From c3f673c3ad61fa2b20c72e92854732e0e5924b5d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 8 Sep 2022 14:58:00 +0200 Subject: [PATCH] Clean permissions for barcode menu --- htdocs/barcode/codeinit.php | 18 +++++---- htdocs/barcode/printsheet.php | 15 ++++++-- htdocs/core/modules/modBarcode.class.php | 38 ++++++++++++------- .../install/mysql/migration/16.0.0-17.0.0.sql | 3 ++ htdocs/langs/en_US/admin.lang | 6 +-- htdocs/langs/en_US/modulebuilder.lang | 2 +- .../core/modules/modMyModule.class.php | 16 ++++---- .../modulebuilder/template/mymoduleindex.php | 8 +++- htdocs/recruitment/index.php | 2 +- 9 files changed, 69 insertions(+), 39 deletions(-) diff --git a/htdocs/barcode/codeinit.php b/htdocs/barcode/codeinit.php index fe8ff50cf96..08456fc45af 100644 --- a/htdocs/barcode/codeinit.php +++ b/htdocs/barcode/codeinit.php @@ -49,6 +49,17 @@ $modBarCodeThirdparty = ''; $maxperinit = 1000; +// Security check (enable the most restrictive one) +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +if (!isModEnabled('barcode')) { + accessforbidden('Module not enabled'); +} +//restrictedArea($user, 'barcode'); +if (empty($user->admin)) { + accessforbidden('Must be admin'); +} + /* * Actions @@ -262,13 +273,6 @@ if ($action == 'initbarcodeproducts') { * View */ -if (!$user->admin) { - accessforbidden(); -} -if (empty($conf->barcode->enabled)) { - accessforbidden(); -} - $form = new Form($db); llxHeader('', $langs->trans("MassBarcodeInit")); diff --git a/htdocs/barcode/printsheet.php b/htdocs/barcode/printsheet.php index c55db4ef2a1..66297ab173c 100644 --- a/htdocs/barcode/printsheet.php +++ b/htdocs/barcode/printsheet.php @@ -56,6 +56,17 @@ $action = GETPOST('action', 'aZ09'); $producttmp = new Product($db); $thirdpartytmp = new Societe($db); +// Security check (enable the most restrictive one) +//if ($user->socid > 0) accessforbidden(); +//if ($user->socid > 0) $socid = $user->socid; +if (!isModEnabled('barcode')) { + accessforbidden('Module not enabled'); +} +if (!$user->hasRight('barcode', 'read')) { + accessforbidden(); +} +restrictedArea($user, 'barcode'); + /* * Actions @@ -263,10 +274,6 @@ if ($action == 'builddoc') { * View */ -if (empty($conf->barcode->enabled)) { - accessforbidden(); -} - $form = new Form($db); llxHeader('', $langs->trans("BarCodePrintsheet")); diff --git a/htdocs/core/modules/modBarcode.class.php b/htdocs/core/modules/modBarcode.class.php index ced58f9b6c4..ef0f1b7166a 100644 --- a/htdocs/core/modules/modBarcode.class.php +++ b/htdocs/core/modules/modBarcode.class.php @@ -77,18 +77,28 @@ class modBarcode extends DolibarrModules // Permissions $this->rights = array(); $this->rights_class = 'barcode'; + $r = 0; - $this->rights[1][0] = 301; // id de la permission - $this->rights[1][1] = 'Read barcodes'; // libelle de la permission - $this->rights[1][2] = 'r'; // type de la permission (deprecie a ce jour) - $this->rights[1][3] = 1; // La permission est-elle une permission par defaut - $this->rights[1][4] = 'lire_advance'; + $this->rights[$r][0] = 301; // id de la permission + $this->rights[$r][1] = 'Generate PDF sheets of barcodes'; // libelle de la permission + $this->rights[$r][2] = 'r'; // type de la permission (deprecie a ce jour) + $this->rights[$r][3] = 1; // La permission est-elle une permission par defaut + $this->rights[$r][4] = 'read'; + $r++; - $this->rights[2][0] = 302; // id de la permission - $this->rights[2][1] = 'Create/modify barcodes'; // libelle de la permission - $this->rights[2][2] = 'w'; // type de la permission (deprecie a ce jour) - $this->rights[2][3] = 0; // La permission est-elle une permission par defaut - $this->rights[2][4] = 'creer_advance'; + $this->rights[$r][0] = 304; // id de la permission + $this->rights[$r][1] = 'Read barcodes'; // libelle de la permission + $this->rights[$r][2] = 'r'; // type de la permission (deprecie a ce jour) + $this->rights[$r][3] = 1; // La permission est-elle une permission par defaut + $this->rights[$r][4] = 'lire_advance'; + $r++; + + $this->rights[$r][0] = 305; // id de la permission + $this->rights[$r][1] = 'Create/modify barcodes'; // libelle de la permission + $this->rights[$r][2] = 'w'; // type de la permission (deprecie a ce jour) + $this->rights[$r][3] = 0; // La permission est-elle une permission par defaut + $this->rights[$r][4] = 'creer_advance'; + $r++; // Main menu entries $r = 0; @@ -104,8 +114,8 @@ class modBarcode extends DolibarrModules 'url'=>'/barcode/printsheet.php?mainmenu=tools&leftmenu=barcodeprint', 'langs'=>'products', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>200, - 'enabled'=>'$conf->barcode->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->barcode->lire_advance) || (! $conf->global->MAIN_USE_ADVANCED_PERMS)', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("barcode")', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. + 'perms'=>'$user->hasRight("barcode", "read")', 'target'=>'', 'user'=>0, // 0=Menu for internal users, 1=external users, 2=both ); @@ -119,8 +129,8 @@ class modBarcode extends DolibarrModules 'url'=>'/barcode/codeinit.php?mainmenu=home&leftmenu=admintools', 'langs'=>'products', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>300, - 'enabled'=>'$conf->barcode->enabled && preg_match(\'/^(admintools|all)/\',$leftmenu)', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'($conf->global->MAIN_USE_ADVANCED_PERMS && $user->rights->barcode->creer_advance) || (! $conf->global->MAIN_USE_ADVANCED_PERMS)', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("barcode") && preg_match(\'/^(admintools|all)/\',$leftmenu)', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. + 'perms'=>'$user->admin', 'target'=>'', 'user'=>0, // 0=Menu for internal users, 1=external users, 2=both ); diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index 9b52b09ba2a..8121b94494d 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -146,3 +146,6 @@ ALTER TABLE llx_bank_extrafields ADD INDEX idx_bank_extrafields (fk_object); ALTER TABLE llx_user CHANGE COLUMN note note_private text; UPDATE llx_c_effectif SET code='EF101-500', libelle='101 - 500' WHERE code='EF100-500'; + +ALTER TABLE llx_rights_def ADD COLUMN tms timestamp DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP; + diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index d82631cc8fa..a24dd69cc71 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -843,9 +843,9 @@ Permission286=Export contacts Permission291=Read tariffs Permission292=Set permissions on the tariffs Permission293=Modify customer's tariffs -Permission300=Read barcodes -Permission301=Create/modify barcodes -Permission302=Delete barcodes +Permission301=Generate PDF sheets of barcodes +Permission304=Create/modify barcodes +Permission305=Delete barcodes Permission311=Read services Permission312=Assign service/subscription to contract Permission331=Read bookmarks diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang index a16dfc52ed2..d68b0b337f9 100644 --- a/htdocs/langs/en_US/modulebuilder.lang +++ b/htdocs/langs/en_US/modulebuilder.lang @@ -90,7 +90,7 @@ ListOfDictionariesEntries=List of dictionaries entries ListOfPermissionsDefined=List of defined permissions SeeExamples=See examples here EnabledDesc=Condition to have this field active.

