Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX #yogosha5751

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-29 22:43:39 +02:00
parent 41ec8893e4
commit ce5bea7b34
30 changed files with 235 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/comm/action/card.php
View File

@ -80,16 +80,12 @@ $id = GETPOST('id', 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
$error = GETPOST("error");
$donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0;
$cactioncomm = new CActionComm($db);
$object = new ActionComm($db);
$cactioncomm = new CActionComm($db);
$contact = new Contact($db);
$extrafields = new ExtraFields($db);
$formfile = new FormFile($db);
@ -132,6 +128,11 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) {
$TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes'));
$result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

8
htdocs/comm/action/document.php
View File

@ -54,7 +54,6 @@ if ($user->socid > 0) {
unset($_GET["action"]);
$action = '';
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
$object = new ActionComm($db);
@ -84,10 +83,16 @@ if (!$sortfield) {
$upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref);
$modulepart = 'actions';
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions
*/
include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
@ -98,6 +103,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
$form = new Form($db);
$help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda';
llxHeader('', $langs->trans("Agenda"), $help_url);

6
htdocs/comm/action/index.php
View File

@ -79,7 +79,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -155,6 +154,11 @@ $langs->loadLangs(array('agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

3
htdocs/comm/action/info.php
View File

@ -45,6 +45,9 @@ if ($user->socid > 0) {
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*

7
htdocs/comm/action/list.php
View File

@ -128,7 +128,6 @@ $socid = GETPOST("search_socid", 'int') ?GETPOST("search_socid", 'int') : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -165,7 +164,11 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
//var_dump($_POST);exit;
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

6
htdocs/comm/action/pertype.php
View File

@ -75,7 +75,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -170,6 +169,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

7
htdocs/comm/action/peruser.php
View File

@ -71,12 +71,10 @@ if (!$sortfield) {
$sortfield = "a.datec";
}
// Security check
$socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int");
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($socid < 0) {
$socid = '';
}
@ -177,6 +175,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial'));
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('agenda'));
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*
* Actions

5
htdocs/comm/action/rapport/index.php
View File

@ -59,7 +59,10 @@ $socid = GETPOST('socid', 'int');
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'agenda', $socid, '', 'myactions');
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
if ($user->socid && $socid) {
$result = restrictedArea($user, 'societe', $socid);
}
/*

5
htdocs/comm/admin/propaldet_extrafields.php
View File

@ -31,11 +31,6 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
if (!$user->admin) {
accessforbidden();
}
// Load translation files required by the page
$langs->loadlangs(array('admin', 'other', 'propal'));

29
htdocs/comm/card.php
View File

@ -88,15 +88,10 @@ if (!empty($conf->notification->enabled)) {
$langs->load("mails");
}
// Security check
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe');
$action = GETPOST('action', 'aZ09');
$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int'));
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
@ -124,15 +119,6 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartycomm', 'globalcard'));
// Security check
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
if ($object->id > 0) {
if (!($object->client > 0) || empty($user->rights->societe->lire)) {
accessforbidden();
}
}
$now = dol_now();
if ($id > 0 && empty($object->id)) {
@ -142,6 +128,17 @@ if ($id > 0 && empty($object->id)) {
dol_print_error($db, $object->error, $object->errors);
}
}
if ($object->id > 0) {
if (!($object->client > 0) || empty($user->rights->societe->lire)) {
accessforbidden();
}
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $object->id, '&societe', '', 'fk_soc', 'rowid', 0);
/*

1
htdocs/comm/contact.php
View File

@ -54,6 +54,7 @@ $begin = GETPOST('begin', 'alpha');
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid) {
$action = '';
$socid = $user->socid;
}
$result = restrictedArea($user, 'societe', $socid, '');

15
htdocs/comm/index.php
View File

@ -29,10 +29,6 @@
require '../main.inc.php';
if (!$user->rights->societe->lire) {
accessforbidden();
}
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php';
@ -63,10 +59,21 @@ if (isset($user->socid) && $user->socid > 0) {
$max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT;
$now = dol_now();
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$id = $user->socid;
}
restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions
*/
// None
/*
* View

11
htdocs/comm/mailing/advtargetemailing.php
View File

@ -42,11 +42,6 @@ if (!empty($conf->categorie->enabled)) {
$langs->load("categories");
}
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
accessforbidden();
}
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -99,6 +94,12 @@ if ($result < 0) {
}
}
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');
/*
* Actions

8
htdocs/comm/mailing/card.php
View File

@ -40,10 +40,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php';
// Load translation files required by the page
$langs->load("mails");
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
$id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int'));
$action = GETPOST('action', 'aZ09');
$cancel = GETPOST('cancel');
@ -80,6 +76,10 @@ $listofmethods = array();
$listofmethods['mail'] = 'PHP mail function';
$listofmethods['smtps'] = 'SMTP/SMTPS socket library';
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
/*

