new Societe($db);
/*
* Affichage
*/
* View
*/
llxHeader('',$langs->trans("ListPayment"));
$page=$_GET["page"];

11
htdocs/compta/prelevement/demandes.php
View File

@@ -30,15 +30,12 @@
require("./pre.inc.php");
require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
if (!$user->rights->prelevement->bons->lire)
accessforbidden();
$langs->load("widthdrawals");
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'prelevement','','',1);
llxHeader();

11
htdocs/compta/prelevement/index.php
View File

@@ -32,16 +32,11 @@ require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
$langs->load("withdrawals");
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'prelevement','','',1);
if (!$user->rights->prelevement->bons->lire)
accessforbidden();
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
/*

37
htdocs/contact/exportimport.php
View File

@@ -32,43 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
// Protection quand utilisateur externe
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$socid=0;
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contactid && ! $user->rights->commercial->client->voir)
{
$sql = "SELECT sc.fk_soc, sp.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
$sql .= " WHERE sp.rowid = ".$contactid;
if (! $user->rights->commercial->client->voir && ! $socid)
{
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows() == 0) accessforbidden();
}
else
{
dolibarr_print_error($db);
}
}
$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
*
*
*/
* View
*/
llxHeader();

29
htdocs/contact/fiche.php
View File

@@ -35,36 +35,17 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
$langs->load("users");
$error = array();
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
// Protection quand utilisateur externe
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contact', $contactid,'',0);
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contactid && !$user->rights->commercial->client->voir)
{
$sql = "SELECT sc.fk_soc, sp.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
$sql .= " WHERE sp.rowid = ".$contactid;
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
{
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
}
if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
/*
* Actions
*/
// Creation utilisateur depuis contact
if ($user->rights->user->user->creer)

33
htdocs/contact/index.php
View File

@@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/contact/index.php
\ingroup societe
\brief Page liste des contacts
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -33,17 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
$langs->load("companies");
$langs->load("suppliers");
// S<>curit<69> acc<63>s client
$socid='';
if ($_GET["socid"]) { $socid=$_GET["socid"]; }
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contact', $contactid,'',1);
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
$search_prenom=isset($_GET["search_prenom"])?$_GET["search_prenom"]:$_POST["search_prenom"];
@@ -107,21 +97,18 @@ llxHeader();
$sql = "SELECT s.rowid as socid, s.nom, ";
$sql.= " p.rowid as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax,";
$sql.= " ".$db->pdate("p.tms")." as tms";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
$sql.= " FROM ";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= MAIN_DB_PREFIX."societe_commerciaux as sc,";
$sql.= " ".MAIN_DB_PREFIX."socpeople as p";
$sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql.= " WHERE 1=1 ";
if (!$user->rights->commercial->client->voir && !$socid) //restriction
{
$sql .= " AND IFNULL(sc.fk_user, ".$user->id.") = " .$user->id;
}
if ($_GET["userid"]) // statut commercial
{
$sql .= " AND p.fk_user_creat=".$_GET["userid"];
}
if (!$user->rights->commercial->client->voir && !$socid) //restriction
{
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
if ($search_nom) // filtre sur le nom
{
$sql .= " AND p.name like '%".addslashes($search_nom)."%'";

35
htdocs/contact/info.php
View File

@@ -32,42 +32,15 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
// Protection quand utilisateur externe
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contact',$contactid,'',1);
$socid=0;
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contactid && ! $user->rights->commercial->client->voir)
{
$sql = "SELECT sc.fk_soc, sp.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
$sql .= " WHERE sp.rowid = ".$contactid;
if (! $user->rights->commercial->client->voir && ! $socid)
{
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows() == 0) accessforbidden();
}
else
{
dolibarr_print_error($db);
}
}
/*
* Fiche info
*/
* View
*/
llxHeader();

41
htdocs/contact/ldap.php
View File

@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/contact/ldap.php
\ingroup ldap
\brief Page fiche LDAP contact
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -35,43 +33,14 @@ $langs->load("companies");
$langs->load("ldap");
$langs->load("admin");
// Protection quand utilisateur externe
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$socid=0;
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contactid && ! $user->rights->commercial->client->voir)
{
$sql = "SELECT sc.fk_soc, sp.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
$sql .= " WHERE sp.rowid = ".$contactid;
if (! $user->rights->commercial->client->voir && ! $socid)
{
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows() == 0) accessforbidden();
}
else
{
dolibarr_print_error($db);
}
}
$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
*
*
*/
* View
*/
llxHeader();

