Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '20.0' of git@github.com:Dolibarr/dolibarr.git into develop

Browse Source
This commit is contained in:
Laurent Destailleur 2024-08-31 17:30:32 +02:00
commit 2009c6f09a
48 changed files with 327 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/accountancy/bookkeeping/balance.php
View File

@ -70,8 +70,9 @@ $sortfield = GETPOST('sortfield', 'aZ09comma');
$sortorder = GETPOST('sortorder', 'aZ09comma');
$page = GETPOSTISSET('pageplusone') ? (GETPOSTINT('pageplusone') - 1) : GETPOSTINT("page");
if (empty($page) || $page == -1 || GETPOST('button_search', 'alpha') || GETPOST('button_removefilter', 'alpha') || (empty($toselect) && $massaction === '0')) {
// If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
$page = 0;
} // If $page is not defined, or '' or -1 or if we click on clear filters or if we select empty mass action
}
$offset = $limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;

2
htdocs/accountancy/bookkeeping/export.php
View File

@ -459,7 +459,7 @@ if (empty($reshook)) {
$param .= '&search_import_key='.urlencode($search_import_key);
}
if ($action == 'setreexport') {
if ($action == 'setreexport' && $user->hasRight('accounting', 'mouvements', 'export')) {
$setreexport = GETPOSTINT('value');
if (!dolibarr_set_const($db, "ACCOUNTING_REEXPORT", $setreexport, 'yesno', 0, '', $conf->entity)) {
$error++;

12
htdocs/accountancy/bookkeeping/list.php
View File

@ -229,6 +229,8 @@ if (!$user->hasRight('accounting', 'mouvements', 'lire')) {
accessforbidden();
}
$permissiontoadd = $user->hasRight('accounting', 'mouvements', 'creer');
/*
* Actions
@ -545,8 +547,8 @@ if (empty($reshook)) {
}
// mass actions on lettering
if (!$error && getDolGlobalInt('ACCOUNTING_ENABLE_LETTERING') && $user->hasRight('accounting', 'mouvements', 'creer')) {
if ($massaction == 'letteringauto') {
if (!$error && getDolGlobalInt('ACCOUNTING_ENABLE_LETTERING')) {
if ($massaction == 'letteringauto' && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->bookkeepingLetteringAll($toselect);
if ($nb_lettering < 0) {
@ -567,7 +569,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($massaction == 'letteringmanual') {
} elseif ($massaction == 'letteringmanual' && $permissiontoadd) {
$lettering = new Lettering($db);
$result = $lettering->updateLettering($toselect);
if ($result < 0) {
@ -577,7 +579,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($action == 'unletteringauto' && $confirm == "yes") {
} elseif ($action == 'unletteringauto' && $confirm == "yes" && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->bookkeepingLetteringAll($toselect, true);
if ($nb_lettering < 0) {
@ -598,7 +600,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($action == 'unletteringmanual' && $confirm == "yes") {
} elseif ($action == 'unletteringmanual' && $confirm == "yes" && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->deleteLettering($toselect);
if ($nb_lettering < 0) {

12
htdocs/accountancy/bookkeeping/listbyaccount.php
View File

@ -214,6 +214,8 @@ if (!$user->hasRight('accounting', 'mouvements', 'lire')) {
$error = 0;
$permissiontoadd = $user->hasRight('accounting', 'mouvements', 'creer');
/*
* Action
@ -506,8 +508,8 @@ if (empty($reshook)) {
}
// others mass actions
if (!$error && getDolGlobalInt('ACCOUNTING_ENABLE_LETTERING') && $user->hasRight('accounting', 'mouvements', 'creer')) {
if ($massaction == 'letteringauto') {
if (!$error && getDolGlobalInt('ACCOUNTING_ENABLE_LETTERING')) {
if ($massaction == 'letteringauto' && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->bookkeepingLetteringAll($toselect);
if ($nb_lettering < 0) {
@ -528,7 +530,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($massaction == 'letteringmanual') {
} elseif ($massaction == 'letteringmanual' && $permissiontoadd) {
$lettering = new Lettering($db);
$result = $lettering->updateLettering($toselect);
if ($result < 0) {
@ -548,7 +550,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($action == 'unletteringauto' && $confirm == "yes") {
} elseif ($action == 'unletteringauto' && $confirm == "yes" && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->bookkeepingLetteringAll($toselect, true);
if ($nb_lettering < 0) {
@ -569,7 +571,7 @@ if (empty($reshook)) {
header('Location: ' . $_SERVER['PHP_SELF'] . '?noreset=1' . $param);
exit();
}
} elseif ($action == 'unletteringmanual' && $confirm == "yes") {
} elseif ($action == 'unletteringmanual' && $confirm == "yes" && $permissiontoadd) {
$lettering = new Lettering($db);
$nb_lettering = $lettering->deleteLettering($toselect);
if ($result < 0) {

2
htdocs/accountancy/customer/index.php
View File

@ -118,7 +118,7 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->hasRight('acc
// End clean database
}
if ($action == 'validatehistory') {
if ($action == 'validatehistory' && $user->hasRight('accounting', 'bind', 'write')) {
$error = 0;
$nbbinddone = 0;
$nbbindfailed = 0;

2
htdocs/accountancy/expensereport/index.php
View File

@ -100,7 +100,7 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->hasRight('acc
// End clean database
}
if ($action == 'validatehistory') {
if ($action == 'validatehistory' && $user->hasRight('accounting', 'bind', 'write')) {
$error = 0;
$nbbinddone = 0;
$nbbindfailed = 0;

23
htdocs/accountancy/journal/bankjournal.php
View File

@ -611,25 +611,6 @@ if ($result) {
$tabtp[$obj->rowid]['NotDefined'] = $tabbq[$obj->rowid][$compta_bank];
}
// Check account number is ok
/*if ($action == 'writebookkeeping') // Make test now in such a case
{
reset($tabbq[$obj->rowid]);
$first_key_tabbq = key($tabbq[$obj->rowid]);
if (empty($first_key_tabbq))
{
$error++;
setEventMessages($langs->trans('ErrorAccountancyCodeOnBankAccountNotDefined', $obj->baref), null, 'errors');
}
reset($tabtp[$obj->rowid]);
$first_key_tabtp = key($tabtp[$obj->rowid]);
if (empty($first_key_tabtp))
{
$error++;
setEventMessages($langs->trans('ErrorAccountancyCodeOnThirdPartyNotDefined'), null, 'errors');
}
}*/
// if($obj->socid)$tabtp[$obj->rowid][$compta_soc] += $amounttouse;
$i++;
@ -646,7 +627,7 @@ if ($result) {
//var_dump($tabtype);
// Write bookkeeping
if (!$error && $action == 'writebookkeeping') {
if (!$error && $action == 'writebookkeeping' && $user->hasRight('accounting', 'bind', 'write')) {
$now = dol_now();
$accountingaccountcustomer = new AccountingAccount($db);
@ -980,7 +961,7 @@ if (!$error && $action == 'writebookkeeping') {
// Export
if ($action == 'exportcsv') { // ISO and not UTF8 !
if ($action == 'exportcsv' && $user->hasRight('accounting', 'bind', 'write')) { // ISO and not UTF8 !
$sep = getDolGlobalString('ACCOUNTING_EXPORT_SEPARATORCSV');
$filename = 'journal';

2
htdocs/accountancy/journal/expensereportsjournal.php
View File

@ -246,7 +246,7 @@ while ($i < $num) {
}
// Bookkeeping Write
if ($action == 'writebookkeeping' && !$error) {
if ($action == 'writebookkeeping' && !$error && $user->hasRight('accounting', 'bind', 'write')) {
$now = dol_now();
$error = 0;

2
htdocs/accountancy/journal/purchasesjournal.php
View File

@ -392,7 +392,7 @@ while ($i < $num) {
// Bookkeeping Write
if ($action == 'writebookkeeping' && !$error) {
if ($action == 'writebookkeeping' && !$error && $user->hasRight('accounting', 'bind', 'write')) {
$now = dol_now();
$error = 0;

