lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: more compatible with multicompany transverse mode

Browse Source 
Fix: strict mode bubbles
This commit is contained in:
Regis Houssin 2012-09-27 11:54:51 +02:00
parent ad0e3ba4a0
commit 1919604089
9 changed files with 157 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/class/menubase.class.php
View File

@ -528,7 +528,7 @@ class Menubase
$sql = "SELECT m.rowid, m.type, m.fk_menu, m.fk_mainmenu, m.fk_leftmenu, m.url, m.titre, m.langs, m.perms, m.enabled, m.target, m.mainmenu, m.leftmenu";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
$sql.= " WHERE m.entity = ".$conf->entity;
$sql.= " WHERE m.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
$sql.= " AND m.menu_handler IN ('".$menu_handler."','all')";
if ($type_user == 0) $sql.= " AND m.usertype IN (0,2)";
if ($type_user == 1) $sql.= " AND m.usertype IN (1,2)";

4
htdocs/core/lib/agenda.lib.php
View File

@ -44,7 +44,7 @@
*/
function print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirthday,$filtera,$filtert,$filterd,$pid,$socid,$showextcals=array())
{
global $conf,$langs,$db;
global $conf,$user,$langs,$db;
// Filters
if ($canedit || ! empty($conf->projet->enabled))
@ -97,7 +97,7 @@ function print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirt
print '</td></tr>';
}
if (! empty($conf->projet->enabled))
if (! empty($conf->projet->enabled) && $user->rights->projet->lire)
{
print '<tr>';
print '<td nowrap="nowrap">';

4
htdocs/core/lib/security2.lib.php
View File

@ -262,6 +262,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
}
// Home message
$main_home='';
if (! empty($conf->global->MAIN_HOME))
{
$i=0;
@ -270,8 +271,9 @@ function dol_loginfunction($langs,$conf,$mysoc)
$conf->global->MAIN_HOME=preg_replace('/__\('.$reg[1].'\)__/i',$langs->trans($reg[1]),$conf->global->MAIN_HOME);
$i++;
}
$main_home=dol_htmlcleanlastbr($conf->global->MAIN_HOME);
}
$main_home=dol_htmlcleanlastbr($conf->global->MAIN_HOME);
// Google AD
$main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0);

23
htdocs/core/lib/usergroups.lib.php
View File

@ -146,6 +146,29 @@ function group_prepare_head($object)
return $head;
}
/**
* Prepare array with list of tabs
*
* @param Object $object Object related to tabs
* @param array $aEntities Entities array
* @return array Array of tabs
*/
function entity_prepare_head($object, $aEntities)
{
global $mc;
$head = array();
foreach($aEntities as $entity)
{
$mc->getInfo($entity);
$head[$entity][0] = $_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;entity='.$entity;
$head[$entity][1] = $mc->label;
$head[$entity][2] = $entity;
}
return $head;
}
/**
* Show list of themes. Show all thumbs of themes

4
htdocs/core/modules/DolibarrModules.class.php
View File

@ -961,7 +961,9 @@ abstract class DolibarrModules
// If we want to init permissions on admin users
if ($reinitadminperms)
{
include_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
if (! class_exists('User')) {
require DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
}
$sql="SELECT rowid FROM ".MAIN_DB_PREFIX."user WHERE admin = 1";
dol_syslog(get_class($this)."::insert_permissions Search all admin users sql=".$sql);
$resqlseladmin=$this->db->query($sql,1);

3
htdocs/core/tpl/login.tpl.php
View File

@ -46,7 +46,8 @@ if (isset($conf->modules_parts['css']))
// cssfile is a relative path
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1);
// We add params only if page is not static, because some web server setup does not return content type text/css if url has parameters, so browser cache is not used.
if (!preg_match('/\.css$/i',$cssfile)) print $themeparam;
if (!preg_match('/\.css$/i',$cssfile) && ! empty($themeparam))
print $themeparam;
print '"><!-- Added by module '.$modcss. '-->'."\n";
}
}

31
htdocs/user/class/user.class.php
View File

@ -277,29 +277,32 @@ class User extends CommonObject
/**
* Ajoute un droit a l'utilisateur
*
* @param int $rid id du droit a ajouter
* @param string $allmodule Ajouter tous les droits du module allmodule
* @param string $allperms Ajouter tous les droits du module allmodule, perms allperms
* @return int > 0 if OK, < 0 if KO
* @param int $rid id du droit a ajouter
* @param string $allmodule Ajouter tous les droits du module allmodule
* @param string $allperms Ajouter tous les droits du module allmodule, perms allperms
* @param int $entity Entity to use
* @return int > 0 if OK, < 0 if KO
*/
function addrights($rid,$allmodule='',$allperms='')
function addrights($rid, $allmodule='', $allperms='', $entity='')
{
global $conf;
dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms");
$entity = (! empty($entity)?$entity:$conf->entity);
dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms, $entity");
$err=0;
$whereforadd='';
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande ajout d'un droit en particulier, on recupere
// les caracteristiques (module, perms et subperms) de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " AND entity = ".$conf->entity;
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
if ($result) {
@ -334,7 +337,7 @@ class User extends CommonObject
$sql = "SELECT id";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE ".$whereforadd;
$sql.= " AND entity = ".$conf->entity;
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
if ($result)
@ -379,25 +382,27 @@ class User extends CommonObject
* @param int $rid Id du droit a retirer
* @param string $allmodule Retirer tous les droits du module allmodule
* @param string $allperms Retirer tous les droits du module allmodule, perms allperms
* @param int $entity Entity to use
* @return int > 0 if OK, < 0 if OK
*/
function delrights($rid,$allmodule='',$allperms='')
function delrights($rid, $allmodule='', $allperms='', $entity='')
{
global $conf;
$err=0;
$wherefordel='';
$entity = (! empty($entity)?$entity:$conf->entity);
$this->db->begin();
if ($rid)
if (! empty($rid))
{
// Si on a demande supression d'un droit en particulier, on recupere
// les caracteristiques module, perms et subperms de ce droit.
$sql = "SELECT module, perms, subperms";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE id = '".$rid."'";
$sql.= " AND entity = ".$conf->entity;
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
if ($result) {
@ -431,7 +436,7 @@ class User extends CommonObject
$sql = "SELECT id";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
$sql.= " WHERE $wherefordel";
$sql.= " AND entity = ".$conf->entity;
$sql.= " AND entity = ".$entity;
$result=$this->db->query($sql);
if ($result)

13
htdocs/user/fiche.php
View File

@ -90,19 +90,6 @@ $form = new Form($db);
/**
* Actions
*/
if ($subaction == 'addrights' && $canedituser)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->addrights($_GET["rights"]);
}
if ($subaction == 'delrights' && $canedituser)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->delrights($_GET["rights"]);
}
if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser)
{

