mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-02-20 13:46:52 +01:00
Fix test on permissions
This commit is contained in:
Laurent Destailleur
parent
b8acc8cbb4
commit
d7d1e73ac9
|
|
@ -60,13 +60,6 @@ $action = GETPOST('action', 'aZ09');
|
|||
$confirm = GETPOST('confirm', 'alpha');
|
||||
$backtopage = GETPOST('backtopage', 'alpha');
|
||||
|
||||
// Security check
|
||||
$id = GETPOSTINT('id');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'expedition', $id, 'delivery', 'delivery');
|
||||
|
||||
$object = new Delivery($db);
|
||||
$extrafields = new ExtraFields($db);
|
||||
|
||||
|
|
@ -84,6 +77,20 @@ $hookmanager->initHooks(array('deliverycard', 'globalcard'));
|
|||
|
||||
$error = 0;
|
||||
|
||||
// Security check
|
||||
$id = GETPOSTINT('id');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'expedition', $id, 'delivery', 'delivery');
|
||||
|
||||
$permissiontoread = $user->hasRight('expedition', 'delivery', 'read');
|
||||
$permissiontoadd = $user->hasRight('expedition', 'delivery', 'creer'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$permissiontodelete = $user->hasRight('expedition', 'delivery', 'supprimer') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
|
||||
$permissiontovalidate = ((!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('expedition', 'delivery', 'creer')) || (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('expedition', 'delivery_advance', 'validate')));
|
||||
$permissionnote = $user->hasRight('expedition', 'delivery', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('expedition', 'delivery', 'creer'); // Used by the include of actions_dellink.inc.php
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
|
@ -95,7 +102,7 @@ $reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action
|
|||
$permissiondellink = $user->hasRight('expedition', 'delivery', 'supprimer'); // Used by the include of actions_dellink.inc.php
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once
|
||||
|
||||
if ($action == 'add') {
|
||||
if ($action == 'add' && $permissiontoadd) {
|
||||
$db->begin();
|
||||
|
||||
$object->date_delivery = dol_now();
|
||||
|
|
@ -134,10 +141,7 @@ if ($action == 'add') {
|
|||
|
||||
$action = 'create';
|
||||
}
|
||||
} elseif ($action == 'confirm_valid' && $confirm == 'yes' &&
|
||||
((!getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('expedition', 'delivery', 'creer'))
|
||||
|| (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && $user->hasRight('expedition', 'delivery_advance', 'validate')))
|
||||
) {
|
||||
} elseif ($action == 'confirm_valid' && $confirm == 'yes' && $permissiontovalidate) {
|
||||
$result = $object->valid($user);
|
||||
|
||||
// Define output language
|
||||
|
|
@ -164,7 +168,7 @@ if ($action == 'add') {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'confirm_delete' && $confirm == 'yes' && $user->hasRight('expedition', 'delivery', 'supprimer')) {
|
||||
if ($action == 'confirm_delete' && $confirm == 'yes' && $permissiontodelete) {
|
||||
$db->begin();
|
||||
$result = $object->delete($user);
|
||||
|
||||
|
|
@ -181,7 +185,7 @@ if ($action == 'confirm_delete' && $confirm == 'yes' && $user->hasRight('expedit
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setdate_delivery' && $user->hasRight('expedition', 'delivery', 'creer')) {
|
||||
if ($action == 'setdate_delivery' && $permissiontoadd) {
|
||||
$datedelivery = dol_mktime(GETPOSTINT('liv_hour'), GETPOSTINT('liv_min'), 0, GETPOSTINT('liv_month'), GETPOSTINT('liv_day'), GETPOSTINT('liv_year'));
|
||||
$result = $object->setDeliveryDate($user, $datedelivery);
|
||||
if ($result < 0) {
|
||||
|
|
@ -193,7 +197,7 @@ if ($action == 'setdate_delivery' && $user->hasRight('expedition', 'delivery', '
|
|||
}
|
||||
|
||||
// Update extrafields
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $permissiontoadd) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
@ -217,7 +221,7 @@ if ($action == 'update_extras') {
|
|||
}
|
||||
|
||||
// Extrafields line
|
||||
if ($action == 'update_extras_line') {
|
||||
if ($action == 'update_extras_line' && $permissiontoadd) {
|
||||
$array_options = array();
|
||||
$num = count($object->lines);
|
||||
|
||||
|
|
@ -244,7 +248,6 @@ if ($action == 'update_extras_line') {
|
|||
|
||||
// Actions to build doc
|
||||
$upload_dir = $conf->expedition->dir_output.'/receipt';
|
||||
$permissiontoadd = $user->hasRight('expedition', 'creer');
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
|
||||
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_printing.inc.php';
|
||||
|
|
|
|||
|
|
@ -121,6 +121,11 @@ class Delivery extends CommonObject
|
|||
public $user_author_id;
|
||||
|
||||
|
||||
const STATUS_DRAFT = 0;
|
||||
const STATUS_VALIDATED = 1;
|
||||
const STATUS_CANCELED = -1;
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
|
|
|
|||
|
|
@ -326,7 +326,7 @@ if (empty($reshook)) {
|
|||
$object->setProject($projectid);
|
||||
}
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $user->hasRight('don', 'creer')) {
|
||||
$object->fetch($id);
|
||||
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
|
|
|||
|
|
@ -202,7 +202,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $user->hasRight('expedition', 'creer')) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
|
|
@ -82,6 +82,11 @@ if ($user->socid) {
|
|||
|
||||
$result = restrictedArea($user, 'expedition', 0, ''); // We use 0 for id, because there is no particular shipment on this tab, only id of order is known
|
||||
|
||||
$permissiontoread = $user->hasRight('expedition', 'lire');
|
||||
$permissiontoadd = $user->hasRight('expedition', 'creer'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$permissiontodelete = $user->hasRight('expedition', 'supprimer') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
|
||||
$permissionnote = $user->hasRight('expedition', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('expedition', 'creer'); // Used by the include of actions_dellink.inc.php
|
||||
|
||||
|
||||
/*
|
||||
|
|
@ -96,15 +101,15 @@ if ($reshook < 0) {
|
|||
|
||||
if (empty($reshook)) {
|
||||
// Categorisation dans projet
|
||||
if ($action == 'classin') {
|
||||
if ($action == 'classin' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$object->setProject(GETPOSTINT('projectid'));
|
||||
}
|
||||
|
||||
if ($action == 'confirm_cloture' && GETPOST('confirm', 'alpha') == 'yes') {
|
||||
if ($action == 'confirm_cloture' && GETPOST('confirm', 'alpha') == 'yes' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->cloture($user);
|
||||
} elseif ($action == 'setref_client' && $user->hasRight('commande', 'creer')) {
|
||||
} elseif ($action == 'setref_client' && $permissiontoadd) {
|
||||
// Positionne ref commande client
|
||||
$result = $object->set_ref_client($user, GETPOST('ref_client'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -112,7 +117,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setdatedelivery' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setdatedelivery' && $permissiontoadd) {
|
||||
$datedelivery = dol_mktime(GETPOSTINT('liv_hour'), GETPOSTINT('liv_min'), 0, GETPOSTINT('liv_month'), GETPOSTINT('liv_day'), GETPOSTINT('liv_year'));
|
||||
|
||||
$object->fetch($id);
|
||||
|
|
@ -121,17 +126,7 @@ if (empty($reshook)) {
|
|||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
}
|
||||
}
|
||||
/*
|
||||
if ($action == 'setdeliveryaddress' && $user->hasRight('commande', 'creer'))
|
||||
{
|
||||
$object = new Commande($db);
|
||||
$object->fetch($id);
|
||||
$object->setDeliveryAddress(GETPOST('delivery_address_id','int'));
|
||||
if ($result < 0)
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
}
|
||||
*/
|
||||
if ($action == 'setmode' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setmode' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->setPaymentMethods(GETPOSTINT('mode_reglement_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -139,7 +134,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setavailability' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setavailability' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->availability(GETPOST('availability_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -147,7 +142,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setdemandreason' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setdemandreason' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->demand_reason(GETPOST('demand_reason_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -155,7 +150,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setconditions' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setconditions' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->setPaymentTerms(GETPOSTINT('cond_reglement_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -170,7 +165,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// shipping method
|
||||
if ($action == 'setshippingmethod' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setshippingmethod' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->setShippingMethod(GETPOSTINT('shipping_method_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -179,7 +174,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// warehouse
|
||||
if ($action == 'setwarehouse' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'setwarehouse' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$result = $object->setWarehouse(GETPOSTINT('warehouse_id'));
|
||||
if ($result < 0) {
|
||||
|
|
@ -187,7 +182,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $permissiontoadd) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
@ -210,7 +205,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'set_thirdparty' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action == 'set_thirdparty' && $permissiontoadd) {
|
||||
$object->fetch($id);
|
||||
$object->setValueFrom('fk_soc', $socid, '', '', 'date', '', $user, 'ORDER_MODIFY');
|
||||
|
||||
|
|
@ -283,8 +278,8 @@ if ($id > 0 || !empty($ref)) {
|
|||
|
||||
$morehtmlref = '<div class="refidno">';
|
||||
// Ref customer
|
||||
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_customer', $object->ref_client, $object, $user->hasRight('commande', 'creer'), 'string', '', 0, 1);
|
||||
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_customer', $object->ref_client, $object, $user->hasRight('commande', 'creer'), 'string', '', null, null, '', 1);
|
||||
$morehtmlref .= $form->editfieldkey("RefCustomer", 'ref_customer', $object->ref_client, $object, $permissiontoadd, 'string', '', 0, 1);
|
||||
$morehtmlref .= $form->editfieldval("RefCustomer", 'ref_customer', $object->ref_client, $object, $permissiontoadd, 'string', '', null, null, '', 1);
|
||||
// Thirdparty
|
||||
$morehtmlref .= '<br>'.$soc->getNomUrl(1);
|
||||
// Project
|
||||
|
|
@ -423,7 +418,7 @@ if ($id > 0 || !empty($ref)) {
|
|||
print '<table width="100%" class="nobordernopadding"><tr><td>';
|
||||
print $langs->trans('Warehouse');
|
||||
print '</td>';
|
||||
if ($action != 'editwarehouse' && $user->hasRight('commande', 'creer')) {
|
||||
if ($action != 'editwarehouse' && $permissiontoadd) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editwarehouse&token='.newToken().'&id='.$object->id.'">'.img_edit($langs->trans('SetWarehouse'), 1).'</a></td>';
|
||||
}
|
||||
print '</tr></table>';
|
||||
|
|
@ -513,7 +508,7 @@ if ($id > 0 || !empty($ref)) {
|
|||
print '<table width="100%" class="nobordernopadding"><tr><td>';
|
||||
print $langs->trans('IncotermLabel');
|
||||
print '<td><td class="right">';
|
||||
if ($user->hasRight('commande', 'creer')) {
|
||||
if ($permissiontoadd) {
|
||||
print '<a class="editfielda" href="'.$_SERVER['PHP_SELF'].'/expedition/shipment.php?id='.$object->id.'&action=editincoterm&token='.newToken().'">'.img_edit().'</a>';
|
||||
} else {
|
||||
print ' ';
|
||||
|
|
|
|||
|
|
@ -352,7 +352,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $user->hasRight('expensereport', 'creer')) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
|
|
@ -749,7 +749,7 @@ if (empty($reshook)) {
|
|||
$permissiontoadd = $user->hasRight('ficheinter', 'creer');
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $user->hasRight('ficheinter', 'creer')) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
|
|
@ -404,7 +404,7 @@ if (empty($reshook)) {
|
|||
$db->rollback();
|
||||
setEventMessages($line->error, $line->errors, 'errors');
|
||||
}
|
||||
} elseif ($action == 'update_extras') {
|
||||
} elseif ($action == 'update_extras' && $usercancreate) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
|
|
@ -1981,7 +1981,7 @@ if (empty($reshook)) {
|
|||
exit;
|
||||
}
|
||||
}
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $usercancreate) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
|
|
|
|||
|
|
@ -155,149 +155,140 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Add leave request
|
||||
if ($action == 'add') {
|
||||
// If no right to create a request
|
||||
if (!$cancreate) {
|
||||
if ($action == 'add' && $cancreate) {
|
||||
$object = new Holiday($db);
|
||||
|
||||
$db->begin();
|
||||
|
||||
$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
|
||||
$date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
|
||||
$date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
|
||||
$date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
|
||||
$starthalfday = GETPOST('starthalfday');
|
||||
$endhalfday = GETPOST('endhalfday');
|
||||
$type = GETPOST('type');
|
||||
$halfday = 0;
|
||||
if ($starthalfday == 'afternoon' && $endhalfday == 'morning') {
|
||||
$halfday = 2;
|
||||
} elseif ($starthalfday == 'afternoon') {
|
||||
$halfday = -1;
|
||||
} elseif ($endhalfday == 'morning') {
|
||||
$halfday = 1;
|
||||
}
|
||||
|
||||
$approverid = GETPOSTINT('valideur');
|
||||
$description = trim(GETPOST('description', 'restricthtml'));
|
||||
|
||||
// Check that leave is for a user inside the hierarchy or advanced permission for all is set
|
||||
if (!$cancreateall) {
|
||||
if (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
||||
if (!$user->hasRight('holiday', 'write')) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
|
||||
} elseif (!in_array($fuserid, $childids)) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors');
|
||||
$action = 'create';
|
||||
}
|
||||
} else {
|
||||
if (!$user->hasRight('holiday', 'write') && !$user->hasRight('holiday', 'writeall_advance')) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
|
||||
} elseif (!$user->hasRight('holiday', 'writeall_advance') && !in_array($fuserid, $childids)) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors');
|
||||
$action = 'create';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If no type
|
||||
if ($type <= 0) {
|
||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
|
||||
$error++;
|
||||
setEventMessages($langs->trans('CantCreateCP'), null, 'errors');
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If no start date
|
||||
if (empty($date_debut)) {
|
||||
setEventMessages($langs->trans("NoDateDebut"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
// If no end date
|
||||
if (empty($date_fin)) {
|
||||
setEventMessages($langs->trans("NoDateFin"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
// If start date after end date
|
||||
if ($date_debut > $date_fin) {
|
||||
setEventMessages($langs->trans("ErrorEndDateCP"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// Check if there is already holiday for this period
|
||||
$verifCP = $object->verifDateHolidayCP($fuserid, $date_debut, $date_fin, $halfday);
|
||||
if (!$verifCP) {
|
||||
setEventMessages($langs->trans("alreadyCPexist"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If there is no Business Days within request
|
||||
$nbopenedday = num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
|
||||
if ($nbopenedday < 0.5) {
|
||||