2
htdocs/accountancy/journal/sellsjournal.php
View File

@ -419,7 +419,7 @@ if ($resql) {
//var_dump($errorforinvoice);exit;
// Bookkeeping Write
if ($action == 'writebookkeeping' && !$error) {
if ($action == 'writebookkeeping' && !$error && $user->hasRight('accounting', 'bind', 'write')) {
$now = dol_now();
$error = 0;

4
htdocs/accountancy/journal/variousjournal.php
View File

@ -114,7 +114,7 @@ $reshook = $hookmanager->executeHooks('doActions', $parameters, $user, $action);
$reload = false;
// Bookkeeping Write
if ($action == 'writebookkeeping') {
if ($action == 'writebookkeeping' && $user->hasRight('accounting', 'bind', 'write')) {
$error = 0;
$result = $object->writeIntoBookkeeping($user, $journal_data);
@ -133,7 +133,7 @@ if ($action == 'writebookkeeping') {
}
$reload = true;
} elseif ($action == 'exportcsv') {
} elseif ($action == 'exportcsv' && $user->hasRight('accounting', 'bind', 'write')) {
// Export CSV
$result = $object->exportCsv($journal_data, $date_end);
if ($result < 0) {

2
htdocs/accountancy/supplier/index.php
View File

@ -105,7 +105,7 @@ if (($action == 'clean' || $action == 'validatehistory') && $user->hasRight('acc
// End clean database
}
if ($action == 'validatehistory') {
if ($action == 'validatehistory' && $user->hasRight('accounting', 'bind', 'write')) {
$error = 0;
$nbbinddone = 0;
$nbbindfailed = 0;

3
htdocs/adherents/card.php
View File

@ -57,6 +57,7 @@ $langs->loadLangs(array("companies", "bills", "members", "users", "other", "payp
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel', 'alpha');
$backtopage = GETPOST('backtopage', 'alpha');
$backtopageforcancel = GETPOST('backtopageforcancel', 'alpha'); // if not set, $backtopage will be used
$confirm = GETPOST('confirm', 'alpha');
$rowid = GETPOSTINT('rowid');
$id = GETPOST('id') ? GETPOSTINT('id') : $rowid;
@ -182,7 +183,7 @@ if (empty($reshook)) {
}
}
if ($action == 'setsocid') {
if ($action == 'setsocid' && $caneditfieldmember) {
$error = 0;
if (!$error) {
if ($socid != $object->socid) { // If link differs from currently in database

2
htdocs/adherents/type_translation.php
View File

@ -60,7 +60,7 @@ if ($cancel == $langs->trans("Cancel")) {
$action = '';
}
if ($action == 'delete' && GETPOST('langtodelete', 'alpha')) {
if ($action == 'delete' && GETPOST('langtodelete', 'alpha') && $user->hasRight('adherent', 'configurer')) {
$object = new AdherentType($db);
$object->fetch($id);
$result = $object->delMultiLangs(GETPOST('langtodelete', 'alpha'), $user);

2
htdocs/asset/accountancy_codes.php
View File

@ -116,7 +116,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == "update") {
if ($action == "update" && $permissiontoadd) {
$assetaccountancycodes->setAccountancyCodesFromPost();
$result = $assetaccountancycodes->updateAccountancyCodes($user, $object->id);

2
htdocs/asset/card.php
View File

@ -135,7 +135,7 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
$action = '';
} elseif ($action == "add") {
} elseif ($action == "add" && $permissiontoadd) {
$object->supplier_invoice_id = GETPOSTINT('supplier_invoice_id');
}

2
htdocs/asset/depreciation_options.php
View File

@ -110,7 +110,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == "update") {
if ($action == "update" && $permissiontoadd) {
$result = $assetdepreciationoptions->setDeprecationOptionsFromPost();
if ($result > 0) {
$result = $assetdepreciationoptions->updateDeprecationOptions($user, $object->id);

2
htdocs/asset/model/accountancy_codes.php
View File

@ -108,7 +108,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == "update") {
if ($action == "update" && $permissiontoadd) {
$assetaccountancycodes->setAccountancyCodesFromPost();
$result = $assetaccountancycodes->updateAccountancyCodes($user, 0, $object->id);

2
htdocs/asset/model/depreciation_options.php
View File

@ -110,7 +110,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == "update") {
if ($action == "update" && $permissiontoadd) {
$result = $assetdepreciationoptions->setDeprecationOptionsFromPost(1);
if ($result > 0) {
$result = $assetdepreciationoptions->updateDeprecationOptions($user, 0, $object->id);

4
htdocs/barcode/codeinit.php
View File

@ -96,7 +96,7 @@ if (getDolGlobalString('BARCODE_THIRDPARTY_ADDON_NUM')) {
}
}
if ($action == 'initbarcodethirdparties') {
if ($action == 'initbarcodethirdparties' && $user->hasRight('societe', 'lire')) {
if (!is_object($modBarCodeThirdparty)) {
$error++;
setEventMessages($langs->trans("NoBarcodeNumberingTemplateDefined"), null, 'errors');
@ -202,7 +202,7 @@ if (getDolGlobalString('BARCODE_PRODUCT_ADDON_NUM')) {
}
}
if ($action == 'initbarcodeproducts') {
if ($action == 'initbarcodeproducts' && $user->hasRight('produit', 'lire')) {
if (!is_object($modBarCodeProduct)) {
$error++;
setEventMessages($langs->trans("NoBarcodeNumberingTemplateDefined"), null, 'errors');

2
htdocs/barcode/printsheet.php
View File

@ -122,7 +122,7 @@ if (empty($reshook)) {
}
}
if ($action == 'builddoc') {
if ($action == 'builddoc' && $user->hasRight('barcode', 'read')) {
$result = 0;
$error = 0;

16
htdocs/bom/bom_net_needs.php
View File

@ -115,13 +115,6 @@ if (empty($reshook)) {
}
}
}
$TChildBom = array();
if ($action == 'treeview') {
$object->getNetNeedsTree($TChildBom, 1);
} else {
$object->getNetNeeds($TChildBom, 1);
}
}
@ -134,9 +127,18 @@ $formfile = new FormFile($db);
$title = $langs->trans('BOM');
$help_url ='EN:Module_BOM';
llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-bom page-net_needs');
$TChildBom = array();
if ($action == 'treeview') {
$object->getNetNeedsTree($TChildBom, 1);
} else {
$object->getNetNeeds($TChildBom, 1);
}
// Part to show record
if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'create'))) {
$head = bomPrepareHead($object);

8
htdocs/bookmarks/card.php
View File

@ -64,8 +64,8 @@ $permissiontodelete = $user->hasRight('bookmark', 'supprimer');
* Actions
*/
if ($action == 'add' || $action == 'addproduct' || $action == 'update') {
if ($action == 'update') {
if (($action == 'add' || $action == 'addproduct' || $action == 'update') && $permissiontoadd) {
if ($action == 'update') { // Test on permission already done
$invertedaction = 'edit';
} else {
$invertedaction = 'create';
@ -81,7 +81,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') {
exit;
}
if ($action == 'update') {
if ($action == 'update') { // Test on permission already done
$object->fetch(GETPOSTINT("id"));
}
// Check if null because user not admin can't set an user and send empty value here.
@ -106,7 +106,7 @@ if ($action == 'add' || $action == 'addproduct' || $action == 'update') {
if (!$error) {
$object->favicon = 'none';
if ($action == 'update') {
if ($action == 'update') { // Test on permission already done
$res = $object->update();
} else {
$res = $object->create();