57
htdocs/contact/perso.php
View File

@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/contact/perso.php
\ingroup societe
\brief Onglet informations personnelles d'un contact
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -32,59 +30,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
// Protection quand utilisateur externe
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$socid=0;
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contactid && ! $user->rights->commercial->client->voir)
{
$sql = "SELECT sc.fk_soc, sp.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
$sql .= " WHERE sp.rowid = ".$contactid;
if (! $user->rights->commercial->client->voir && ! $socid)
{
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
}
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows() == 0) accessforbidden();
}
else
{
dolibarr_print_error($db);
}
}
if ($_POST["action"] == 'update')
{
$contact = new Contact($db);
$contact->id = $_POST["contactid"];
if ($_POST["birthdayyear"] && $_POST["birthdaymonth"] && $_POST["birthdayday"])
{
$contact->birthday = dolibarr_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
}
$contact->birthday_alert = $_POST["birthday_alert"];
$result = $contact->update_perso($_POST["contactid"], $user);
}
$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
*
*
*/
* View
*/
llxHeader();

11
htdocs/contrat/index.php
View File

@@ -38,14 +38,9 @@ $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
// S<EFBFBD>curit<EFBFBD> acc<63>s client
$socid='';
if ($_GET["socid"]) { $socid=$_GET["socid"]; }
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$contratid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contrat',$contratid,'',1);
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);

38
htdocs/contrat/info.php
View File

@@ -31,42 +31,16 @@ require_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
$langs->load("contracts");
if (!$user->rights->contrat->lire)
accessforbidden();
// S<>curit<69> acc<63>s client et commerciaux
// Security check
$contratid = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id > 0)
{
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
{
$sql = "SELECT sc.fk_soc, c.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.rowid = ".$contratid;
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
{
$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
}
if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
llxHeader();
$result = restrictedArea($user, 'contrat',$contratid,'',1);
/*
* Visualisation de la fiche
*
*/
* View
*/
llxHeader();
$contrat = new Contrat($db);
$contrat->fetch($_GET["id"]);

14
htdocs/contrat/liste.php
View File

@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/contrat/liste.php
\ingroup contrat
\brief Page liste des contrats
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -50,12 +47,9 @@ $socid=$_GET["socid"];
if (! $sortfield) $sortfield="c.rowid";
if (! $sortorder) $sortorder="DESC";
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$contratid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contrat',$contratid,'',1);
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);

28
htdocs/contrat/note.php
View File

@@ -36,32 +36,10 @@ if (!$user->rights->contrat->lire)
$langs->load("companies");
$langs->load("contracts");
// S<EFBFBD>curit<EFBFBD> acc<63>s client et commerciaux
$contratid = isset($_GET["id"])?$_GET["id"]:'';
// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contact',$contactid,'',1);
if ($user->societe_id > 0)
{
unset($_GET["action"]);
$socid = $user->societe_id;
}
// Protection restriction commercial
if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
{
$sql = "SELECT sc.fk_soc, c.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
$sql .= " WHERE c.rowid = ".$contratid;
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
{
$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
}
if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$contrat = new Contrat($db);
$contrat->fetch($_GET["id"]);

10
htdocs/contrat/services.php
View File

@@ -51,12 +51,10 @@ $search_service=isset($_GET["search_service"])?$_GET["search_service"]:$_POST["s
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
$socid=$_GET["socid"];
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$contratid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'contrat',$contratid,'',1);
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);

10
htdocs/expedition/index.php
View File

@@ -16,22 +16,24 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/expedition/index.php
\ingroup expedition
\brief Page accueil du module expedition
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
$langs->load("sendings");
/*
* View
*/
llxHeader('',$langs->trans("Sendings"),'ch-expedition.html',$form_search);
print_fiche_titre($langs->trans("SendingsArea"));

12
htdocs/expedition/liste.php
View File

@@ -29,16 +29,12 @@
require("./pre.inc.php");
if (!$user->rights->expedition->lire) accessforbidden();
$langs->load('companies');
// S<EFBFBD>curit<EFBFBD> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$expeditionid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'expedition',$expeditionid,'',1);
$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:"";
$sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:"";

16
htdocs/fichinter/index.php
View File

@@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fichinter/index.php
\brief Page accueil espace fiches interventions
\ingroup ficheinter
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -40,11 +37,9 @@ $sortfield=$_GET["sortfield"]?$_GET["sortfield"]:$_POST["sortfield"];
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
$page=$_GET["page"]?$_GET["page"]:$_POST["page"];
// Securit<EFBFBD>
if ($user->societe_id > 0)
{
$socid = $user->societe_id ;
}
// Security check
$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
$result = restrictedArea($user, 'ficheinter', $fichinterid,'',1);
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datei";
@@ -55,6 +50,9 @@ $offset = $limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
/*
* View
*/
llxHeader();

