Todo: mettre au clair les droits du user dans les

modules commercial, agenda et tiers
2025-02-20 13:46:52 +01:00 · 2009-04-29 09:05:57 +00:00 · 2009-04-29 09:05:57 +00:00 · 86aea55e61
commit 86aea55e61
parent c1b3f88cc3
8 changed files with 36 additions and 32 deletions
--- a/htdocs/admin/menus/pre.inc.php
+++ b/htdocs/admin/menus/pre.inc.php
@ -50,7 +50,7 @@ function llxHeader($head = "")
        $menu->add_submenu(DOL_URL_ROOT."/contact/index.php",$langs->trans("Contacts"));
    }

-    if ($conf->commercial->enabled && $user->rights->commercial->lire)
+    if ($conf->commercial->enabled && $user->rights->commercial->main->lire)
    {
        $langs->load("commercial");
        $menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial"));
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@ -44,7 +44,8 @@ $langs->load("agenda");
 $socid=isset($_GET['socid'])?$_GET['socid']:$_POST['socid'];
 $id = isset($_GET["id"])?$_GET["id"]:'';
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'societe', $id, 'actioncomm', '', '', 'id');
+// TODO: revoir les droits car pas clair
+//$result = restrictedArea($user, 'commercial', $id, 'actioncomm', 'actions', '', 'id');

 if (isset($_GET["error"])) $error=$_GET["error"];

--- a/htdocs/docs/pre.inc.php
+++ b/htdocs/docs/pre.inc.php
@ -49,7 +49,7 @@ function llxHeader($head = "", $title="", $help_url='')
 		$menu->add_submenu(DOL_URL_ROOT."/contact/index.php",$langs->trans("Contacts"));
 	}

-	if ($conf->commercial->enabled && $user->rights->commercial->lire)
+	if ($conf->commercial->enabled && $user->rights->commercial->main->lire)
 	{
 		$langs->load("commercial");
 		$menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial"));
--- a/htdocs/document.php
+++ b/htdocs/document.php
@ -271,49 +271,49 @@ if ($modulepart)
    // Wrapping pour les actions
    if ($modulepart == 'actions')
    {
-        $user->getrights('commercial');
-        //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file))	// Ce droit n'existe pas encore
-        //{
+    	$user->getrights('commercial');
+      //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // TODO: revoir les droits car pas clair
+      //{
        $accessallowed=1;
-        //}
-        $original_file=$conf->commercial->dir_actions.'/'.$original_file;
+      //}
+      $original_file=$conf->commercial->dir_actions.'/'.$original_file;
 		//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
    }

    // Wrapping pour les actions
    if ($modulepart == 'actionsreport')
    {
-        $user->getrights('commercial');
-        //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file))	// Ce droit n'existe pas encore
-        //{
+    	$user->getrights('commercial');
+      //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // TODO: revoir les droits car pas clair
+      //{
        $accessallowed=1;
-        //}
-		$original_file = $conf->commercial->dir_actions_temp."/".$original_file;
+      //}
+      $original_file = $conf->commercial->dir_actions_temp."/".$original_file;
 		//$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'";
-	}
+	  }

    // Wrapping pour les produits et services
    if ($modulepart == 'produit')
    {
-        $user->getrights('produit');
-        //if ($user->rights->commercial->lire || eregi('^specimen',$original_file))	// Ce droit n'existe pas encore
-        //{
+    	$user->getrights('produit');
+      if ($user->rights->produit->lire || eregi('^specimen',$original_file))
+      {
        $accessallowed=1;
-        //}
-        $original_file=$conf->produit->dir_output.'/'.$original_file;
-		$sqlprotectagainstexternals = '';
+      }
+      $original_file=$conf->produit->dir_output.'/'.$original_file;
+      $sqlprotectagainstexternals = '';
    }

    // Wrapping pour les produits et services
    if ($modulepart == 'contract')
    {
-        $user->getrights('contrat');
-        if ($user->rights->contrat->lire || eregi('^specimen',$original_file))	// Ce droit n'existe pas encore
-        {
-			$accessallowed=1;
-        }
-        $original_file=$conf->contrat->dir_output.'/'.$original_file;
-		$sqlprotectagainstexternals = '';
+    	$user->getrights('contrat');
+      if ($user->rights->contrat->lire || eregi('^specimen',$original_file))
+      {
+      	$accessallowed=1;
+      }
+      $original_file=$conf->contrat->dir_output.'/'.$original_file;
+      $sqlprotectagainstexternals = '';
    }

    // Wrapping pour les documents generaux
--- a/htdocs/includes/menus/barre_top/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_backoffice.php
@ -148,7 +148,7 @@ class MenuTop {
        if ($conf->ficheinter->enabled) $showcommercial=1;
        if ($showcommercial)*/
 		if ($conf->commercial->enabled)
-        {
+    {
 	        $langs->load("commercial");

 	        $class="";
@ -162,7 +162,7 @@ class MenuTop {
 	        }

    		$idsel='id="commercial" ';
-	        if($user->rights->societe->lire)
+	    if($user->rights->societe->lire)
 			{
 				print '<td class="tmenu"><a '.$class.' '.$idsel.'href="'.DOL_URL_ROOT.'/comm/index.php?mainmenu=commercial&amp;leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Commercial").'</a></td>';
 			}
--- a/htdocs/includes/modules/modCommercial.class.php
+++ b/htdocs/includes/modules/modCommercial.class.php
@ -102,7 +102,7 @@ class modCommercial extends DolibarrModules
    $this->rights[$r][3] = 1;
    $this->rights[$r][4] = 'main';
    $this->rights[$r][5] = 'lire';
-    $r++;
+
  }

    /**
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@ -1332,7 +1332,9 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 	
 	if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";

-	//print "$user->id, $feature, $objectid, $dbtablename, ".$user->rights->societe->contact->lire;
+	//print "user_id=".$user->id.", feature=".$feature.", feature2=".$feature2.", object_id=".$objectid;
+	//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_socfield.", dbt_select=".$dbt_select;
+	//print ", user_societe_contact_lire=".$user->rights->societe->contact->lire."<br>";

 	// Check read permission from module
 	// TODO Replace "feature" param by permission for reading
@ -1371,6 +1373,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 		if (empty($user->rights->$feature->lire)
 		&& empty($user->rights->$feature->read)) $readok=0;
 	}
+	//print "Read access is down";
 	if (! $readok) accessforbidden();
 	//print "Read access is ok";

--- a/htdocs/pre.inc.php
+++ b/htdocs/pre.inc.php
@ -55,7 +55,7 @@ function llxHeader($head = '', $title='', $help_url='')
 		$menu->add(DOL_URL_ROOT."/categories/index.php?type=0", $langs->trans("Categories"));
 	}

-	if (! empty($conf->commercial->enabled) && isset($user->rights->commercial->lire) && $user->rights->commercial->lire)
+	if (! empty($conf->commercial->enabled) && isset($user->rights->commercial->main->lire) && $user->rights->commercial->main->lire)
 	{
 		$langs->load("commercial");
 		$menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial"));