61
htdocs/categories/card.php
View File

@ -100,6 +100,7 @@ $error = 0;
/*
* Actions
*/
$parameters = array('socid' => $socid, 'origin' => $origin, 'catorigin' => $catorigin, 'type' => $type, 'urlfrom' => $urlfrom, 'backtopage' => $backtopage, 'label' => $label, 'description' => $description, 'color' => $color, 'position' => $position, 'visible' => $visible, 'parent' => $parent);
// Note that $action and $object may be modified by some hooks
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action);
@ -174,42 +175,40 @@ if (empty($reshook)) {
}
}
}
// Confirm action
if (($action == 'add' || $action == 'confirmed') && $user->hasRight('categorie', 'creer')) {
// Action confirmation of creation category
if ($action == 'confirmed') {
if ($urlfrom) {
header("Location: ".$urlfrom);
exit;
} elseif ($backtopage) {
header("Location: ".$backtopage);
exit;
} elseif ($idProdOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProdOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idCompanyOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idCompanyOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idSupplierOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idSupplierOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idMemberOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idMemberOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idContactOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idContactOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idProjectOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProjectOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
}
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$result.'&type='.$type);
// Action confirmation of creation category
if ($action == 'confirmed' && $user->hasRight('categorie', 'creer')) {
if ($urlfrom) {
header("Location: ".$urlfrom);
exit;
} elseif ($backtopage) {
header("Location: ".$backtopage);
exit;
} elseif ($idProdOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProdOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idCompanyOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idCompanyOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idSupplierOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idSupplierOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idMemberOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idMemberOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idContactOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idContactOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
} elseif ($idProjectOrigin) {
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$idProjectOrigin.'&type='.$type.'&mesg='.urlencode($langs->trans("CatCreated")));
exit;
}
header("Location: ".DOL_URL_ROOT.'/categories/viewcat.php?id='.$result.'&type='.$type);
exit;
}
}
/*
* View
*/

14
htdocs/categories/photos.php
View File

@ -51,9 +51,6 @@ if ($id == '' && $label == '') {
// Initialize a technical object to manage hooks. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('categorycard'));
// Security check
$result = restrictedArea($user, 'categorie', $id, '&category');
$object = new Categorie($db);
$result = $object->fetch($id, $label);
if ($result <= 0) {
@ -68,9 +65,16 @@ if (is_numeric($type)) {
$upload_dir = $conf->categorie->multidir_output[$object->entity];
// Security check
$result = restrictedArea($user, 'categorie', $id, '&category');
$permissiontoadd = $user->hasRight('categorie', 'creer');
/*
* Actions
*/
$parameters = array('id' => $id, 'label' => $label, 'confirm' => $confirm, 'type' => $type, 'uploaddir' => $upload_dir, 'sendfile' => (GETPOST("sendit") ? true : false));
// Note that $action and $object may be modified by some hooks
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action);
@ -97,11 +101,11 @@ if (empty($reshook)) {
}
}
if ($action == 'confirm_delete' && GETPOST("file") && $confirm == 'yes' && $user->hasRight('categorie', 'creer')) {
if ($action == 'confirm_delete' && GETPOST("file") && $confirm == 'yes' && $permissiontoadd) {
$object->delete_photo($upload_dir."/".GETPOST("file"));
}
if ($action == 'addthumb' && GETPOST("file")) {
if ($action == 'addthumb' && GETPOST("file") && $permissiontoadd) {
$object->addThumbs($upload_dir."/".GETPOST("file"));
}
}

16
htdocs/categories/traduction.php
View File

@ -46,9 +46,6 @@ if ($id == '' && $label == '') {
exit();
}
// Security check
$result = restrictedArea($user, 'categorie', $id, '&category');
$object = new Categorie($db);
$result = $object->fetch($id, $label);
if ($result <= 0) {
@ -61,6 +58,11 @@ if (is_numeric($type)) {
$type = Categorie::$MAP_ID_TO_CODE[$type]; // For backward compatibility
}
// Security check
$result = restrictedArea($user, 'categorie', $id, '&category');
$permissiontoadd = $user->hasRight('categorie', 'creer');
/*
* Actions
@ -75,9 +77,7 @@ if ($cancel == $langs->trans("Cancel")) {
// validation of addition
if ($action == 'vadd' &&
$cancel != $langs->trans("Cancel") &&
($user->hasRight('categorie', 'creer'))) {
if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $permissiontoadd) {
$object->fetch($id);
$current_lang = $langs->getDefaultLang();
@ -124,9 +124,7 @@ $cancel != $langs->trans("Cancel") &&
}
// validation of the edition
if ($action == 'vedit' &&
$cancel != $langs->trans("Cancel") &&
($user->hasRight('categorie', 'creer'))) {
if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $permissiontoadd) {
$object->fetch($id);
$current_lang = $langs->getDefaultLang();

7
htdocs/collab/index.php
View File

@ -77,7 +77,8 @@ if (empty($action)) {
$action = 'preview';
}
$permissiontoadd = $user->hasRight('collab', 'read');
$permissiontodelete = $user->hasRight('collab', 'delete');
/*
@ -93,7 +94,7 @@ if (GETPOST('refreshpage')) {
// Add a collab page
if ($action == 'add') {
if ($action == 'add' && $permissiontoadd) {
$db->begin();
$objectpage->title = GETPOST('WEBSITE_TITLE');
@ -126,7 +127,7 @@ if ($action == 'add') {
}
// Update page
if ($action == 'delete') {
if ($action == 'delete' && $permissiontodelete) {
$db->begin();
$res = $object->fetch(0, $website);

26
htdocs/comm/action/card.php
View File

@ -185,10 +185,10 @@ if (empty($reshook) && (GETPOST('removedassigned') || GETPOST('removedassigned')
$_SESSION['assignedtouser'] = json_encode($tmpassigneduserids);
$donotclearsession = 1;
if ($action == 'add') {
if ($action == 'add' && $usercancreate) {
$action = 'create';
}
if ($action == 'update') {
if ($action == 'update' && $usercancreate) {
$action = 'edit';
}
@ -212,10 +212,10 @@ if (empty($reshook) && (GETPOST('removedassignedresource') || GETPOST('removedas
$_SESSION['assignedtoresource'] = json_encode($tmpassignedresourceids);
$donotclearsessionresource = 1;
if ($action == 'add') {
if ($action == 'add' && $usercancreate) {
$action = 'create';
}
if ($action == 'update') {
if ($action == 'update' && $usercancreate) {
$action = 'edit';
}
@ -234,10 +234,10 @@ if (empty($reshook) && (GETPOST('addassignedtouser') || GETPOST('updateassignedt
$_SESSION['assignedtouser'] = json_encode($assignedtouser);
}
$donotclearsession = 1;
if ($action == 'add') {
if ($action == 'add' && $usercancreate) {
$action = 'create';
}
if ($action == 'update') {
if ($action == 'update' && $usercancreate) {
$action = 'edit';
}
@ -256,10 +256,10 @@ if (empty($reshook) && (GETPOST('addassignedtoresource') || GETPOST('updateassig
$_SESSION['assignedtoresource'] = json_encode($assignedtoresource);
}
$donotclearsession = 1;
if ($action == 'add') {
if ($action == 'add' && $usercancreate) {
$action = 'create';
}
if ($action == 'update') {
if ($action == 'update' && $usercancreate) {
$action = 'edit';
}
@ -274,7 +274,7 @@ if (empty($reshook) && $action == 'classin' && ($user->hasRight('agenda', 'allac
}
// Action clone object
if (empty($reshook) && $action == 'confirm_clone' && $confirm == 'yes') {
if (empty($reshook) && $action == 'confirm_clone' && $confirm == 'yes' && $usercancreate) {
if (1 == 0 && !GETPOST('clone_content') && !GETPOST('clone_receivers')) {
setEventMessages($langs->trans("NoCloneOptionsSpecified"), null, 'errors');
} else {
@ -297,7 +297,7 @@ if (empty($reshook) && $action == 'confirm_clone' && $confirm == 'yes') {
}
// Add event
if (empty($reshook) && $action == 'add') {
if (empty($reshook) && $action == 'add' && $usercancreate) {
$error = 0;
if (empty($backtopage)) {
@ -735,10 +735,8 @@ if (empty($reshook) && $action == 'add') {
}
}
/*
* Action update event
*/
if (empty($reshook) && $action == 'update') {
// Action update event
if (empty($reshook) && $action == 'update' && $usercancreate) {
if (empty($cancel)) {
$fulldayevent = GETPOST('fullday');
$aphour = GETPOSTINT('aphour');

