lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '8.0' of git@github.com:Dolibarr/dolibarr.git into 9.0

Browse Source 
Conflicts:
	htdocs/holiday/card.php
This commit is contained in:
Laurent Destailleur 2019-06-23 18:09:49 +02:00
commit 0854984a08
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/expensereport/card.php
View File

@ -62,6 +62,8 @@ $comments=GETPOST('comments','none');
$fk_c_type_fees=GETPOST('fk_c_type_fees','int');
$socid = GETPOST('socid','int')?GETPOST('socid','int'):GETPOST('socid_id','int');
$childids = $user->getAllChildIds(1);
// Security check
$id=GETPOST("id",'int');
if ($user->societe_id) $socid=$user->societe_id;
@ -105,7 +107,17 @@ $permissionnote = $user->rights->expensereport->creer; // Used by the include
$permissiondellink = $user->rights->expensereport->creer; // Used by the include of actions_dellink.inc.php
$permissionedit = $user->rights->expensereport->creer; // Used by the include of actions_lineupdown.inc.php
if ($object->id > 0)
{
// Check current user can read this expense report
$canread = 0;
if (! empty($user->rights->expensereport->readall)) $canread=1;
if (! empty($user->rights->expensereport->lire) && in_array($object->fk_user_author, $childids)) $canread=1;
if (! $canread)
{
accessforbidden();
}
}
/*

27
htdocs/holiday/card.php
View File

@ -66,6 +66,22 @@ if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
$error = 0;
$object = new Holiday($db);
if ($id > 0)
{
$object->fetch($id);
// Check current user can read this leave request
$canread = 0;
if (! empty($user->rights->holiday->read_all)) $canread=1;
if (! empty($user->rights->holiday->read) && in_array($object->fk_user, $childids)) $canread=1;
if (! $canread)
{
accessforbidden();
}
}
/*
* Actions
*/
@ -78,7 +94,6 @@ if (GETPOST('cancel', 'alpha'))
// If create a request
if ($action == 'create')
{
$object = new Holiday($db);
// If no right to create a request
if (! $cancreate)
@ -90,6 +105,8 @@ if ($action == 'create')
if (! $error)
{
$object = new Holiday($db);
$db->begin();
$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
@ -199,7 +216,6 @@ if ($action == 'create')
if ($action == 'update' && GETPOSTISSET('savevalidator') && ! empty($user->rights->holiday->approve))
{
$object = new Holiday($db);
$object->fetch($id);
$object->oldcopy = dol_clone($object);
@ -245,7 +261,6 @@ if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
exit;
}
$object = new Holiday($db);
$object->fetch($id);
// If under validation
@ -329,7 +344,6 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
$db->begin();
$object = new Holiday($db);
$object->fetch($id);
// If this is a rough draft, approved, canceled or refused
@ -363,7 +377,6 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
// Action validate (+ send email for approval)
if ($action == 'confirm_send')
{
$object = new Holiday($db);
$object->fetch($id);
// Si brouillon et créateur
@ -468,7 +481,6 @@ if ($action == 'confirm_send')
// Approve leave request
if ($action == 'confirm_valid')
{
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = utilisateur
@ -582,7 +594,6 @@ if ($action == 'confirm_refuse' && GETPOST('confirm','alpha') == 'yes')
{
if (! empty($_POST['detail_refuse']))
{
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = utilisateur
@ -682,7 +693,6 @@ if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes')
{
$error = 0;
$object = new Holiday($db);
$object->fetch($id);
$oldstatus = $object->statut;
@ -713,7 +723,6 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
{
$error = 0;
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres