Fix CI

Merge pull request #36527 from FHenry/22_fix_subtotal_attribute_copy
fix: when create invoices from orders list, title and subtotal attribute is now copied
2025-12-05 09:08:09 +01:00 · 2025-12-04 21:45:34 +01:00 · 2025-12-04 21:26:01 +01:00 · 2025-12-04 20:30:17 +01:00 · 2025-12-04 20:26:59 +01:00 · 2025-12-04 19:58:49 +01:00
17 changed files with 109 additions and 56 deletions
--- a/.github/workflows/ci-on-release.yml
+++ b/.github/workflows/ci-on-release.yml
@@ -0,0 +1,24 @@
 name: "CI-RELEASE"
 on:
  release:
    types: [published]
 jobs:
  trigger-docker:
    runs-on: ubuntu-latest
    steps:
      - name: Generate a token
        id: generate-token
        uses: actions/create-github-app-token@v2
        with:
          app-id: ${{ vars.RELEASE_DOCKER_ID }}
          private-key: ${{ secrets.RELEASE_DOCKER_SECRET }}
      - uses: peter-evans/repository-dispatch@v4
        with:
          token: ${{ steps.generate-token.outputs.token }}
          repository: Dolibarr/dolibarr-docker
          event-type: new-release
          client-payload: '{"version": "${{ github.event.release.tag_name }}"}'
--- a/htdocs/commande/list.php
+++ b/htdocs/commande/list.php
@@ -606,6 +606,13 @@ if (empty($reshook)) {
 								$lines[$i]->fk_unit
 							);
 							if ($result > 0) {
 								if (!empty($lines[$i]->extraparams)) {
 									$factureLine = new FactureLigne($db);
 									$factureLine->id = $result;
 									$factureLine->extraparams = $lines[$i]->extraparams;
 									$factureLine->setExtraParameters();
 								}
 								$lineid = $result;
 							} else {
 								$lineid = 0;
--- a/htdocs/contrat/class/api_contracts.class.php
+++ b/htdocs/contrat/class/api_contracts.class.php
@@ -21,6 +21,7 @@
 use Luracast\Restler\RestException;
 require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php';
 /**
 * API class for contracts
@@ -76,7 +77,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$this->contract->fetchObjectLinked();
@@ -158,7 +159,6 @@ class Contracts extends DolibarrApi
 			$sql .= $this->db->plimit($limit + 1, $offset);
 		}
 		dol_syslog("API Rest request");
 		$result = $this->db->query($sql);
 		if ($result) {
@@ -208,8 +208,19 @@ class Contracts extends DolibarrApi
 	public function post($request_data = null)
 	{
 		if (!DolibarrApiAccess::$user->hasRight('contrat', 'creer')) {
-			throw new RestException(403, "Insufficient rights");
+			throw new RestException(403, "Missing permission: Create/modify contracts/subscriptions");
 		}
 		$socid = (int) $request_data['socid'];
 		$thirdpartytmp = new Societe($this->db);
 		$thirdparty_result = $thirdpartytmp->fetch($socid);
 		if ($thirdparty_result < 1) {
 			throw new RestException(404, 'Thirdparty with id='.$socid.' not found or not allowed');
 		}
 		if (!DolibarrApi::_checkAccessToResource('societe', $thirdpartytmp->id)) {
 			throw new RestException(404, 'Thirdparty with id='.$thirdpartytmp->id.' not found or not allowed');
 		}
 		// Check mandatory fields
 		$result = $this->_validate($request_data);
@@ -268,7 +279,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$obj_ret = [];
@@ -300,7 +311,6 @@ class Contracts extends DolibarrApi
 			$sql .= $this->db->plimit($limit + 1, $offset);
 		}
 		dol_syslog("API Rest request");
 		$result = $this->db->query($sql);
 		if ($result) {
 			$num = $this->db->num_rows($result);
@@ -360,7 +370,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$request_data = (object) $request_data;
@@ -420,7 +430,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$request_data = (object) $request_data;
