diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index db26bc4ad22..74ff6c6aa62 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -80,16 +80,12 @@ $id = GETPOST('id', 'int'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); -if ($user->socid && $socid) { - $result = restrictedArea($user, 'societe', $socid); -} $error = GETPOST("error"); $donotclearsession = GETPOST('donotclearsession') ?GETPOST('donotclearsession') : 0; -$cactioncomm = new CActionComm($db); $object = new ActionComm($db); +$cactioncomm = new CActionComm($db); $contact = new Contact($db); $extrafields = new ExtraFields($db); $formfile = new FormFile($db); @@ -132,6 +128,11 @@ if (!empty($conf->global->AGENDA_REMINDER_EMAIL)) { $TDurationTypes = array('y'=>$langs->trans('Years'), 'm'=>$langs->trans('Month'), 'w'=>$langs->trans('Weeks'), 'd'=>$langs->trans('Days'), 'h'=>$langs->trans('Hours'), 'i'=>$langs->trans('Minutes')); +$result = restrictedArea($user, 'agenda', $object->id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 493cfb1a109..2ff3b1ade8c 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -54,7 +54,6 @@ if ($user->socid > 0) { unset($_GET["action"]); $action = ''; } -$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); $object = new ActionComm($db); @@ -84,10 +83,16 @@ if (!$sortfield) { $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref); $modulepart = 'actions'; +$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions */ + include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; @@ -98,6 +103,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; $form = new Form($db); $help_url = 'EN:Module_Agenda_En|FR:Module_Agenda|ES:M&omodulodulo_Agenda'; + llxHeader('', $langs->trans("Agenda"), $help_url); diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index b8d443d8096..6e0bc4ab1e1 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -79,7 +79,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -155,6 +154,11 @@ $langs->loadLangs(array('agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/info.php b/htdocs/comm/action/info.php index 2360f2925d9..f5d1c65b267 100644 --- a/htdocs/comm/action/info.php +++ b/htdocs/comm/action/info.php @@ -45,6 +45,9 @@ if ($user->socid > 0) { } $result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} /* diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 888a13fb4b8..c5559e12fe9 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -128,7 +128,6 @@ $socid = GETPOST("search_socid", 'int') ?GETPOST("search_socid", 'int') : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -165,7 +164,11 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -//var_dump($_POST);exit; +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 3b55399a58a..74032b7fb01 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -75,7 +75,6 @@ $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOS if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -170,6 +169,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 8c440395083..dd6886fa196 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -71,12 +71,10 @@ if (!$sortfield) { $sortfield = "a.datec"; } -// Security check $socid = GETPOST("search_socid", "int") ?GETPOST("search_socid", "int") : GETPOST("socid", "int"); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); if ($socid < 0) { $socid = ''; } @@ -177,6 +175,11 @@ $langs->loadLangs(array('users', 'agenda', 'other', 'commercial')); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('agenda')); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} + /* * Actions diff --git a/htdocs/comm/action/rapport/index.php b/htdocs/comm/action/rapport/index.php index 908819e1d1a..a90bc1cf5a3 100644 --- a/htdocs/comm/action/rapport/index.php +++ b/htdocs/comm/action/rapport/index.php @@ -59,7 +59,10 @@ $socid = GETPOST('socid', 'int'); if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'agenda', $socid, '', 'myactions'); +$result = restrictedArea($user, 'agenda', 0, '', 'myactions'); +if ($user->socid && $socid) { + $result = restrictedArea($user, 'societe', $socid); +} /* diff --git a/htdocs/comm/admin/propaldet_extrafields.php b/htdocs/comm/admin/propaldet_extrafields.php index 834722f2afd..19b7674449f 100644 --- a/htdocs/comm/admin/propaldet_extrafields.php +++ b/htdocs/comm/admin/propaldet_extrafields.php @@ -31,11 +31,6 @@ require '../../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/propal.