mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix: best compatibility with multicompany and others security issue
This commit is contained in:
Regis Houssin
parent
215b24df54
commit
25686e82c9
|
|
@ -1,9 +1,9 @@
|
|||
<?php
|
||||
/* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2012-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2014 Ferran Marcet <fmarcet@2byte.es>
|
||||
/* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2012-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012-2016 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2013 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2014 Ferran Marcet <fmarcet@2byte.es>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -91,23 +91,23 @@ if ($action == 'create')
|
|||
$error++;
|
||||
$action='create';
|
||||
}
|
||||
|
||||
|
||||
// If no start date
|
||||
if (empty($date_debut))
|
||||
{
|
||||
header('Location: card.php?action=request&error=nodatedebut');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=nodatedebut');
|
||||
exit;
|
||||
}
|
||||
// If no end date
|
||||
if (empty($date_fin))
|
||||
{
|
||||
header('Location: card.php?action=request&error=nodatefin');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=nodatefin');
|
||||
exit;
|
||||
}
|
||||
// If start date after end date
|
||||
if ($date_debut > $date_fin)
|
||||
{
|
||||
header('Location: card.php?action=request&error=datefin');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=datefin');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -115,15 +115,15 @@ if ($action == 'create')
|
|||
$verifCP = $cp->verifDateHolidayCP($userID, $date_debut, $date_fin, $halfday);
|
||||
if (! $verifCP)
|
||||
{
|
||||
header('Location: card.php?action=request&error=alreadyCP');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=alreadyCP');
|
||||
exit;
|
||||
}
|
||||
|
||||
// If there is no Business Days within request
|
||||
// If there is no Business Days within request
|
||||
$nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
|
||||
if($nbopenedday < 0.5)
|
||||
{
|
||||
header('Location: card.php?action=request&error=DureeHoliday');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=DureeHoliday');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -137,7 +137,7 @@ if ($action == 'create')
|
|||
$result = 0;
|
||||
|
||||
$result = 0;
|
||||
|
||||
|
||||
if (! $error)
|
||||
{
|
||||
$cp->fk_user = $userid;
|
||||
|
|
@ -147,16 +147,16 @@ if ($action == 'create')
|
|||
$cp->fk_validator = $valideur;
|
||||
$cp->halfday = $halfday;
|
||||
$cp->fk_type = $type;
|
||||
|
||||
|
||||
$result = $cp->create($user);
|
||||
}
|
||||
|
||||
|
||||
// If no SQL error we redirect to the request card
|
||||
if (! $error && $result > 0)
|
||||
{
|
||||
$db->commit();
|
||||
|
||||
header('Location: card.php?id='.$result);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
|
|
@ -179,15 +179,15 @@ if ($action == 'update')
|
|||
else if ($starthalfday == 'afternoon') $halfday=-1;
|
||||
else if ($endhalfday == 'morning') $halfday=1;
|
||||
|
||||
// If no right to modify a request
|
||||
// If no right to modify a request
|
||||
if (! $user->rights->holiday->write)
|
||||
{
|
||||
header('Location: card.php?action=request&error=CantUpdate');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?action=request&error=CantUpdate');
|
||||
exit;
|
||||
}
|
||||
|
||||
$cp = new Holiday($db);
|
||||
$cp->fetch($_POST['holiday_id']);
|
||||
$cp->fetch($id);
|
||||
|
||||
$canedit=(($user->id == $cp->fk_user && $user->rights->holiday->write) || ($user->id != $cp->fk_user && $user->rights->holiday->write_all));
|
||||
|
||||
|
|
@ -202,25 +202,25 @@ if ($action == 'update')
|
|||
|
||||
// If no start date
|
||||
if (empty($_POST['date_debut_'])) {
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=nodatedebut');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=nodatedebut');
|
||||
exit;
|
||||
}
|
||||
|
||||
// If no end date
|
||||
if (empty($_POST['date_fin_'])) {
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=nodatefin');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=nodatefin');
|
||||
exit;
|
||||
}
|
||||
|
||||
// If start date after end date
|
||||
if ($date_debut > $date_fin) {
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=datefin');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=datefin');
|
||||
exit;
|
||||
}
|
||||
|
||||
// If no validator designated
|
||||
if ($valideur < 1) {
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=Valideur');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=Valideur');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -228,7 +228,7 @@ if ($action == 'update')
|
|||
$nbopenedday=num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
|
||||
if ($nbopenedday < 0.5)
|
||||
{
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=DureeHoliday');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=DureeHoliday');
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -242,18 +242,18 @@ if ($action == 'update')
|
|||
$verif = $cp->update($user->id);
|
||||
if ($verif > 0)
|
||||
{
|
||||
header('Location: card.php?id='.$_POST['holiday_id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Otherwise we display the request form with the SQL error message
|
||||
header('Location: card.php?id='.$_POST['holiday_id'].'&action=edit&error=SQL_Create&msg='.$cp->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit&error=SQL_Create&msg='.$cp->error);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
header('Location: card.php?id='.$_POST['holiday_id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
@ -276,7 +276,7 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
|
|||
// Si l'utilisateur à le droit de lire cette demande, il peut la supprimer
|
||||
if ($canedit)
|
||||
{
|
||||
$result=$cp->delete($id);
|
||||
$result=$cp->delete($cp->id);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -303,7 +303,7 @@ if ($action == 'confirm_send')
|
|||
$cp->fetch($id);
|
||||
|
||||
$canedit=(($user->id == $cp->fk_user && $user->rights->holiday->write) || ($user->id != $cp->fk_user && $user->rights->holiday->write_all));
|
||||
|
||||
|
||||
// Si brouillon et créateur
|
||||
if($cp->statut == 1 && $canedit)
|
||||
{
|
||||
|
|
@ -321,7 +321,7 @@ if ($action == 'confirm_send')
|
|||
|
||||
if (!$emailTo)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -370,7 +370,7 @@ if ($action == 'confirm_send')
|
|||
$message.= "\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Name")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Period")." : ".dol_print_date($cp->date_debut,'day')." ".$langs->transnoentitiesnoconv("To")." ".dol_print_date($cp->date_fin,'day')."\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->rowid."\n\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->id."\n\n";
|
||||
$message.= "\n";
|
||||
|
||||
$mail = new CMailFile($subject,$emailTo,$emailFrom,$message);
|
||||
|
|
@ -380,16 +380,16 @@ if ($action == 'confirm_send')
|
|||
|
||||
if (!$result)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=mail&error_content='.$mail->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=mail&error_content='.$mail->error);
|
||||
exit;
|
||||
}
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Sinon on affiche le formulaire de demande avec le message d'erreur SQL
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=SQL_Create&msg='.$cp->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=SQL_Create&msg='.$cp->error);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
@ -433,7 +433,7 @@ if ($action == 'confirm_valid')
|
|||
|
||||
if (!$emailTo)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -455,7 +455,7 @@ if ($action == 'confirm_valid')
|
|||
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("ValidatedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