2
htdocs/comm/action/rapport/index.php
View File

@ -66,7 +66,7 @@ if (!$user->hasRight("agenda", "allactions", "read")) {
* Actions
*/
if ($action == 'builddoc') {
if ($action == 'builddoc' && $user->hasRight("agenda", "allactions", "read")) {
require_once DOL_DOCUMENT_ROOT.'/core/modules/action/doc/pdf_standard_actions.class.php';
$cat = new pdf_standard_actions($db, $month, $year);

8
htdocs/comm/card.php
View File

@ -162,7 +162,7 @@ if (empty($reshook)) {
}
// Set accountancy code
if ($action == 'setcustomeraccountancycode') {
if ($action == 'setcustomeraccountancycode' && $user->hasRight('societe', 'creer')) {
$result = $object->fetch($id);
$object->code_compta_client = GETPOST("customeraccountancycode");
$object->code_compta = $object->code_compta_client; // For Backward compatibility
@ -239,7 +239,7 @@ if (empty($reshook)) {
}
// set communication status
if ($action == 'setstcomm') {
if ($action == 'setstcomm' && $user->hasRight('societe', 'creer')) {
$object->fetch($id);
$object->stcomm_id = dol_getIdFromCode($db, GETPOST('stcomm', 'alpha'), 'c_stcomm');
$result = $object->update($object->id, $user);
@ -251,7 +251,7 @@ if (empty($reshook)) {
}
// update outstandng limit
if ($action == 'setoutstanding_limit') {
if ($action == 'setoutstanding_limit' && $user->hasRight('societe', 'creer')) {
$object->fetch($id);
$object->outstanding_limit = GETPOST('outstanding_limit');
$result = $object->update($object->id, $user);
@ -261,7 +261,7 @@ if (empty($reshook)) {
}
// update order min amount
if ($action == 'setorder_min_amount') {
if ($action == 'setorder_min_amount' && $user->hasRight('societe', 'creer')) {
$object->fetch($id);
$object->order_min_amount = price2num(GETPOST('order_min_amount', 'alpha'));
$result = $object->update($object->id, $user);

22
htdocs/comm/mailing/advtargetemailing.php
View File

@ -103,12 +103,15 @@ if (!$user->hasRight('mailing', 'lire') || (!getDolGlobalString('EXTERNAL_USERS_
}
//$result = restrictedArea($user, 'mailing');
$permissiontoread = $user->hasRight('mailing', 'lire');
$permissiontoadd = $user->hasRight('mailing', 'creer');
/*
* Actions
*/
if ($action == 'loadfilter') {
if ($action == 'loadfilter' && $permissiontoread) {
if (!empty($template_id)) {
$result = $advTarget->fetch($template_id);
if ($result < 0) {
@ -121,7 +124,7 @@ if ($action == 'loadfilter') {
}
}
if ($action == 'add') {
if ($action == 'add' && $permissiontoadd) {
$user_contact_query = false;
$array_query = array();
@ -258,7 +261,7 @@ if ($action == 'add') {
}
}
if ($action == 'clear') {
if ($action == 'clear' && $permissiontoadd) {
$mailingtargets = new MailingTargets($db);
$mailingtargets->clear_target($id);
@ -266,11 +269,11 @@ if ($action == 'clear') {
exit();
}
if ($action == 'savefilter' || $action == 'createfilter') {
if (($action == 'savefilter' || $action == 'createfilter') && $permissiontoadd) {
$template_name = GETPOST('template_name');
$error = 0;
if ($action == 'createfilter' && empty($template_name)) {
if ($action == 'createfilter' && empty($template_name) && $permissiontoadd) {
setEventMessages($langs->trans('ErrorFieldRequired', $langs->transnoentitiesnoconv('AdvTgtOrCreateNewFilter')), null, 'errors');
$error++;
}
@ -354,13 +357,13 @@ if ($action == 'savefilter' || $action == 'createfilter') {
}
$advTarget->filtervalue = json_encode($array_query);
if ($action == 'createfilter') {
if ($action == 'createfilter') { // Test on permission already done
$advTarget->name = $template_name;
$result = $advTarget->create($user);
if ($result < 0) {
setEventMessages($advTarget->error, $advTarget->errors, 'errors');
}
} elseif ($action == 'savefilter') {
} elseif ($action == 'savefilter') { // Test on permission already done
$result = $advTarget->update($user);
if ($result < 0) {
setEventMessages($advTarget->error, $advTarget->errors, 'errors');
@ -370,7 +373,7 @@ if ($action == 'savefilter' || $action == 'createfilter') {
}
}
if ($action == 'deletefilter') {
if ($action == 'deletefilter' && $permissiontoadd) {
$result = $advTarget->delete($user);
if ($result < 0) {
setEventMessages($advTarget->error, $advTarget->errors, 'errors');
@ -379,7 +382,7 @@ if ($action == 'deletefilter') {
exit();
}
if ($action == 'delete') {
if ($action == 'delete' && $permissiontoadd) {
// Ici, rowid indique le destinataire et id le mailing
$sql = "DELETE FROM ".MAIN_DB_PREFIX."mailing_cibles WHERE rowid = ".((int) $rowid);
$resql = $db->query($sql);
@ -405,6 +408,7 @@ if (GETPOST("button_removefilter")) {
$search_email = '';
}
/*
* View
*/

20
htdocs/comm/mailing/card.php
View File

@ -588,19 +588,19 @@ if (empty($reshook)) {
if (($action == 'settitle' || $action == 'setemail_from' || $action == 'setemail_replyto' || $action == 'setreplyto' || $action == 'setemail_errorsto' || $action == 'setevenunsubscribe') && $permissiontovalidatesend) {
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
if ($action == 'settitle') {
if ($action == 'settitle') { // Test on permission already done
$object->title = trim(GETPOST('title', 'alpha'));
} elseif ($action == 'setemail_from') {
} elseif ($action == 'setemail_from') { // Test on permission already done
$object->email_from = trim(GETPOST('email_from', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'setemail_replyto') {
} elseif ($action == 'setemail_replyto') { // Test on permission already done
$object->email_replyto = trim(GETPOST('email_replyto', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'setemail_errorsto') {
} elseif ($action == 'setemail_errorsto') { // Test on permission already done
$object->email_errorsto = trim(GETPOST('email_errorsto', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'settitle' && empty($object->title)) {
} elseif ($action == 'settitle' && empty($object->title)) { // Test on permission already done
$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTitle"));
} elseif ($action == 'setfrom' && empty($object->email_from)) {
} elseif ($action == 'setfrom' && empty($object->email_from)) { // Test on permission already done
$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailFrom"));
} elseif ($action == 'setevenunsubscribe') {
} elseif ($action == 'setevenunsubscribe') { // Test on permission already done
$object->evenunsubscribe = (GETPOST('evenunsubscribe') ? 1 : 0);
}
@ -771,7 +771,7 @@ llxHeader(
);
if ($action == 'create') {
if ($action == 'create') { // aaa
// EMailing in creation mode
print '<form name="new_mailing" action="'.$_SERVER['PHP_SELF'].'" method="POST">'."\n";
print '<input type="hidden" name="token" value="'.newToken().'">';
@ -908,9 +908,7 @@ if ($action == 'create') {
if ($action != 'edit' && $action != 'edittxt' && $action != 'edithtml') {
print dol_get_fiche_head($head, 'card', $langs->trans("Mailing"), -1, 'email');
/*
* View mode mailing
*/
// View mode mailing
if ($action == 'sendall') {
// Define message to recommend from command line
$sendingmode = getDolGlobalString('EMAILING_MAIL_SENDMODE');

