lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Works on enhancement of project tasks

Browse Source 
Fix: security check
This commit is contained in:
Regis Houssin 2010-02-07 09:49:10 +00:00
parent e24379f0be
commit 07e5dc25d4
3 changed files with 46 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
htdocs/projet/activity/index.php
View File

@ -48,8 +48,11 @@ $now = gmmktime();
$projectstatic=new Project($db);
if ($mode == 'mine') $title=$langs->trans("MyActivities");
else $title=$langs->trans("Activities");
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1);
$title=$langs->trans("Activities");
if ($mine) $title=$langs->trans("MyActivities");
llxHeader("",$title);
@ -60,23 +63,19 @@ print '<tr><td width="30%" valign="top" class="notopnoleft">';
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
print '<td align="left">'.$langs->trans("Project").'</td>';
print '<td align="right">'.$langs->trans("NbOpenTasks").'</td>';
print_liste_field_titre($langs->trans("Project"),"index.php","","","","",$sortfield,$sortorder);
print_liste_field_titre($langs->trans("NbOpenTasks"),"","","","",'align="right"',$sortfield,$sortorder);
print_liste_field_titre($langs->trans("Status"),"","","","",'align="right"',$sortfield,$sortorder);
print "</tr>\n";
$sql = "SELECT p.rowid, p.ref, p.title, count(t.rowid) as nb";
$sql.= " FROM (".MAIN_DB_PREFIX."projet as p";
$sql = "SELECT p.rowid as projectid, p.ref, p.title, p.fk_user_creat, p.public, p.fk_statut, count(t.rowid) as nb";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
$sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
//if ($mode == 'mine') $sql.= ", ".MAIN_DB_PREFIX."projet_task_actors as pta";
$sql.= ")";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
if (!$user->rights->societe->client->voir && !$socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as s on s.rowid = sc.fk_soc AND sc.fk_user = ".$user->id;
$sql.= " WHERE t.fk_projet = p.rowid";
$sql.= " AND p.entity = ".$conf->entity;
if ($mine) $sql.= " AND p.rowid IN (".$projectsListId.")";
if ($socid) $sql.= " AND p.fk_soc = ".$socid;
//if ($mode == 'mine') $sql.=" AND t.rowid = pta.fk_projet_task";
//if ($mode == 'mine') $sql.=" AND pta.fk_user = ".$user->id;
$sql.= " GROUP BY p.rowid";
$sql.= " GROUP BY p.ref";
$resql = $db->query($sql);
if ( $resql )
@ -88,16 +87,27 @@ if ( $resql )
while ($i < $num)
{
$row = $db->fetch_object($resql);
$var=!$var;
print "<tr $bc[$var]>";
print '<td>';
$projectstatic->id=$row->rowid;
$projectstatic->ref=$row->ref;
print $projectstatic->getNomUrl(1);
print '</td>';
print '<td align="right">'.$row->nb.'</td>';
print "</tr>\n";
$objp = $db->fetch_object($resql);
$projectstatic->id = $objp->projectid;
$projectstatic->user_author_id = $objp->fk_user_creat;
$projectstatic->public = $objp->public;
$userAccess = $projectstatic->restrictedProjectArea($user,1);
if ($userAccess >= 0)
{
$var=!$var;
print "<tr $bc[$var]>";
print '<td nowrap="nowrap">';
$projectstatic->ref=$objp->ref;
print $projectstatic->getNomUrl(1);
print ' - '.$objp->title.'</td>';
print '<td align="right">'.$objp->nb.'</td>';
$projectstatic->statut = $objp->fk_statut;
print '<td align="right">'.$projectstatic->getLibStatut(3).'</td>';
print "</tr>\n";
}
$i++;
}

8
htdocs/projet/index.php
View File

@ -51,6 +51,7 @@ llxHeader("",$langs->trans("Projects"),"EN:Module_Projects|FR:Module_Projets|ES:
$text=$langs->trans("Projects");
if ($mine) $text=$langs->trans("MyProjects");
print_fiche_titre($text);
print '<table border="0" width="100%" class="notopnoleftnoright">';
@ -69,7 +70,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t ON p.rowid = t.fk_projet";
$sql.= " WHERE p.entity = ".$conf->entity;
if ($mine) $sql.= " AND p.rowid IN (".$projectsListId.")";
if ($socid) $sql.= " AND p.fk_soc = ".$socid;
$sql.= " GROUP BY p.title, p.rowid";
$sql.= " GROUP BY p.ref";
$var=true;
$resql = $db->query($sql);
@ -92,7 +93,10 @@ if ( $resql )
{
$var=!$var;
print "<tr $bc[$var]>";
print '<td nowrap="nowrap"><a href="'.DOL_URL_ROOT.'/projet/fiche.php?id='.$objp->projectid.'">'.img_object($langs->trans("ShowProject"),"project")." ".$objp->title.'</a></td>';
print '<td nowrap="nowrap">';
$projectstatic->ref=$objp->ref;
print $projectstatic->getNomUrl(1);
print ' - '.$objp->title.'</td>';
print '<td align="right">'.$objp->nb.'</td>';
$projectstatic->statut = $objp->fk_statut;
print '<td align="right">'.$projectstatic->getLibStatut(3).'</td>';

20
htdocs/projet/tasks/index.php
View File

@ -55,29 +55,25 @@ llxHeader("",$title,"Projet");
$form=new Form($db);
$project = new Project($db);
$task = new Task($db);
$projectstatic = new Project($db);
$taskstatic = new Task($db);
if ($_GET["id"])
{
$project->fetch($_GET["id"]);
$project->societe->fetch($project->societe->id);
$projectstatic->fetch($_GET["id"]);
$projectstatic->societe->fetch($projectstatic->societe->id);
}
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num);
$task = new Task($db);
// Get list of tasks in tasksarray and taskarrayfiltered
// We need all tasks (even not limited to a user because a task to user
// can have a parent that is not affected to him).
$tasksarray=$task->getTasksArray(0, 0, $project->id, $socid);
$tasksarray=$taskstatic->getTasksArray(0, 0, $projectstatic->id, $socid);
// We load also tasks limited to a particular user
$tasksrole=($_REQUEST["mode"]=='mine' ? $task->getUserRolesForProjetsOrTasks(0,$user,$project->id,0) : '');
$tasksrole=($_REQUEST["mode"]=='mine' ? $taskstatic->getUserRolesForProjetsOrTasks(0,$user,$projectstatic->id,0) : '');
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
@ -91,14 +87,12 @@ $j=0; $level=0;
$nboftaskshown=PLines($j, 0, $tasksarray, $level, true, 1, $tasksrole);
print "</table>";
print '</div>';
/*
* Actions
*/
if ($user->rights->projet->creer)
if ($user->rights->projet->task->creer)
{
print '<div class="tabsAction">';
print '<a class="butAction" href="'.DOL_URL_ROOT.'/projet/tasks/fiche.php?action=create">'.$langs->trans('AddTask').'</a>';