|
||||
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->rowid."\n\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->id."\n\n";
|
||||
$message.= "\n";
|
||||
|
||||
$mail = new CMailFile($subject,$emailTo,$emailFrom,$message);
|
||||
|
|
@ -464,15 +464,15 @@ if ($action == 'confirm_valid')
|
|||
$result=$mail->sendfile();
|
||||
|
||||
if(!$result) {
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=mail&error_content='.$mail->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=mail&error_content='.$mail->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
} else {
|
||||
// Sinon on affiche le formulaire de demande avec le message d'erreur SQL
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=SQL_Create&msg='.$cp->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=SQL_Create&msg='.$cp->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -485,7 +485,7 @@ if ($action == 'confirm_refuse')
|
|||
if (! empty($_POST['detail_refuse']))
|
||||
{
|
||||
$cp = new Holiday($db);
|
||||
$cp->fetch($_GET['id']);
|
||||
$cp->fetch($id);
|
||||
|
||||
// Si statut en attente de validation et valideur = utilisateur
|
||||
if ($cp->statut == 2 && $user->id == $cp->fk_validator)
|
||||
|
|
@ -507,7 +507,7 @@ if ($action == 'confirm_refuse')
|
|||
|
||||
if (!$emailTo)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -530,7 +530,7 @@ if ($action == 'confirm_refuse')
|
|||
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
|
||||
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->rowid."\n\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->id."\n\n";
|
||||
$message.= "\n";
|
||||
|
||||
$mail = new CMailFile($subject,$emailTo,$emailFrom,$message);
|
||||
|
|
@ -539,22 +539,22 @@ if ($action == 'confirm_refuse')
|
|||
$result=$mail->sendfile();
|
||||
|
||||
if(!$result) {
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=mail&error_content='.$mail->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=mail&error_content='.$mail->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
} else {
|
||||
// Sinon on affiche le formulaire de demande avec le message d'erreur SQL
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=SQL_Create&msg='.$cp->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=SQL_Create&msg='.$cp->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=NoMotifRefuse');
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=NoMotifRefuse');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
|
@ -563,7 +563,7 @@ if ($action == 'confirm_refuse')
|
|||
if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
|
||||
{
|
||||
$cp = new Holiday($db);
|
||||
$cp->fetch($_GET['id']);
|
||||
$cp->fetch($id);
|
||||
|
||||
// Si statut en attente de validation et valideur = utilisateur
|
||||
if (($cp->statut == 2 || $cp->statut == 3) && ($user->id == $cp->fk_validator || $user->id == $cp->fk_user))
|
||||
|
|
@ -616,7 +616,7 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
|
|||
|
||||
if (!$emailTo)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -638,7 +638,7 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
|
|||
$message.= $langs->transnoentities("HolidaysCanceledBody", dol_print_date($cp->date_debut,'day'), dol_print_date($cp->date_fin,'day'))."\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("ModifiedBy")." : ".dolGetFirstLastname($expediteur->firstname, $expediteur->lastname)."\n";
|
||||
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->rowid."\n\n";
|
||||
$message.= "- ".$langs->transnoentitiesnoconv("Link")." : ".$dolibarr_main_url_root."/holiday/card.php?id=".$cp->id."\n\n";
|
||||
$message.= "\n";
|
||||
|
||||
$mail = new CMailFile($subject,$emailTo,$emailFrom,$message);
|
||||
|
|
@ -648,17 +648,17 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
|
|||
|
||||
if(!$result)
|
||||
{