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; - -if (!$user->admin) { - accessforbidden(); -} - // Load translation files required by the page $langs->loadlangs(array('admin', 'other', 'propal')); diff --git a/htdocs/comm/card.php b/htdocs/comm/card.php index 8039241a899..3dc24f4c8b5 100644 --- a/htdocs/comm/card.php +++ b/htdocs/comm/card.php @@ -88,15 +88,10 @@ if (!empty($conf->notification->enabled)) { $langs->load("mails"); } -// Security check -$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); -if ($user->socid > 0) { - $id = $user->socid; -} -$result = restrictedArea($user, 'societe', $id, '&societe'); - $action = GETPOST('action', 'aZ09'); +$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); + $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); @@ -124,15 +119,6 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('thirdpartycomm', 'globalcard')); -// Security check -$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); - -if ($object->id > 0) { - if (!($object->client > 0) || empty($user->rights->societe->lire)) { - accessforbidden(); - } -} - $now = dol_now(); if ($id > 0 && empty($object->id)) { @@ -142,6 +128,17 @@ if ($id > 0 && empty($object->id)) { dol_print_error($db, $object->error, $object->errors); } } +if ($object->id > 0) { + if (!($object->client > 0) || empty($user->rights->societe->lire)) { + accessforbidden(); + } +} + +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $object->id, '&societe', '', 'fk_soc', 'rowid', 0); /* diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 8a921e1c358..9945ca0e186 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -54,6 +54,7 @@ $begin = GETPOST('begin', 'alpha'); // Security check $socid = GETPOST('socid', 'int'); if ($user->socid) { + $action = ''; $socid = $user->socid; } $result = restrictedArea($user, 'societe', $socid, ''); diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index b727a18b76f..97fa9eb0cfc 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -29,10 +29,6 @@ require '../main.inc.php'; -if (!$user->rights->societe->lire) { - accessforbidden(); -} - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; require_once DOL_DOCUMENT_ROOT.'/comm/action/class/actioncomm.class.php'; @@ -63,10 +59,21 @@ if (isset($user->socid) && $user->socid > 0) { $max = $conf->global->MAIN_SIZE_SHORTLIST_LIMIT; $now = dol_now(); +// Security check +$socid = GETPOST("socid", 'int'); +if ($user->socid > 0) { + $action = ''; + $id = $user->socid; +} +restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + + /* * Actions */ +// None + /* * View diff --git a/htdocs/comm/mailing/advtargetemailing.php b/htdocs/comm/mailing/advtargetemailing.php index 4b60fdd3464..2487e772373 100644 --- a/htdocs/comm/mailing/advtargetemailing.php +++ b/htdocs/comm/mailing/advtargetemailing.php @@ -42,11 +42,6 @@ if (!empty($conf->categorie->enabled)) { $langs->load("categories"); } -// Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { - accessforbidden(); -} - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -99,6 +94,12 @@ if ($result < 0) { } } +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); + /* * Actions diff --git a/htdocs/comm/mailing/card.php b/htdocs/comm/mailing/card.php index 3fc50d03eaf..f907bd98f58 100644 --- a/htdocs/comm/mailing/card.php +++ b/htdocs/comm/mailing/card.php @@ -40,10 +40,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/extrafields.class.php'; // Load translation files required by the page $langs->load("mails"); -if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { - accessforbidden(); -} - $id = (GETPOST('mailid', 'int') ? GETPOST('mailid', 'int') : GETPOST('id', 'int')); $action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel'); @@ -80,6 +76,10 @@ $listofmethods = array(); $listofmethods['mail'] = 'PHP mail function'; $listofmethods['smtps'] = 'SMTP/SMTPS socket library'; +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} /* diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php index a9095609ab7..336b6431281 100644 --- a/htdocs/comm/mailing/cibles.php +++ b/htdocs/comm/mailing/cibles.php @@ -35,12 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; // Load translation files required by the page $langs->load("mails"); -// Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { - accessforbidden(); -} - - // Load variable for pagination $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); @@ -75,6 +69,13 @@ $object = new Mailing($db); $result = $object->fetch($id); +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); + + /* * Actions */ diff --git a/htdocs/comm/mailing/info.php b/htdocs/comm/mailing/info.php index f6aa8c2e509..74d6943a044 100644 --- a/htdocs/comm/mailing/info.php +++ b/htdocs/comm/mailing/info.php @@ -33,9 +33,10 @@ $id = GETPOST('id', 'int'); $langs->load("mails"); // Security check -if (!