13
htdocs/comm/mailing/cibles.php
View File

@ -35,12 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
// Load translation files required by the page
$langs->load("mails");
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
accessforbidden();
}
// Load variable for pagination
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$sortfield = GETPOST('sortfield', 'aZ09comma');
@ -75,6 +69,13 @@ $object = new Mailing($db);
$result = $object->fetch($id);
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');
/*
* Actions
*/

3
htdocs/comm/mailing/info.php
View File

@ -33,9 +33,10 @@ $id = GETPOST('id', 'int');
$langs->load("mails");
// Security check
if (!$user->rights->mailing->lire || $user->socid > 0) {
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');

8
htdocs/comm/mailing/list.php
View File

@ -28,9 +28,6 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php';
// Load translation files required by the page
$langs->load("mails");
// Security check
$result = restrictedArea($user, 'mailing');
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
@ -69,6 +66,11 @@ $fieldstosearchall = array(
'm.titre'=>'Ref',
);
// Security check
if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) {
accessforbidden();
}
//$result = restrictedArea($user, 'mailing');

8
htdocs/comm/multiprix.php
View File

@ -40,6 +40,14 @@ if ($user->socid > 0) {
$_socid = $user->socid;
}
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions

14
htdocs/comm/propal/card.php
View File

@ -89,12 +89,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con
// Nombre de ligne pour choix de produit/service predefinis
$NBLINES = 4;
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
$extrafields = new ExtraFields($db);
@ -134,6 +128,14 @@ $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc
$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Actions
*/

13
htdocs/comm/propal/contact.php
View File

@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha');
$lineid = GETPOST('lineid', 'int');
$action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
// Load object
@ -67,6 +61,13 @@ if (!$error) {
exit;
}
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Add a new contact

7
htdocs/comm/propal/document.php
View File

@ -80,6 +80,13 @@ if (!$sortfield) {
$object = new Propal($db);
$object->fetch($id, $ref);
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*
* Actions

19
htdocs/comm/propal/index.php
View File

@ -26,15 +26,6 @@
*/
require '../../main.inc.php';
// Security check
$socid = GETPOST('socid', 'int');
if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php';
require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
@ -48,9 +39,19 @@ $langs->loadLangs(array('propal', 'companies'));
$now = dol_now();
$max = 5;
// Security check
$socid = GETPOST('socid', 'int');
if (isset($user->socid) && $user->socid > 0) {
$action = '';
$socid = $user->socid;
}
restrictedArea($user, 'propal');
/*
* View
*/
$propalstatic = new Propal($db);
$companystatic = new Societe($db);
$form = new Form($db);

12
htdocs/comm/propal/info.php
View File

@ -39,18 +39,18 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$socid = GETPOST('socid', 'int');
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $id);
$object = new Propal($db);
if (!$object->fetch($id, $ref) > 0) {
dol_print_error($db);
exit;
}
// Security check
if (!empty($user->socid)) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id);
/*

140
htdocs/comm/propal/note.php
View File

@ -40,13 +40,19 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alpha');
$action = GETPOST('action', 'aZ09');
// Security check
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'propale', $id, 'propal');
$now = dol_now();
$object = new Propal($db);
if ($id > 0 || !empty($ref)) {
$object->fetch($id, $ref);
}
// Security check
if ($user->socid > 0) {
$socid = $user->socid;
$object->id = $user->socid;
}
restrictedArea($user, 'propal', $object->id, 'propal');
/*
@ -63,86 +69,78 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include,
* View
*/
$form = new Form($db);
$help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos';
llxHeader('', $langs->trans('Proposal'), $help_url);
$form = new Form($db);
if ($object->id > 0) {
if ($object->fetch_thirdparty() > 0) {
$head = propal_prepare_head($object);
print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
if ($id > 0 || !empty($ref)) {
if ($mesg) {
print $mesg;
}
$now = dol_now();
if ($object->fetch($id, $ref) > 0) {
if ($object->fetch_thirdparty() > 0) {
$head = propal_prepare_head($object);
print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal');
$cssclass = 'titlefield';
//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
$cssclass = 'titlefield';
//if ($action == 'editnote_public') $cssclass='titlefieldcreate';
//if ($action == 'editnote_private') $cssclass='titlefieldcreate';
// Proposal card
// Proposal card
$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
$linkback = '<a href="'.DOL_URL_ROOT.'/comm/propal/list.php?restore_lastsearch_values=1'.(!empty($socid) ? '&socid='.$socid : '').'">'.$langs->trans("BackToList").'</a>';
$morehtmlref = '<div class="refidno">';
// Ref customer
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
// Project
if (!empty($conf->projet->enabled)) {
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->propal->creer) {
if ($action != 'classify') {
//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
$morehtmlref .= ' : ';
}
if ($action == 'classify') {
//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
$morehtmlref .= '<input type="hidden" name="action" value="classin">';
$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
$morehtmlref .= '</form>';
} else {
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
}
$morehtmlref = '<div class="refidno">';
// Ref customer
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
// Project
if (!empty($conf->projet->enabled)) {
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->propal->creer) {
if ($action != 'classify') {
//$morehtmlref.='<a class="editfielda" href="' . $_SERVER['PHP_SELF'] . '?action=classify&amp;id=' . $object->id . '">' . img_edit($langs->transnoentitiesnoconv('SetProject')) . '</a>';
$morehtmlref .= ' : ';
}
if ($action == 'classify') {
//$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1);
$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
$morehtmlref .= '<input type="hidden" name="action" value="classin">';
$morehtmlref .= '<input type="hidden" name="token" value="'.newToken().'">';
$morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1);
$morehtmlref .= '<input type="submit" class="button valignmiddle" value="'.$langs->trans("Modify").'">';
$morehtmlref .= '</form>';
} else {
if (!empty($object->fk_project)) {
$proj = new Project($db);
$proj->fetch($object->fk_project);
$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
$morehtmlref .= $proj->ref;
$morehtmlref .= '</a>';
} else {
$morehtmlref .= '';
}
$morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1);
}
} else {
if (!empty($object->fk_project)) {
$proj = new Project($db);
$proj->fetch($object->fk_project);
$morehtmlref .= '<a href="'.DOL_URL_ROOT.'/projet/card.php?id='.$object->fk_project.'" title="'.$langs->trans('ShowProject').'">';
$morehtmlref .= $proj->ref;
$morehtmlref .= '</a>';
} else {
$morehtmlref .= '';
}
}
$morehtmlref .= '</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
$cssclass = "titlefield";
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
print '</div>';
print dol_get_fiche_end();
}
$morehtmlref .= '</div>';
dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref);
print '<div class="fichecenter">';
print '<div class="underbanner clearboth"></div>';
$cssclass = "titlefield";
include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php';
print '</div>';
print dol_get_fiche_end();
}
}

