diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index ab738f60d70..c7f1d417964 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -114,7 +114,6 @@ foreach ($modulesdir as $dir) if ($objMod->rights_class) { $ret=$objMod->insert_permissions(0); - $modules[$objMod->rights_class]=$objMod; //print "modules[".$objMod->rights_class."]=$objMod;"; } @@ -130,7 +129,7 @@ $db->commit(); $sql = "SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" -$sql.= " AND entity in (".(!empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")"; +$sql.= " AND entity IN (".(! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")"; if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled $sql.= " ORDER BY r.module, r.id"; diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index a216383b9d5..aba3036e281 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -176,15 +176,12 @@ class Conf { $modulename = strtolower($reg[1]); $partname = strtolower($reg[2]); - //$varname = $partname.'_modules'; // TODO deprecated - //if (! isset($this->$varname) || ! is_array($this->$varname)) { $this->$varname = array(); } // TODO deprecated if (! isset($this->modules_parts[$partname]) || ! is_array($this->modules_parts[$partname])) { $this->modules_parts[$partname] = array(); } $arrValue = json_decode($value,true); if (is_array($arrValue) && ! empty($arrValue)) $value = $arrValue; else if (in_array($partname,array('login','menus','substitutions','triggers','tpl','theme'))) $value = '/'.$modulename.'/core/'.$partname.'/'; else if (in_array($partname,array('models'))) $value = '/'.$modulename.'/'; else if ($value == 1) $value = '/'.$modulename.'/core/modules/'.$partname.'/'; - //$this->$varname = array_merge($this->$varname, array($modulename => $value)); // TODO deprecated $this->modules_parts[$partname] = array_merge($this->modules_parts[$partname], array($modulename => $value)); } // If this is a module constant (must be at end) @@ -200,7 +197,7 @@ class Conf } $i++; } - + $db->free($resql); } //var_dump($this->modules); diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 595f1eba0d8..1be2e62b7f1 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -968,9 +968,9 @@ class Form $sql.= ", e.label"; } $sql.= " FROM ".MAIN_DB_PREFIX ."user as u"; - if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) + if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) { - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX ."entity as e on e.rowid=u.entity"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX ."entity as e ON e.rowid=u.entity"; if ($force_entity) $sql.= " WHERE u.entity IN (0,".$force_entity.")"; else $sql.= " WHERE u.entity IS NOT NULL"; } @@ -1020,7 +1020,7 @@ class Form } $out.= $userstatic->getFullName($langs); - if(! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity) + if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity) { if ($obj->admin && ! $obj->entity) $out.=" (".$langs->trans("AllEntities").")"; else $out.=" (".$obj->label.")"; @@ -3756,14 +3756,14 @@ class Form // On recherche les groupes $sql = "SELECT ug.rowid, ug.nom "; - if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) + if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) { $sql.= ", e.label"; } $sql.= " FROM ".MAIN_DB_PREFIX."usergroup as ug "; - if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) + if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && ! $user->entity) { - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."entity as e on e.rowid=ug.entity"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."entity as e ON e.rowid=ug.entity"; if ($force_entity) $sql.= " WHERE ug.entity IN (0,".$force_entity.")"; else $sql.= " WHERE ug.entity IS NOT NULL"; } @@ -3801,7 +3801,7 @@ class Form $out.= '>'; $out.= $obj->nom; - if(! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1) + if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1) { $out.= " (".$obj->label.")"; } diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index b92e687c747..54386047e45 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -879,21 +879,21 @@ abstract class DolibarrModules * Insert permissions definitions related to the module into llx_rights_def * * @param int $reinitadminperms If 1, we also grant them to all admin users + * @param int $force_entity Force current entity * @return int Number of error (0 if OK) */ - function insert_permissions($reinitadminperms=0) + function insert_permissions($reinitadminperms=0, $force_entity=null) { global $conf,$user; $err=0; - - //print $this->rights_class." ".count($this->rights)."
