Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: If user has no permission to see all projects, see only its projects

Browse Source
This commit is contained in:
Laurent Destailleur 2010-05-23 20:01:10 +00:00
parent 52e9105234
commit ba908ed743
12 changed files with 83 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/commonobject.class.php
View File

@ -509,7 +509,7 @@ class CommonObject
if (! $this->table_element)
{
dol_syslog("CommonObject::load_previous_next was called on objet with property table_element not defined", LOG_ERR);
dol_syslog("CommonObject::load_previous_next_ref was called on objet with property table_element not defined", LOG_ERR);
return -1;
}

2
htdocs/includes/dolibarr_changes.txt
View File

@ -37,6 +37,8 @@ with
// LDR To open in same window
//var OpenWindow=window.open(pRef, "newwin", "height="+vHeight+",width="+vWidth);
window.location.href=pRef
* Replace hard coded string with i18n["String"];
PHP-BARCODE:

3
htdocs/includes/jsgantt/jsgantt.js
View File

@ -1065,7 +1065,8 @@ Complete-Displays task percent complete</p>
// DRAW the date format selector at bottom left. Another potential GanttChart parameter to hide/show this selector
vLeftTable += '</TD></TR>' +
'<TR><TD border=1 colspan=5 align=left style="BORDER-TOP: #efefef 1px solid; FONT-SIZE: 11px; BORDER-LEFT: #efefef 1px solid; height=18px">&nbsp;&nbsp;Powered by <a href=http://www.jsgantt.com>jsGantt</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Format:';
// LDR '<TR><TD border=1 colspan=5 align=left style="BORDER-TOP: #efefef 1px solid; FONT-SIZE: 11px; BORDER-LEFT: #efefef 1px solid; height=18px">&nbsp;&nbsp;Powered by <a href=http://www.jsgantt.com>jsGantt</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Format:';
'<TR><TD border=1 colspan=5 align=left style="BORDER-TOP: #efefef 1px solid; FONT-SIZE: 11px; BORDER-LEFT: #efefef 1px solid; height=18px">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; '+i18n["Period"]+': &nbsp; ';
if (vFormatArr.join().indexOf("minute")!=-1) {
if (vFormat=='minute') vLeftTable += '<INPUT TYPE=RADIO NAME="radFormat" VALUE="minute" checked>'+i18n["sMinute"];

6
htdocs/projet/class/project.class.php
View File

@ -24,7 +24,7 @@
* \brief Fichier de la classe de gestion des projets
* \version $Id$
*/
require_once(DOL_DOCUMENT_ROOT ."/core/class/commonobject.class.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/commonobject.class.php");
/**
* \class Project
@ -354,11 +354,11 @@ class Project extends CommonObject
function delete($user, $notrigger=0)
{
global $conf;
$error=0;
$this->db->begin();
if (! $error)
{
// Delete linked contacts

11
htdocs/projet/contact.php
View File

@ -35,6 +35,14 @@ $langs->load("companies");
$projectid = isset($_GET["id"])?$_GET["id"]:'';
// Security check
if (empty($user->rights->projet->all->lire))
{
$_GET["mode"]='mine';
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
@ -191,6 +199,9 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $html->showrefnav($project,'ref',$linkback,1,'ref','ref','');
print '</td></tr>';

12
htdocs/projet/document.php
View File

@ -35,6 +35,14 @@ $langs->load('other');
$id=empty($_GET['id']) ? 0 : intVal($_GET['id']);
// Security check
if (empty($user->rights->projet->all->lire))
{
$_GET["mode"]='mine';
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
$socid=0;
$id = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id) $socid=$user->societe_id;
@ -59,6 +67,7 @@ $project = new Project($db);
if (! $project->fetch($_GET['id'],$_GET['ref']) > 0)
{
dol_print_error($db);
exit;
}
@ -150,6 +159,9 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';

18
htdocs/projet/element.php
View File

@ -46,14 +46,25 @@ if ($conf->facture->enabled) $langs->load("bills");
if ($conf->commande->enabled) $langs->load("orders");
if ($conf->propal->enabled) $langs->load("propal");
// Security check
$projectid='';
$ref='';
if (isset($_GET["id"])) { $projectid=$_GET["id"]; }
if (isset($_GET["ref"])) { $ref=$_GET["ref"]; }
if ($projectid == '' && $ref == '') accessforbidden();
if ($projectid == '' && $ref == '')
{
dol_print_error('','Bad parameter');
exit;
}
// Security check
if (empty($user->rights->projet->all->lire))
{
$_GET["mode"]='mine';
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
@ -82,6 +93,9 @@ dol_fiche_head($head, 'element', $langs->trans("Project"),0,($project->public?'p
print '<table class="border" width="100%">';
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';

23
htdocs/projet/fiche.php
View File

@ -48,10 +48,20 @@ if (! empty($_REQUEST['socid_id']))
if ($projectid == '' && $projectref == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();
// Security check
if (empty($user->rights->projet->all->lire))
{
$_GET["mode"]='mine';
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
/*
* Actions
*/
@ -229,13 +239,14 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes" &&
* View
*/
$html = new Form($db);
$formfile = new FormFile($db);
$userstatic = new User($db);
$help_url="EN:Module_Projects|FR:Module_Projets|ES:M&oacute;dulo_Proyectos";
llxHeader("",$langs->trans("Projects"),$help_url);
$html = new Form($db);
$formfile = new FormFile($db);
$userstatic=new User($db);
if ($_GET["action"] == 'create' && $user->rights->projet->creer)
{
@ -403,11 +414,13 @@ else
}
else
{
print '<table class="border" width="100%">';
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $html->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';

6
htdocs/projet/ganttview.php
View File

@ -36,7 +36,6 @@ require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
$projectid='';
$projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"];
// Security check
@ -46,6 +45,8 @@ if (empty($user->rights->projet->all->lire))
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
@ -112,6 +113,9 @@ print '<table class="border" width="100%">';
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $form->showrefnav($project,'ref','',1,'ref','ref','',$param);
print '</td></tr>';

2
htdocs/projet/index.php
View File

@ -35,7 +35,7 @@ $langs->load("projects");
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
// Security check
if (! $user->rights->projet->all->lire) $mine=1;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->projet->lire) accessforbidden();

1
htdocs/projet/jsgantt_language.js.php
View File

@ -71,5 +71,6 @@ i18n["October"] = "<?php echo $langs->transnoentities("October") ?>";
i18n["November"] = "<?php echo $langs->transnoentities("November") ?>";
i18n["December"] = "<?php echo $langs->transnoentities("December") ?>";
i18n["Quarter"] = "<?php echo $langs->transnoentities("Quarter") ?>";
i18n["Period"] = "<?php echo $langs->transnoentities("Period") ?>";

11
htdocs/projet/note.php
View File

@ -32,6 +32,14 @@ $langs->load('projects');
$id = isset($_GET["id"])?$_GET["id"]:'';
// Security check
if (empty($user->rights->projet->all->lire))
{
$_GET["mode"]='mine';
$_POST["mode"]='mine';
$_REQUEST["mode"]='mine';
}
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $id);
@ -117,6 +125,9 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
print $html->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';