13
htdocs/comm/propal/stats/index.php
View File

@ -38,12 +38,6 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width');
$HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
$mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer';
if ($mode == 'customer' && !$user->rights->propale->lire) {
accessforbidden();
}
if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
accessforbidden();
}
$object_status = GETPOST('object_status', 'intcomma');
$typent_id = GETPOST('typent_id', 'int');
@ -66,6 +60,13 @@ $endyear = $year;
// Load translation files required by the page
$langs->loadLangs(array('orders', 'companies', 'other', 'suppliers', 'supplier_proposal'));
if ($mode == 'customer' && !$user->rights->propale->lire) {
accessforbidden();
}
if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) {
accessforbidden();
}
/*
* View

10
htdocs/comm/prospect/index.php
View File

@ -30,11 +30,19 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php';
// Load translation files required by the page
$langs->load("propal");
if ($user->socid > 0) {
$socid = $user->socid;
}
// Security check
$socid = GETPOST('socid', 'int');
if ($user->socid) {
$action = '';
$socid = $user->socid;
}
$result = restrictedArea($user, 'propal', $socid, '');
/*
* View

90
htdocs/comm/prospect/recap-prospect.php
View File

@ -1,90 +0,0 @@
<?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/comm/prospect/recap-prospect.php
* \ingroup societe
* \brief Page with prospect summary
*/
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
// Load translation files required by the page
$langs->loadLangs(array('companies', 'other'));
if (!empty($conf->facture->enabled)) {
$langs->load("bills");
}
// Security check
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$socid = $user->socid;
}
/*
* View
*/
llxHeader();
if ($socid > 0) {
$societe = new Societe($db);
$societe->fetch($socid);
/*
* Affichage onglets
*/
$head = societe_prepare_head($societe);
print dol_get_fiche_head($head, 'prospect', $langs->trans("ThirdParty"), 0, 'company');
print "<table width=\"100%\">\n";
print '<tr><td valign="top" width="50%">';
print '<table class="border centpercent">';
// Name
print '<tr><td width="20%">'.$langs->trans("Thirdpary").'</td><td width="80%" colspan="3">'.$societe->getNomUrl(1).'</td></tr>';
// Prefix
if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field
print '<tr><td>'.$langs->trans("Prefix").'</td><td colspan="3">';
print ($societe->prefix_comm ? $societe->prefix_comm : '&nbsp;');
print '</td></tr>';
}
print "</table>";
print "</td></tr></table>\n";
print '</div>';
print $langs->trans("FeatureNotYetAvailable");
} else {
dol_print_error($db);
}
// End of page
llxFooter();
$db->close();

6
htdocs/comm/recap-client.php
View File

@ -33,12 +33,12 @@ if (!empty($conf->facture->enabled)) {
}
// Security check
$socid = $_GET["socid"];
$socid = GETPOST("socid", 'int');
if ($user->socid > 0) {
$action = '';
$socid = $user->socid;
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*

7
htdocs/comm/remise.php
View File

@ -74,6 +74,12 @@ if (GETPOST('action', 'aZ09') == 'setremise') {
}
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* View
@ -83,7 +89,6 @@ $form = new Form($db);
llxHeader();
/*********************************************************************************
*
* Mode fiche

6
htdocs/comm/remx.php
View File

@ -46,6 +46,12 @@ if ($user->socid > 0) {
$socid = $user->socid;
}
// Security check
if ($user->socid > 0) {
$id = $user->socid;
}
$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0);
/*
* Actions