mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
FIX multiple problems when MULTICOMPANY_TRANSVERSE_MODE (#29287)
* FIX can not show group when MULTICOMPANY_TRANSVERSE_MODE * FIX wrong permissions with multicompany MULTICOMPANY_TRANSVERSE_MODE * FIX better check for the "read" permission * FIX only a superadmin can manage users in transverse mode * FIX this is not "create" but "write" * FIX use the new function hasRight * FIX wrong check --------- Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
Regis Houssin
GitHub
parent
bec5ff4749
commit
9fa6a77723
|
|
@ -1,13 +1,13 @@
|
|||
<?php
|
||||
/* Copyright (C) 2010-2022 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2010 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2012-2015 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
|
||||
* Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2018 Ferran Marcet <fmarcet@2byte.es>
|
||||
* Copyright (C) 2018-2022 Frédéric France <frederic.france@netlogic.fr>
|
||||
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
|
||||
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
||||
/* Copyright (C) 2010-2022 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2010-2024 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2012-2015 Juanjo Menent <jmenent@2byte.es>
|
||||
* Copyright (C) 2013 Cédric Salvador <csalvador@gpcsolutions.fr>
|
||||
* Copyright (C) 2015 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2018 Ferran Marcet <fmarcet@2byte.es>
|
||||
* Copyright (C) 2018-2022 Frédéric France <frederic.france@netlogic.fr>
|
||||
* Copyright (C) 2021 Gauthier VERDOL <gauthier.verdol@atm-consulting.fr>
|
||||
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -1213,17 +1213,17 @@ function get_left_menu_home($mainmenu, &$newmenu, $usemenuhider = 1, $leftmenu =
|
|||
$newmenu->add("/user/home.php?leftmenu=users", $langs->trans("MenuUsersAndGroups"), 0, $user->hasRight('user', 'user', 'read'), '', $mainmenu, 'users', 0, '', '', '', img_picto('', 'user', 'class="paddingright pictofixedwidth"'));
|
||||
if ($user->hasRight('user', 'user', 'read')) {
|
||||
if ($usemenuhider || empty($leftmenu) || $leftmenu == "users") {
|
||||
$newmenu->add("", $langs->trans("Users"), 1, $user->hasRight('user', 'user', 'lire') || $user->admin);
|
||||
$newmenu->add("/user/card.php?leftmenu=users&action=create", $langs->trans("NewUser"), 2, ($user->hasRight("user", "user", "write") || $user->admin) && !(isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')), '', 'home');
|
||||
$newmenu->add("/user/list.php?leftmenu=users", $langs->trans("ListOfUsers"), 2, $user->hasRight('user', 'user', 'lire') || $user->admin);
|
||||
$newmenu->add("/user/hierarchy.php?leftmenu=users", $langs->trans("HierarchicView"), 2, $user->hasRight('user', 'user', 'lire') || $user->admin);
|
||||
$newmenu->add("", $langs->trans("Users"), 1, $user->hasRight('user', 'user', 'read') || $user->admin);
|
||||
$newmenu->add("/user/card.php?leftmenu=users&action=create", $langs->trans("NewUser"), 2, ($user->hasRight("user", "user", "write") || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')), '', 'home');
|
||||
$newmenu->add("/user/list.php?leftmenu=users", $langs->trans("ListOfUsers"), 2, $user->hasRight('user', 'user', 'read') || $user->admin);
|
||||
$newmenu->add("/user/hierarchy.php?leftmenu=users", $langs->trans("HierarchicView"), 2, $user->hasRight('user', 'user', 'read') || $user->admin);
|
||||
if (isModEnabled('category')) {
|
||||
$langs->load("categories");
|
||||
$newmenu->add("/categories/index.php?leftmenu=users&type=7", $langs->trans("UsersCategoriesShort"), 2, $user->hasRight('categorie', 'lire'), '', $mainmenu, 'cat');
|
||||
$newmenu->add("/categories/index.php?leftmenu=users&type=7", $langs->trans("UsersCategoriesShort"), 2, $user->hasRight('categorie', 'read'), '', $mainmenu, 'cat');
|
||||
}
|
||||
$newmenu->add("", $langs->trans("Groups"), 1, ($user->hasRight('user', 'user', 'lire') || $user->admin) && !(isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
|
||||
$newmenu->add("/user/group/card.php?leftmenu=users&action=create", $langs->trans("NewGroup"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight("user", "group_advance", "create") : $user->hasRight("user", "user", "creer")) || $user->admin) && !(isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
|
||||
$newmenu->add("/user/group/list.php?leftmenu=users", $langs->trans("ListOfGroups"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('user', 'group_advance', 'read') : $user->hasRight('user', 'user', 'lire')) || $user->admin) && !(isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
|
||||
$newmenu->add("", $langs->trans("Groups"), 1, ($user->hasRight('user', 'user', 'read') || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
|
||||
$newmenu->add("/user/group/card.php?leftmenu=users&action=create", $langs->trans("NewGroup"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight("user", "group_advance", "write") : $user->hasRight("user", "user", "write")) || $user->admin) && !(isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')));
|
||||