Examples:
1
isModEnabled('MAIN_MODULE_MYMODULE')
getDolGlobalString('MYMODULE_OPTION')==2 -VisibleDesc=Is the field visible ? (Examples: 0=Never visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create), 5=Visible on list end view form only (not create, not update).

Using a negative value means field is not shown by default on list but can be selected for viewing).

It can be an expression, for example:
preg_match('/public/', $_SERVER['PHP_SELF'])?0:1
$user->hasRights('holiday', 'define_holiday')?1:5 +VisibleDesc=Is the field visible ? (Examples: 0=Never visible, 1=Visible on list and create/update/view forms, 2=Visible on list only, 3=Visible on create/update/view form only (not list), 4=Visible on list and update/view form only (not create), 5=Visible on list end view form only (not create, not update).

Using a negative value means field is not shown by default on list but can be selected for viewing).

It can be an expression, for example:
preg_match('/public/', $_SERVER['PHP_SELF'])?0:1
$user->hasRight('holiday', 'define_holiday')?1:5 DisplayOnPdfDesc=Display this field on compatible PDF documents, you can manage position with "Position" field.
Currently, known compatibles PDF models are : eratosthene (order), espadon (ship), sponge (invoices), cyan (propal/quotation), cornas (supplier order)

For document :
0 = not displayed
1 = display
2 = display only if not empty

For document lines :
0 = not displayed
1 = displayed in a column
3 = display in line description column after the description
4 = display in description column after the description only if not empty DisplayOnPdf=Display on PDF IsAMeasureDesc=Can the value of field be cumulated to get a total into list? (Examples: 1 or 0) diff --git a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php index edf0c7647de..973eb6ba915 100644 --- a/htdocs/modulebuilder/template/core/modules/modMyModule.class.php +++ b/htdocs/modulebuilder/template/core/modules/modMyModule.class.php @@ -298,8 +298,8 @@ class modMyModule extends DolibarrModules 'url'=>'/mymodule/mymoduleindex.php', 'langs'=>'mymodule@mymodule', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>1000 + $r, - 'enabled'=>'$conf->mymodule->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. - 'perms'=>'1', // Use 'perms'=>'$user->rights->mymodule->myobject->read' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("mymodule")', // Define condition to show or hide menu entry. Use 'isModEnabled("mymodule")' if entry must be visible if module is enabled. + 'perms'=>'1', // Use 'perms'=>'$user->hasRight("mymodule", "myobject", "read")' if you want your menu with a permission rules 'target'=>'', 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -315,8 +315,8 @@ class modMyModule extends DolibarrModules 'url'=>'/mymodule/mymoduleindex.php', 'langs'=>'mymodule@mymodule', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>1000+$r, - 'enabled'=>'$conf->mymodule->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. - 'perms'=>'$user->rights->mymodule->myobject->read', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("mymodule")', // Define condition to show or hide menu entry. Use 'isModEnabled("mymodule")' if entry must be visible if module is enabled. + 'perms'=>'$user->hasRight("mymodule", "myobject", "read")', 'target'=>'', 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -329,8 +329,8 @@ class modMyModule extends DolibarrModules 'url'=>'/mymodule/myobject_list.php', 'langs'=>'mymodule@mymodule', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>1000+$r, - 'enabled'=>'$conf->mymodule->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'$user->rights->mymodule->myobject->read', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("mymodule")', // Define condition to show or hide menu entry. Use 'isModEnabled("mymodule")' if entry must be visible if module is enabled. + 'perms'=>'$user->hasRight("mymodule", "myobject", "read")' 'target'=>'', 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both ); @@ -343,8 +343,8 @@ class modMyModule extends DolibarrModules 'url'=>'/mymodule/myobject_card.php?action=create', 'langs'=>'mymodule@mymodule', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. 'position'=>1000+$r, - 'enabled'=>'$conf->mymodule->enabled', // Define condition to show or hide menu entry. Use '$conf->mymodule->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'$user->rights->mymodule->myobject->write', // Use 'perms'=>'$user->rights->mymodule->level1->level2' if you want your menu with a permission rules + 'enabled'=>'isModEnabled("mymodule")', // Define condition to show or hide menu entry. Use 'isModEnabled("mymodule")' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. + 'perms'=>'$user->hasRight("mymodule", "myobject", "write")' 'target'=>'', 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both ); diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index d49e4e5e659..2581b407f3b 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -75,10 +75,16 @@ if (isset($user->socid) && $user->socid > 0) { // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//if (! $user->hasRights('mymodule', 'myobject', 'read')) { +//if (!isModEnabled('barcode')) { +// accessforbidden('Module not enabled'); +//} +//if (! $user->hasRight('mymodule', 'myobject', 'read')) { // accessforbidden(); //} //restrictedArea($user, 'mymodule', 0, 'mymodule_myobject', 'myobject', '', 'rowid'); +//if (empty($user->admin)) { +// accessforbidden('Must be admin'); +//} /* diff --git a/htdocs/recruitment/index.php b/htdocs/recruitment/index.php index a6c0a41be60..020204505a7 100644 --- a/htdocs/recruitment/index.php +++ b/htdocs/recruitment/index.php @@ -46,7 +46,7 @@ if (isset($user->socid) && $user->socid > 0) { // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -// if (! $user->hasRights('mymodule', 'myobject', 'read')) { +// if (! $user->hasRight('mymodule', 'myobject', 'read')) { // accessforbidden(); // } restrictedArea($user, 'recruitment', 0, 'recruitment_recruitmentjobposition', 'recruitmentjobposition', '', 'rowid');