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=mail&error_content='.$mail->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=mail&error_content='.$mail->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
header('Location: card.php?id='.$_GET['id']);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id);
|
||||
exit;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Sinon on affiche le formulaire de demande avec le message d'erreur SQL
|
||||
header('Location: card.php?id='.$_GET['id'].'&error=SQL_Create&msg='.$cp->error);
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&error=SQL_Create&msg='.$cp->error);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
|
@ -852,13 +852,8 @@ if (empty($id) || $action == 'add' || $action == 'request' || $action == 'create
|
|||
// Approved by
|
||||
print '<tr>';
|
||||
print '<td class="fieldrequired">'.$langs->trans("ReviewedByCP").'</td>';
|
||||
$validator = new UserGroup($db);
|
||||
$excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
|
||||
$valideurobjects = $validator->listUsersForGroup($excludefilter);
|
||||
$valideurarray = array();
|
||||
foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
|
||||
print '<td>';
|
||||
print $form->select_dolusers((GETPOST('valideur')>0?GETPOST('valideur'):$user->fk_user), "valideur", 1, "", 0, $valideurarray, 0, 0, 0, 0, '', 0, '', '', 1); // By default, hierarchical parent
|
||||
print $form->select_dolusers((GETPOST('valideur')>0?GETPOST('valideur'):$user->fk_user), "valideur", 1, ($user->admin ? '' : array($user->id)), 0, '', 0, 0, 0, 0, '', 0, '', '', 1); // By default, hierarchical parent
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
|
||||
|
|
@ -952,35 +947,35 @@ else
|
|||
{
|
||||
if ($action == 'delete')
|
||||
{
|
||||
if($user->rights->holiday->delete)
|
||||
if ($user->rights->holiday->delete)
|
||||
{
|
||||
print $form->formconfirm("card.php?id=".$id,$langs->trans("TitleDeleteCP"),$langs->trans("ConfirmDeleteCP"),"confirm_delete", '', 0, 1);
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$cp->id,$langs->trans("TitleDeleteCP"),$langs->trans("ConfirmDeleteCP"),"confirm_delete", '', 0, 1);
|
||||
}
|
||||
}
|
||||
|
||||
// Si envoi en validation
|
||||
if ($action == 'sendToValidate' && $cp->statut == 1)
|
||||
{
|
||||
print $form->formconfirm("card.php?id=".$id,$langs->trans("TitleToValidCP"),$langs->trans("ConfirmToValidCP"),"confirm_send", '', 1, 1);
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$cp->id,$langs->trans("TitleToValidCP"),$langs->trans("ConfirmToValidCP"),"confirm_send", '', 1, 1);
|
||||
}
|
||||
|
||||
// Si validation de la demande
|
||||
if ($action == 'valid')
|
||||
{
|
||||
print $form->formconfirm("card.php?id=".$id,$langs->trans("TitleValidCP"),$langs->trans("ConfirmValidCP"),"confirm_valid", '', 1, 1);
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$cp->id,$langs->trans("TitleValidCP"),$langs->trans("ConfirmValidCP"),"confirm_valid", '', 1, 1);
|
||||
}
|
||||
|
||||
// Si refus de la demande
|
||||
if ($action == 'refuse')
|
||||
{
|
||||
$array_input = array(array('type'=>"text",'label'=> $langs->trans('DetailRefusCP'),'name'=>"detail_refuse",'size'=>"50",'value'=>""));
|
||||
print $form->formconfirm("card.php?id=".$id."&action=confirm_refuse", $langs->trans("TitleRefuseCP"), $langs->trans('ConfirmRefuseCP'), "confirm_refuse", $array_input, 1, 0);
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$cp->id."&action=confirm_refuse", $langs->trans("TitleRefuseCP"), $langs->trans('ConfirmRefuseCP'), "confirm_refuse", $array_input, 1, 0);
|
||||
}
|
||||
|
||||
// Si annulation de la demande
|
||||
if ($action == 'cancel')
|
||||
{
|
||||
print $form->formconfirm("card.php?id=".$id,$langs->trans("TitleCancelCP"),$langs->trans("ConfirmCancelCP"),"confirm_cancel", '', 1, 1);
|
||||
print $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$cp->id,$langs->trans("TitleCancelCP"),$langs->trans("ConfirmCancelCP"),"confirm_cancel", '', 1, 1);
|
||||
}
|