22
htdocs/fourn/commande/index.php
View File

@@ -1,6 +1,6 @@
<?PHP
/* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,6 +27,10 @@
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
// Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
$result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
/*
* View
@@ -34,13 +38,6 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
llxHeader('',$langs->trans("SuppliersOrdersArea"));
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
$commande = new CommandeFournisseur($db);
print_barre_liste($langs->trans("SuppliersOrdersArea"), $page, "index.php", "", $sortfield, $sortorder, '', $num);
@@ -49,9 +46,14 @@ print '<table class="notopnoleftnoright" width="100%">';
print '<tr valign="top"><td class="notopnoleft" width="30%">';
$sql = "SELECT count(cf.rowid), fk_statut";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,";
$sql.= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE cf.fk_soc = s.rowid ";
if (!$user->rights->commercial->client->voir && !$socid) //restriction
{
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
$sql.= " GROUP BY cf.fk_statut";
$resql = $db->query($sql);

37
htdocs/fourn/commande/liste.php
View File

@@ -1,6 +1,6 @@
<?PHP
/* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fourn/commande/liste.php
\ingroup fournisseur
\brief Liste des commandes fournisseurs
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -36,14 +33,16 @@ $socid = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
$sortorder = $_GET["sortorder"];
$sortfield = $_GET["sortfield"];
// Security check
$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
$result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
/*
* View
*/
$title = $langs->trans("SuppliersOrders");
if (!$user->rights->fournisseur->commande->lire) accessforbidden();
// S<>curit<69> acc<63>s client/fournisseur
if ($user->societe_id > 0) $socid = $user->societe_id;
if ($socid > 0)
{
$fourn = new Fournisseur($db);
@@ -51,10 +50,6 @@ if ($socid > 0)
$title .= ' (<a href="liste.php">'.$fourn->nom.'</a>)';
}
/*
* Affichage
*/
llxHeader('',$title);
$commandestatic=new CommandeFournisseur($db);
@@ -71,10 +66,14 @@ $offset = $conf->liste_limit * $page ;
$sql = "SELECT s.rowid as socid, s.nom, ".$db->pdate("cf.date_commande")." as dc,";
$sql .= " cf.rowid,cf.ref, cf.fk_statut";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,";
$sql .= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE cf.fk_soc = s.rowid ";
if (!$user->rights->commercial->client->voir && !$socid) //restriction
{
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
if ($socid)
{
$sql .= " AND s.rowid = ".$socid;

24
htdocs/fourn/fiche-stats.php
View File

@@ -36,37 +36,19 @@ $langs->load('orders');
$langs->load('companies');
$langs->load('commercial');
// S<EFBFBD>curit<EFBFBD> acc<63>s client
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
if (! $socid) accessforbidden();
$result = restrictedArea($user, 'societe',$socid,'',1);
/*
* Actions
*/
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
/*
* Mode fiche
* View
*/
$societe = new Fournisseur($db);

27
htdocs/fourn/fiche.php
View File

@@ -36,35 +36,12 @@ $langs->load('orders');
$langs->load('companies');
$langs->load('commercial');
// Securite acces client
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
if (! $socid) accessforbidden();
$result = restrictedArea($user, 'societe',$socid,'',1);
/*
* Actions
*/
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
/*
* Mode fiche
*/

18
htdocs/fourn/index.php
View File

@@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/fourn/index.php
\ingroup fournisseur
\brief Page accueil de la zone fournisseurs
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
@@ -36,16 +33,9 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
if (!$user->rights->societe->lire)
accessforbidden();
// S<>curit<69> acc<63>s client
$socid='';
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
/*

21
htdocs/fourn/liste.php
View File

@@ -33,9 +33,6 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
if (!$user->rights->societe->lire)
accessforbidden();
$page = isset($_GET["page"])?$_GET["page"]:'';
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -47,15 +44,10 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
llxHeader();
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
// S<>curit<69> acc<63>s client
$socid='';
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
if ($page == -1) { $page = 0 ; }
@@ -63,6 +55,13 @@ $offset = $conf->liste_limit * $page ;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom";
/*
* View
*/
llxHeader();
/*
* Mode Liste
*