@@ -568,7 +578,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$updateRes = $this->contract->active_line(DolibarrApiAccess::$user, $lineid, (int) $datestart, $dateend, $comment);
@@ -606,7 +616,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$updateRes = $this->contract->close_line(DolibarrApiAccess::$user, $lineid, (int) $datestart, $comment);
@@ -646,7 +656,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		// TODO Check the lineid $lineid is a line of object
@@ -673,14 +683,23 @@ class Contracts extends DolibarrApi
 		if (!DolibarrApiAccess::$user->hasRight('contrat', 'creer')) {
 			throw new RestException(403);
 		}
 		$result = $this->contract->fetch($id);
 		if (!$result) {
 			throw new RestException(404, 'Contrat not found');
 		}
 		$old_socid = $this->contract->socid;
 		$oldthirdpartytmp = new Societe($this->db);
 		$old_thirdparty_result = $oldthirdpartytmp->fetch($old_socid);
 		if ($old_thirdparty_result < 1) {
 			throw new RestException(404, 'Thirdparty with id='.$old_socid.' not found or not allowed');
 		}
 		if (!DolibarrApi::_checkAccessToResource('societe', $old_socid)) {
 			throw new RestException(403, 'Access to old thirdparty='.$old_socid.' is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		foreach ($request_data as $field => $value) {
 			if ($field == 'id') {
@@ -698,6 +717,18 @@ class Contracts extends DolibarrApi
 				continue;
 			}
 			if ($field == 'socid') {
 				$new_socid = (int) $value;
 				$loopthirdpartytmp = new Societe($this->db);
 				$new_thirdparty_result = $loopthirdpartytmp->fetch($new_socid);
 				if ($new_thirdparty_result < 1) {
 					throw new RestException(404, 'Thirdparty with id='.$new_socid.' not found or not allowed');
 				}
 				if (!DolibarrApi::_checkAccessToResource('societe', $new_socid)) {
 					throw new RestException(403, 'Access to new thirdparty='.$new_socid.' is not allowed for login '.DolibarrApiAccess::$user->login);
 				}
 			}
 			$this->contract->$field = $this->_checkValForAPI($field, $value, $this->contract);
 		}
@@ -720,7 +751,7 @@ class Contracts extends DolibarrApi
 	public function delete($id)
 	{
 		if (!DolibarrApiAccess::$user->hasRight('contrat', 'supprimer')) {
-			throw new RestException(403);
+			throw new RestException(403, 'Missing permission: Delete contracts/subscriptions');
 		}
 		$result = $this->contract->fetch($id);
 		if (!$result) {
@@ -728,7 +759,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		if (!$this->contract->delete(DolibarrApiAccess::$user)) {
@@ -773,7 +804,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$result = $this->contract->validate(DolibarrApiAccess::$user, '', $notrigger);
@@ -822,7 +853,7 @@ class Contracts extends DolibarrApi
 		}
 		if (!DolibarrApi::_checkAccessToResource('contrat', $this->contract->id)) {
-			throw new RestException(403, 'Access not allowed for login '.DolibarrApiAccess::$user->login);
+			throw new RestException(403, 'Access to this contract is not allowed for login '.DolibarrApiAccess::$user->login);
 		}
 		$result = $this->contract->closeAll(DolibarrApiAccess::$user, $notrigger);
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -1225,7 +1225,7 @@ function GETPOSTDATE($prefix, $hourTime = '', $gm = 'auto', $saverestore = '')
 	if ($hourTime === 'getpost' || $hourTime === 'getpostend') {
 		$hour   = (GETPOSTISSET($prefix . 'hour') && GETPOSTINT($prefix . 'hour') >= 0) ? GETPOSTINT($prefix . 'hour') : ($hourTime === 'getpostend' ? 23 : 0);