||||
|
||||
$head=holiday_prepare_head($cp);
|
||||
|
|
@ -989,13 +984,13 @@ else
|
|||
if ($action == 'edit' && $cp->statut == 1)
|
||||
{
|
||||
$edit = true;
|
||||
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$id.'">'."\n";
|
||||
print '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$cp->id.'">'."\n";
|
||||
print '<input type="hidden" name="action" value="update"/>'."\n";
|
||||
print '<input type="hidden" name="holiday_id" value="'.$id.'" />'."\n";
|
||||
print '<input type="hidden" name="id" value="'.$cp->id.'" />'."\n";
|
||||
}
|
||||
|
||||
dol_fiche_head($head,'card',$langs->trans("CPTitreMenu"),0,'holiday');
|
||||
|
||||
|
||||
print '<table class="border" width="100%">';
|
||||
print '<tbody>';
|
||||
|
||||
|
|
@ -1132,15 +1127,8 @@ else
|
|||
} else {
|
||||
print '<tr>';
|
||||
print '<td width="50%">'.$langs->trans('ReviewedByCP').'</td>';
|
||||
|
||||
$validator = new UserGroup($db);
|
||||
$excludefilter=$user->admin?'':'u.rowid <> '.$user->id;
|
||||
$valideurobjects = $validator->listUsersForGroup($excludefilter);
|
||||
$valideurarray = array();
|
||||
foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
|
||||
|
||||
print '<td>';
|
||||
print $form->select_dolusers($user->fk_user, "valideur", 1, "", 0, $valideurarray); // By default, hierarchical parent
|
||||
print $form->select_dolusers($cp->fk_user, "valideur", 1, ($user->admin ? '' : array($user->id))); // By default, hierarchical parent
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
}
|
||||
|
|
@ -1149,19 +1137,19 @@ else
|
|||
print '<td>'.$langs->trans('DateCreateCP').'</td>';
|
||||
print '<td>'.dol_print_date($cp->date_create,'dayhour').'</td>';
|
||||
print '</tr>';
|
||||
if($cp->statut == 3) {
|
||||
if ($cp->statut == 3) {
|
||||
print '<tr>';
|
||||
print '<td>'.$langs->trans('DateValidCP').'</td>';
|
||||
print '<td>'.dol_print_date($cp->date_valid,'dayhour').'</td>';
|
||||
print '</tr>';
|
||||
}
|
||||
if($cp->statut == 4) {
|
||||
if ($cp->statut == 4) {
|
||||
print '<tr>';
|
||||
print '<td>'.$langs->trans('DateCancelCP').'</td>';
|
||||
print '<td>'.dol_print_date($cp->date_cancel,'dayhour').'</td>';
|
||||
print '</tr>';
|
||||
}
|
||||
if($cp->statut == 5) {
|
||||
if ($cp->statut == 5) {
|
||||
print '<tr>';
|
||||
print '<td>'.$langs->trans('DateRefusCP').'</td>';
|
||||
print '<td>'.dol_print_date($cp->date_refuse,'dayhour').'</td>';
|
||||
|
|
@ -1171,7 +1159,7 @@ else
|
|||
print '</table>';
|
||||
|
||||
dol_fiche_end();
|
||||
|
||||
|
||||
if ($action == 'edit' && $cp->statut == 1)
|
||||
{
|
||||
print '<div align="center">';
|
||||
|
|
@ -1192,26 +1180,26 @@ else
|
|||
// Boutons d'actions
|
||||
if ($canedit && $cp->statut == 1)
|
||||
{
|
||||
print '<a href="card.php?id='.$_GET['id'].'&action=edit" class="butAction">'.$langs->trans("EditCP").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=edit" class="butAction">'.$langs->trans("EditCP").'</a>';
|
||||
}
|
||||
if ($canedit && $cp->statut == 1)
|
||||
{
|
||||
print '<a href="card.php?id='.$_GET['id'].'&action=sendToValidate" class="butAction">'.$langs->trans("Validate").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=sendToValidate" class="butAction">'.$langs->trans("Validate").'</a>';
|
||||
}
|
||||
if ($user->rights->holiday->delete && $cp->statut == 1) // If draft
|
||||
{
|
||||
print '<a href="card.php?id='.$_GET['id'].'&action=delete" class="butActionDelete">'.$langs->trans("DeleteCP").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=delete" class="butActionDelete">'.$langs->trans("DeleteCP").'</a>';
|
||||
}
|
||||
|
||||
if ($user->id == $cp->fk_validator && $cp->statut == 2)
|
||||
{
|
||||
print '<a href="card.php?id='.$_GET['id'].'&action=valid" class="butAction">'.$langs->trans("Approve").'</a>';
|
||||
print '<a href="card.php?id='.$_GET['id'].'&action=refuse" class="butAction">'.$langs->trans("ActionRefuseCP").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=valid" class="butAction">'.$langs->trans("Approve").'</a>';