14
htdocs/fourn/stats.php
View File

@@ -33,10 +33,6 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
if (!$user->rights->societe->lire)
accessforbidden();
$page = isset($_GET["page"])?$_GET["page"]:'';
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -44,13 +40,9 @@ $socname = isset($_GET["socname"])?$_GET["socname"]:'';
$search_nom = isset($_GET["search_nom"])?$_GET["search_nom"]:'';
$search_ville = isset($_GET["search_ville"])?$_GET["search_ville"]:'';
// S<EFBFBD>curit<EFBFBD> acc<63>s client
$socid='';
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$result = restrictedArea($user, 'societe',$socid,'',1);
if ($page == -1) { $page = 0 ; }

23
htdocs/html.form.class.php
View File

@@ -572,30 +572,29 @@ class Form
/**
* \brief Retourne la liste d<>roulante des soci<63>t<EFBFBD>s
* \brief Output html form to select a third party
* \param selected Societe pr<70>-s<>lectionn<6E>e
* \param htmlname Nom champ formulaire
* \param filter Criteres optionnels de filtre
* \param showempty Add an empty field
*/
function select_societes($selected='',$htmlname='socid',$filter='',$showempty=0)
{
global $conf;
global $conf,$user;
// On recherche les societes
$sql = "SELECT s.rowid, s.nom FROM";
$sql.= " ".MAIN_DB_PREFIX ."societe as s";
if ($filter) $sql.= " WHERE ".$filter;
$sql = "SELECT s.rowid, s.nom";
$sql.= " FROM ".MAIN_DB_PREFIX ."societe as s";
if (!$user->rights->commercial->client->voir && !$user->societe_id) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE 1=1";
if ($filter) $sql.= " AND ".$filter;
if ($selected && $conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT)
{
if ($filter)
{
$sql.= " AND";
$sql.= " AND rowid = ".$selected;
}
else
if (!$user->rights->commercial->client->voir && !$user->societe_id) //restriction
{
$sql.= " WHERE";
}
$sql.= " rowid = ".$selected;
$sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
}
$sql.= " ORDER BY nom ASC";

16
htdocs/includes/menus/barre_left/eldy_backoffice.php
View File

@@ -318,7 +318,7 @@ class MenuLeft {
$langs->load("orders");
$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -464,7 +464,7 @@ class MenuLeft {
{
$langs->load("trips");
$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
}
@@ -530,11 +530,11 @@ class MenuLeft {
}
// Gestion cheques
if ($conf->facture->enabled)
if ($conf->facture->enabled && $conf->banque->enabled)
{
$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->facture->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->banque->lire);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->banque->creer);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->banque->lire);
}
@@ -790,9 +790,11 @@ class MenuLeft {
*/
if ($mainmenu == 'members')
{
if ($conf->adherent->enabled)
{
$langs->load("members");
$langs->load("compta");
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&amp;action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);

11
htdocs/includes/menus/barre_left/eldy_frontoffice.php
View File

@@ -301,7 +301,7 @@ class MenuLeft {
$langs->load("orders");
$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -449,7 +449,7 @@ class MenuLeft {
{
$langs->load("trips");
$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&amp;leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&amp;mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
}
@@ -518,7 +518,7 @@ class MenuLeft {
// Gestion cheques
/*
if ($conf->facture->enabled)
if ($conf->facture->enabled && $conf->banque->enabled)
{
$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&amp;action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
@@ -759,9 +759,11 @@ class MenuLeft {
*/
if ($mainmenu == 'members')
{
if ($conf->adherent->enabled)
{
$langs->load("members");
$langs->load("compta");
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&amp;action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);
@@ -771,7 +773,6 @@ class MenuLeft {
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=1&amp;filter=outofdate",$langs->trans("MenuMembersNotUpToDate"),1,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=0",$langs->trans("MenuMembersResiliated"),1,$user->rights->adherent->lire);
$langs->load("compta");
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&amp;mainmenu=members",$langs->trans("Subscriptions"),0,$user->rights->adherent->cotisation->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&amp;statut=-1,1&amp;mainmenu=members",$langs->trans("NewSubscription"),1,$user->rights->adherent->cotisation->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/cotisations.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->cotisation->lire);

2
htdocs/includes/menus/barre_top/eldy_backoffice.php
View File

@@ -334,7 +334,7 @@ class MenuTop {
$class = 'class="tmenu"';
}
print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
}

2
htdocs/includes/menus/barre_top/eldy_frontoffice.php
View File

@@ -299,7 +299,7 @@ class MenuTop {
$class = 'class="tmenu"';
}
print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
}

