From 0ef17fe5818e44af3ad31fbbd6357644dc7a182c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 7 Sep 2018 13:32:56 +0200 Subject: [PATCH] FIX Problems with permissions of module to record payment of salaries --- htdocs/compta/charges/index.php | 2 +- htdocs/compta/salaries/card.php | 2 +- htdocs/compta/salaries/document.php | 3 +- htdocs/compta/salaries/index.php | 2 +- htdocs/compta/salaries/stats/index.php | 17 ----------- htdocs/compta/sociales/payments.php | 2 +- htdocs/core/menus/init_menu_auguria.sql | 10 +++--- htdocs/core/menus/standard/eldy.lib.php | 12 ++++---- htdocs/core/modules/modSalaries.class.php | 37 +++++------------------ htdocs/langs/en_US/admin.lang | 8 ++--- htdocs/user/bank.php | 9 +++--- 11 files changed, 31 insertions(+), 73 deletions(-) diff --git a/htdocs/compta/charges/index.php b/htdocs/compta/charges/index.php index 6d369b696b9..4b3caf4f790 100644 --- a/htdocs/compta/charges/index.php +++ b/htdocs/compta/charges/index.php @@ -455,7 +455,7 @@ while($j<$numlt) // Payment Salary -if (! empty($conf->salaries->enabled) && $user->rights->salaries->read) +if (! empty($conf->salaries->enabled) && ! empty($user->rights->salaries->read)) { if (! $mode || $mode != 'sconly') { diff --git a/htdocs/compta/salaries/card.php b/htdocs/compta/salaries/card.php index 45fee127642..c4a2406e6d0 100644 --- a/htdocs/compta/salaries/card.php +++ b/htdocs/compta/salaries/card.php @@ -39,7 +39,7 @@ $action=GETPOST('action','aZ09'); // Security check $socid = GETPOST("socid","int"); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'salaries', '', '', 'payment'); +$result = restrictedArea($user, 'salaries', '', '', ''); $object = new PaymentSalary($db); diff --git a/htdocs/compta/salaries/document.php b/htdocs/compta/salaries/document.php index 99c34f60815..49d283522ee 100644 --- a/htdocs/compta/salaries/document.php +++ b/htdocs/compta/salaries/document.php @@ -44,8 +44,9 @@ $action = GETPOST('action','alpha'); $confirm = GETPOST('confirm','alpha'); // Security check +$socid = GETPOST("socid","int"); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'salaries', $id, ''); +$result = restrictedArea($user, 'salaries', '', '', ''); // Get parameters diff --git a/htdocs/compta/salaries/index.php b/htdocs/compta/salaries/index.php index 0b70275654f..73f50b57564 100644 --- a/htdocs/compta/salaries/index.php +++ b/htdocs/compta/salaries/index.php @@ -148,7 +148,7 @@ if ($result) if ($optioncss != '') $param.='&optioncss='.$optioncss; $newcardbutton=''; - if ($user->rights->salaries->payment->write) + if (! empty($user->rights->salaries->write)) { $newcardbutton=''.$langs->trans('NewSalaryPayment').''; $newcardbutton.= ''; diff --git a/htdocs/compta/salaries/stats/index.php b/htdocs/compta/salaries/stats/index.php index 3e6fd56a266..090629ba97d 100644 --- a/htdocs/compta/salaries/stats/index.php +++ b/htdocs/compta/salaries/stats/index.php @@ -41,18 +41,6 @@ $socid = GETPOST("socid","int"); if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user, 'salaries', '', '', ''); -// Other security check -$childids = $user->getAllChildIds(); -$childids[]=$user->id; -if ($userid > 0) -{ - if (empty($user->rights->salaries->payment->readall) && ! in_array($userid, $childids)) - { - accessforbidden(); - exit; - } -} - $nowyear=strftime("%Y", dol_now()); $year = GETPOST('year')>0?GETPOST('year'):$nowyear; //$startyear=$year-2; @@ -77,11 +65,6 @@ print load_fiche_titre($title, $mesg); dol_mkdir($dir); $useridtofilter=$userid; // Filter from parameters -if (empty($useridtofilter)) -{ - $useridtofilter=$childids; - if (! empty($user->rights->salaries->payment->readall)) $useridtofilter=0; -} $stats = new SalariesStats($db, $socid, $useridtofilter); diff --git a/htdocs/compta/sociales/payments.php b/htdocs/compta/sociales/payments.php index 3b7f68f8c83..b31ea8e4d2f 100644 --- a/htdocs/compta/sociales/payments.php +++ b/htdocs/compta/sociales/payments.php @@ -397,7 +397,7 @@ while($j<$numlt) // Payment Salary -if (! empty($conf->salaries->enabled) && $user->rights->salaries->read) +if (! empty($conf->salaries->enabled) && ! empty($user->rights->salaries->read)) { if (! $mode || $mode != 'sconly') { diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index 