"; + $entity=(! empty($force_entity) ? $force_entity : $conf->entity); // Test if module is activated $sql_del = "SELECT ".$this->db->decrypt('value')." as value"; $sql_del.= " FROM ".MAIN_DB_PREFIX."const"; $sql_del.= " WHERE ".$this->db->decrypt('name')." = '".$this->const_name."'"; - $sql_del.= " AND entity IN (0,".$conf->entity.")"; + $sql_del.= " AND entity IN (0,".$entity.")"; dol_syslog(get_class($this)."::insert_permissions sql=".$sql_del); $resql=$this->db->query($sql_del); @@ -922,14 +922,14 @@ abstract class DolibarrModules $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def"; $sql.= " (id, entity, libelle, module, type, bydefault, perms, subperms)"; $sql.= " VALUES "; - $sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."','".$r_subperms."')"; + $sql.= "(".$r_id.",".$entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."','".$r_subperms."')"; } else { $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def"; $sql.= " (id, entity, libelle, module, type, bydefault, perms)"; $sql.= " VALUES "; - $sql.= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."')"; + $sql.= "(".$r_id.",".$entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.",'".$r_perms."')"; } } else @@ -937,7 +937,7 @@ abstract class DolibarrModules $sql = "INSERT INTO ".MAIN_DB_PREFIX."rights_def "; $sql .= " (id, entity, libelle, module, type, bydefault)"; $sql .= " VALUES "; - $sql .= "(".$r_id.",".$conf->entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.")"; + $sql .= "(".$r_id.",".$entity.",'".$this->db->escape($r_desc)."','".$r_modul."','".$r_type."',".$r_def.")"; } dol_syslog(get_class($this)."::insert_permissions sql=".$sql, LOG_DEBUG); @@ -959,7 +959,7 @@ abstract class DolibarrModules if ($reinitadminperms) { include_once(DOL_DOCUMENT_ROOT.'/user/class/user.class.php'); - $sql="SELECT rowid from ".MAIN_DB_PREFIX."user where admin = 1"; + $sql="SELECT rowid FROM ".MAIN_DB_PREFIX."user WHERE admin = 1"; dol_syslog(get_class($this)."::insert_permissions Search all admin users sql=".$sql); $resqlseladmin=$this->db->query($sql,1); if ($resqlseladmin) diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 2193bb9c567..1a9d2e2e803 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -1227,7 +1227,7 @@ else print '
'; - if ($caneditfield && (empty($conf->multicompany->enabled) || (($fuser->entity == $conf->entity) || $fuser->entity == $user->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + if ($caneditfield && (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { if (! empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) { @@ -1239,7 +1239,7 @@ else } } elseif ($caneditpassword && ! $fuser->ldap_sid && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { print ''.$langs->trans("EditPassword").''; } @@ -1252,7 +1252,7 @@ else print ''.$langs->trans("ReinitPassword").''; } elseif (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { print ''.$langs->trans("ReinitPassword").''; } @@ -1262,7 +1262,7 @@ else print ''.$langs->trans("SendNewPassword").''; } else if (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { if ($fuser->email) print ''.$langs->trans("SendNewPassword").''; else print ''.$langs->trans("SendNewPassword").''; @@ -1271,19 +1271,19 @@ else // Activer if ($user->id <> $id && $candisableuser && $fuser->statut == 0 && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { print ''.$langs->trans("Reactivate").''; } // Desactiver if ($user->id <> $id && $candisableuser && $fuser->statut == 1 && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { print ''.$langs->trans("DisableUser").''; } // Delete if ($user->id <> $id && $candisableuser && - (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1)) ) + (empty($conf->multicompany->enabled) || ! $user->entity || ($fuser->entity == $conf->entity) || ($conf->multicompany->transverse_mode && $conf->entity == 1))) { print ''.$langs->trans("DeleteUser").''; } @@ -1602,7 +1602,7 @@ else if (empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity) { print "".''.$langs->trans("Entity").''; - print "".$mc->select_entities($conf->entity); + print "".$mc->select_entities($fuser->entity); print "\n"; } else diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index d790f733937..f84b37e3ca5 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -126,7 +126,8 @@ if ($id) // Load all permissions if ($objMod->rights_class) { - $ret=$objMod->insert_permissions(0); + $entity=((! empty($conf->multicompany->enabled) && ! empty($fgroup->entity)) ? $fgroup->entity : null); + $ret=$objMod->insert_permissions(0, $entity); $modules[$objMod->rights_class]=$objMod; } } @@ -146,9 +147,9 @@ if ($id) $sql.= " WHERE ugr.fk_id = r.id"; if(! empty($conf->multicompany->enabled)) { - if(empty($conf->multicompany->transverse_mode)) + if (empty($conf->multicompany->transverse_mode)) { - $sql.= " AND r.entity = ".$conf->entity; + $sql.= " AND r.entity = ".$fgroup->entity; } else { @@ -224,12 +225,11 @@ if ($id) $sql = "SELECT r.id, r.libelle, r.module"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" - //$sql.= " AND r.entity = ".(empty($conf->multicompany->enabled) ? $conf->entity : $fgroup->entity); if(! empty($conf->multicompany->enabled)) { - if(empty($conf->multicompany->transverse_mode)) + if (empty($conf->multicompany->transverse_mode)) { - $sql.= " AND r.entity = ".$conf->entity; + $sql.= " AND r.entity = ".$fgroup->entity; } else { diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 820ec2bed34..93eb28b4056 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -152,8 +152,8 @@ foreach($modulesdir as $dir) // Load all permissions if ($objMod->rights_class) { - $ret=$objMod->insert_permissions(0); - + $entity=((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : null); + $ret=$objMod->insert_permissions(0, $entity); $modules[$objMod->rights_class]=$objMod; //print "modules[".$objMod->rights_class."]=$objMod;"; }