|
||||
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=refuse" class="butAction">'.$langs->trans("ActionRefuseCP").'</a>';
|
||||
}
|
||||
|
||||
if (($user->id == $cp->fk_validator || $user->id == $cp->fk_user) && ($cp->statut == 2 || $cp->statut == 3)) // Status validated or approved
|
||||
{
|
||||
if (($cp->date_debut > dol_now()) || $user->admin) print '<a href="card.php?id='.$_GET['id'].'&action=cancel" class="butAction">'.$langs->trans("ActionCancelCP").'</a>';
|
||||
if (($cp->date_debut > dol_now()) || $user->admin) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$cp->id.'&action=cancel" class="butAction">'.$langs->trans("ActionCancelCP").'</a>';
|
||||
else print '<a href="#" class="butActionRefused" title="'.$langs->trans("HolidayStarted").'">'.$langs->trans("ActionCancelCP").'</a>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
<?php
|
||||
/* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2012-2014 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
|
||||
/* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2012-2014 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012-2016 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2013 Florian Henry <florian.henry@open-concept.pro>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -35,7 +35,7 @@ class Holiday extends CommonObject
|
|||
public $table_element='holiday';
|
||||
protected $isnolinkedbythird = 1; // No field fk_soc
|
||||
protected $ismultientitymanaged = 0; // 0=No test on entity, 1=Test with field entity, 2=Test with link by societe
|
||||
|
||||
|
||||
/**
|
||||
* @deprecated
|
||||
* @see id
|
||||
|
|
@ -161,7 +161,7 @@ class Holiday extends CommonObject
|
|||
|
||||
if (! $error)
|
||||
{
|
||||
$this->rowid = $this->db->last_insert_id(MAIN_DB_PREFIX."holiday");
|
||||
$this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."holiday");
|
||||
}
|
||||
|
||||
// Commit or rollback
|
||||
|
|
@ -178,7 +178,7 @@ class Holiday extends CommonObject
|
|||
else
|
||||
{
|
||||
$this->db->commit();
|
||||
return $this->rowid;
|
||||
return $this->id;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -301,7 +301,8 @@ class Holiday extends CommonObject
|
|||
$sql.= " ua.firstname as validator_firstname";
|
||||
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."holiday as cp, ".MAIN_DB_PREFIX."user as uu, ".MAIN_DB_PREFIX."user as ua";
|
||||
$sql.= " WHERE cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau
|
||||
$sql.= " WHERE cp.entity IN (".getEntity('holiday', 1).")";
|
||||
$sql.= " AND cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau
|
||||
$sql.= " AND cp.fk_user = '".$user_id."'";
|
||||
|
||||
// Filtre de séléction
|
||||
|
|
@ -413,7 +414,8 @@ class Holiday extends CommonObject
|
|||
$sql.= " ua.firstname as validator_firstname";
|
||||
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."holiday as cp, ".MAIN_DB_PREFIX."user as uu, ".MAIN_DB_PREFIX."user as ua";
|
||||
$sql.= " WHERE cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau
|
||||
$sql.= " WHERE cp.entity IN (".getEntity('holiday', 1).")";
|
||||
$sql.= " AND cp.fk_user = uu.rowid AND cp.fk_validator = ua.rowid "; // Hack pour la recherche sur le tableau
|
||||
|
||||
// Filtrage de séléction
|
||||
if(!empty($filter)) {
|
||||
|
|
@ -560,7 +562,7 @@ class Holiday extends CommonObject
|
|||
$sql.= " detail_refuse = NULL";
|
||||
}
|
||||
|
||||
$sql.= " WHERE rowid= '".$this->rowid."'";
|
||||
$sql.= " WHERE rowid= '".$this->id."'";
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
|
@ -607,7 +609,7 @@ class Holiday extends CommonObject
|
|||
$error=0;
|
||||
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."holiday";
|
||||
$sql.= " WHERE rowid=".$this->rowid;
|
||||
$sql.= " WHERE rowid=".$this->id;
|
||||
|
||||
$this->db->begin();
|
||||
|
||||
|
|