setEventMessages($langs->trans("ErrorDureeCP"), null, 'errors'); // No working day
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If no validator designated
|
||||
if ($approverid < 1) {
|
||||
setEventMessages($langs->transnoentitiesnoconv('InvalidValidatorCP'), null, 'errors');
|
||||
$error++;
|
||||
}
|
||||
|
||||
$approverslist = $object->fetch_users_approver_holiday();
|
||||
if (!in_array($approverid, $approverslist)) {
|
||||
setEventMessages($langs->transnoentitiesnoconv('InvalidValidator'), null, 'errors');
|
||||
$error++;
|
||||
}
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
$ret = $extrafields->setOptionalsFromPost(null, $object);
|
||||
if ($ret < 0) {
|
||||
$error++;
|
||||
}
|
||||
|
||||
$result = 0;
|
||||
|
||||
if (!$error) {
|
||||
$object = new Holiday($db);
|
||||
$object->fk_user = $fuserid;
|
||||
$object->description = $description;
|
||||
$object->fk_validator = $approverid;
|
||||
$object->fk_type = $type;
|
||||
$object->date_debut = $date_debut;
|
||||
$object->date_fin = $date_fin;
|
||||
$object->halfday = $halfday;
|
||||
$object->entity = $conf->entity;
|
||||
|
||||
$db->begin();
|
||||
|
||||
$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
|
||||
$date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
|
||||
$date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
|
||||
$date_fin_gmt = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'), 1);
|
||||
$starthalfday = GETPOST('starthalfday');
|
||||
$endhalfday = GETPOST('endhalfday');
|
||||
$type = GETPOST('type');
|
||||
$halfday = 0;
|
||||
if ($starthalfday == 'afternoon' && $endhalfday == 'morning') {
|
||||
$halfday = 2;
|
||||
} elseif ($starthalfday == 'afternoon') {
|
||||
$halfday = -1;
|
||||
} elseif ($endhalfday == 'morning') {
|
||||
$halfday = 1;
|
||||
}
|
||||
|
||||
$approverid = GETPOSTINT('valideur');
|
||||
$description = trim(GETPOST('description', 'restricthtml'));
|
||||
|
||||
// Check that leave is for a user inside the hierarchy or advanced permission for all is set
|
||||
if (!$cancreateall) {
|
||||
if (!getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) {
|
||||
if (!$user->hasRight('holiday', 'write')) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
|
||||
} elseif (!in_array($fuserid, $childids)) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors');
|
||||
$action = 'create';
|
||||
}
|
||||
} else {
|
||||
if (!$user->hasRight('holiday', 'write') && !$user->hasRight('holiday', 'writeall_advance')) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
|
||||
} elseif (!$user->hasRight('holiday', 'writeall_advance') && !in_array($fuserid, $childids)) {
|
||||
$error++;
|
||||
setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors');
|
||||
$action = 'create';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If no type
|
||||
if ($type <= 0) {
|
||||
setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Type")), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If no start date
|
||||
if (empty($date_debut)) {
|
||||
setEventMessages($langs->trans("NoDateDebut"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
// If no end date
|
||||
if (empty($date_fin)) {
|
||||
setEventMessages($langs->trans("NoDateFin"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
// If start date after end date
|
||||
if ($date_debut > $date_fin) {
|
||||
setEventMessages($langs->trans("ErrorEndDateCP"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// Check if there is already holiday for this period
|
||||
$verifCP = $object->verifDateHolidayCP($fuserid, $date_debut, $date_fin, $halfday);
|
||||
if (!$verifCP) {
|
||||
setEventMessages($langs->trans("alreadyCPexist"), null, 'errors');
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If there is no Business Days within request
|
||||
$nbopenedday = num_open_day($date_debut_gmt, $date_fin_gmt, 0, 1, $halfday);
|
||||
if ($nbopenedday < 0.5) {
|
||||
setEventMessages($langs->trans("ErrorDureeCP"), null, 'errors'); // No working day