13
htdocs/includes/modules/modCommercial.class.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
*
@@ -17,12 +17,11 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/** \defgroup commercial Module commercial
\brief Module pour g<EFBFBD>rer les fonctions commerciales
\brief Module pour gerer les fonctions commerciales
\version $Id$
*/
/**
@@ -84,7 +83,7 @@ class modCommercial extends DolibarrModules
$this->rights_class = 'commercial';
$r = 1;
// 261 : Permission g<EFBFBD>n<EFBFBD>rale
// 261 : Permission generale
$this->rights[$r][0] = 261;
$this->rights[$r][1] = 'Consulter informations commerciales';
$this->rights[$r][2] = 'r';
@@ -93,9 +92,9 @@ class modCommercial extends DolibarrModules
$this->rights[$r][5] = 'lire';
$r++;
// 262 : Resteindre l'acc<EFBFBD>s des commerciaux
// 262 : Resteindre l'acces des commerciaux
$this->rights[$r][0] = 262;
$this->rights[$r][1] = 'Consulter tous les clients (effectifs pour utilisateurs internes uniquement)';
$this->rights[$r][1] = 'Consulter tous les tiers par utilisateurs internes (sinon uniquement si contact commercial). Non effectif pour utilisateurs externes (tjs limités à eux-meme).';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 1;
$this->rights[$r][4] = 'client';

13
htdocs/includes/modules/modDeplacement.class.php
View File

@@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2005-2007 Laurent Destailleur <eldy@users.sourceforge.net>
/* Copyright (C) 2005-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -14,13 +14,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\defgroup deplacement Module deplacement et notes de frais
\brief Module pour g<EFBFBD>rer les d<EFBFBD>placements et notes de frais
\brief Module pour gerer les deplacements et notes de frais
\version $Id$
*/
/**
@@ -81,19 +80,19 @@ class modDeplacement extends DolibarrModules
$this->rights_class = 'deplacement';
$this->rights[1][0] = 170;
$this->rights[1][1] = 'Lire les d<EFBFBD>placements';
$this->rights[1][1] = 'Lire les deplacements';
$this->rights[1][2] = 'r';
$this->rights[1][3] = 1;
$this->rights[1][4] = 'lire';
$this->rights[2][0] = 171;
$this->rights[2][1] = 'Cr<EFBFBD>er/modifier les d<EFBFBD>placements';
$this->rights[2][1] = 'Creer/modifier les deplacements';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'creer';
$this->rights[3][0] = 172;
$this->rights[3][1] = 'Supprimer les d<EFBFBD>placements';
$this->rights[3][1] = 'Supprimer les deplacements';
$this->rights[3][2] = 'd';
$this->rights[3][3] = 0;
$this->rights[3][4] = 'supprimer';

11
htdocs/includes/modules/modFicheinter.class.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
*
@@ -17,13 +17,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\defgroup ficheinter Module fiche interventions
\brief Module pour g<>rer la tenue de fiches d'interventions
\defgroup ficheinter Module intervention cards
\brief Module to manage intervention cards
\version $Id$
*/
/**
@@ -101,7 +100,7 @@ class modFicheinter extends DolibarrModules
$this->rights[1][4] = 'lire';
$this->rights[2][0] = 62;
$this->rights[2][1] = 'Cr<EFBFBD>er/modifier les fiches d\'intervention';
$this->rights[2][1] = 'Creer/modifier les fiches d\'intervention';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'creer';

8
htdocs/includes/modules/modPrelevement.class.php
View File

@@ -80,28 +80,28 @@ class modPrelevement extends DolibarrModules
$this->rights_class = 'prelevement';
$this->rights[1][0] = 151;
$this->rights[1][1] = 'Consulter les pr<EFBFBD>l<EFBFBD>vements';
$this->rights[1][1] = 'Consulter les prelevements';
$this->rights[1][2] = 'r';
$this->rights[1][3] = 1;
$this->rights[1][4] = 'bons';
$this->rights[1][5] = 'lire';
$this->rights[2][0] = 152;
$this->rights[2][1] = 'Configurer les pr<EFBFBD>l<EFBFBD>vements';
$this->rights[2][1] = 'Configurer les prelevements';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'bons';
$this->rights[2][5] = 'configurer';
$this->rights[3][0] = 153;
$this->rights[3][1] = 'Consulter les bons de pr<EFBFBD>l<EFBFBD>vements';
$this->rights[3][1] = 'Consulter les bons de prelevements';
$this->rights[3][2] = 'r';
$this->rights[3][3] = 0;
$this->rights[3][4] = 'bons';
$this->rights[3][5] = 'lire';
$this->rights[4][0] = 154;
$this->rights[4][1] = 'Cr<EFBFBD>er un bon de pr<EFBFBD>l<EFBFBD>vement';
$this->rights[4][1] = 'Creer un bon de prelevement';
$this->rights[4][2] = 'w';
$this->rights[4][3] = 0;
$this->rights[4][4] = 'bons';