183
htdocs/user/perms.php
View File

@ -34,7 +34,9 @@ $langs->load("admin");
$id=GETPOST('id', 'int');
$action=GETPOST('action', 'alpha');
$confirm=GETPOST('confirm', 'alpha');
$rights=GETPOST('rights','int');
$module=GETPOST('module');
$entity=(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity);
if (! isset($id) || empty($id)) accessforbidden();
@ -71,7 +73,8 @@ if ($action == 'addrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->addrights($_GET["rights"],$module);
//$edituser->addrights($rights, $module, '', $entity); // FIXME unused for the moment
$edituser->addrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id)
@ -85,7 +88,8 @@ if ($action == 'delrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($id);
$edituser->delrights($_GET["rights"],$module);
//$edituser->delrights($rights, $module, '', $entity); // FIXME unused for the moment
$edituser->delrights($rights, $module);
// Si on a touche a ses propres droits, on recharge
if ($id == $user->id)
@ -148,8 +152,8 @@ foreach($modulesdir as $dir)
// Load all permissions
if ($objMod->rights_class)
{
$entity=((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : null);
$ret=$objMod->insert_permissions(0, $entity);
$forceEntity=((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : null);
$ret=$objMod->insert_permissions(0, $forceEntity);
$modules[$objMod->rights_class]=$objMod;
//print "modules[".$objMod->rights_class."]=$objMod;";
}
@ -168,7 +172,15 @@ $sql = "SELECT r.id, r.libelle, r.module";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
$sql.= " ".MAIN_DB_PREFIX."user_rights as ur";
$sql.= " WHERE ur.fk_id = r.id";
$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity);
if (! empty($conf->multicompany->enabled)) {
if (1==2 && ! empty($conf->multicompany->transverse_mode)) {
$sql.= " AND r.entity = ".(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity); // FIXME unused for the moment
} else {
$sql.= " AND r.entity = ".(! empty($fuser->entity) ? $fuser->entity : $conf->entity);
}
} else {
$sql.= " AND r.entity = ".$conf->entity;
}
$sql.= " AND ur.fk_user = ".$fuser->id;
$result=$db->query($sql);
@ -190,15 +202,19 @@ else
}
// Lecture des droits groupes
$permsgroup = array();
$permsgroupbyentity = array();
$aEntities = array();
$sql = "SELECT r.id, r.libelle, r.module";
$sql = "SELECT r.id, r.libelle, r.module, gu.entity";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
$sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr,";
$sql.= " ".MAIN_DB_PREFIX."usergroup_user as gu";
$sql.= " WHERE gr.fk_id = r.id";
$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity);
$sql.= " AND gu.entity IN (0,".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity).")";
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) {
$sql.= " AND gu.entity IS NOT NULL";
} else {
$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity);
}
$sql.= " AND gr.fk_usergroup = gu.fk_usergroup";
$sql.= " AND gu.fk_user = ".$fuser->id;
@ -210,7 +226,9 @@ if ($result)
while ($i < $num)
{
$obj = $db->fetch_object($result);
array_push($permsgroup,$obj->id);
if (! isset($permsgroupbyentity[$obj->entity]))
$permsgroupbyentity[$obj->entity] = array();
array_push($permsgroupbyentity[$obj->entity], $obj->id);
$i++;
}
$db->free($result);
@ -248,11 +266,22 @@ print '</table><br>';
if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
// For multicompany transversal mode
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
{
$aEntities=array_keys($permsgroupbyentity);
sort($aEntities);
$entity = (GETPOST('entity', 'int')?GETPOST('entity', 'int'):$aEntities[0]);
$head = entity_prepare_head($fuser, $aEntities);
$title = $langs->trans("Entities");
dol_fiche_head($head, $entity, $title, 1, 'multicompany@multicompany');
}
print "\n";
print '<table width="100%" class="noborder">';
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Module").'</td>';
if ($caneditperms) print '<td>&nbsp</td>';
if ($caneditperms) print '<td>&nbsp</td>';
print '<td align="center" width="24">&nbsp;</td>';
print '<td>'.$langs->trans("Permissions").'</td>';
print '</tr>'."\n";
@ -285,79 +314,77 @@ if ($result)
continue;
}
if (isset($obj->module) && ($oldmod <> $obj->module))
{
$oldmod = $obj->module;
$var = !$var;
// Rupture detectee, on recupere objMod
$objMod=$modules[$obj->module];
$picto=($objMod->picto?$objMod->picto:'generic');
if ($caneditperms && (empty($objMod->rights_admin_allowed) || empty($fuser->admin)))
{
// On affiche ligne pour modifier droits
print '<tr '. $bc[$var].'>';