|
||||
$error++;
|
||||
$action = 'create';
|
||||
}
|
||||
|
||||
// If no validator designated
|
||||
if ($approverid < 1) {
|
||||
setEventMessages($langs->transnoentitiesnoconv('InvalidValidatorCP'), null, 'errors');
|
||||
$result = $object->create($user);
|
||||
if ($result <= 0) {
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
$error++;
|
||||
}
|
||||
}
|
||||
|
||||
$approverslist = $object->fetch_users_approver_holiday();
|
||||
if (!in_array($approverid, $approverslist)) {
|
||||
setEventMessages($langs->transnoentitiesnoconv('InvalidValidator'), null, 'errors');
|
||||
$error++;
|
||||
}
|
||||
// If no SQL error we redirect to the request card
|
||||
if (!$error) {
|
||||
$db->commit();
|
||||
|
||||
// Fill array 'array_options' with data from add form
|
||||
$ret = $extrafields->setOptionalsFromPost(null, $object);
|
||||
if ($ret < 0) {
|
||||
$error++;
|
||||
}
|
||||
|
||||
$result = 0;
|
||||
|
||||
if (!$error) {
|
||||
$object->fk_user = $fuserid;
|
||||
$object->description = $description;
|
||||
$object->fk_validator = $approverid;
|
||||
$object->fk_type = $type;
|
||||
$object->date_debut = $date_debut;
|
||||
$object->date_fin = $date_fin;
|
||||
$object->halfday = $halfday;
|
||||
$object->entity = $conf->entity;
|
||||
|
||||
$result = $object->create($user);
|
||||
if ($result <= 0) {
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
$error++;
|
||||
}
|
||||
}
|
||||
|
||||
// If no SQL error we redirect to the request card
|
||||
if (!$error) {
|
||||
$db->commit();
|
||||
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
|
||||
exit;
|
||||
} else {
|
||||
$db->rollback();
|
||||
}
|
||||
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
|
||||
exit;
|
||||
} else {
|
||||
$db->rollback();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -324,7 +315,7 @@ if (empty($reshook)) {
|
|||
$action = '';
|
||||
}
|
||||
|
||||
if ($action == 'update' && !GETPOSTISSET('savevalidator')) {
|
||||
if ($action == 'update' && !GETPOSTISSET('savevalidator')) { // Test on permission done later
|
||||
$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
|
||||
$date_fin = dol_mktime(0, 0, 0, GETPOST('date_fin_month'), GETPOST('date_fin_day'), GETPOST('date_fin_year'));
|
||||
$date_debut_gmt = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'), 1);
|
||||
|
|
@ -459,7 +450,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Action validate (+ send email for approval to the expected approver)
|
||||
if ($action == 'confirm_send') {
|
||||
if ($action == 'confirm_send') { // Test on permission done later
|
||||
$object->fetch($id);
|
||||
|
||||
// If draft and owner of leave
|
||||
|
|
|
|||
|
|
@ -94,9 +94,9 @@ if ($id > 0 || !empty($ref)) {
|
|||
}
|
||||
}
|
||||
|
||||
$usercanread = (($user->hasRight('stock', 'lire')));
|
||||
$usercancreate = (($user->hasRight('stock', 'creer')));
|
||||
$usercandelete = (($user->hasRight('stock', 'supprimer')));
|
||||
$usercanread = $user->hasRight('stock', 'lire');
|
||||
$usercancreate = $user->hasRight('stock', 'creer');
|
||||
$usercandelete = $user->hasRight('stock', 'supprimer');
|
||||
|
||||
|
||||
/*
|
||||
|
|
@ -198,8 +198,8 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
// Modification entrepot
|
||||
if ($action == 'update' && !$cancel) {
|
||||
// Update warehouse
|
||||
if ($action == 'update' && !$cancel && $user->hasRight('stock', 'creer')) {
|
||||
if ($object->fetch($id)) {
|
||||
$object->label = GETPOST("libelle");
|
||||
$object->fk_parent = GETPOST("fk_parent");
|
||||
|
|
@ -239,7 +239,7 @@ if (empty($reshook)) {
|
|||
$action = 'edit';
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
}
|
||||
} elseif ($action == 'update_extras') {
|
||||
} elseif ($action == 'update_extras' && $user->hasRight('stock', 'creer')) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
|
|
@ -108,20 +108,17 @@ if ($id || $ref) {
|
|||