$user->rights->mailing->lire || $user->socid > 0) { +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { accessforbidden(); } +//$result = restrictedArea($user, 'mailing'); diff --git a/htdocs/comm/mailing/list.php b/htdocs/comm/mailing/list.php index 4f851eeee28..94db62d7b19 100644 --- a/htdocs/comm/mailing/list.php +++ b/htdocs/comm/mailing/list.php @@ -28,9 +28,6 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php'; // Load translation files required by the page $langs->load("mails"); -// Security check -$result = restrictedArea($user, 'mailing'); - $sortfield = GETPOST("sortfield", 'alpha'); $sortorder = GETPOST("sortorder", 'alpha'); $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; @@ -69,6 +66,11 @@ $fieldstosearchall = array( 'm.titre'=>'Ref', ); +// Security check +if (!$user->rights->mailing->lire || (empty($conf->global->EXTERNAL_USERS_ARE_AUTHORIZED) && $user->socid > 0)) { + accessforbidden(); +} +//$result = restrictedArea($user, 'mailing'); diff --git a/htdocs/comm/multiprix.php b/htdocs/comm/multiprix.php index f1638e9dc37..a409a150778 100644 --- a/htdocs/comm/multiprix.php +++ b/htdocs/comm/multiprix.php @@ -40,6 +40,14 @@ if ($user->socid > 0) { $_socid = $user->socid; } +// Security check +$socid = GETPOST("socid", 'int'); +if ($user->socid > 0) { + $action = ''; + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * Actions diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index bc384cfb882..fbef40290b4 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -89,12 +89,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con // Nombre de ligne pour choix de produit/service predefinis $NBLINES = 4; -// Security check -if (!empty($user->socid)) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); $extrafields = new ExtraFields($db); @@ -134,6 +128,14 @@ $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc $permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php $permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + + /* * Actions */ diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 3bbe232be6e..09aa9fddb6c 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -40,12 +40,6 @@ $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); $action = GETPOST('action', 'aZ09'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); // Load object @@ -67,6 +61,13 @@ if (!$error) { exit; } +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + /* * Add a new contact diff --git a/htdocs/comm/propal/document.php b/htdocs/comm/propal/document.php index 4c408adcb28..a3ddf4ae039 100644 --- a/htdocs/comm/propal/document.php +++ b/htdocs/comm/propal/document.php @@ -80,6 +80,13 @@ if (!$sortfield) { $object = new Propal($db); $object->fetch($id, $ref); +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); + /* * Actions diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 2005e51571b..7b47915f0ea 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -26,15 +26,6 @@ */ require '../../main.inc.php'; - -// Security check -$socid = GETPOST('socid', 'int'); -if (isset($user->socid) && $user->socid > 0) { - $action = ''; - $socid = $user->socid; -} -restrictedArea($user, 'propal'); - require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; @@ -48,9 +39,19 @@ $langs->loadLangs(array('propal', 'companies')); $now = dol_now(); $max = 5; +// Security check +$socid = GETPOST('socid', 'int'); +if (isset($user->socid) && $user->socid > 0) { + $action = ''; + $socid = $user->socid; +} +restrictedArea($user, 'propal'); + + /* * View */ + $propalstatic = new Propal($db); $companystatic = new Societe($db); $form = new Form($db); diff --git a/htdocs/comm/propal/info.php b/htdocs/comm/propal/info.php index 847b42edbc5..72e4f887496 100644 --- a/htdocs/comm/propal/info.php +++ b/htdocs/comm/propal/info.php @@ -39,18 +39,18 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $socid = GETPOST('socid', 'int'); -// Security check -if (!empty($user->socid)) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propal', $id); - $object = new Propal($db); if (!