 		$minute = (GETPOSTISSET($prefix . 'min') && GETPOSTINT($prefix . 'min') >= 0) ? GETPOSTINT($prefix . 'min') : ($hourTime === 'getpostend' ? 59 : 0);
-		$second = (GETPOSTISSET($prefix . 'second') && GETPOSTINT($prefix . 'second') >= 0) ? GETPOSTINT($prefix . 'second') : ($hourTime === 'getpostend' ? 59 : 0);
+		$second = (GETPOSTISSET($prefix . 'sec') && GETPOSTINT($prefix . 'sec') >= 0) ? GETPOSTINT($prefix . 'sec') : ($hourTime === 'getpostend' ? 59 : 0);
 	} elseif (preg_match('/^(\d\d):(\d\d):(\d\d)$/', $hourTime, $m)) {
 		$hour   = intval($m[1]);
 		$minute = intval($m[2]);
@@ -15811,8 +15811,8 @@ function buildParamDate($prefix, $timestamp = null, $hourTime = '', $gm = 'auto'
 	if ($hourTime === 'getpost' || ($timestamp !== null && dol_print_date($timestamp, '%H:%M:%S') !== '00:00:00')) {
 		$TParam = array_merge($TParam, array(
 			$prefix . 'hour'   => intval(dol_print_date($timestamp, '%H')),
-			$prefix . 'minute' => intval(dol_print_date($timestamp, '%M')),
+			$prefix . 'min' => intval(dol_print_date($timestamp, '%M')),
-			$prefix . 'second' => intval(dol_print_date($timestamp, '%S'))
+			$prefix . 'sec' => intval(dol_print_date($timestamp, '%S'))
 		));
 	}
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -993,14 +993,14 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
 		$checkonentitydone = 0;
 		// Array to define rules of checks to do
-		$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'payment_sc', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment', 'chargesociales', 'knowledgemanagement'); // Test on entity only (Objects with no link to company)
+		$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'payment_sc', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment', 'chargesociales', 'knowledgemanagement', 'stock'); // Test on entity only (Objects with no link to company)
 		$checksoc = array('societe'); // Test for object Societe
 		$checkparentsoc = array('agenda', 'contact', 'contrat'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
 		$checkproject = array('projet', 'project'); // Test for project object
 		$checktask = array('projet_task', 'project_task'); // Test for task object
 		$checkhierarchy = array('expensereport', 'holiday', 'hrm');	// check permission among the hierarchy of user
 		$checkuser = array('bookmark');	// check permission among the fk_user (must be myself or null)
-		$nocheck = array('barcode', 'stock'); // No test
+		$nocheck = array('barcode'); // No test
 		//$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
--- a/htdocs/fichinter/card.php
+++ b/htdocs/fichinter/card.php
@@ -13,6 +13,7 @@
 * Copyright (C) 2023-2024	William Mead				<william.mead@manchenumerique.fr>
 * Copyright (C) 2024-2025	MDW							<mdeweerd@users.noreply.github.com>
 * Copyright (C) 2024		Alexandre Spangaro			<alexandre@inovea-conseil.com>
 * Copyright (C) 2025		Pierre Ardoin				<developpeur@lesmetiersdubatiment.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
--- a/htdocs/fourn/class/fournisseur.orderline.class.php
+++ b/htdocs/fourn/class/fournisseur.orderline.class.php
@@ -358,8 +358,8 @@ class CommandeFournisseurLigne extends CommonOrderLine
 		} else {
 			$sql .= "null,";
 		}
-		$sql .= "'".$this->db->escape((string) $this->product_type)."',";
+		$sql .= ((int) $this->product_type).",";
-		$sql .= ((int) $this->special_code) . ",";
+		$sql .= ((int) $this->special_code).",";
 		$sql .= "'".$this->db->escape((string) $this->rang)."',";
 		$sql .= "'".$this->db->escape((string) $this->qty)."', ";