16
htdocs/comm/mailing/cibles.php
View File

@ -268,22 +268,22 @@ if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x'
}
// Action update description of emailing
if ($action == 'settitle' || $action == 'setemail_from' || $action == 'setreplyto' || $action == 'setemail_errorsto' || $action == 'setevenunsubscribe') {
if (($action == 'settitle' || $action == 'setemail_from' || $action == 'setreplyto' || $action == 'setemail_errorsto' || $action == 'setevenunsubscribe') && $permissiontocreate) {
$upload_dir = $conf->mailing->dir_output."/".get_exdir($object->id, 2, 0, 1, $object, 'mailing');
if ($action == 'settitle') {
if ($action == 'settitle') { // Test on permission already done
$object->title = trim(GETPOST('title', 'alpha'));
} elseif ($action == 'setemail_from') {
} elseif ($action == 'setemail_from') { // Test on permission already done
$object->email_from = trim(GETPOST('email_from', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'setemail_replyto') {
} elseif ($action == 'setemail_replyto') { // Test on permission already done
$object->email_replyto = trim(GETPOST('email_replyto', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'setemail_errorsto') {
} elseif ($action == 'setemail_errorsto') { // Test on permission already done
$object->email_errorsto = trim(GETPOST('email_errorsto', 'alphawithlgt')); // Must allow 'name <email>'
} elseif ($action == 'settitle' && empty($object->title)) {
} elseif ($action == 'settitle' && empty($object->title)) { // Test on permission already done
$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailTitle"));
} elseif ($action == 'setfrom' && empty($object->email_from)) {
} elseif ($action == 'setfrom' && empty($object->email_from)) { // Test on permission already done
$mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentities("MailFrom"));
} elseif ($action == 'setevenunsubscribe') {
} elseif ($action == 'setevenunsubscribe') { // Test on permission already done
$object->evenunsubscribe = (GETPOST('evenunsubscribe') ? 1 : 0);
}

13
htdocs/comm/propal/card.php
View File

@ -839,10 +839,7 @@ if (empty($reshook)) {
$db->rollback();
}
}
} elseif ($action == 'import_lines_from_object'
&& $user->hasRight('propal', 'creer')
&& $object->statut == Propal::STATUS_DRAFT
) {
} elseif ($action == 'import_lines_from_object' && $usercancreate && $object->statut == Propal::STATUS_DRAFT) {
// add lines from objectlinked
$fromElement = GETPOST('fromelement');
$fromElementid = GETPOST('fromelementid');
@ -1714,8 +1711,8 @@ if (empty($reshook)) {
}
}
if (getDolGlobalString('MAIN_DISABLE_CONTACTS_TAB') && $usercancreate) {
if ($action == 'addcontact') {
if (getDolGlobalString('MAIN_DISABLE_CONTACTS_TAB')) {
if ($action == 'addcontact' && $usercancreate) {
if ($object->id > 0) {
$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
@ -1733,14 +1730,14 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} elseif ($action == 'swapstatut') {
} elseif ($action == 'swapstatut' && $usercancreate) {
// Toggle the status of a contact
if ($object->fetch($id) > 0) {
$result = $object->swapContactStatus(GETPOSTINT('ligne'));
} else {
dol_print_error($db);
}
} elseif ($action == 'deletecontact') {
} elseif ($action == 'deletecontact' && $usercancreate) {
// Delete a contact
$object->fetch($id);
$result = $object->delete_contact($lineid);

2
htdocs/comm/remise.php
View File

@ -62,7 +62,7 @@ if ($cancel) {
}
}
if ($action == 'setremise') {
if ($action == 'setremise' && $user->hasRight('societe', 'lire')) {
$object = new Societe($db);
$object->fetch($id);

6
htdocs/commande/card.php
View File

@ -1628,7 +1628,7 @@ if (empty($reshook)) {
if (!$error && getDolGlobalString('MAIN_DISABLE_CONTACTS_TAB') && $usercancreate) {
if ($action == 'addcontact') {
if ($action == 'addcontact' && $usercancreate) {
if ($object->id > 0) {
$contactid = (GETPOST('userid') ? GETPOST('userid') : GETPOST('contactid'));
$typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type'));
@ -1646,14 +1646,14 @@ if (empty($reshook)) {
setEventMessages($object->error, $object->errors, 'errors');
}
}
} elseif ($action == 'swapstatut') {
} elseif ($action == 'swapstatut' && $usercancreate) {
// bascule du statut d'un contact
if ($object->id > 0) {
$result = $object->swapContactStatus(GETPOSTINT('ligne'));
} else {
dol_print_error($db);
}
} elseif ($action == 'deletecontact') {
} elseif ($action == 'deletecontact' && $usercancreate) {
// Efface un contact
$result = $object->delete_contact($lineid);

4
htdocs/compta/bank/card.php
View File

@ -118,7 +118,7 @@ if (empty($reshook)) {
$action = '';
}
if ($action == 'add') {
if ($action == 'add' && $user->hasRight('banque', 'configurer')) {
$error = 0;
$db->begin();
@ -237,7 +237,7 @@ if (empty($reshook)) {
}
}
if ($action == 'update') {
if ($action == 'update' && $user->hasRight('banque', 'configurer')) {
$error = 0;
// Update account

2
htdocs/compta/bank/categ.php
View File

@ -77,7 +77,7 @@ if ($categid) {
$bankcateg->update($user);
}
//Delete category
if ($action == 'delete') {
if ($action == 'delete' && $user->hasRight('banque', 'configurer')) {
$bankcateg->delete($user);
}
}

14
htdocs/contact/card.php
View File

@ -178,7 +178,7 @@ if (empty($reshook)) {
// Confirmation deactivation
if ($action == 'disable' && !empty($permissiontoadd)) {
if ($action == 'disable' && $permissiontoadd) {
$object->fetch($id);
if ($object->setstatus(0) < 0) {
setEventMessages($object->error, $object->errors, 'errors');
@ -189,7 +189,7 @@ if (empty($reshook)) {
}
// Confirmation activation
if ($action == 'enable' && !empty($permissiontoadd)) {
if ($action == 'enable' && $permissiontoadd) {
$object->fetch($id);
if ($object->setstatus(1) < 0) {
setEventMessages($object->error, $object->errors, 'errors');
@ -200,7 +200,7 @@ if (empty($reshook)) {
}
// Add contact
if ($action == 'add' && !empty($permissiontoadd)) {
if ($action == 'add' && $permissiontoadd) {
$db->begin();
if ($canvas) {
@ -337,7 +337,7 @@ if (empty($reshook)) {
}
}
if ($action == 'update' && empty($cancel) && !empty($permissiontoadd)) {
if ($action == 'update' && empty($cancel) && $permissiontoadd) {
if (!GETPOST("lastname", 'alpha')) {
$error++;
$errors = array($langs->trans("ErrorFieldRequired", $langs->transnoentities("Name").' / '.$langs->transnoentities("Label")));
@ -482,7 +482,7 @@ if (empty($reshook)) {
}
}
if ($action == 'setprospectcontactlevel' && !empty($permissiontoadd)) {
if ($action == 'setprospectcontactlevel' && $permissiontoadd) {
$object->fetch($id);
$object->fk_prospectlevel = GETPOST('prospect_contact_level_id', 'alpha');
$result = $object->update($object->id, $user);
@ -492,7 +492,7 @@ if (empty($reshook)) {
}
// set communication status
if ($action == 'setstcomm' && !empty($permissiontoadd)) {
if ($action == 'setstcomm' && $permissiontoadd) {
$object->fetch($id);
$object->stcomm_id = dol_getIdFromCode($db, GETPOST('stcomm', 'alpha'), 'c_stcommcontact');
$result = $object->update($object->id, $user);
@ -502,7 +502,7 @@ if (empty($reshook)) {
}
// Update extrafields
if ($action == "update_extras" && !empty($permissiontoadd)) {
if ($action == "update_extras" && $permissiontoadd) {
$object->fetch(GETPOSTINT('id'));
$attributekey = GETPOST('attribute', 'alpha');

2
htdocs/product/card.php
View File

@ -202,7 +202,7 @@ if ($object->id > 0) {
}
// Permissions
$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'read')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'lire')));
$usercanread = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'lire')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'lire')));
$usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'creer')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'creer')));
$usercandelete = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'supprimer')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'supprimer')));