76973a1571c..86942478969 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -198,11 +198,11 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->don->enabled && $leftmenu=="donations"', __HANDLER__, 'left', 2002__+MAX_llx_menu__, 'billing', '', 2000__+MAX_llx_menu__, '/don/list.php?leftmenu=donations&mainmenu=billing', 'List', 1, 'donations', '$user->rights->don->lire', '', 2, 1, __ENTITY__); -- insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->don->enabled && $leftmenu=="donations"', __HANDLER__, 'left', 2003__+MAX_llx_menu__, 'billing', '', 2000__+MAX_llx_menu__, '/don/stats/index.php?leftmenu=donations&mainmenu=billing', 'Statistics', 1, 'donations', '$user->rights->don->lire', '', 2, 2, __ENTITY__); -- Special expenses -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->tax->enabled || $conf->salaries->enabled || $conf->loan->enabled || $conf->banque->enabled', __HANDLER__, 'left', 2200__+MAX_llx_menu__, 'billing', 'tax', 6__+MAX_llx_menu__, '/compta/charges/index.php?leftmenu=tax&mainmenu=billing', 'MenuSpecialExpenses', 0, 'compta', '(! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) || (! empty($conf->salaries->enabled) && $user->rights->salaries->read) || (! empty($conf->loan->enabled) && $user->rights->loan->read) || (! empty($conf->banque->enabled) && $user->rights->banque->lire)', '', 0, 6, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled', __HANDLER__, 'left', 2210__+MAX_llx_menu__, 'billing', 'tax_sal', 2200__+MAX_llx_menu__, '/compta/salaries/index.php?leftmenu=tax_salary&mainmenu=billing', 'Salaries', 1, 'salaries', '$user->rights->salaries->payment->read', '', 0, 1, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2211__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/card.php?leftmenu=tax_salary&action=create', 'NewPayment', 2, 'companies', '$user->rights->salaries->payment->write', '', 0, 2, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2212__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/index.php?leftmenu=tax_salary', 'Payments', 2, 'companies', '$user->rights->salaries->payment->read', '', 0, 3, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2213__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/stats/index.php?leftmenu=tax_salary', 'Statistics', 2, 'companies', '$user->rights->salaries->payment->read', '', 0, 4, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->tax->enabled || $conf->salaries->enabled || $conf->loan->enabled || $conf->banque->enabled', __HANDLER__, 'left', 2200__+MAX_llx_menu__, 'billing', 'tax', 6__+MAX_llx_menu__, '/compta/charges/index.php?leftmenu=tax&mainmenu=billing', 'MenuSpecialExpenses', 0, 'compta', '(! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) || (! empty($conf->salaries->enabled) && ! empty($user->rights->salaries->read)) || (! empty($conf->loan->enabled) && $user->rights->loan->read) || (! empty($conf->banque->enabled) && $user->rights->banque->lire)', '', 0, 6, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled', __HANDLER__, 'left', 2210__+MAX_llx_menu__, 'billing', 'tax_sal', 2200__+MAX_llx_menu__, '/compta/salaries/index.php?leftmenu=tax_salary&mainmenu=billing', 'Salaries', 1, 'salaries', '$user->rights->salaries->read', '', 0, 1, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2211__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/card.php?leftmenu=tax_salary&action=create', 'NewPayment', 2, 'companies', '$user->rights->salaries->write', '', 0, 2, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2212__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/index.php?leftmenu=tax_salary', 'Payments', 2, 'companies', '$user->rights->salaries->read', '', 0, 3, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->salaries->enabled && $leftmenu=="tax_salary"', __HANDLER__, 'left', 2213__+MAX_llx_menu__, 'billing', '', 2210__+MAX_llx_menu__, '/compta/salaries/stats/index.php?leftmenu=tax_salary', 'Statistics', 2, 'companies', '$user->rights->salaries->read', '', 0, 4, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->loan->enabled', __HANDLER__, 'left', 2220__+MAX_llx_menu__, 'billing', 'tax_loan', 2200__+MAX_llx_menu__, '/loan/index.php?leftmenu=tax_loan&mainmenu=billing', 