$object->fetch($id, $ref) > 0) { dol_print_error($db); exit; } +// Security check +if (!empty($user->socid)) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id); /* diff --git a/htdocs/comm/propal/note.php b/htdocs/comm/propal/note.php index 8c1e16dc6e8..0d880219bef 100644 --- a/htdocs/comm/propal/note.php +++ b/htdocs/comm/propal/note.php @@ -40,13 +40,19 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'propale', $id, 'propal'); +$now = dol_now(); $object = new Propal($db); +if ($id > 0 || !empty($ref)) { + $object->fetch($id, $ref); +} + +// Security check +if ($user->socid > 0) { + $socid = $user->socid; + $object->id = $user->socid; +} +restrictedArea($user, 'propal', $object->id, 'propal'); /* @@ -63,86 +69,78 @@ include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, * View */ +$form = new Form($db); + $help_url = 'EN:Commercial_Proposals|FR:Proposition_commerciale|ES:Presupuestos'; llxHeader('', $langs->trans('Proposal'), $help_url); -$form = new Form($db); +if ($object->id > 0) { + if ($object->fetch_thirdparty() > 0) { + $head = propal_prepare_head($object); + print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal'); -if ($id > 0 || !empty($ref)) { - if ($mesg) { - print $mesg; - } - - $now = dol_now(); - - if ($object->fetch($id, $ref) > 0) { - if ($object->fetch_thirdparty() > 0) { - $head = propal_prepare_head($object); - print dol_get_fiche_head($head, 'note', $langs->trans('Proposal'), -1, 'propal'); - - $cssclass = 'titlefield'; - //if ($action == 'editnote_public') $cssclass='titlefieldcreate'; - //if ($action == 'editnote_private') $cssclass='titlefieldcreate'; + $cssclass = 'titlefield'; + //if ($action == 'editnote_public') $cssclass='titlefieldcreate'; + //if ($action == 'editnote_private') $cssclass='titlefieldcreate'; - // Proposal card + // Proposal card - $linkback = ''.$langs->trans("BackToList").''; + $linkback = ''.$langs->trans("BackToList").''; - $morehtmlref = '
'; - // Ref customer - $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); - // Project - if (!empty($conf->projet->enabled)) { - $langs->load("projects"); - $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->propal->creer) { - if ($action != 'classify') { - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ''; - $morehtmlref .= ' : '; - } - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref .= '
'; - $morehtmlref .= ''; - $morehtmlref .= ''; - $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref .= ''; - $morehtmlref .= '
'; - } else { - $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } + $morehtmlref = '
'; + // Ref customer + $morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); + // Thirdparty + $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); + // Project + if (!empty($conf->projet->enabled)) { + $langs->load("projects"); + $morehtmlref .= '
'.$langs->trans('Project').' '; + if ($user->rights->propal->creer) { + if ($action != 'classify') { + //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ''; + $morehtmlref .= ' : '; + } + if ($action == 'classify') { + //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); + $morehtmlref .= '
'; + $morehtmlref .= ''; + $morehtmlref .= ''; + $morehtmlref .= $formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); + $morehtmlref .= ''; + $morehtmlref .= '
'; } else { - if (!empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref .= ''; - $morehtmlref .= $proj->ref; - $morehtmlref .= ''; - } else { - $morehtmlref .= ''; - } + $morehtmlref .= $form->form_project($_SERVER['PHP_SELF'].'?id='.$object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); + } + } else { + if (!empty($object->fk_project)) { + $proj = new Project($db); + $proj->fetch($object->fk_project); + $morehtmlref .= ''; + $morehtmlref .= $proj->ref; + $morehtmlref .= ''; + } else { + $morehtmlref .= ''; } } - $morehtmlref .= '
'; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - print '
'; - - $cssclass = "titlefield"; - include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; - - print '
'; - - print dol_get_fiche_end(); } + $morehtmlref .= '
'; + + dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); + + print '
'; + print '
'; + + $cssclass = "titlefield"; + include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; + + print '