170
htdocs/product/class/product.class.php
View File

@ -5524,7 +5524,16 @@ class Product extends CommonObject
return ['optimize' => $langs->trans("ShowProduct")];
}
if (!empty($this->entity)) {
// Does user has permission to read product/service
$permissiontoreadproduct = 0;
if ($this->type == self::TYPE_PRODUCT && $user->hasRight('product', 'read')) {
$permissiontoreadproduct = 1;
}
if ($this->type == self::TYPE_SERVICE && $user->hasRight('service', 'read')) {
$permissiontoreadproduct = 1;
}
if (!empty($this->entity) && $permissiontoreadproduct) {
$tmpphoto = $this->show_photos('product', $conf->product->multidir_output[$this->entity], 1, 1, 0, 0, 0, 80, 0, 0, 0, 0, 1);
if ($this->nbphoto > 0) {
$datas['photo'] = '<div class="photointooltip floatright">'."\n" . $tmpphoto . '</div>';
@ -5546,90 +5555,93 @@ class Product extends CommonObject
if (!empty($this->label)) {
$datas['label'] = '<br><b>'.$langs->trans('ProductLabel').':</b> '.$this->label;
}
if (!empty($this->description)) {
$datas['description'] = '<br><b>'.$langs->trans('ProductDescription').':</b> '.dolGetFirstLineOfText($this->description, 5);
}
if ($this->isStockManaged()) {
if (isModEnabled('productbatch')) {
$langs->load("productbatch");
$datas['batchstatus'] = "<br><b>".$langs->trans("ManageLotSerial").'</b>: '.$this->getLibStatut(0, 2);
}
}
if (isModEnabled('barcode')) {
$datas['barcode'] = '<br><b>'.$langs->trans('BarCode').':</b> '.$this->barcode;
}
if ($this->isProduct()) {
if ($this->weight) {
$datas['weight'] = "<br><b>".$langs->trans("Weight").'</b>: '.$this->weight.' '.measuringUnitString(0, "weight", $this->weight_units);
if ($permissiontoreadproduct) {
if (!empty($this->description)) {
$datas['description'] = '<br><b>'.$langs->trans('ProductDescription').':</b> '.dolGetFirstLineOfText($this->description, 5);
}
$labelsize = "";
if ($this->length) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Length").'</b>: '.$this->length.' '.measuringUnitString(0, 'size', $this->length_units);
}
if ($this->width) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Width").'</b>: '.$this->width.' '.measuringUnitString(0, 'size', $this->width_units);
}
if ($this->height) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Height").'</b>: '.$this->height.' '.measuringUnitString(0, 'size', $this->height_units);
}
if ($labelsize) {
$datas['size'] = "<br>".$labelsize;
}
$labelsurfacevolume = "";
if ($this->surface) {
$labelsurfacevolume .= ($labelsurfacevolume ? " - " : "")."<b>".$langs->trans("Surface").'</b>: '.$this->surface.' '.measuringUnitString(0, 'surface', $this->surface_units);
}
if ($this->volume) {
$labelsurfacevolume .= ($labelsurfacevolume ? " - " : "")."<b>".$langs->trans("Volume").'</b>: '.$this->volume.' '.measuringUnitString(0, 'volume', $this->volume_units);
}
if ($labelsurfacevolume) {
$datas['surface'] = "<br>" . $labelsurfacevolume;
}
}
if ($this->isService() && !empty($this->duration_value)) {
// Duration
$datas['duration'] = '<br><b>'.$langs->trans("Duration").':</b> '.$this->duration_value;
if ($this->duration_value > 1) {
$dur = array("i" => $langs->trans("Minutes"), "h" => $langs->trans("Hours"), "d" => $langs->trans("Days"), "w" => $langs->trans("Weeks"), "m" => $langs->trans("Months"), "y" => $langs->trans("Years"));
} elseif ($this->duration_value > 0) {
$dur = array("i" => $langs->trans("Minute"), "h" => $langs->trans("Hour"), "d" => $langs->trans("Day"), "w" => $langs->trans("Week"), "m" => $langs->trans("Month"), "y" => $langs->trans("Year"));
}
$datas['duration'] .= (!empty($this->duration_unit) && isset($dur[$this->duration_unit]) ? "&nbsp;".$langs->trans($dur[$this->duration_unit]) : '');
}
if (empty($user->socid)) {
if (!empty($this->pmp) && $this->pmp) {
$datas['pmp'] = "<br><b>".$langs->trans("PMPValue").'</b>: '.price($this->pmp, 0, '', 1, -1, -1, $conf->currency);
}
if (isModEnabled('accounting')) {
if ($this->status && isset($this->accountancy_code_sell)) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
$selllabel = '<br>';
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellCode').':</b> '.length_accountg($this->accountancy_code_sell);
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellIntraCode').':</b> '.length_accountg($this->accountancy_code_sell_intra);
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellExportCode').':</b> '.length_accountg($this->accountancy_code_sell_export);
$datas['accountancysell'] = $selllabel;
if ($this->isStockManaged()) {
if (isModEnabled('productbatch')) {
$langs->load("productbatch");
$datas['batchstatus'] = "<br><b>".$langs->trans("ManageLotSerial").'</b>: '.$this->getLibStatut(0, 2);
}
if ($this->status_buy && isset($this->accountancy_code_buy)) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
$buylabel = '';
if (empty($this->status)) {
$buylabel .= '<br>';
}
if (isModEnabled('barcode')) {
$datas['barcode'] = '<br><b>'.$langs->trans('BarCode').':</b> '.$this->barcode;
}
if ($this->isProduct()) {
if ($this->weight) {
$datas['weight'] = "<br><b>".$langs->trans("Weight").'</b>: '.$this->weight.' '.measuringUnitString(0, "weight", $this->weight_units);
}
$labelsize = "";
if ($this->length) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Length").'</b>: '.$this->length.' '.measuringUnitString(0, 'size', $this->length_units);
}
if ($this->width) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Width").'</b>: '.$this->width.' '.measuringUnitString(0, 'size', $this->width_units);
}
if ($this->height) {
$labelsize .= ($labelsize ? " - " : "")."<b>".$langs->trans("Height").'</b>: '.$this->height.' '.measuringUnitString(0, 'size', $this->height_units);
}
if ($labelsize) {
$datas['size'] = "<br>".$labelsize;
}
$labelsurfacevolume = "";
if ($this->surface) {
$labelsurfacevolume .= ($labelsurfacevolume ? " - " : "")."<b>".$langs->trans("Surface").'</b>: '.$this->surface.' '.measuringUnitString(0, 'surface', $this->surface_units);
}
if ($this->volume) {
$labelsurfacevolume .= ($labelsurfacevolume ? " - " : "")."<b>".$langs->trans("Volume").'</b>: '.$this->volume.' '.measuringUnitString(0, 'volume', $this->volume_units);
}
if ($labelsurfacevolume) {
$datas['surface'] = "<br>" . $labelsurfacevolume;
}
}
if ($this->isService() && !empty($this->duration_value)) {
// Duration
$datas['duration'] = '<br><b>'.$langs->trans("Duration").':</b> '.$this->duration_value;
if ($this->duration_value > 1) {
$dur = array("i" => $langs->trans("Minutes"), "h" => $langs->trans("Hours"), "d" => $langs->trans("Days"), "w" => $langs->trans("Weeks"), "m" => $langs->trans("Months"), "y" => $langs->trans("Years"));
} elseif ($this->duration_value > 0) {
$dur = array("i" => $langs->trans("Minute"), "h" => $langs->trans("Hour"), "d" => $langs->trans("Day"), "w" => $langs->trans("Week"), "m" => $langs->trans("Month"), "y" => $langs->trans("Year"));
}
$datas['duration'] .= (!empty($this->duration_unit) && isset($dur[$this->duration_unit]) ? "&nbsp;".$langs->trans($dur[$this->duration_unit]) : '');
}
if (empty($user->socid)) {
if (!empty($this->pmp) && $this->pmp) {
$datas['pmp'] = "<br><b>".$langs->trans("PMPValue").'</b>: '.price($this->pmp, 0, '', 1, -1, -1, $conf->currency);
}
if (isModEnabled('accounting')) {
if ($this->status && isset($this->accountancy_code_sell)) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
$selllabel = '<br>';
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellCode').':</b> '.length_accountg($this->accountancy_code_sell);
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellIntraCode').':</b> '.length_accountg($this->accountancy_code_sell_intra);
$selllabel .= '<br><b>'.$langs->trans('ProductAccountancySellExportCode').':</b> '.length_accountg($this->accountancy_code_sell_export);
$datas['accountancysell'] = $selllabel;
}
if ($this->status_buy && isset($this->accountancy_code_buy)) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/accounting.lib.php';
$buylabel = '';
if (empty($this->status)) {
$buylabel .= '<br>';
}
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyCode').':</b> '.length_accountg($this->accountancy_code_buy);
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyIntraCode').':</b> '.length_accountg($this->accountancy_code_buy_intra);
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyExportCode').':</b> '.length_accountg($this->accountancy_code_buy_export);
$datas['accountancybuy'] = $buylabel;
}
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyCode').':</b> '.length_accountg($this->accountancy_code_buy);
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyIntraCode').':</b> '.length_accountg($this->accountancy_code_buy_intra);
$buylabel .= '<br><b>'.$langs->trans('ProductAccountancyBuyExportCode').':</b> '.length_accountg($this->accountancy_code_buy_export);
$datas['accountancybuy'] = $buylabel;
}
}
}
// show categories for this record only in ajax to not overload lists
if (isModEnabled('category') && !$nofetch) {
require_once DOL_DOCUMENT_ROOT . '/categories/class/categorie.class.php';
$form = new Form($this->db);
$datas['categories'] = '<br>' . $form->showCategories($this->id, Categorie::TYPE_PRODUCT, 1);
// show categories for this record only in ajax to not overload lists
if (isModEnabled('category') && !$nofetch) {
require_once DOL_DOCUMENT_ROOT . '/categories/class/categorie.class.php';
$form = new Form($this->db);
$datas['categories'] = '<br>' . $form->showCategories($this->id, Categorie::TYPE_PRODUCT, 1);
}
}
return $datas;

