diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index 55b3c15afab..b99249129eb 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -150,39 +150,32 @@ else if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->prop
}
// Remove line
-else if ($action == 'confirm_deleteline' && $confirm == 'yes')
+else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->propale->creer)
{
- if ($user->rights->propale->creer)
- {
- $object->fetch($id);
- $object->fetch_thirdparty();
- $result = $object->deleteline($lineid);
- // reorder lines
- if ($result) $object->line_order(true);
-
- // Define output language
- $outputlangs = $langs;
- $newlang='';
- if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id'];
- if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
- if (! empty($newlang))
- {
- $outputlangs = new Translate("",$conf);
- $outputlangs->setDefaultLang($newlang);
- }
- if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
- {
- $ret=$object->fetch($id); // Reload to get new records
- propale_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager);
- }
-
- Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
- exit;
- }
- else
- {
- $mesg=''.$object->error.'
';
- }
+ $object->fetch($id);
+ $object->fetch_thirdparty();
+ $result = $object->deleteline($lineid);
+ // reorder lines
+ if ($result) $object->line_order(true);
+
+ // Define output language
+ $outputlangs = $langs;
+ $newlang='';
+ if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id'];
+ if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
+ if (! empty($newlang))
+ {
+ $outputlangs = new Translate("",$conf);
+ $outputlangs->setDefaultLang($newlang);
+ }
+ if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
+ {
+ $ret=$object->fetch($id); // Reload to get new records
+ propale_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager);
+ }
+
+ Header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+ exit;
}
// Validation
@@ -216,7 +209,7 @@ else if ($action == 'confirm_validate' && $confirm == 'yes' && $user->rights->pr
}
}
-else if ($action == 'setdate')
+else if ($action == 'setdate' && $user->rights->propale->creer)
{
$datep=dol_mktime(12, 0, 0, $_POST['remonth'], $_POST['reday'], $_POST['reyear']);
@@ -233,13 +226,13 @@ else if ($action == 'setdate')
if ($result < 0) dol_print_error($db,$object->error);
}
}
-else if ($action == 'setecheance')
+else if ($action == 'setecheance' && $user->rights->propale->creer)
{
$object->fetch($id);
$result=$object->set_echeance($user,dol_mktime(12, 0, 0, $_POST['echmonth'], $_POST['echday'], $_POST['echyear']));
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setdate_livraison')
+else if ($action == 'setdate_livraison' && $user->rights->propale->creer)
{
$object->fetch($id);
$result=$object->set_date_livraison($user,dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year']));
@@ -253,14 +246,14 @@ else if ($action == 'set_ref_client' && $user->rights->propale->creer)
$object->set_ref_client($user, $_POST['ref_client']);
}
-else if ($action == 'setnote_public')
+else if ($action == 'setnote_public' && $user->rights->propale->creer)
{
$object->fetch($id);
$result=$object->update_note_public(GETPOST('note_public','alpha'));
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setnote')
+else if ($action == 'setnote' && $user->rights->propale->creer)
{
$object->fetch($id);
$result=$object->update_note(GETPOST('note','alpha'));
@@ -409,7 +402,7 @@ else if ($action == 'add' && $user->rights->propale->creer)
}
// Classify billed
-else if ($action == 'classifybilled')
+else if ($action == 'classifybilled' && $user->rights->propale->cloturer)
{
$object->fetch($id);
$object->cloture($user, 4, '');
diff --git a/htdocs/commande/fiche.php b/htdocs/commande/fiche.php
index 7da8907fc78..e373ea6e987 100644
--- a/htdocs/commande/fiche.php
+++ b/htdocs/commande/fiche.php
@@ -467,26 +467,26 @@ else if ($action == 'setconditions' && $user->rights->commande->creer)
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setremisepercent' && $user->rights->facture->creer)
+else if ($action == 'setremisepercent' && $user->rights->commande->creer)
{
$object->fetch($id);
$result = $object->set_remise($user, $_POST['remise_percent']);
}
-else if ($action == 'setremiseabsolue' && $user->rights->facture->creer)
+else if ($action == 'setremiseabsolue' && $user->rights->commande->creer)
{
$object->fetch($id);
$result = $object->set_remise_absolue($user, $_POST['remise_absolue']);
}
-else if ($action == 'setnote_public')
+else if ($action == 'setnote_public' && $user->rights->commande->creer)
{
$object->fetch($id);
$result=$object->update_note_public(GETPOST('note_public','alpha'));
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setnote')
+else if ($action == 'setnote' && $user->rights->commande->creer)
{
$object->fetch($id);
$result=$object->update_note(GETPOST('note','alpha'));
diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php
index 06307be1876..d8088441861 100644
--- a/htdocs/compta/facture.php
+++ b/htdocs/compta/facture.php
@@ -95,7 +95,7 @@ $parameters=array('socid'=>$socid);
$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
// Action clone object
-if ($action == 'confirm_clone' && $confirm == 'yes')
+if ($action == 'confirm_clone' && $confirm == 'yes' && $user->rights->facture->creer)
{
if (1==0 && empty($_REQUEST["clone_content"]) && empty($_REQUEST["clone_receivers"]))
{
@@ -143,75 +143,66 @@ else if ($action == 'reopen' && $user->rights->facture->creer)
// Delete invoice
else if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->facture->supprimer)
{
- if ($user->rights->facture->supprimer)
- {
- $result = $object->fetch($id);
- $result = $object->delete();
- if ($result > 0)
- {
- Header('Location: '.$_SERVER["PHP_SELF"]);
- exit;
- }
- else
- {
- $mesg=''.$object->error.'