@ -1112,16 +1114,29 @@ class Holiday extends CommonObject
|
|||
*/
|
||||
function fetchUsers($stringlist=true,$type=true)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
// Si vrai donc pour user Dolibarr
|
||||
if ($stringlist)
|
||||
{
|
||||
if($type)
|
||||
if ($type)
|
||||
{
|
||||
// Si utilisateur de Dolibarr
|
||||
|
||||
$sql = "SELECT u.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
|
||||
$sql.= " WHERE statut > 0";
|
||||
|
||||
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
|
||||
{
|
||||
$sql.= ", ".MAIN_DB_PREFIX."usergroup_user as ug";
|
||||
$sql.= " WHERE (ug.fk_user = u.rowid";
|
||||
$sql.= " AND ug.entity = ".$conf->entity.")";
|
||||
$sql.= " OR u.admin = 1";
|
||||
}
|
||||
else
|
||||
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
|
||||
|
||||
$sql.= " AND u.statut > 0";
|
||||
|
||||
dol_syslog(get_class($this)."::fetchUsers", LOG_DEBUG);
|
||||
$resql=$this->db->query($sql);
|
||||
|
|
@ -1138,7 +1153,7 @@ class Holiday extends CommonObject
|
|||
{
|
||||
$obj = $this->db->fetch_object($resql);
|
||||
|
||||
if($i == 0) {
|
||||
if ($i == 0) {
|
||||
$stringlist.= $obj->rowid;
|
||||
} else {
|
||||
$stringlist.= ', '.$obj->rowid;
|
||||
|
|
@ -1158,7 +1173,7 @@ class Holiday extends CommonObject
|
|||
|
||||
}
|
||||
else
|
||||
{
|
||||
{
|
||||
// We want only list of user id
|
||||
$sql = "SELECT DISTINCT cpu.fk_user";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."holiday_users as cpu";
|
||||
|
|
@ -1199,14 +1214,25 @@ class Holiday extends CommonObject
|
|||
|
||||
}
|
||||
else
|
||||
{ // Si faux donc user Congés Payés
|
||||
{ // Si faux donc user Congés Payés
|
||||
|
||||
// List for Dolibarr users
|
||||
if ($type)
|
||||
{
|
||||
$sql = "SELECT u.rowid, u.lastname, u.firstname";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
|
||||
$sql.= " WHERE statut > 0";
|
||||
|
||||
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
|
||||
{
|
||||
$sql.= ", ".MAIN_DB_PREFIX."usergroup_user as ug";
|
||||
$sql.= " WHERE (ug.fk_user = u.rowid";
|
||||
$sql.= " AND ug.entity = ".$conf->entity.")";
|
||||
$sql.= " OR u.admin = 1";
|
||||
}
|
||||
else
|
||||
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
|
||||
|
||||
$sql.= " AND u.statut > 0";
|
||||
|
||||
dol_syslog(get_class($this)."::fetchUsers", LOG_DEBUG);
|
||||
$resql=$this->db->query($sql);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
<?php
|
||||
/* Copyright (C) 2007-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2013 Marcos García <marcosgdf@gmail.com>
|
||||
/* Copyright (C) 2007-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2013 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2016 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -132,7 +133,7 @@ elseif($action == 'add_event')
|
|||
$new_holiday = $nb_holiday + $add_holiday;
|
||||
|
||||
// add event to existing types of vacation
|
||||
foreach ($typeleaves as $key => $leave)
|
||||
foreach ($typeleaves as $key => $leave)
|
||||
{
|
||||
$vacationTypeID = $leave['rowid'];
|
||||
|
||||
|
|
@ -160,7 +161,7 @@ print load_fiche_titre($langs->trans('MenuConfCP'), '', 'title_hrm.png');
|
|||
|
||||
print '<div class="info">'.$langs->trans('LastUpdateCP').': '."\n";
|
||||
$lastUpdate = $holiday->getConfCP('lastUpdate');
|
||||
if ($lastUpdate)
|
||||
if ($lastUpdate)
|
||||
{
|
||||
$monthLastUpdate = $lastUpdate[4].$lastUpdate[5];
|
||||
$yearLastUpdate = $lastUpdate[0].$lastUpdate[1].$lastUpdate[2].$lastUpdate[3];
|
||||
|
|
@ -215,7 +216,7 @@ else
|
|||
{
|
||||
print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">'."\n";
|
||||
print '<input type="hidden" name="action" value="update" />';
|
||||
|
||||
|
||||
print '<table class="noborder" width="100%;">';
|
||||
print "<tr class=\"liste_titre\">";
|
||||
print '<td width="55%">'.$langs->trans('Employee').'</td>';
|
||||
|
|
@ -233,12 +234,12 @@ else
|
|||