17
htdocs/product/stock/product.php
View File

@ -151,7 +151,7 @@ if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if ($action == 'setcost_price') {
if ($action == 'setcost_price' && $usercancreate) {
if ($id) {
$result = $object->fetch($id);
$object->cost_price = (float) price2num($cost_price);
@ -166,7 +166,7 @@ if ($action == 'setcost_price') {
}
}
if ($action == 'addlimitstockwarehouse' && $user->hasRight('produit', 'creer')) {
if ($action == 'addlimitstockwarehouse' && $usercancreate) {
$seuil_stock_alerte = GETPOST('seuil_stock_alerte');
$desiredstock = GETPOST('desiredstock');
@ -208,7 +208,7 @@ if ($action == 'addlimitstockwarehouse' && $user->hasRight('produit', 'creer'))
exit;
}
if ($action == 'delete_productstockwarehouse' && $user->hasRight('produit', 'creer')) {
if ($action == 'delete_productstockwarehouse' && $usercancreate) {
$pse = new ProductStockEntrepot($db);
$pse->fetch(GETPOSTINT('fk_productstockwarehouse'));
@ -220,7 +220,7 @@ if ($action == 'delete_productstockwarehouse' && $user->hasRight('produit', 'cre
}
// Set stock limit
if ($action == 'setseuil_stock_alerte' && $user->hasRight('produit', 'creer')) {
if ($action == 'setseuil_stock_alerte' && $usercancreate) {
$object = new Product($db);
$result = $object->fetch($id);
$object->seuil_stock_alerte = $stocklimit;
@ -234,7 +234,7 @@ if ($action == 'setseuil_stock_alerte' && $user->hasRight('produit', 'creer')) {
}
// Set desired stock
if ($action == 'setdesiredstock' && $user->hasRight('produit', 'creer')) {
if ($action == 'setdesiredstock' && $usercancreate) {
$object = new Product($db);
$result = $object->fetch($id);
$object->desiredstock = $desiredstock;
@ -247,7 +247,7 @@ if ($action == 'setdesiredstock' && $user->hasRight('produit', 'creer')) {
// Correct stock
if ($action == "correct_stock" && !$cancel) {
if ($action == "correct_stock" && !$cancel && $usercancreate) {
if (!(GETPOSTINT("id_entrepot") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Warehouse")), null, 'errors');
$error++;
@ -340,7 +340,7 @@ if ($action == "correct_stock" && !$cancel) {
}
// Transfer stock from a warehouse to another warehouse
if ($action == "transfert_stock" && !$cancel) {
if ($action == "transfert_stock" && !$cancel && $usercancreate) {
if (!(GETPOSTINT("id_entrepot") > 0) || !(GETPOSTINT("id_entrepot_destination") > 0)) {
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Warehouse")), null, 'errors');
$error++;
@ -498,7 +498,7 @@ if ($action == "transfert_stock" && !$cancel) {
}
// Update batch information
if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save")) {
if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save") && $usercancreate) {
$pdluo = new Productbatch($db);
$result = $pdluo->fetch(GETPOSTINT('pdluoid'));
@ -528,7 +528,6 @@ if ($action == 'updateline' && GETPOST('save') == $langs->trans("Save")) {
}
/*
* View
*/

18
htdocs/variants/combinations.php
View File

@ -114,11 +114,11 @@ if (!$object->isProduct() && !$object->isService()) {
header('Location: '.dol_buildpath('/product/card.php?id='.$object->id, 2));
exit();
}
if ($action == 'add') {
if ($action == 'add') { // Test on permission not required
unset($selectedvariant);
unset($_SESSION['addvariant_'.$object->id]);
}
if ($action == 'create' && GETPOST('selectvariant', 'alpha')) { // We click on select combination
if ($action == 'create' && GETPOST('selectvariant', 'alpha') && $usercancreate) { // We click on select combination
$action = 'add';
$attribute_id = GETPOSTINT('attribute');
$attribute_value_id = GETPOSTINT('value');
@ -128,7 +128,7 @@ if ($action == 'create' && GETPOST('selectvariant', 'alpha')) { // We click on s
$_SESSION['addvariant_'.$object->id] = $selectedvariant;
}
}
if ($action == 'create' && $subaction == 'delete') { // We click on select combination
if ($action == 'create' && $subaction == 'delete' && $usercancreate) { // We click on select combination
$action = 'add';
$feature = GETPOST('feature', 'intcomma');
if (isset($selectedvariant[$feature])) {
@ -143,12 +143,12 @@ $prodcomb2val = new ProductCombination2ValuePair($db);
$productCombination2ValuePairs1 = array();
if (($action == 'add' || $action == 'create') && empty($massaction) && !GETPOST('selectvariant', 'alpha') && empty($subaction)) { // We click on Create all defined combinations
if (($action == 'add' || $action == 'create') && $usercancreate && empty($massaction) && !GETPOST('selectvariant', 'alpha') && empty($subaction)) { // We click on Create all defined combinations
//$features = GETPOST('features', 'array');
$features = !empty($_SESSION['addvariant_'.$object->id]) ? $_SESSION['addvariant_'.$object->id] : array();
if (!$features) {
if ($action == 'create') {
if ($action == 'create') { // Test on permission already done
setEventMessages($langs->trans('ErrorFieldsRequired'), null, 'errors');
}
} else {
@ -272,7 +272,7 @@ if (($action == 'add' || $action == 'create') && empty($massaction) && !GETPOST(
$db->commit();
setEventMessages($langs->trans('RecordSaved'), null, 'mesgs');
}
} elseif ($action === 'update' && $combination_id > 0) {
} elseif ($action === 'update' && $combination_id > 0 && $usercancreate) {
if ($prodcomb->fetch($combination_id) < 0) {
dol_print_error($db, $langs->trans('ErrorRecordNotFound'));
exit();
@ -342,7 +342,7 @@ if (($action == 'add' || $action == 'create') && empty($massaction) && !GETPOST(
// Reload variants
$productCombinations = $prodcomb->fetchAllByFkProductParent($object->id, true);
if ($action === 'confirm_deletecombination') {
if ($action === 'confirm_deletecombination' && $usercancreate) {
if ($prodcomb->fetch($combination_id) > 0) {
$db->begin();
@ -357,7 +357,7 @@ if ($action === 'confirm_deletecombination') {
setEventMessages($langs->trans('ProductCombinationAlreadyUsed'), null, 'errors');
$action = '';
}
} elseif ($action === 'edit') {
} elseif ($action === 'edit' && $usercancreate) {
if ($prodcomb->fetch($combination_id) < 0) {
dol_print_error($db, $langs->trans('ErrorRecordNotFound'));
exit();
@ -371,7 +371,7 @@ if ($action === 'confirm_deletecombination') {
$price_impact_percent = $prodcomb->variation_price_percentage;
$productCombination2ValuePairs1 = $prodcomb2val->fetchByFkCombination($combination_id);
} elseif ($action === 'confirm_copycombination') {
} elseif ($action === 'confirm_copycombination' && $usercancreate) {
//Check destination product
$dest_product = GETPOST('dest_product');