$newmenu->add("/user/group/list.php?leftmenu=users", $langs->trans("ListOfGroups"), 2, ((getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('user', 'group_advance', 'read') : $user->hasRight('user', 'user', 'read')) || $user->admin));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?php
|
||||
/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2018 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>
|
||||
* Copyright (C) 2019-2021 Frédéric France <frederic.france@netlogic.fr>
|
||||
* Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2024 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>
|
||||
* Copyright (C) 2019-2021 Frédéric France <frederic.france@netlogic.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -93,21 +93,16 @@ if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
|||
}
|
||||
}
|
||||
|
||||
// Users/Groups management only in master entity if transverse mode
|
||||
if (isModEnabled('multicompany') && $conf->entity > 1 && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE')) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
if (!$user->hasRight("user", "user", "read") && !$user->admin) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Defini si peux lire/modifier utilisateurs et permissions
|
||||
$caneditperms = ($user->admin || $user->hasRight("user", "user", "write"));
|
||||
$permissiontodelete = ($user->admin || $user->hasRight("user", "user", "write"));
|
||||
$caneditperms = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "write")));
|
||||
$permissiontodelete = $caneditperms;
|
||||
// Advanced permissions
|
||||
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
||||
$caneditperms = ($user->admin || $user->hasRight("user", "group_advance", "write"));
|
||||
$caneditperms = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : ($user->admin || $user->hasRight("user", "group_advance", "write")));
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -287,7 +282,7 @@ $newcardbutton .= dolGetButtonTitle($langs->trans('ViewKanban'), '', 'fa fa-th-l
|
|||
|
||||
if ($caneditperms) {
|
||||
$newcardbutton .= dolGetButtonTitleSeparator();
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewGroup'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=');
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewGroup'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/user/group/card.php?action=create&leftmenu=', '', $caneditperms);
|
||||
}
|
||||
|
||||
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'object_'.$object->picto, 0, $newcardbutton, '', $limit, 0, 0, 1);
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
/* Copyright (C) 2005-2018 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2018 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
|
||||
* Copyright (C) 2005-2024 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2019 Nicolas ZABOURI <info@inovea-conseil.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -40,7 +40,7 @@ $langs->load("users");
|
|||
|
||||
$canreadperms = true;
|
||||
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
||||
$canreadperms = ($user->admin || $user->rights->user->group_advance->read);
|
||||
$canreadperms = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
|
||||
}
|
||||
|
||||
// Security check (for external users)
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
<?php
|
||||
/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2017 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2015 Alexandre Spangaro <aspangaro@open-dsi.fr>
|
||||
* Copyright (C) 2016 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
||||
/* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2021 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2024 Regis Houssin <regis.houssin@inodbox.com>
|
||||
* Copyright (C) 2015 Alexandre Spangaro <aspangaro@open-dsi.fr>
|
||||
* Copyright (C) 2016 Marcos García <marcosgdf@gmail.com>
|
||||
* Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
|
@ -198,15 +198,15 @@ if ($contextpage == 'employeelist' && !GETPOSTISSET('search_employee')) {
|
|||
}
|
||||
|
||||
// Define value to know what current user can do on users
|
||||
$permissiontoadd = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
|
||||
$permissiontoadd = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "write")));
|
||||
$canreaduser = (!empty($user->admin) || $user->hasRight("user", "user", "read"));
|
||||
$canedituser = (!empty($user->admin) || $user->hasRight("user", "user", "write"));
|
||||
$candisableuser = (!empty($user->admin) || $user->hasRight("user", "user", "delete"));
|
||||
$canedituser = $permissiontoadd;
|
||||
$candisableuser = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "user", "delete")));
|
||||
$canreadgroup = $canreaduser;
|
||||
$caneditgroup = $canedituser;
|
||||
if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
||||
$canreadgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "read"));
|
||||
$caneditgroup = (!empty($user->admin) || $user->hasRight("user", "group_advance", "write"));
|
||||
$caneditgroup = (isModEnabled('multicompany') && !empty($user->entity) && getDolGlobalString('MULTICOMPANY_TRANSVERSE_MODE') ? false : (!empty($user->admin) || $user->hasRight("user", "group_advance", "write")));
|
||||
}
|
||||
|
||||
$error = 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user