mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix permissions
This commit is contained in:
Laurent Destailleur
parent
7f3c8b4cd5
commit
80760d7960
|
|
@ -101,7 +101,7 @@ class modSalaries extends DolibarrModules
|
|||
|
||||
$r++;
|
||||
$this->rights[$r][0] = 511;
|
||||
$this->rights[$r][1] = 'Read payments of employee salaries (yours and your subordinates)';
|
||||
$this->rights[$r][1] = 'Read employee salaries and payments (yours and your subordinates)';
|
||||
$this->rights[$r][2] = 'r';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'read';
|
||||
|
|
@ -125,7 +125,7 @@ class modSalaries extends DolibarrModules
|
|||
|
||||
$r++;
|
||||
$this->rights[$r][0] = 517;
|
||||
$this->rights[$r][1] = 'Read payments of salariests of every employee';
|
||||
$this->rights[$r][1] = 'Read salaries and payments of all employees';
|
||||
$this->rights[$r][2] = 'r';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'readall';
|
||||
|
|
|
|||
|
|
@ -87,6 +87,8 @@ if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS)) {
|
|||
$caneditgroup = (!empty($user->admin) || $user->rights->user->group_advance->write);
|
||||
}
|
||||
|
||||
$childids = $user->getAllChildIds(1); // For later, test on salary visibility
|
||||
|
||||
// Define value to know what current user can do on properties of edited user
|
||||
if ($id) {
|
||||
// $user is the current logged user, $id is the user we want to edit
|
||||
|
|
@ -1201,7 +1203,8 @@ if ($action == 'create' || $action == 'adduserldap') {
|
|||
print '<input class="maxwidth200" type="text" name="job" value="'.dol_escape_htmltag(GETPOST('job', 'alphanohtml')).'">';
|
||||
print '</td></tr>';
|
||||
|
||||
if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read))
|
||||
if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read) && in_array($id, $childids))
|
||||
|| (!empty($conf->salaries->enabled) && !empty($user->rights->salaries->readall))
|
||||
|| (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read))) {
|
||||
$langs->load("salaries");
|
||||
|
||||
|
|
@ -1499,8 +1502,6 @@ if ($action == 'create' || $action == 'adduserldap') {
|
|||
print '<td>'.dol_escape_htmltag($object->job).'</td>';
|
||||
print '</tr>'."\n";
|
||||
|
||||
//$childids = $user->getAllChildIds(1);
|
||||
|
||||
if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read))
|
||||
|| (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read))) {
|
||||
// Even a superior can't see this info of its subordinates wihtout $user->rights->salaries->read and $user->rights->hrm->employee->read (setting/viewing is reserverd to HR people).
|
||||
|
|
|
|||
|
|
@ -851,8 +851,20 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
|
|||
|
||||
$li = $userstatic->getNomUrl(-1, '', 0, 0, 24, 1, 'login', '', 1);
|
||||
|
||||
$canreadhrmdata = 0;
|
||||
if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read) && in_array($obj->rowid, $childids))
|
||||
|| (!empty($conf->salaries->enabled) && !empty($user->rights->salaries->readall))
|
||||
|| (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read))) {
|
||||
$canreadhrmdata = 1;
|
||||
}
|
||||
$canreadsecretapi = 0;
|
||||
if ($user->id = $obj->rowid || !empty($user->admin)) { // Current user or admin
|
||||
$canreadsecretapi = 1;
|
||||
}
|
||||
|
||||
print '<tr class="oddeven">';
|
||||
|
||||
// Login
|
||||
if (!empty($arrayfields['u.login']['checked'])) {
|
||||
print '<td class="nowraponall tdoverflowmax150">';
|
||||
print $li;
|
||||
|
|
@ -888,6 +900,7 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
|
|||
$totalarray['nbfield']++;
|
||||
}
|
||||
}
|
||||
// Employee yes/no
|
||||
if (!empty($arrayfields['u.employee']['checked'])) {
|
||||
print '<td class="center">'.yn($obj->employee).'</td>';
|
||||
if (!$i) {
|
||||
|
|
@ -951,14 +964,22 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
|
|||
}
|
||||
}
|
||||
if (!empty($arrayfields['u.api_key']['checked'])) {
|
||||
print '<td>'.$obj->api_key.'</td>';
|
||||
print '<td>';
|
||||
if ($obj->api_key) {
|
||||
if ($canreadsecretapi) {
|
||||
print $obj->api_key;
|
||||
} else {
|
||||
print '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
|
||||
}
|
||||
}
|
||||
print '</td>';
|
||||
if (!$i) {
|
||||
$totalarray['nbfield']++;
|
||||
}
|
||||
}
|
||||
if (!empty($arrayfields['u.fk_soc']['checked'])) {
|
||||
print '<td class="tdoverflowmax200">';
|
||||
if ($obj->fk_soc) {
|
||||
if ($obj->fk_soc > 0) {
|
||||
$companystatic->id = $obj->fk_soc;
|
||||
$companystatic->name = $obj->name;
|
||||
$companystatic->canvas = $obj->canvas;
|
||||
|
|
@ -992,7 +1013,15 @@ while ($i < ($limit ? min($num, $limit) : $num)) {
|
|||
|
||||
// Salary
|
||||
if (!empty($arrayfields['u.salary']['checked'])) {
|
||||
print '<td class="nowraponall right amount">'.($obj->salary ? price($obj->salary) : '').'</td>';
|
||||
print '<td class="nowraponall right amount">';
|
||||
if ($obj->salary) {
|
||||
if ($canreadhrmdata) {
|
||||
print price($obj->salary);
|
||||
} else {
|
||||
print '<span class="opacitymedium">'.$langs->trans("Hidden").'</span>';
|
||||
}
|
||||
}
|
||||
print '</td>';
|
||||
if (!$i) {
|
||||
$totalarray['nbfield']++;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user