Fix bad permission

2025-02-20 13:46:52 +01:00 · 2020-10-10 15:45:04 +02:00 · 2020-10-10 15:45:04 +02:00 · 437eead694
commit 437eead694
parent 967e7997e6
7 changed files with 18 additions and 9 deletions
--- a/doc/images/invoice.png
+++ b/doc/images/invoice.png
--- a/htdocs/core/modules/modHoliday.class.php
+++ b/htdocs/core/modules/modHoliday.class.php
@ -177,7 +177,7 @@ class modHoliday extends DolibarrModules
 		$this->rights[$r][0] = 20005; // Permission id (must not be already used)
 		$this->rights[$r][1] = 'Create/modify leave requests for everybody'; // Permission label
 		$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
-		$this->rights[$r][4] = 'write_all'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
+		$this->rights[$r][4] = 'writeall_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
 		$this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
 		$r++;

--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@ -1354,6 +1354,7 @@ if (empty($reshook))

 $title = $langs->trans("ExpenseReport")." - ".$langs->trans("Card");
 $helpurl = "EN:Module_Expense_Reports";
+
 llxHeader("", $title, $helpurl);

 $form = new Form($db);
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@ -82,7 +82,8 @@ if (($id > 0) || $ref)
 }

 $cancreate = 0;
-if (!empty($user->rights->holiday->write_all)) $cancreate = 1;
+
+if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)) $cancreate = 1;
 if (!empty($user->rights->holiday->write) && in_array($fuserid, $childids)) $cancreate = 1;

 $candelete = 0;
@ -741,7 +742,8 @@ if (empty($reshook))
 		$object->fetch($id);

 		// Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres
-		if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || !empty($user->rights->holiday->write_all)))
+		if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids)
+			|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))))
 		{
 			$db->begin();

@ -867,7 +869,7 @@ llxHeader('', $langs->trans('CPTitreMenu'));
 if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add')
 {
 	// Si l'utilisateur n'a pas le droit de faire une demande
-	if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && empty($user->rights->holiday->write_all)))
+	if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->holiday->writeall_advance))))
 	{
 		$errors[] = $langs->trans('CantCreateCP');
 	} else {
@ -981,11 +983,13 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add')
 		print '<td class="titlefield fieldrequired">'.$langs->trans("User").'</td>';
 		print '<td>';

-		if (empty($user->rights->holiday->write_all))
+		if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->holiday->writeall_advance))
 		{
 			print $form->select_dolusers(($fuserid ? $fuserid : $user->id), 'fuserid', 0, '', 0, 'hierarchyme', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'maxwidth300');
 			//print '<input type="hidden" name="fuserid" value="'.($fuserid?$fuserid:$user->id).'">';
-		} else print $form->select_dolusers(GETPOST('fuserid', 'int') ?GETPOST('fuserid', 'int') : $user->id, 'fuserid', 0, '', 0, '', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'maxwidth300');
+		} else {
+			print $form->select_dolusers(GETPOST('fuserid', 'int') ? GETPOST('fuserid', 'int') : $user->id, 'fuserid', 0, '', 0, '', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'maxwidth300');
+		}
 		print '</td>';
 		print '</tr>';

@ -1459,7 +1463,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add')
 							print '<a href="#" class="butActionRefused classfortooltip" title="'.$langs->trans("NotTheAssignedApprover").'">'.$langs->trans("ActionRefuseCP").'</a>';
 						}
 					}
-					if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || !empty($user->rights->holiday->write_all)) && ($object->statut == 2 || $object->statut == 3))	// Status validated or approved
+					if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) && ($object->statut == 2 || $object->statut == 3))	// Status validated or approved
 					{
 						if (($object->date_debut > dol_now()) || $user->admin) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=cancel" class="butAction">'.$langs->trans("ActionCancelCP").'</a>';
 						else print '<a href="#" class="butActionRefused classfortooltip" title="'.$langs->trans("HolidayStarted").'">'.$langs->trans("ActionCancelCP").'</a>';
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@ -421,7 +421,7 @@ if ($resql)

 		print '<div class="tabsAction">';

-		$canedit = (($user->id == $user_id && $user->rights->holiday->write) || ($user->id != $user_id && $user->rights->holiday->write_all));
+		$canedit = (($user->id == $user_id && $user->rights->holiday->write) || ($user->id != $user_id && (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))));

 		if ($canedit)
 		{
--- a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
+++ b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql
@ -359,3 +359,7 @@ ALTER TABLE llx_website_page ADD COLUMN fk_object varchar(255);
 DELETE FROM llx_const WHERE name in ('MAIN_INCLUDE_ZERO_VAT_IN_REPORTS');

 ALTER TABLE llx_projet_task_time MODIFY COLUMN datec datetime;
+
+DELETE FROM llx_user_rights WHERE fk_id IN (SELECT id FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous'); 
+DELETE FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous';
+
--- a/htdocs/theme/eldy/ckeditor/config.js
+++ b/htdocs/theme/eldy/ckeditor/config.js
@ -73,7 +73,7 @@ CKEDITOR.editorConfig = function( config )
 	 	['Maximize'],
 	 	['SpellChecker', 'Scayt'],		// 'Cut','Copy','Paste','-', are useless, can be done with right click, even on smarpthone
 	 	['Undo','Redo','-','Find','Replace'],
-	    ['Format','Font','FontSize'],
+	    ['Font','FontSize'],
 	 	['Bold','Italic','Underline','Strike','Superscript','-','TextColor','RemoveFormat'],
 	 	['NumberedList','BulletedList','Outdent','Indent'],
 	 	['JustifyLeft','JustifyCenter','JustifyRight','JustifyBlock'],