// Initialize technical object to manage hooks of modules. Note that conf->hooks_modules contains array array
|
||||
$hookmanager->initHooks(array('productlotcard', 'globalcard'));
|
||||
|
||||
|
||||
$permissionnote = $user->hasRight('stock', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('stock', 'creer'); // Used by the include of actions_dellink.inc.php
|
||||
$permissiontoadd = $user->hasRight('stock', 'creer'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
|
||||
$upload_dir = $conf->productbatch->multidir_output[$conf->entity];
|
||||
|
||||
$usercanread = $user->hasRight('produit', 'lire');
|
||||
$usercancreate = $user->hasRight('produit', 'creer');
|
||||
$usercandelete = $user->hasRight('produit', 'supprimer');
|
||||
|
||||
$upload_dir = $conf->productbatch->multidir_output[$conf->entity];
|
||||
|
||||
$permissiontoread = $usercanread;
|
||||
$permissiontoadd = $usercancreate;
|
||||
$permissiontodelete = $usercandelete;
|
||||
$permissionnote = $user->hasRight('produit', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('produit', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
|
||||
// Security check
|
||||
if (!isModEnabled('productbatch')) {
|
||||
|
|
@ -153,7 +150,7 @@ if (empty($reshook)) {
|
|||
|
||||
$backurlforlist = dol_buildpath('/product/stock/productlot_list.php', 1);
|
||||
|
||||
if ($action == 'seteatby' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'seteatby' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOSTINT('eatbymonth'), GETPOSTINT('eatbyday'), GETPOSTINT('eatbyyear'));
|
||||
|
||||
// check parameters
|
||||
|
|
@ -178,7 +175,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setsellby' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'setsellby' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOSTINT('sellbymonth'), GETPOSTINT('sellbyday'), GETPOSTINT('sellbyyear'));
|
||||
|
||||
// check parameters
|
||||
|
|
@ -203,7 +200,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'seteol_date' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'seteol_date' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOSTINT('eol_datemonth'), GETPOSTINT('eol_dateday'), GETPOSTINT('eol_dateyear'));
|
||||
$result = $object->setValueFrom('eol_date', $newvalue, '', null, 'date', '', $user, 'PRODUCTLOT_MODIFY');
|
||||
if ($result < 0) {
|
||||
|
|
@ -214,7 +211,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setmanufacturing_date' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'setmanufacturing_date' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOSTINT('manufacturing_datemonth'), GETPOSTINT('manufacturing_dateday'), GETPOSTINT('manufacturing_dateyear'));
|
||||
$result = $object->setValueFrom('manufacturing_date', $newvalue, '', null, 'date', '', $user, 'PRODUCTLOT_MODIFY');
|
||||
if ($result < 0) {
|
||||
|
|
@ -225,7 +222,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
if ($action == 'setscrapping_date' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'setscrapping_date' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOSTINT('scrapping_datemonth'), GETPOSTINT('scrapping_dateday'), GETPOSTINT('scrapping_dateyear'));
|
||||
$result = $object->setValueFrom('scrapping_date', $newvalue, '', null, 'date', '', $user, 'PRODUCTLOT_MODIFY');
|
||||
if ($result < 0) {
|
||||
|
|
@ -236,7 +233,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
}
|
||||
|
||||
/* if ($action == 'setcommissionning_date' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
/* if ($action == 'setcommissionning_date' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$newvalue = dol_mktime(12, 0, 0, GETPOST('commissionning_datemonth', 'int'), GETPOST('commissionning_dateday', 'int'), GETPOST('commissionning_dateyear', 'int'));
|
||||
$result = $object->setValueFrom('commissionning_date', $newvalue, '', null, 'date', '', $user, 'PRODUCTLOT_MODIFY');
|
||||
if ($result < 0) {
|
||||
|
|
@ -247,7 +244,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
} */
|
||||
|
||||