2
htdocs/langs/en_US/admin.lang
View File

@@ -372,7 +372,7 @@ Permission254=Delete or disable other users
Permission255=Create/modify his own user information
Permission256=Modify his own password
Permission261=Read commercial informations
Permission262=Read all companies (Internal users only. Externals are always limited to themselves)
Permission262=Read all third parties for internal users (otherwise require to be a commercial contact). Not affective for external users (always limited to themselves).
Permission281=Read contacts
Permission282=Create/modify contacts
Permission283=Delete contacts

1
htdocs/langs/en_US/main.lang
View File

@@ -412,6 +412,7 @@ TotalMan=Total
YouCanChangeValuesForThisListFromDictionnarySetup=You can change values for this list from menu setup - dictionnary
Color=Color
MenuECM=Documents
MenuMembers=Members
# Week day
Monday=Monday
Tuesday=Tuesday

2
htdocs/langs/fr_FR/admin.lang
View File

@@ -371,7 +371,7 @@ Permission254=Supprimer ou d
Permission255=Cr<43>er/modifier ses propres infos utilisateur
Permission256=Modifier son propre mot de passe
Permission261=Consulter informations commerciales
Permission262=Consulter toutes les soci<EFBFBD>t<EFBFBD>s (Utilisateurs internes uniquement. Externes tjs limit<69>s <20> eux m<>me)
Permission262=Consulter tous les tiers par utilisateurs internes (sinon requiert d'etre contact commercial). Non effectif pour utilisateurs externes (tjs limit<69>s <20> eux-meme).
Permission281=Consulter les contacts
Permission282=Cr<43>er/modifier les contacts
Permission283=Supprimer les contacts

1
htdocs/langs/fr_FR/main.lang
View File

@@ -414,6 +414,7 @@ TotalMan=Total
YouCanChangeValuesForThisListFromDictionnarySetup=Vous pouvez changer ces valeurs depuis le menu configuration - dictionnaires
Color=Couleur
MenuECM=Documents
MenuMembers=Adh<64>rents
# Week day
Monday=Lundi
Tuesday=Mardi

34
htdocs/lib/company.lib.php
View File

@@ -66,7 +66,8 @@ function societe_prepare_head($objsoc)
$head[$h][2] = 'compta';
$h++;
}
//affichage onglet cat<61>gorie
//show categorie tab
if ($conf->categorie->enabled)
{
$head[$h][0] = DOL_URL_ROOT.'/categories/categorie.php?socid='.$objsoc->id;
@@ -125,6 +126,37 @@ function societe_prepare_head($objsoc)
}
function societe_prepare_head2($objsoc)
{
global $langs, $conf, $user;
$h = 0;
$head = array();
$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans("Card");
$head[$h][2] = 'company';
$h++;
$head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans("BankAccount")." $account->number";
$head[$h][2] = 'rib';
$h++;
$head[$h][0] = 'lien.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans("Links");
$head[$h][2] = 'links';
$h++;
$head[$h][0] = 'commerciaux.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans("SalesRepresentative");
$head[$h][2] = 'salesrepresentative';
$h++;
return $head;
}
/**
* \brief Retourne le nom traduit ou code+nom d'un pays
* \param id id du pays