 		$sql .= " ".(empty($this->vat_src_code) ? "''" : "'".$this->db->escape((string) $this->vat_src_code)."'").",";
--- a/htdocs/hrm/class/evaluation.class.php
+++ b/htdocs/hrm/class/evaluation.class.php
@@ -225,7 +225,7 @@ class Evaluation extends CommonObject
 		}
 		if (!$user->hasRight('hrm', 'evaluation', 'readall')) {
-			$this->fields['fk_user']['type'] .= ':t.rowid:IN:'.$this->db->sanitize(implode(",", $user->getAllChildIds(1)));
+			$this->fields['fk_user']['type'] .= ' AND (t.rowid:IN:'.$this->db->sanitize(implode(",", $user->getAllChildIds(1))) .')';
 		}
 		$this->date_eval = dol_now();
--- a/htdocs/hrm/evaluation_agenda.php
+++ b/htdocs/hrm/evaluation_agenda.php
@@ -105,8 +105,9 @@ $permissiontoread = $user->hasRight('hrm', 'evaluation', 'read'); // Used by the
 // Security check (enable the most restrictive one)
 //if ($user->socid > 0) accessforbidden();
 //if ($user->socid > 0) $socid = $user->socid;
-//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+$isdraft = $object->status == Evaluation::STATUS_DRAFT ? 1 : 0;
-//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, $object->element, $object, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
 if (!isModEnabled('hrm')) {
 	accessforbidden();
 }
--- a/htdocs/hrm/evaluation_contact.php
+++ b/htdocs/hrm/evaluation_contact.php
@@ -71,10 +71,8 @@ $permission = $user->hasRight('hrm', 'evaluation', 'write');
 // Security check (enable the most restrictive one)
 //if ($user->socid > 0) accessforbidden();
 //if ($user->socid > 0) $socid = $user->socid;
-//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+$isdraft = $object->status == Evaluation::STATUS_DRAFT ? 1 : 0;
-//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, $object->element, $object, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
 //if (empty($conf->hrm->enabled)) accessforbidden();
 //if (!$permissiontoread) accessforbidden();
--- a/htdocs/hrm/evaluation_document.php
+++ b/htdocs/hrm/evaluation_document.php
@@ -94,16 +94,12 @@ $permissiontoadd  = $user->hasRight('hrm', 'evaluation', 'write'); // Used by th
 $permissiontoread = $user->hasRight('hrm', 'evaluation', 'read');
 // Security check (enable the most restrictive one)
-//if ($user->socid > 0) accessforbidden();
+
-//if ($user->socid > 0) $socid = $user->socid;
+$isdraft = $object->status == Evaluation::STATUS_DRAFT ? 1 : 0;
-//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+restrictedArea($user, $object->element, $object, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
-//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
+
-if (empty($conf->hrm->enabled)) {
+if (!isModEnabled('hrm')) accessforbidden();
-	accessforbidden();
+if (!$permissiontoread) accessforbidden();
 }
 if (!$permissiontoread) {
 	accessforbidden();
 }
 /*
--- a/htdocs/hrm/evaluation_note.php
+++ b/htdocs/hrm/evaluation_note.php
@@ -75,10 +75,10 @@ $permissiontoread = $user->hasRight('hrm', 'evaluation', 'read');  // Used by th
 // Security check (enable the most restrictive one)
 //if ($user->socid > 0) accessforbidden();
 //if ($user->socid > 0) $socid = $user->socid;
-//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
+$isdraft = (($object->status == Evaluation::STATUS_DRAFT) ? 1 : 0);
-//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
+restrictedArea($user, $object->element, $object, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
-//if (empty($conf->hrm->enabled)) accessforbidden();
+if (empty($conf->hrm->enabled)) accessforbidden();
-//if (!$permissiontoread) accessforbidden();