';
- }
- }
+ $result = $object->fetch($id);
+ $result = $object->delete();
+ if ($result > 0)
+ {
+ Header('Location: '.$_SERVER["PHP_SELF"]);
+ exit;
+ }
+ else
+ {
+ $mesg=''.$object->error.'
';
+ }
}
// Delete line
-else if ($action == 'confirm_deleteline' && $confirm == 'yes')
+else if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->facture->creer)
{
- if ($user->rights->facture->creer)
- {
- $object->fetch($id);
- $object->fetch_thirdparty();
-
- $result = $object->deleteline($_GET['lineid'], $user);
- if ($result > 0)
- {
- // Define output language
- $outputlangs = $langs;
- $newlang='';
- if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id'];
- if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
- if (! empty($newlang))
- {
- $outputlangs = new Translate("",$conf);
- $outputlangs->setDefaultLang($newlang);
- }
- if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
- {
- $ret=$object->fetch($id); // Reload to get new records
- $result=facture_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager);
- }
- if ($result >= 0)
- {
- Header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id);
- exit;
- }
- }
- else
- {
- $mesg=''.$object->error.'
';
- $action='';
- }
- }
+ $object->fetch($id);
+ $object->fetch_thirdparty();
+
+ $result = $object->deleteline($_GET['lineid'], $user);
+ if ($result > 0)
+ {
+ // Define output language
+ $outputlangs = $langs;
+ $newlang='';
+ if ($conf->global->MAIN_MULTILANGS && empty($newlang) && ! empty($_REQUEST['lang_id'])) $newlang=$_REQUEST['lang_id'];
+ if ($conf->global->MAIN_MULTILANGS && empty($newlang)) $newlang=$object->client->default_lang;
+ if (! empty($newlang))
+ {
+ $outputlangs = new Translate("",$conf);
+ $outputlangs->setDefaultLang($newlang);
+ }
+ if (empty($conf->global->MAIN_DISABLE_PDF_AUTOUPDATE))
+ {
+ $ret=$object->fetch($id); // Reload to get new records
+ $result=facture_pdf_create($db, $object, $object->modelpdf, $outputlangs, GETPOST('hidedetails'), GETPOST('hidedesc'), GETPOST('hideref'), $hookmanager);
+ }
+ if ($result >= 0)
+ {
+ Header('Location: '.$_SERVER["PHP_SELF"].'?facid='.$id);
+ exit;
+ }
+ }
+ else
+ {
+ $mesg=''.$object->error.'
';
+ $action='';
+ }
}
// Delete link of credit note to invoice
-else if ($action == 'unlinkdiscount')
+else if ($action == 'unlinkdiscount' && $user->rights->facture->creer)
{
- if ($user->rights->facture->creer)
- {
- $discount=new DiscountAbsolute($db);
- $result=$discount->fetch($_GET["discountid"]);
- $discount->unlink_invoice();
- }
+ $discount=new DiscountAbsolute($db);
+ $result=$discount->fetch($_GET["discountid"]);
+ $discount->unlink_invoice();
}
// Validation
-else if ($action == 'valid')
+else if ($action == 'valid' && $user->rights->facture->creer)
{
$object->fetch($id);
@@ -236,7 +227,7 @@ else if ($action == 'valid')
}
}
-else if ($action == 'set_thirdparty')
+else if ($action == 'set_thirdparty' && $user->rights->facture->creer)
{
$object->fetch($id);
$object->setValueFrom('fk_soc',$socid);
@@ -245,20 +236,20 @@ else if ($action == 'set_thirdparty')
exit;
}
-else if ($action == 'classin')
+else if ($action == 'classin' && $user->rights->facture->creer)
{
$object->fetch($id);
$object->setProject($_POST['projectid']);
}
-else if ($action == 'setmode')
+else if ($action == 'setmode' && $user->rights->facture->creer)
{
$object->fetch($id);
$result = $object->setPaymentMethods(GETPOST('mode_reglement_id','int'));
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setinvoicedate')
+else if ($action == 'setinvoicedate' && $user->rights->facture->creer)
{
$object->fetch($id);
$object->date=dol_mktime(12,0,0,$_POST['invoicedatemonth'],$_POST['invoicedateday'],$_POST['invoicedateyear']);
@@ -267,14 +258,14 @@ else if ($action == 'setinvoicedate')
if ($result < 0) dol_print_error($db,$object->error);
}
-else if ($action == 'setconditions')
+else if ($action == 'setconditions' && $user->rights->facture->creer)
{
$object->fetch($id);
$result=$object->setPaymentTerms(GETPOST('cond_reglement_id','int'));
if ($result < 0) dol_print_error($db,$object->error);
}
-if ($action == 'setremisepercent' && $user->rights->facture->creer)
+else if ($action == 'setremisepercent' && $user->rights->facture->creer)
{
$object->fetch($id);
$result = $object->set_remise($user, $_POST['remise_percent']);
@@ -313,12 +304,26 @@ else if ($action == "setabsolutediscount" && $user->rights->facture->creer)
}
}
-else if ($action == 'set_ref_client')
+else if ($action == 'set_ref_client' && $user->rights->facture->creer)
{
$object->fetch($id);
$object->set_ref_client($_POST['ref_client']);
}
+else if ($action == 'setnote_public' && $user->rights->facture->creer)
+{
+ $object->fetch($id);
+ $result=$object->update_note_public(GETPOST('note_public','alpha'));
+ if ($result < 0) dol_print_error($db,$object->error);
+}
+
+else if ($action == 'setnote' && $user->rights->facture->creer)
+{
+ $object->fetch($id);
+ $result=$object->update_note(GETPOST('note','alpha'));
+ if ($result < 0) dol_print_error($db,$object->error);
+}
+
// Classify to validated
else if ($action == 'confirm_valid' && $confirm == 'yes' && $user->rights->facture->valider)
{