55
htdocs/lib/functions.inc.php
View File

@@ -1222,43 +1222,78 @@ function info_admin($texte,$infoonimgalt=0)
/**
\brief V<>rifie les droits de l'utilisateur
\param user Utilisateur courant
\param module Module a v<>rifier
\param feature Feature to check (in most cases, it's module name)
\param objectid ID de l'element (optionnel)
\param dbtable Table de la base correspondant au module (optionnel)
\param list D<>fini si la page sert de liste et donc ne fonctionne pas avec un id
*/
function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
function restrictedArea($user, $feature, $objectid='', $dbtablename='', $list=0)
{
global $db;
// Clean parameters
if (! $modulename)
if (! $feature)
{
$modulename = 'societe';
$feature = 'societe';
$list = 1;
}
$objectid = 0;
$socid = 0;
//print "$user->id, $feature, $objectid, $dbtablename, $list ".$user->rights->societe->contact->lire;
// Check read permission from module
$readok=1;
if ($modulename == 'societe')
if ($feature == 'societe')
{
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
}
else if ($feature == 'contact')
{
if (! $user->rights->societe->contact->lire) $readok=0;
}
else if ($feature == 'prelevement')
{
if (! $user->rights->prelevement->bons->lire) $readok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->lire) $readok=0;
}
else
{
if (! $user->rights->$modulename->lire) $readok=0;
if (! $user->rights->$feature->lire) $readok=0;
}
if (! $readok) accessforbidden();
//print "Read access is ok";
// Check write permission from module
$createok=1;
if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
{
if (! $user->rights->$modulename->creer) $createok=0;
if ($feature == 'societe')
{
if (! $user->rights->societe->creer && ! $user->rights->fournisseur->creer) $createok=0;
}
else if ($feature == 'contact')
{
if (! $user->rights->societe->contact->creer) $createok=0;
}
else if ($feature == 'prelevement')
{
if (! $user->rights->prelevement->bons->creer) $createok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->creer) $createok=0;
}
else
{
if (! $user->rights->$feature->creer) $createok=0;
}
if (! $createok) accessforbidden();
//print "Write access is ok";
}
// Check permission from company affiliation
@@ -1268,12 +1303,12 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
$_POST["action"] = '';
$socid = $user->societe_id;
if (!$objectid) $objectid = $socid;
if ($modulename == 'societe' && $socid <> $objectid) accessforbidden();
if ($feature == 'societe' && $socid <> $objectid) accessforbidden();
}
if ($objectid)
{
if ($modulename == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
if ($feature == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
{
$sql = "SELECT sc.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -1282,7 +1317,7 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
else if (! $user->rights->commercial->client->voir || $socid > 0)
{
// Si dbtable non d<>fini, m<>me nom que le module
if (!$dbtablename) $dbtablename = $modulename;
if (!$dbtablename) $dbtablename = $feature;
$sql = "SELECT sc.fk_soc, dbt.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";

66
htdocs/societe/commerciaux.php
View File

@@ -15,18 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
*/
/**
\file htdocs/societe/commerciaux.php
\ingroup societe
\brief Page d'affectations des commerciaux aux societes
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langs->load("companies");
$langs->load("commercial");
@@ -34,32 +33,14 @@ $langs->load("customers");
$langs->load("suppliers");
$langs->load("banks");
if ( !$user->rights->societe->creer)
accessforbidden();
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if (!$socid) accessforbidden();
$result = restrictedArea($user, 'societe','','',1);
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
/*
* Actions
*/
if($_GET["socid"] && $_GET["commid"])
{
@@ -88,42 +69,31 @@ if($_GET["socid"] && $_GET["delcommid"])
$soc->del_commercial($user, $_GET["delcommid"]);
Header("Location: commerciaux.php?socid=".$soc->id);
exit;
}
else
{
Header("Location: commerciaux.php?socid=".$_GET["socid"]);
exit;
}
}
/*
* View
*/
llxHeader();
if($_GET["socid"])
if ($_GET["socid"])
{
$soc = new Societe($db);
$soc->id = $_GET["socid"];
$soc->fetch($_GET["socid"]);
$result=$soc->fetch($_GET["socid"]);
$h=0;
$head=societe_prepare_head2($soc);
$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Company");
$h++;
$head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("BankAccount")." $account->number";
$h++;
$head[$h][0] = 'lien.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Links");
$h++;
$head[$h][0] = 'commerciaux.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("SalesRepresentative");
$hselected=$h;
$h++;
dolibarr_fiche_head($head, $hselected, $soc->nom);
dolibarr_fiche_head($head, 'salesrepresentative', $langs->trans("ThirdParty"));
/*
* Fiche soci<63>t<EFBFBD> en mode visu
@@ -185,7 +155,7 @@ if($_GET["socid"])
{
print '<a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">';
print img_object($langs->trans("ShowUser"),"user").' ';
print stripslashes($obj->firstname)." " .stripslashes($obj->name)."\n";
print $obj->firstname." " .$obj->name."\n";
print '</a>&nbsp;';
print '<a href="commerciaux.php?socid='.$_GET["socid"].'&amp;delcommid='.$obj->rowid.'">';
print img_delete();