+if (!$permissiontoread) accessforbidden();
 /*
--- a/htdocs/product/inventory/card.php
+++ b/htdocs/product/inventory/card.php
@@ -55,9 +55,9 @@ $include_sub_warehouse = !empty(GETPOST('include_sub_warehouse')) ? GETPOST('inc
 $hookmanager->initHooks(array('inventorycard', 'globalcard')); // Note that conf->hooks_modules contains array
 if (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
-	$result = restrictedArea($user, 'stock', $id);
+	$result = restrictedArea($user, 'stock', $id, 'inventory&stock');
 } else {
-	$result = restrictedArea($user, 'stock', $id, '', 'inventory_advance');
+	$result = restrictedArea($user, 'stock', $id, 'inventory&stock', 'inventory_advance');
 }
 // Initialize a technical objects
--- a/htdocs/product/inventory/inventory.php
+++ b/htdocs/product/inventory/inventory.php
@@ -72,9 +72,9 @@ $totalExpectedValuation = 0;
 $totalRealValuation = 0;
 $hookmanager->initHooks(array('inventorycard')); // Note that conf->hooks_modules contains array
 if (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
-	$result = restrictedArea($user, 'stock', $id);
+	$result = restrictedArea($user, 'stock', $id, 'inventory&stock');
 } else {
-	$result = restrictedArea($user, 'stock', $id, '', 'inventory_advance');
+	$result = restrictedArea($user, 'stock', $id, 'inventory&stock', 'inventory_advance');
 }
 // Initialize a technical objects
--- a/htdocs/product/stock/card.php
+++ b/htdocs/product/stock/card.php
@@ -85,8 +85,7 @@ if (!$sortorder) {
 $hookmanager->initHooks(array('warehousecard', 'stocklist', 'globalcard'));
 // Security check
-//$result=restrictedArea($user,'stock', $id, 'entrepot&stock');
+$result=restrictedArea($user, 'stock', $id, 'entrepot&stock');
 $result = restrictedArea($user, 'stock');
 $object = new Entrepot($db);
 $extrafields = new ExtraFields($db);
--- a/htdocs/projet/class/api_tasks.class.php
+++ b/htdocs/projet/class/api_tasks.class.php
@@ -536,7 +536,7 @@ class Tasks extends DolibarrApi
 	 *
 	 * @url	GET {id}/getTimeSpent/{timespent_id}
 	 *
-	 * @return  TimeSpent
+	 * @return	Object                      data without useless information
 	 *
 	 * @throws	RestException
 	 */
@@ -945,8 +945,4 @@ class Tasks extends DolibarrApi
 		}
 		return $object;
 	}
 	// \todo
 	// getSummaryOfTimeSpent
 }
--- a/htdocs/projet/ganttchart.inc.php
+++ b/htdocs/projet/ganttchart.inc.php
@@ -141,7 +141,7 @@ if (g.getDivId() != null)
 			'task_name' => $projecttmp->ref.' '.$projecttmp->title,
 			'task_resources' => '',
 			'task_start_date' => $projecttmp->date_start,
-			'task_end_date' => $projecttmp->date_end,
+			'task_end_date' => (!empty($projecttmp->date_end) ? $projecttmp->date_end : 0),
 			'task_is_group' => 1, 'task_position' => 0, 'task_css' => 'ggroupblack', 'task_milestone' => 0, 'task_parent' => 0, 'task_parent_alternate_id' => 0,
 			'note' => '',
 			'task_planned_workload' => 0
Author	SHA1	Message	Date
Laurent Destailleur	b4c374fd48	Fix CI	2025-12-04 21:45:34 +01:00
Laurent Destailleur	c9d1f3baa3	Merge pull request #36527 from FHenry/22_fix_subtotal_attribute_copy fix: when create invoices from orders list, title and subtotal attribute is now copied	2025-12-04 21:26:01 +01:00
HENRY Florian	a3dfae7792	Merge branch '22.0' into 22_fix_subtotal_attribute_copy	2025-12-04 20:30:17 +01:00
Laurent Destailleur	78316a577d	Merge branch '21.0' of git@github.com:Dolibarr/dolibarr.git into 22.0	2025-12-04 20:26:59 +01:00
Florian HENRY	7e264b0097	Merge branch '22.0' of https://github.com/Dolibarr/dolibarr into 22_fix_subtotal_attribute_copy	2025-12-04 19:58:49 +01:00
