diff --git a/htdocs/core/class/canvas.class.php b/htdocs/core/class/canvas.class.php index 9987d7eec2c..c564606df91 100644 --- a/htdocs/core/class/canvas.class.php +++ b/htdocs/core/class/canvas.class.php @@ -153,16 +153,16 @@ class Canvas { // Include dataservice class (model) $modelclassfile = DOL_DOCUMENT_ROOT.'/'.$this->aliasmodule.'/canvas/'.$this->canvas.'/dao_'.$this->targetmodule.'_'.$this->canvas.'.class.php'; - include_once($modelclassfile); + require_once($modelclassfile); // Include actions class (controller) $controlclassfile = DOL_DOCUMENT_ROOT.'/'.$this->aliasmodule.'/canvas/'.$this->canvas.'/actions_'.$this->card.'_'.$this->canvas.'.class.php'; - include_once($controlclassfile); + require_once($controlclassfile); // Include specific library if (file_exists(DOL_DOCUMENT_ROOT.'/'.$this->aliasmodule.'/lib/'.$this->aliasmodule.'.lib.php')) { - include_once(DOL_DOCUMENT_ROOT.'/'.$this->aliasmodule.'/lib/'.$this->aliasmodule.'.lib.php'); + require_once(DOL_DOCUMENT_ROOT.'/'.$this->aliasmodule.'/lib/'.$this->aliasmodule.'.lib.php'); } // Instantiate actions class (controller) diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 60a8b6d51a4..22eefc9e3cf 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1550,7 +1550,7 @@ function info_admin($texte,$infoonimgalt=0) /** * \brief Check permissions of a user to show a page and an object. Check read permission - * If $_REQUEST['action'] defined, we also check write permission. + * If $_REQUEST['action'] defined, we also check write and delete permission. * \param user User to check * \param features Features to check (in most cases, it's module name) * \param objectid Object ID if we want to check permission on a particular record (optionnal) @@ -1638,11 +1638,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' { foreach ($features as $feature) { - if ($feature == 'societe') - { - if (! $user->rights->societe->creer && ! $user->rights->fournisseur->creer) $createok=0; - } - else if ($feature == 'contact') + if ($feature == 'contact') { if (! $user->rights->societe->contact->creer) $createok=0; } @@ -1682,6 +1678,49 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' if (! $createok) accessforbidden(); //print "Write access is ok"; } + + // Check delete permission from module + $deleteok=1; + if ( (GETPOST("action") && GETPOST("action") == 'confirm_delete') && (GETPOST("confirm") && GETPOST("confirm") == 'yes') ) + { + foreach ($features as $feature) + { + if ($feature == 'contact') + { + if (! $user->rights->societe->contact->supprimer) $deleteok=0; + } + else if ($feature == 'produit|service') + { + if (! $user->rights->produit->supprimer && ! $user->rights->service->supprimer) $deleteok=0; + } + else if ($feature == 'commande_fournisseur') + { + if (! $user->rights->fournisseur->commande->supprimer) $deleteok=0; + } + else if ($feature == 'banque') + { + if (! $user->rights->banque->modifier) $deleteok=0; + } + else if ($feature == 'cheque') + { + if (! $user->rights->banque->cheque) $deleteok=0; + } + else if (! empty($feature2)) // This should be used for future changes + { + if (empty($user->rights->$feature->$feature2->supprimer) + && empty($user->rights->$feature->$feature2->delete)) $deleteok=0; + } + else if (! empty($feature)) // This is for old permissions + { + //print '
feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete; + if (empty($user->rights->$feature->supprimer) + && empty($user->rights->$feature->delete)) $deleteok=0; + } + } + + if (! $deleteok) accessforbidden(); + //print "Delete access is ok"; + } // If we have a particular object to check permissions on, we check this object // is linked to a company allowed to $user. diff --git a/htdocs/societe/canvas/actions_card_common.class.php b/htdocs/societe/canvas/actions_card_common.class.php index fee86ca3bb8..2fcda214242 100644 --- a/htdocs/societe/canvas/actions_card_common.class.php +++ b/htdocs/societe/canvas/actions_card_common.class.php @@ -337,8 +337,8 @@ class ActionsCardCommon $this->object->code_fournisseur = $_POST["code_fournisseur"]; $this->object->adresse = $_POST["adresse"]; // TODO obsolete $this->object->address = $_POST["adresse"]; - $this->object->cp = $_POST["cp"]; - $this->object->ville = $_POST["ville"]; + $this->object->cp = $_POST["zipcode"]; + $this->object->ville = $_POST["town"]; $this->object->pays_id = $_POST["pays_id"]?$_POST["pays_id"]:$mysoc->pays_id; $this->object->departement_id = $_POST["departement_id"]; $this->object->tel = $_POST["tel"]; @@ -404,7 +404,7 @@ class ActionsCardCommon // Add new third party if ((! $_POST["getcustomercode"] && ! $_POST["getsuppliercode"]) - && ($_POST["action"] == 'add' || $_POST["action"] == 'update') && $user->rights->societe->creer) + && ($_POST["action"] == 'add' || $_POST["action"] == 'update')) { require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php"); $error=0; @@ -431,8 +431,8 @@ class ActionsCardCommon $this->object->address = $_POST["adresse"]; $this->object->adresse = $_POST["adresse"]; // TODO obsolete - $this->object->cp = $_POST["cp"]; - $this->object->ville = $_POST["ville"]; + $this->object->cp = $_POST["zipcode"]; + $this->object->ville = $_POST["town"]; $this->object->pays_id = $_POST["pays_id"]; $this->object->departement_id = $_POST["departement_id"]; $this->object->tel = $_POST["tel"]; @@ -604,7 +604,7 @@ class ActionsCardCommon } } - if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes' && $user->rights->societe->supprimer) + if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes') { $this->object->fetch($socid); @@ -626,9 +626,9 @@ class ActionsCardCommon /* * Generate document */ - if ($_REQUEST['action'] == 'builddoc') // En get ou en post + if (GETPOST('action') == 'builddoc') // En get ou en post { - if (is_numeric($_REQUEST['model'])) + if (is_numeric(GETPOST('model'))) { $this->error=$langs->trans("ErrorFieldRequired",$langs->transnoentities("Model")); } @@ -639,23 +639,17 @@ class ActionsCardCommon $this->object->fetch($socid); $this->object->fetch_thirdparty(); - /*if ($_REQUEST['model']) - { - $fac->setDocModel($user, $_REQUEST['model']); - } - */ - // Define output language $outputlangs = $langs; $newlang=''; - if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id']; + if ($conf->global->MAIN_MULTILANGS && empty($newlang) && GETPOST('lang_id') ) $newlang=GETPOST('lang_id'); if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$this->object->default_lang; if (! empty($newlang)) { $outputlangs = new Translate("",$conf); $outputlangs->setDefaultLang($newlang); } - $result=thirdparty_doc_create($this->db, $this->object->id, '', $_REQUEST['model'], $outputlangs); + $result=thirdparty_doc_create($this->db, $this->object->id, '', GETPOST('model'), $outputlangs); if ($result <= 0) { dol_print_error($this->db,$result); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 18deed9bbb8..54f62d466f6 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -463,8 +463,8 @@ class Societe extends CommonObject $sql .= ",fk_forme_juridique = ".($this->forme_juridique_code?"'".$this->forme_juridique_code."'":"null"); - $sql .= ",client = " . $this->client; - $sql .= ",fournisseur = " . $this->fournisseur; + $sql .= ",client = " . ($this->client?$this->client:0); + $sql .= ",fournisseur = " . ($this->fournisseur?$this->fournisseur:0); $sql .= ",gencod = ".($this->gencod?"'".$this->gencod."'":"null"); $sql .= ",default_lang = ".($this->default_lang?"'".$this->default_lang."'":"null");