'Loans', 1, 'loan', '$user->rights->loan->read', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->loan->enabled && $leftmenu=="tax_loan"', __HANDLER__, 'left', 2221__+MAX_llx_menu__, 'billing', '', 2220__+MAX_llx_menu__, '/loan/card.php?leftmenu=tax_loan&action=create', 'NewLoan', 2, 'loan', '$user->rights->loan->write', '', 0, 2, __ENTITY__); --insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->loan->enabled && $leftmenu=="tax_loan"', __HANDLER__, 'left', 2222__+MAX_llx_menu__, 'billing', '', 2220__+MAX_llx_menu__, '/loan/payment/list.php?leftmenu=tax_loan', 'Payments', 2, 'companies', '$user->rights->loan->read', '', 0, 3, __ENTITY__); diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 695e7c4ca7f..143b2d7173a 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -152,7 +152,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode if (! empty($conf->loan->enabled)) $menuqualified++; $tmpentry=array( 'enabled'=>$menuqualified, - 'perms'=>(! empty($user->rights->facture->lire) || ! empty($user->rights->don->lire) || ! empty($user->rights->tax->charges->lire) || ! empty($user->rights->salaries->read) || ! empty($user->rights->fournisseur->facture->lire) || ! empty($user->rights->loan->read)), + 'perms'=>(! empty($user->rights->facture->lire) || ! empty($user->rights->don->lire) || ! empty($user->rights->tax->charges->lire) || ! empty($user->rights->salaries->read) || ! empty($user->rights->fournisseur->facture->lire) || ! empty($user->rights->loan->read)), 'module'=>'facture|supplier_invoice|don|tax|salaries|loan'); $showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal); if ($showmode) @@ -883,7 +883,7 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu { global $mysoc; - $permtoshowmenu=((! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) || (! empty($conf->salaries->enabled) && $user->rights->salaries->read) || (! empty($conf->loan->enabled) && $user->rights->loan->read) || (! empty($conf->banque->enabled) && $user->rights->banque->lire)); + $permtoshowmenu=((! empty($conf->tax->enabled) && $user->rights->tax->charges->lire) || (! empty($conf->salaries->enabled) && ! empty($user->rights->salaries->read)) || (! empty($conf->loan->enabled) && $user->rights->loan->read) || (! empty($conf->banque->enabled) && $user->rights->banque->lire)); $newmenu->add("/compta/charges/index.php?leftmenu=tax&mainmenu=billing",$langs->trans("MenuSpecialExpenses"), 0, $permtoshowmenu, '', $mainmenu, 'tax'); // Social contributions @@ -931,10 +931,10 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu if (! empty($conf->salaries->enabled)) { $langs->load("salaries"); - $newmenu->add("/compta/salaries/index.php?leftmenu=tax_salary&mainmenu=billing",$langs->trans("Salaries"),1,$user->rights->salaries->payment->read, '', $mainmenu, 'tax_salary'); - if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/card.php?leftmenu=tax_salary&action=create",$langs->trans("NewPayment"),2,$user->rights->salaries->payment->write); - if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/index.php?leftmenu=tax_salary",$langs->trans("Payments"),2,$user->rights->salaries->payment->read); - if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/stats/index.php?leftmenu=tax_salary", $langs->trans("Statistics"),2,$user->rights->salaries->payment->read); + $newmenu->add("/compta/salaries/index.php?leftmenu=tax_salary&mainmenu=billing",$langs->trans("Salaries"),1,$user->rights->salaries->read, '', $mainmenu, 'tax_salary'); + if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/card.php?leftmenu=tax_salary&action=create",$langs->trans("NewPayment"),2,$user->rights->salaries->write); + if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/index.php?leftmenu=tax_salary",$langs->trans("Payments"),2,$user->rights->salaries->read); + if ($usemenuhider || empty($leftmenu) || preg_match('/^tax_salary/i',$leftmenu)) $newmenu->add("/compta/salaries/stats/index.php?leftmenu=tax_salary", $langs->trans("Statistics"),2,$user->rights->salaries->read); } // Loan diff --git a/htdocs/core/modules/modSalaries.class.php b/htdocs/core/modules/modSalaries.class.php index e3d418d182e..2c93c45f9f6 100644 --- a/htdocs/core/modules/modSalaries.class.php +++ b/htdocs/core/modules/modSalaries.class.php @@ -50,7 +50,7 @@ class modSalaries extends DolibarrModules $this->db = $db; $this->numero = 510; // Perms from 501..519 - $this->family = "hr"; + $this->family = "compta"; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i','',get_class($this)); // Module description used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module) @@ -97,55 +97,32 @@ class modSalaries extends DolibarrModules $r=0; $r++; - $this->rights[$r][0] = 501; - $this->rights[$r][1] = 'Read employee contracts/salaries'; + $this->rights[$r][0] = 511; + $this->rights[$r][1] = 'Read payments of employee salaries'; $this->rights[$r][2] = 'r'; $this->rights[$r][3] = 0; $this->rights[$r][4] = 'read'; $this->rights[$r][5] = ''; $r++; - $this->rights[$r][0] = 502; - $this->rights[$r][1] = 'Create/modify employee contracts/salaries'; + $this->rights[$r][0] = 512; + $this->rights[$r][1] = 'Create/modify payments of empoyee salaries'; $this->rights[$r][2] = 'w'; $this->rights[$r][3] = 0; $this->rights[$r][4] = 'write'; $this->rights[$r][5] = ''; - $r++; - $this->rights[$r][0] = 511; - $this->rights[$r][1] = 'Read payment of salaries'; - $this->rights[$r][2] = 'w'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'payment'; - $this->rights[$r][5] = 'read'; - - $r++; - $this->rights[$r][0] = 512; - $this->rights[$r][1] = 'Create/modify payment of salaries'; - $this->rights[$r][2] = 'w'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'payment'; - $this->rights[$r][5] = 'write'; - $r++; $this->rights[$r][0] = 514; - $this->rights[$r][1] = 'Delete contracts/salaries'; + $this->rights[$r][1] = 'Delete payments of employee salary'; $this->rights[$r][2] = 'd'; $this->rights[$r][3] = 0; $this->rights[$r][4] = 'delete'; $this->rights[$r][5] = ''; - $this->rights[$r][0] = 515; - $this->rights[$r][1] = 'Read all salaries'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'payment'; - $this->rights[$r][5] = 'readall'; - $r++; $this->rights[$r][0] = 517; - $this->rights[$r][1] = 'Export employee contracts and salaries payments'; + $this->rights[$r][1] = 'Export payments of employee salaries'; $this->rights[$r][2] = 'r'; $this->rights[$r][3] = 0; $this->rights[$r][4] = 'export'; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 2ca70eda8ac..137b28ee523 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -789,11 +789,9 @@ Permission401=Read discounts Permission402=Create/modify discounts Permission403=Validate discounts Permission404=Delete discounts -Permission501=Read employee contracts/salaries -Permission502=Create/modify employee contracts/salaries -Permission511=Read payment of salaries -Permission512=Create/modify payment of salaries -Permission514=Delete salaries +Permission511=Read payments of salaries +Permission512=Create/modify payments of salaries +Permission514=Delete payments of salaries Permission517=Export salaries Permission520=Read Loans Permission522=Create/modify loans diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index 7f11911a46b..7f4084ab4fe 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -48,13 +48,12 @@ $cancel = GETPOST('cancel','alpha'); $socid=0; if ($user->societe_id > 0) $socid = $user->societe_id; $feature2 = (($socid && $user->rights->user->self->creer)?'':'user'); -// Ok if user->rights->salaries->read or user->rights->salaries->payment->write or user->rights->hrm->read +// Ok if user->rights->salaries->read or user->rights->hrm->read //$result = restrictedArea($user, 'salaries|hrm', $id, 'user&user', $feature2); $ok=false; if ($user->id == $id) $ok=true; // A user can always read its own card -if ($user->rights->salaries->read) $ok=true; -if ($user->rights->salaries->payment->write) $ok=true; -if ($user->rights->hrm->read) $ok=true; +if (! empty($user->rights->salaries->read)) $ok=true; +if (! empty($user->rights->hrm->read)) $ok=true; if (! $ok) { accessforbidden(); @@ -293,7 +292,7 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco * Last salaries */ if (! empty($conf->salaries->enabled) && - ($user->rights->salaries->read || ($user->rights->salaries->read && $object->id == $user->id)) + ($user->rights->salaries->read && $object->id == $user->id) ) { $salary = new PaymentSalary($db);