Florian HENRY	12936afb13	review	2025-12-04 19:58:42 +01:00
Laurent Destailleur	3068a778da	Merge branch '20.0' of git@github.com:Dolibarr/dolibarr.git into 21.0	2025-12-04 19:51:48 +01:00
Laurent Destailleur	9d307a4238	Merge branch '19.0' of git@github.com:Dolibarr/dolibarr.git into 20.0	2025-12-04 19:07:33 +01:00
Laurent Destailleur	193a42cd47	Fix #36520	2025-12-04 19:02:57 +01:00
Laurent Destailleur	222cd76799	Merge branch '18.0' of git@github.com:Dolibarr/dolibarr.git into 19.0	2025-12-04 18:53:04 +01:00
Laurent Destailleur	47799b88cf	Merge branch '17.0' of git@github.com:Dolibarr/dolibarr.git into 18.0	2025-12-04 18:40:23 +01:00
Laurent Destailleur	78ca968db6	Merge pull request #36517 from atm-florianm/SEC/commented-out-restrictedArea SEC: FIX #36430 permissions not checked on other tabs of HRM evaluation card	2025-12-04 18:37:46 +01:00
Laurent Destailleur	e6f9741987	Merge pull request #36521 from JonBendtsen/BUG_35655_API_Contract_Creation_Fails_for_Non-Admin_Users_in_Version_22.0.2 FIX #35655 API Contract Creation Fails for Non-Admin Users in Version 22.0.2	2025-12-04 18:32:46 +01:00
Laurent Destailleur	50db4e6499	Merge pull request #36518 from JonBendtsen/fix_36507_commit_9801f02 Fix broken commit `9801f02` mentioned in issue #36507	2025-12-04 18:15:43 +01:00
Laurent Destailleur	0235e86f64	Merge pull request #36484 from Hystepik/fix-#36475 Fix #36475 bad value for project gantt start	2025-12-04 17:43:03 +01:00
Jon Bendtsen	8deec3f918	it returns an Object, but it can not be TimeSpent because that creates a infinite loop	2025-12-04 16:23:13 +01:00
Florian HENRY	7f3ac106fc	fix: when create bills from orders list, title and subtotal attribute is now copied	2025-12-04 11:00:58 +01:00
Florian HENRY	c39cba8395	fix: when create bills from orders list, title and subtotal attribute is now copied	2025-12-04 10:57:24 +01:00
Laurent Destailleur	aa8fac1deb	Merge pull request #36429 from atm-adrien/FIX/MulticompanyStockCompatibility FIX : Implementation of multi-company compatibility with inventory/warehouse management	2025-12-04 10:42:35 +01:00
Eric - CAP-REL	2ebdcfda5c	Merge pull request #35788 from Easya-Solutions/18_allow_credit_invoice_on_situation FIX : remove useless condition to create credit on situation invoice …	2025-12-04 09:56:30 +01:00
Eric - CAP-REL	70431043af	Merge pull request #36398 from Easya-Solutions/18.0_fix-invoice-card-variables FIX undefined variables on create invoice from shipment card (backport from v20)	2025-12-04 09:30:56 +01:00
lvessiller-opendsi	ad37ece7bc	Merge pull request #36494 from atm-florianm/FIX/155/date/minute-second-vs-min-sec FIX 18.0: `GETPOSTDATE()` and `buildParamDate()` assumed wrong HTTP param names	2025-12-04 09:27:44 +01:00
Jon Bendtsen	11cd186e9a	remove debugging dol_syslog	2025-12-03 21:54:33 +01:00
Jon Bendtsen	8dc2eb0fe4	Checking for access to both new and old socid	2025-12-03 21:52:35 +01:00
Jon Bendtsen	66d3df4cc6	Fix broken commit `9801f02` mentioned in issue #36507	2025-12-03 21:06:13 +01:00
atm-florian	a1476fd221	SEC: permissions not checked on other tabs of HRM evaluation card	2025-12-03 17:11:14 +01:00
Lucas Marcouiller	59ccde0087	Merge branch '22.0' into fix-#36475	2025-12-03 09:49:23 +01:00
Jon Bendtsen	268996c672	testing for access to the thirdpartytmp	2025-12-02 17:26:53 +01:00
Jon Bendtsen	ddd2927e31	This commit has errors, if you use PUT in the API with a new socid that the user does not have permission to, then it STILL updates the contract, and then it gets the contract after update and tells me I do not have access	2025-12-02 17:23:26 +01:00