'; + + print dol_get_fiche_end(); } } diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 4ae18df12f8..c0d92908aab 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -38,12 +38,6 @@ $WIDTH = DolGraph::getDefaultGraphSizeForStats('width'); $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height'); $mode = GETPOSTISSET("mode") ? GETPOST("mode", 'aZ09') : 'customer'; -if ($mode == 'customer' && !$user->rights->propale->lire) { - accessforbidden(); -} -if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) { - accessforbidden(); -} $object_status = GETPOST('object_status', 'intcomma'); $typent_id = GETPOST('typent_id', 'int'); @@ -66,6 +60,13 @@ $endyear = $year; // Load translation files required by the page $langs->loadLangs(array('orders', 'companies', 'other', 'suppliers', 'supplier_proposal')); +if ($mode == 'customer' && !$user->rights->propale->lire) { + accessforbidden(); +} +if ($mode == 'supplier' && !$user->rights->supplier_proposal->lire) { + accessforbidden(); +} + /* * View diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index ea44682b4a3..3aacd070ae4 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -30,11 +30,19 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/agenda.lib.php'; // Load translation files required by the page $langs->load("propal"); - if ($user->socid > 0) { $socid = $user->socid; } +// Security check +$socid = GETPOST('socid', 'int'); +if ($user->socid) { + $action = ''; + $socid = $user->socid; +} +$result = restrictedArea($user, 'propal', $socid, ''); + + /* * View diff --git a/htdocs/comm/prospect/recap-prospect.php b/htdocs/comm/prospect/recap-prospect.php deleted file mode 100644 index 4656574fb47..00000000000 --- a/htdocs/comm/prospect/recap-prospect.php +++ /dev/null @@ -1,90 +0,0 @@ - - * Copyright (C) 2004-2010 Laurent Destailleur - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/comm/prospect/recap-prospect.php - * \ingroup societe - * \brief Page with prospect summary - */ - -require '../../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php'; - -// Load translation files required by the page -$langs->loadLangs(array('companies', 'other')); -if (!empty($conf->facture->enabled)) { - $langs->load("bills"); -} - -// Security check -$socid = GETPOST("socid", 'int'); -if ($user->socid > 0) { - $action = ''; - $socid = $user->socid; -} - - -/* - * View - */ - -llxHeader(); - -if ($socid > 0) { - $societe = new Societe($db); - $societe->fetch($socid); - - /* - * Affichage onglets - */ - $head = societe_prepare_head($societe); - - print dol_get_fiche_head($head, 'prospect', $langs->trans("ThirdParty"), 0, 'company'); - - - print "\n"; - print '
'; - - print ''; - - // Name - print ''; - - // Prefix - if (!empty($conf->global->SOCIETE_USEPREFIX)) { // Old not used prefix field - print ''; - } - - print "
'.$langs->trans("Thirdpary").''.$societe->getNomUrl(1).'
'.$langs->trans("Prefix").''; - print ($societe->prefix_comm ? $societe->prefix_comm : ' '); - print '
"; - - print "
\n"; - - print ''; - - - print $langs->trans("FeatureNotYetAvailable"); -} else { - dol_print_error($db); -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/comm/recap-client.php b/htdocs/comm/recap-client.php index 6e82cc16c19..ee32c0dd016 100644 --- a/htdocs/comm/recap-client.php +++ b/htdocs/comm/recap-client.php @@ -33,12 +33,12 @@ if (!empty($conf->facture->enabled)) { } // Security check -$socid = $_GET["socid"]; +$socid = GETPOST("socid", 'int'); if ($user->socid > 0) { $action = ''; - $socid = $user->socid; + $id = $user->socid; } - +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); /* diff --git a/htdocs/comm/remise.php b/htdocs/comm/remise.php index 541983775a7..93876fdde96 100644 --- a/htdocs/comm/remise.php +++ b/htdocs/comm/remise.php @@ -74,6 +74,12 @@ if (GETPOST('action', 'aZ09') == 'setremise') { } } +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * View @@ -83,7 +89,6 @@ $form = new Form($db); llxHeader(); - /********************************************************************************* * * Mode fiche diff --git a/htdocs/comm/remx.php b/htdocs/comm/remx.php index 66d45f6a278..9abf348095e 100644 --- a/htdocs/comm/remx.php +++ b/htdocs/comm/remx.php @@ -46,6 +46,12 @@ if ($user->socid > 0) { $socid = $user->socid; } +// Security check +if ($user->socid > 0) { + $id = $user->socid; +} +$result = restrictedArea($user, 'societe', $id, '&societe', '', 'fk_soc', 'rowid', 0); + /* * Actions