print '<td width="20%" style="text-align:center">'.$langs->trans('Note').'</td>';
|
||||
print '<td></td>';
|
||||
print '</tr>';
|
||||
|
||||
|
||||
|
||||
|
||||
foreach($listUsers as $users)
|
||||
{
|
||||
$var=!$var;
|
||||
|
||||
|
||||
print '<tr '.$bc[$var].' style="height: 20px;">';
|
||||
print '<td>';
|
||||
$userstatic->id=$users['rowid'];
|
||||
|
|
@ -246,7 +247,7 @@ else
|
|||
$userstatic->firstname=$users['firstname'];
|
||||
print $userstatic->getNomUrl(1);
|
||||
print '</td>';
|
||||
|
||||
|
||||
if (count($typeleaves))
|
||||
{
|
||||
foreach($typeleaves as $key => $val)
|
||||
|
|
@ -261,17 +262,17 @@ else
|
|||
}
|
||||
else
|
||||
{
|
||||
print '<td></td>';
|
||||
print '<td></td>';
|
||||
}
|
||||
print '<td style="text-align:center"><input type="text" value="" name="note_holiday['.$users['rowid'].']" size="30"/></td>';
|
||||
print '<td><input type="submit" name="update_cp['.$users['rowid'].']" value="'.dol_escape_htmltag($langs->trans("Update")).'" class="button"/></td>'."\n";
|
||||
print '</tr>';
|
||||
|
||||
|
||||
$i++;
|
||||
}
|
||||
|
||||
|
||||
print '</table>';
|
||||
|
||||
|
||||
print '</form>';
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/* Copyright (C) 2011 Dimitri Mouillard <dmouillard@teclib.com>
|
||||
* Copyright (C) 2013-2015 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2012-2016 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -232,16 +232,16 @@ if ($id > 0)
|
|||
$title = $langs->trans("User");
|
||||
$linkback = '<a href="'.DOL_URL_ROOT.'/user/index.php">'.$langs->trans("BackToList").'</a>';
|
||||
$head = user_prepare_head($fuser);
|
||||
|
||||
|
||||
dol_fiche_head($head, 'paidholidays', $title, 0, 'user');
|
||||
|
||||
dol_banner_tab($fuser,'id',$linkback,$user->rights->user->user->lire || $user->admin);
|
||||
|
||||
|
||||
|
||||
|
||||
print '<div class="underbanner clearboth"></div>';
|
||||
|
||||
|
||||
print '<br>';
|
||||
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -283,7 +283,7 @@ if ($sall)
|
|||
foreach($fieldstosearchall as $key => $val) $fieldstosearchall[$key]=$langs->trans($val);
|
||||
print $langs->trans("FilterOnInto", $sall) . join(', ',$fieldstosearchall);
|
||||
}
|
||||
|
||||
|
||||
print '<table class="noborder" width="100%;">';
|
||||
print "<tr class=\"liste_titre\">";
|
||||
print_liste_field_titre($langs->trans("Ref"),$_SERVER["PHP_SELF"],"cp.rowid","",'','',$sortfield,$sortorder);
|
||||
|
|
|
|||
|
|
@ -593,6 +593,7 @@ ALTER TABLE llx_accounting_bookkeeping MODIFY COLUMN doc_ref varchar(300) NOT NU
|
|||
|
||||
ALTER TABLE llx_holiday ADD COLUMN tms timestamp;
|
||||
ALTER TABLE llx_holiday ADD COLUMN entity integer DEFAULT 1 NOT NULL;
|
||||
ALTER TABLE llx_holiday ADD INDEX idx_holiday_entity (entity);
|
||||
|
||||
-- Fix Argentina provences
|
||||
INSERT INTO llx_c_departements ( code_departement, fk_region, cheflieu, tncc, ncc, nom, active) VALUES ('2326', 2305, '', 0, 'MISIONES', 'Misiones', 1);
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
-- ===================================================================
|
||||
-- Copyright (C) 2012 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
-- Copyright (C) 2012 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
-- Copyright (C) 2016 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
--
|
||||
-- This program is free software; you can redistribute it and/or modify
|
||||
-- it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -16,6 +17,7 @@
|
|||
--
|
||||
-- ===================================================================
|
||||
|
||||
ALTER TABLE llx_holiday ADD INDEX idx_holiday_entity (entity);
|
||||
ALTER TABLE llx_holiday ADD INDEX idx_holiday_fk_user (fk_user);
|
||||
ALTER TABLE llx_holiday ADD INDEX idx_holiday_fk_user_create (fk_user_create);
|
||||
ALTER TABLE llx_holiday ADD INDEX idx_holiday_date_create (date_create);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user