14
htdocs/webservices/demo_wsclient_thirdparty.php-NORUN
View File

@ -61,7 +61,7 @@ $authentication=array(
// Test URL
if ($action=='get')
if ($action == 'get')
{
$parameters = array('authentication'=>$authentication,'id'=>1,'name'=>'','ref_ext'=>'');
dol_syslog("Call method ".$WS_METHOD_GETTHIRDSPARTY);
@ -78,7 +78,7 @@ if ($action=='get')
}
// Test URL
if ($action=='getList')
if ($action == 'getList')
{
$filterthirdparty=array('category'=>'3');
$parameters = array('authentication'=>$authentication,$filterthirdparty);
@ -96,7 +96,7 @@ if ($action=='getList')
}
// Test URL
if ($action=='create')
if ($action == 'create')
{
$newthirdparty=array(
'ref'=>'Test WS Create Client',
@ -109,7 +109,7 @@ if ($action=='create')
'zip'=>'75000',
'town'=>'Paris',
'country_id'=>'1',//France
'customer_code'=>'-1',//Generate code regarding module configuration
'customer_code'=>'-1',//Generate code regarding module configuration
'supplier_code'=>'0',
'phone'=>'0141414141',
'fax'=>'0121212121',
@ -127,8 +127,8 @@ if ($action=='create')
//,'options_attr1'=>'Attr1 balbal', //Extra field example where field code is attr1
//'options_attr2'=>'Attr2 balbal' //Extra field example where field code is attr2
);
$parameters = array('authentication'=>$authentication,'thirdparty'=>$newthirdparty);
dol_syslog("Call method ".$WS_METHOD_CREATETHIRDSPARTY);
$result = $soapclient->call($WS_METHOD_CREATETHIRDSPARTY,$parameters,$ns,'');
@ -144,7 +144,7 @@ if ($action=='create')
}
// Test URL
if ($action=='update')
if ($action == 'update')
{
$thirdparty=array(
'id'=>'1',

6
htdocs/website/index.php
View File

@ -140,7 +140,7 @@ if (GETPOST('createpagefromclone', 'alpha')) {
if (empty($action) && $file_manager) {
$action = 'file_manager';
}
if ($action == 'replacesite' || (empty($action) && $replacesite)) {
if ($action == 'replacesite' || (empty($action) && $replacesite)) { // Test on permission not required
$mode = 'replacesite';
}
if (GETPOST('refreshsite') || GETPOST('refreshsite_x') || GETPOST('refreshsite.x')) {
@ -333,7 +333,7 @@ if (GETPOST('optionsitefiles')) {
}
if (empty($sortfield)) {
if ($action == 'file_manager') {
if ($action == 'file_manager') { // Test on permission not required
$sortfield = 'name';
$sortorder = 'ASC';
} else {
@ -344,7 +344,7 @@ if (empty($sortfield)) {
$searchkey = GETPOST('searchstring', 'restricthtml');
if ($action == 'replacesite' || $mode == 'replacesite') {
if ($action == 'replacesite' || $mode == 'replacesite') { // Test on permission not required
$containertype = GETPOST('optioncontainertype', 'aZ09') != '-1' ? GETPOST('optioncontainertype', 'aZ09') : '';
$langcode = GETPOST('optionlanguage', 'aZ09');
$otherfilters = array();

2
htdocs/website/websiteaccount_card.php
View File

@ -143,7 +143,7 @@ if ($reshook < 0) {
if (empty($reshook)) {
$backurlforlist = dol_buildpath('/societe/website.php', 1).'?id='.$object->fk_soc;
if ($action == 'add' && !GETPOST('site')) {
if ($action == 'add' && !GETPOST('site')) { // Test on permission not required
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Website")), null, 'errors');
$action = 'create';
}

4
htdocs/workstation/class/workstation.class.php
View File

@ -236,7 +236,7 @@ class Workstation extends CommonObject
$id = $this->createCommon($user, $notrigger);
// Usergroups
$groups = GETPOST('groups', 'array:int');
$groups = GETPOST('groups', 'array:int'); // FIXME We should not GETPOST but receive array as parameter
if (empty($groups)) {
$groups = $this->usergroups; // createFromClone
}
@ -251,7 +251,7 @@ class Workstation extends CommonObject
}
// Resources
$resources = GETPOST('resources', 'array:int');
$resources = GETPOST('resources', 'array:int'); // FIXME We should not GETPOST but receive array as parameter
if (empty($resources)) {
$resources = $this->resources; // createFromClone
}

40
test/phpunit/CodingPhpTest.php
View File

@ -129,10 +129,10 @@ class CodingPhpTest extends CommonClassTest
{
$this->nbLinesToShow = 1;
//print 'Check php file '.$file['relativename']."\n";
$filecontent = file_get_contents($file['fullname']);
$filecontentorigin = file_get_contents($file['fullname']);
// We are not interested in the comments
$filecontent = $this->removePhpComments(file_get_contents($file['fullname']));
$filecontent = $this->removePhpComments($filecontentorigin);
// File path for reports
$report_filepath = "htdocs/{$file['relativename']}";
@ -627,6 +627,42 @@ class CodingPhpTest extends CommonClassTest
break;
}
$this->assertTrue($ok, 'Found a CURDATE\(\) in code. Do not use this SQL method in file '.$file['relativename'].'. You must use the PHP function dol_now() instead.');
// Test we don't have if ($action == 'xxx'... without test on permission
// We do not test on file into admin, protection is done on page on user->admin
if (!preg_match('/admin\//', $file['fullname'])
&& !preg_match('/\.tpl\.php/', $file['fullname'])
&& !preg_match('/\.lib\.php/', $file['fullname'])
&& !preg_match('/\.inc\.php/', $file['fullname'])
&& !preg_match('/\.class\.php/', $file['fullname'])
&& !preg_match('/NORUN$/', $file['fullname'])) {
$ok = true;
$matches = array();
// Get to part of string to use for analysis
$reg = array();
if (preg_match('/\*\s+Action(.*)\*\s+View/ims', $filecontentorigin, $reg)) {
$filecontentaction = $reg[1];
} else {
$filecontentaction = $filecontent;
}
preg_match_all('/if\s*\(\s*\$action\s*==\s*[\'"][a-z]+[\'"].*/', $filecontentaction, $matches, PREG_SET_ORDER);
foreach ($matches as $key => $val) {
if (!preg_match('/\$user->hasR/', $val[0])
&& !preg_match('/\$permission/', $val[0])
&& !preg_match('/\$usercan/', $val[0])
&& !preg_match('/\$canedit/', $val[0])
&& !preg_match('/already done/i', $val[0])
&& !preg_match('/not required/i', $val[0])) {
$ok = false;
print "Line: ".$val[0]."\n";
break;
}
}
$this->assertTrue($ok, 'Found a test on action without check on permission and without comment to say this is expected, in file '.$file['relativename'].'.');
}
}