22
htdocs/societe/info.php
View File

@@ -30,27 +30,9 @@ require_once(DOL_DOCUMENT_ROOT."/societe.class.php");
$langs->load("companies");
$langs->load("other");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($socid == '') accessforbidden();
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.fk_soc, s.client";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$result = restrictedArea($user, 'societe','','',1);
/*

62
htdocs/societe/lien.php
View File

@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,55 +15,31 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/societe/lien.php
\ingroup societe
\brief Page des societes
\version $Revision$
\brief Page of links to other third parties
\version $Id$
*/
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langs->load("companies");
$langs->load("customers");
$langs->load("suppliers");
$langs->load("banks");
if ( !$user->rights->societe->creer)
accessforbidden();
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if (!$socid) accessforbidden();
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$result = restrictedArea($user, 'societe','','',1);
/*
* Actions
*/
* Actions
*/
// Positionne companie parente
if($_GET["socid"] && $_GET["select"])
@@ -117,27 +93,9 @@ if($_GET["socid"])
$soc->id = $_GET["socid"];
$soc->fetch($_GET["socid"]);
$h=0;
$head=societe_prepare_head2($soc);
$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Company");
$h++;
$head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("BankAccount")." $account->number";
$h++;
$head[$h][0] = 'lien.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Links");
$hselected=$h;
$h++;
$head[$h][0] = 'commerciaux.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("SalesRepresentative");
$h++;
dolibarr_fiche_head($head, $hselected, $soc->nom);
dolibarr_fiche_head($head, 'links', $langs->trans("ThirdParty"));
/*
* Fiche soci<63>t<EFBFBD> en mode visu

31
htdocs/societe/notify/fiche.php
View File

@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/societe/notify/fiche.php
\ingroup societe, notification
\brief Onglet notifications pour une societe
\version $Revision$
\version $Id$
*/
require("pre.inc.php");
@@ -34,27 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
$langs->load("companies");
$langs->load("mails");
// S<EFBFBD>curit<EFBFBD> acc<63>s client
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if ($socid == '') accessforbidden();
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
{
$sql = "SELECT sc.fk_soc, s.client";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
$result = restrictedArea($user, 'societe','','',1);
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
@@ -62,6 +41,10 @@ if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="c.name";
/*
* View
*/
llxHeader();
/*

70
htdocs/societe/rib.php
View File

@@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,58 +16,35 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id$
* $Source$
*/
/**
\file htdocs/societe/rib.php
\ingroup societe
\brief Onglet rib de societe
\version $Revision$
\version $Id$
*/
require("./pre.inc.php");
require_once DOL_DOCUMENT_ROOT . "/companybankaccount.class.php";
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
require_once DOL_DOCUMENT_ROOT."/companybankaccount.class.php";
$langs->load("companies");
$langs->load("banks");
if ( !$user->rights->societe->creer)
accessforbidden();
// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
if (!$socid) accessforbidden();
// S<>curit<69> acc<63>s client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
// Protection restriction commercial
if (!$user->rights->commercial->client->voir && $socid)
{
$sql = "SELECT sc.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
llxHeader();
$result = restrictedArea($user, 'societe','','',1);
$soc = new Societe($db);
$soc->id = $_GET["socid"];
$soc->fetch($_GET["socid"]);
/*
* Actions
*/
if ($_POST["action"] == 'update' && ! $_POST["cancel"])
{
// Modification
@@ -101,28 +78,13 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"])
/*
* Affichage onglets
*/
$h = 0;
* View
*/
llxHeader();
$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Company");
$h++;
$head=societe_prepare_head2($soc);
$head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("BankAccount")." $account->number";
$hselected=$h;
$h++;
$head[$h][0] = 'lien.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("Links");
$h++;
$head[$h][0] = 'commerciaux.php?socid='.$soc->id;
$head[$h][1] = $langs->trans("SalesRepresentative");
$h++;
dolibarr_fiche_head($head, $hselected, $soc->nom);
dolibarr_fiche_head($head, 'rib', $langs->trans("ThirdParty"));
$account = new CompanyBankAccount($db, $soc->id);
$account->fetch();

2
htdocs/user/perms.php
View File

@@ -249,7 +249,7 @@ if ($result)
{
// On affiche ligne pour modifier droits
print '<tr '. $bc[$var].'>';
print '<td>'.img_object('',$picto).' '.$objMod->getName();
print '<td nowrap="nowrap">'.img_object('',$picto).' '.$objMod->getName();
print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';
print '<td align="center" nowrap>';
print '<a title='.$langs->trans("All").' alt='.$langs->trans("All").' href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";