From 03c4232191b6f194fb8f19a641ce9b425b31ad81 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 30 Jan 2009 22:42:06 +0000 Subject: [PATCH] Fix: Hide data if user has no permission --- htdocs/comm/fiche.php | 68 ++++++++++++++++++++--------------------- htdocs/compta/fiche.php | 38 +++++++++++------------ 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index 152df021102..84893a10b4b 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2008 Laurent Destailleur + * Copyright (C) 2004-2009 Laurent Destailleur * Copyright (C) 2004 Eric Seigne * Copyright (C) 2006 Andre Cianfarani * Copyright (C) 2005-2007 Regis Houssin @@ -64,10 +64,10 @@ if ($_GET["action"] == 'attribute_prefix' && $user->rights->societe->creer) $societe = new Societe($db, $_GET["socid"]); $societe->attribute_prefix($db, $_GET["socid"]); } -// conditions de r�glement +// conditions de reglement if ($_POST["action"] == 'setconditions' && $user->rights->societe->creer) { - + $societe = new Societe($db, $_GET["socid"]); $societe->cond_reglement=$_POST['cond_reglement_id']; $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET cond_reglement='".$_POST['cond_reglement_id']; @@ -75,7 +75,7 @@ if ($_POST["action"] == 'setconditions' && $user->rights->societe->creer) $result = $db->query($sql); if (! $result) dolibarr_print_error($result); } -// mode de r�glement +// mode de reglement if ($_POST["action"] == 'setmode' && $user->rights->societe->creer) { $societe = new Societe($db, $_GET["socid"]); @@ -159,7 +159,7 @@ if ($socid > 0) */ print ''; print ''; print ''; - + // Reductions absolues (Remises-Ristournes-Rabbais) print ''; print ''; @@ -617,11 +617,11 @@ if ($socid > 0) print ""; print "\n"; print ""; - + $i++; } } - + print "
'; - + print ''; print ''; - + // Fax print ''; @@ -255,7 +255,7 @@ if ($socid > 0) print '
'.$langs->trans("Name").''; @@ -190,7 +190,7 @@ if ($socid > 0) // Phone print '
'.$langs->trans('Phone').''.dol_print_phone($objsoc->tel,$objsoc->pays_code,0,$objsoc->id,'AC_TEL').''.$langs->trans('Fax').''.dol_print_phone($objsoc->fax,$objsoc->pays_code,0,$objsoc->id,'AC_FAX').'
'; print '		'.($objsoc->remise_client?$objsoc->remise_client.'%':$langs->trans("DiscountNone")).'
'; print ''; @@ -291,7 +291,7 @@ if ($socid > 0) print '"; print ''; } - + // Adresse de livraison if ($conf->expedition->enabled) { @@ -309,7 +309,7 @@ if ($socid > 0) $sql = "SELECT count(rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."societe_adresse_livraison"; $sql.= " WHERE fk_societe =".$objsoc->id; - + $resql = $db->query($sql); if ($resql) { @@ -321,10 +321,10 @@ if ($socid > 0) { dolibarr_print_error($db); } - + print ''; print ''; - } + } print "
'.$objsoc->price_level."
"; @@ -346,11 +346,11 @@ if ($socid > 0) print '
'; $now=gmmktime(); - + /* - * Dernieres propales + * Last proposals */ - if ($conf->propal->enabled) + if ($conf->propal->enabled && $user->rights->propale->lire) { $propal_static=new Propal($db); @@ -362,7 +362,7 @@ if ($socid > 0) $sql .= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; $sql .= " AND s.rowid = ".$objsoc->id; $sql .= " ORDER BY p.datep DESC"; - + $resql=$db->query($sql); if ($resql) { @@ -400,12 +400,12 @@ if ($socid > 0) } /* - * Dernieres commandes + * Last orders */ - if($conf->commande->enabled) + if ($conf->commande->enabled && $user->rights->commande->lire) { $commande_static=new Commande($db); - + print ''; $sql = "SELECT s.nom, s.rowid,"; @@ -450,10 +450,10 @@ if ($socid > 0) /* * Last linked contracts */ - if($conf->contrat->enabled) + if ($conf->contrat->enabled && $user->rights->contrat->lire) { $contratstatic=new Contrat($db); - + print '
'; $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut, ".$db->pdate("c.datec")." as dc"; @@ -478,7 +478,7 @@ if ($socid > 0) while ($i < $num && $i < $MAXLIST) { $contrat=new Contrat($db); - + $objp = $db->fetch_object($resql); $var=!$var; print ""; @@ -503,11 +503,11 @@ if ($socid > 0) } print "
"; } - + /* * Dernieres interventions */ - if ($conf->ficheinter->enabled) + if ($conf->ficheinter->enabled && $user->rights->ficheinter->lire) { print ''; @@ -516,7 +516,7 @@ if ($socid > 0) $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND s.rowid = ".$objsoc->id; $sql .= " ORDER BY f.datei DESC"; - + $resql=$db->query($sql); if ($resql) { @@ -547,11 +547,11 @@ if ($socid > 0) } print "
"; } - + /* * Last linked projects */ - if ($conf->projet->enabled) + if ($conf->projet->enabled && $user->rights->projet->lire) { print ''; @@ -587,7 +587,7 @@ if ($socid > 0) } print "
"; } - + /* * Last linked chronodocs */ @@ -602,7 +602,7 @@ if ($socid > 0) $i = 0 ; //$num = sizeOf($result); $num=$chronodocs_static->get_nb_chronodocs($objsoc->id); - + if ($num > 0) { print '
'.$langs->trans("LastChronodocs",($num<=$MAXLIST?"":$MAXLIST)).''.$langs->trans("AllChronodocs").' ('.$num.')