print '<td nowrap="nowrap">'.img_object('',$picto).' '.$objMod->getName();
print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';
print '<td align="center" nowrap="nowrap">';
print '<a title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";
print '/';
print '<a title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="perms.php?id='.$fuser->id.'&amp;action=delrights&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("None")."</a>";
print '</td>';
print '<td colspan="2">&nbsp;</td>';
print '</tr>'."\n";
}
if (isset($obj->module) && ($oldmod <> $obj->module))
{
$oldmod = $obj->module;
$var = !$var;
// Rupture detectee, on recupere objMod
$objMod=$modules[$obj->module];
$picto=($objMod->picto?$objMod->picto:'generic');
if ($caneditperms && (empty($objMod->rights_admin_allowed) || empty($fuser->admin)))
{
// On affiche ligne pour modifier droits
print '<tr '. $bc[$var].'>';
print '<td nowrap="nowrap">'.img_object('',$picto).' '.$objMod->getName();
print '<a name="'.$objMod->getName().'">&nbsp;</a></td>';
print '<td align="center" nowrap="nowrap">';
print '<a title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";
print '/';
print '<a title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="perms.php?id='.$fuser->id.'&amp;action=delrights&amp;entity='.$entity.'&amp;module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("None")."</a>";
print '</td>';
print '<td colspan="2">&nbsp;</td>';
print '</tr>'."\n";
}
}
print '<tr '. $bc[$var].'>';
// Picto and label of permission
print '<td>'.img_object('',$picto).' '.$objMod->getName();
print '</td>';
print '<td>'.img_object('',$picto).' '.$objMod->getName().'</td>';
// Permission and tick
if (! empty($fuser->admin) && ! empty($objMod->rights_admin_allowed)) // Permission own because admin
{
if ($caneditperms)
{
print '<td align="center">'.img_picto($langs->trans("Administrator"),'star').'</td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else if (in_array($obj->id, $permsuser)) // Permission own by user
{
if ($caneditperms)
{
print '<td align="center"><a href="perms.php?id='.$fuser->id.'&amp;action=delrights&amp;rights='.$obj->id.'#'.$objMod->getName().'">'.img_edit_remove($langs->trans("Remove")).'</a></td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else if (in_array($obj->id, $permsgroup)) // Permission own by group
{
if ($caneditperms)
{
print '<td align="center">';
print $form->textwithtooltip($langs->trans("Inherited"),$langs->trans("PermissionInheritedFromAGroup"));
//print '<a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$fuser->id.'" title="'.$langs->trans("PermissionInheritedFromAGroup").'">';
print '</td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else
{
// Do not own permission
if ($caneditperms)
{
print '<td align="center"><a href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;rights='.$obj->id.'#'.$objMod->getName().'">'.img_edit_add($langs->trans("Add")).'</a></td>';
}
print '<td>&nbsp</td>';
// Permission and tick
if (! empty($fuser->admin) && ! empty($objMod->rights_admin_allowed)) // Permission own because admin
{
if ($caneditperms)
{
print '<td align="center">'.img_picto($langs->trans("Administrator"),'star').'</td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else if (in_array($obj->id, $permsuser)) // Permission own by user
{
if ($caneditperms)
{
print '<td align="center"><a href="perms.php?id='.$fuser->id.'&amp;action=delrights&amp;rights='.$obj->id.'#'.$objMod->getName().'">'.img_edit_remove($langs->trans("Remove")).'</a></td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else if (in_array($obj->id, $permsgroupbyentity[$entity])) // Permission own by group
{
if ($caneditperms)
{
print '<td align="center">';
print $form->textwithtooltip($langs->trans("Inherited"),$langs->trans("PermissionInheritedFromAGroup"));
print '</td>';
}
print '<td align="center" nowrap="nowrap">';
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
else
{
// Do not own permission
if ($caneditperms)
{
print '<td align="center"><a href="perms.php?id='.$fuser->id.'&amp;action=addrights&amp;entity='.$entity.'&amp;rights='.$obj->id.'#'.$objMod->getName().'">'.img_edit_add($langs->trans("Add")).'</a></td>';
}
print '<td>&nbsp</td>';
}
$perm_libelle=($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id)!=("PermissionAdvanced".$obj->id))?$langs->trans("PermissionAdvanced".$obj->id):(($langs->trans("Permission".$obj->id)!=("Permission".$obj->id))?$langs->trans("Permission".$obj->id):$obj->libelle));