if ($action == 'setqc_frequency' && $user->hasRight('stock', 'creer') && ! GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'setqc_frequency' && $permissiontoadd && ! GETPOST('cancel', 'alpha')) {
|
||||
$result = $object->setValueFrom('qc_frequency', GETPOST('qc_frequency'), '', null, 'int', '', $user, 'PRODUCT_MODIFY');
|
||||
if ($result < 0) { // Prévoir un test de format de durée
|
||||
setEventMessages($object->error, null, 'errors');
|
||||
|
|
@ -262,7 +259,7 @@ if (empty($reshook)) {
|
|||
// Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php';
|
||||
/*
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $permissiontoadd) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
@ -284,7 +281,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Action to add record
|
||||
if ($action == 'add') {
|
||||
if ($action == 'add' && $permissiontoadd) {
|
||||
if (GETPOST('cancel', 'alpha')) {
|
||||
$urltogo = $backtopage ? $backtopage : dol_buildpath('/stock/list.php', 1);
|
||||
header("Location: ".$urltogo);
|
||||
|
|
@ -325,10 +322,12 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Cancel
|
||||
if ($action == 'update' && GETPOST('cancel', 'alpha')) $action = 'view';
|
||||
if ($action == 'update' && GETPOST('cancel', 'alpha') && $permissiontoadd) {
|
||||
$action = 'view';
|
||||
}
|
||||
|
||||
// Action to update record
|
||||
if ($action == 'update' && !GETPOST('cancel', 'alpha')) {
|
||||
if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permissiontoadd) {
|
||||
$error = 0;
|
||||
|
||||
$object->entity = GETPOST('entity', 'int');
|
||||
|
|
@ -359,7 +358,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Action to delete
|
||||
if ($action == 'confirm_delete') {
|
||||
if ($action == 'confirm_delete' && $permissiontodelete) {
|
||||
$result = $object->delete($user);
|
||||
if ($result > 0) {
|
||||
// Delete OK
|
||||
|
|
|
|||
|
|
@ -235,20 +235,20 @@ if (empty($reshook)) {
|
|||
$_POST["supplier_code"] = "Acompleter";
|
||||
}
|
||||
|
||||
if ($action == 'set_localtax1') {
|
||||
if ($action == 'set_localtax1' && $user->hasRight('societe', 'creer')) {
|
||||
//get selected from combobox
|
||||
$value = GETPOST('lt1');
|
||||
$object->fetch($socid);
|
||||
$res = $object->setValueFrom('localtax1_value', $value, '', null, 'text', '', $user, 'COMPANY_MODIFY');
|
||||
}
|
||||
if ($action == 'set_localtax2') {
|
||||
if ($action == 'set_localtax2' && $user->hasRight('societe', 'creer')) {
|
||||
//get selected from combobox
|
||||
$value = GETPOST('lt2');
|
||||
$object->fetch($socid);
|
||||
$res = $object->setValueFrom('localtax2_value', $value, '', null, 'text', '', $user, 'COMPANY_MODIFY');
|
||||
}
|
||||
|
||||
if ($action == 'update_extras') {
|
||||
if ($action == 'update_extras' && $user->hasRight('societe', 'creer')) {
|
||||
$object->fetch($socid);
|
||||
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
|
@ -275,8 +275,7 @@ if (empty($reshook)) {
|
|||
}
|
||||
|
||||
// Add new or update third party
|
||||
if ((!GETPOST('getcustomercode') && !GETPOST('getsuppliercode'))
|
||||
&& ($action == 'add' || $action == 'update') && $user->hasRight('societe', 'creer')) {
|
||||
if ((!GETPOST('getcustomercode') && !GETPOST('getsuppliercode')) && ($action == 'add' || $action == 'update') && $user->hasRight('societe', 'creer')) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
|
||||
|
||||
if (!GETPOST('name')) {
|
||||
|
|
|
|||
|
|
@ -1131,7 +1131,7 @@ if (empty($reshook)) {
|
|||
} elseif ($action == 'setmulticurrencyrate' && $usercancreate) {
|
||||
// Multicurrency rate
|
||||
$result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx')), GETPOSTINT('calculation_mode'));
|
||||
} elseif ($action == 'update_extras') {
|
||||
} elseif ($action == 'update_extras' && $usercancreate) {
|
||||
$object->oldcopy = dol_clone($object, 2);
|
||||
|
||||
// Fill array 'array_options' with data from update form
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user