".dolibarr_trunc($obj->title,30) ."".dolibarr_print_date($obj->dp,'day')."
"; } @@ -663,17 +663,17 @@ if ($socid > 0) { print ''.$langs->trans("AddAction").''; } - + if ($user->rights->societe->contact->creer) { print ''.$langs->trans("AddContact").''; } - + if(!empty($conf->global->MAIN_MODULE_CHRONODOCS) && $user->rights->chronodocs->entries->write) { print ''.$langs->trans("AddChronodoc").''; } - + print ''; print '
'; @@ -686,7 +686,7 @@ if ($socid > 0) * Listes des actions a faire */ show_actions_todo($conf,$langs,$db,$objsoc); - + /* * Listes des actions effectuees */ diff --git a/htdocs/compta/fiche.php b/htdocs/compta/fiche.php index 891f8458fc5..20aeafba36a 100644 --- a/htdocs/compta/fiche.php +++ b/htdocs/compta/fiche.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2008 Laurent Destailleur + * Copyright (C) 2004-2009 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -88,7 +88,7 @@ if ($socid > 0) { dolibarr_print_error($db,$societe->error); } - + /* * Affichage onglets */ @@ -101,14 +101,14 @@ if ($socid > 0) print ''; print ''; - + print ''; - + // Prefix print ''; - + if ($societe->client) { print ''; @@ -118,7 +118,7 @@ if ($socid > 0) print ''; print ''; } - + if ($societe->fournisseur) { print ''; @@ -128,12 +128,12 @@ if ($socid > 0) print ''; print ''; } - + print '"; print ''; print ''; - + // Country print '
'.$langs->trans("Name").''.$societe->nom.'
'.$langs->trans("Prefix").''; print ($societe->prefix_comm?$societe->prefix_comm:' '); print '
'.$langs->trans("CustomerAccountancyCode").''.$societe->code_compta.'
'.$langs->trans("SupplierAccountancyCode").''.$societe->code_compta_fournisseur.'
'.$langs->trans("Address").''.nl2br($societe->adresse)."
'.$langs->trans('Zip').''.$societe->cp.''.$langs->trans('Town').''.$societe->ville.'
'.$langs->trans('Country').''; if ($societe->isInEEC()) print $form->textwithhelp($societe->pays,$langs->trans("CountryIsInEEC"),1,0); @@ -170,7 +170,7 @@ if ($socid > 0) print '
'; print ''.($societe->remise_client?price2num($societe->remise_client,'MT').'%':$langs->trans("DiscountNone")).''; print ''; - + // R�ductions (Remises-Ristournes-Rabbais) print ''; print ''; @@ -191,7 +191,7 @@ if ($socid > 0) print ''; print ''; } - + print "
"; print "\n"; @@ -212,8 +212,8 @@ if ($socid > 0) print ''; print '
'; - /** - * Dernieres factures + /* + * Last invoices */ if ($conf->facture->enabled && $user->rights->facture->lire) { @@ -280,9 +280,9 @@ if ($socid > 0) } /* - * Derniers projets associes + * Last project */ - if ($conf->projet->enabled) + if ($conf->projet->enabled && $user->rights->projet->lire) { print ''; @@ -339,18 +339,18 @@ if ($socid > 0) $langs->load("bills"); print "id\">".$langs->trans("AddBill").""; } - + if ($conf->deplacement->enabled) { $langs->load("trips"); print "id&action=create\">".$langs->trans("AddTrip").""; } } - + if ($conf->agenda->enabled && $user->rights->agenda->myactions->create) { print ''.$langs->trans("AddAction").''; } - + if ($user->rights->societe->contact->creer) { print "".$langs->trans("AddContact").""; @@ -359,7 +359,7 @@ if ($socid > 0) print ''; print "
\n"; - + /* * Liste des contacts */ @@ -369,7 +369,7 @@ if ($socid > 0) * Listes des actions a faire */ show_actions_todo($conf,$langs,$db,$societe); - + /* * Listes des actions effectuees */