Jon Bendtsen	b48fed1719	PUT now checks both existing socid and any potentially updated socid for access	2025-12-02 17:23:26 +01:00
Jon Bendtsen	26a39d1cc8	creating Thirdparties object takes no arguments	2025-12-02 17:23:26 +01:00
Jon Bendtsen	6f18235bab	both socid exists and access to is checked in api_thirdparty GET :-)	2025-12-02 17:23:26 +01:00
Jon Bendtsen	1c697607b1	default deny access, allow access if user has the right combination of permissions and/or is the sales representative for the thirdparty	2025-12-02 17:23:26 +01:00
Jon Bendtsen	36415f1fd2	giving a slight better error message	2025-12-02 17:23:26 +01:00
Jon Bendtsen	9941a20fa8	Check if API user has rights to see all thirdparties Check if API user has rights to see all thirdparties - though perhaps we should check if the user has rights to this particular thirdparty in this contract?	2025-12-02 17:23:26 +01:00
Lucas Marcouiller	894bbd5786	Merge branch '22.0' into fix-#36475	2025-12-02 08:36:25 +01:00
Lucas Marcouiller	55977d16f1	fix warning	2025-12-02 08:35:53 +01:00
Lucas Marcouiller	792070b5f5	fix a potential warning	2025-12-02 08:34:41 +01:00
Laurent Destailleur	64bab261a9	Merge pull request #36495 from mapiolca/patch-67 Backport: fix intervention “Signed” confirmation when no status is selected	2025-12-01 16:47:51 +01:00
Pierre Ardoin	1c94462405	Update copyright year for Pierre Ardoin	2025-12-01 14:03:40 +01:00
Pierre Ardoin	dad4bbddd2	Report fix on 21.0 Fix an issue that have been fixed by Charlene Benke on v22	2025-12-01 14:00:38 +01:00
atm-florian	0e1c580f11	FIX 18.0: GETPOSTDATE and buildParamDate assumed HTTP param names 'minute' and 'second' instead of 'min' and 'sec'	2025-12-01 13:47:50 +01:00
Laurent Destailleur	4223ff08ce	Merge pull request #36491 from Easya-Solutions/18.0_fix-update-extras FIX not remove value of others extra-fields on update extras action	2025-12-01 13:10:08 +01:00
VESSILLER	d16f8b68db	FIX not remove value of others extra-fields on update extras action	2025-12-01 11:14:16 +01:00
Lucas Marcouiller	8664f74154	Fix #36475 bad value for project gantt start	2025-11-29 21:55:45 +01:00
Laurent Destailleur	f4bcf47008	Merge pull request #36467 from emheyarssi/35061 FIX #35061	2025-11-29 11:28:03 +01:00
marc	5c6b4f62c8	FIX #35061 Signed-off-by: marc <marc.baur@ptmsoft.fr>	2025-11-28 18:25:00 +01:00
Laurent Destailleur	d8891130f5	Merge pull request #36463 from vold-lu/18.0 NEW: Automatically release docker image for each GitHub release	2025-11-28 18:13:47 +01:00
Aloïs Micard	b2f9de7489	Add new workflow to trigger Docker build	2025-11-28 17:27:32 +01:00
Laurent Destailleur	63cc9127ba	Merge pull request #36434 from atm-lucasmantegari/FIX/ErrorFieldFilterInEvaluation FIX - Missing AND on fields filter on evaluation class	2025-11-26 22:27:03 +01:00
Laurent Destailleur	097168cb05	Merge branch '21.0' into FIX/ErrorFieldFilterInEvaluation	2025-11-26 22:12:22 +01:00
Laurent Destailleur	f3b467a9ba	Merge branch '21.0' into FIX/ErrorFieldFilterInEvaluation	2025-11-26 22:03:40 +01:00
ATM-Lucas	4585facfcc	Missing AND on fields filter on evaluation class	2025-11-26 16:47:32 +01:00
Adrien Raze	c1c2358e75	FIX : Implementation of multi-company compatibility with inventory/warehouse management	2025-11-26 12:30:22 +01:00
VESSILLER	1cd3ca3222	FIX undefined variables on create invoice from shipment card (backport from v20)	2025-11-24 10:30:08 +01:00
tnegre	8ddf9f6075	FIX : remove useless condition to create credit on situation invoice (#35786 )	2025-10-16 11:57:49 +02:00