diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php index 8ede3620bd8..92b483a0c20 100644 --- a/htdocs/core/class/menubase.class.php +++ b/htdocs/core/class/menubase.class.php @@ -528,7 +528,7 @@ class Menubase $sql = "SELECT m.rowid, m.type, m.fk_menu, m.fk_mainmenu, m.fk_leftmenu, m.url, m.titre, m.langs, m.perms, m.enabled, m.target, m.mainmenu, m.leftmenu"; $sql.= " FROM ".MAIN_DB_PREFIX."menu as m"; - $sql.= " WHERE m.entity = ".$conf->entity; + $sql.= " WHERE m.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")"; $sql.= " AND m.menu_handler IN ('".$menu_handler."','all')"; if ($type_user == 0) $sql.= " AND m.usertype IN (0,2)"; if ($type_user == 1) $sql.= " AND m.usertype IN (1,2)"; diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 990fee14ae9..dba22075612 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -44,7 +44,7 @@ */ function print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirthday,$filtera,$filtert,$filterd,$pid,$socid,$showextcals=array()) { - global $conf,$langs,$db; + global $conf,$user,$langs,$db; // Filters if ($canedit || ! empty($conf->projet->enabled)) @@ -97,7 +97,7 @@ function print_actions_filter($form,$canedit,$status,$year,$month,$day,$showbirt print ''; } - if (! empty($conf->projet->enabled)) + if (! empty($conf->projet->enabled) && $user->rights->projet->lire) { print ''; print ''; diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index 5f402fad68c..f2a1ca50bf1 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -262,6 +262,7 @@ function dol_loginfunction($langs,$conf,$mysoc) } // Home message + $main_home=''; if (! empty($conf->global->MAIN_HOME)) { $i=0; @@ -270,8 +271,9 @@ function dol_loginfunction($langs,$conf,$mysoc) $conf->global->MAIN_HOME=preg_replace('/__\('.$reg[1].'\)__/i',$langs->trans($reg[1]),$conf->global->MAIN_HOME); $i++; } + + $main_home=dol_htmlcleanlastbr($conf->global->MAIN_HOME); } - $main_home=dol_htmlcleanlastbr($conf->global->MAIN_HOME); // Google AD $main_google_ad_client = ((! empty($conf->global->MAIN_GOOGLE_AD_CLIENT) && ! empty($conf->global->MAIN_GOOGLE_AD_SLOT))?1:0); diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index c50fb6ca9b1..ac982d1798d 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -146,6 +146,29 @@ function group_prepare_head($object) return $head; } +/** + * Prepare array with list of tabs + * + * @param Object $object Object related to tabs + * @param array $aEntities Entities array + * @return array Array of tabs + */ +function entity_prepare_head($object, $aEntities) +{ + global $mc; + + $head = array(); + + foreach($aEntities as $entity) + { + $mc->getInfo($entity); + $head[$entity][0] = $_SERVER['PHP_SELF'].'?id='.$object->id.'&entity='.$entity; + $head[$entity][1] = $mc->label; + $head[$entity][2] = $entity; + } + + return $head; +} /** * Show list of themes. Show all thumbs of themes diff --git a/htdocs/core/modules/DolibarrModules.class.php b/htdocs/core/modules/DolibarrModules.class.php index 6a6b85c953f..f92d153b9ec 100644 --- a/htdocs/core/modules/DolibarrModules.class.php +++ b/htdocs/core/modules/DolibarrModules.class.php @@ -961,7 +961,9 @@ abstract class DolibarrModules // If we want to init permissions on admin users if ($reinitadminperms) { - include_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; + if (! class_exists('User')) { + require DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; + } $sql="SELECT rowid FROM ".MAIN_DB_PREFIX."user WHERE admin = 1"; dol_syslog(get_class($this)."::insert_permissions Search all admin users sql=".$sql); $resqlseladmin=$this->db->query($sql,1); diff --git a/htdocs/core/tpl/login.tpl.php b/htdocs/core/tpl/login.tpl.php index 586b8b645c9..fe1525eb6fe 100644 --- a/htdocs/core/tpl/login.tpl.php +++ b/htdocs/core/tpl/login.tpl.php @@ -46,7 +46,8 @@ if (isset($conf->modules_parts['css'])) // cssfile is a relative path print ''."\n"; } } diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 78b3bdf1d68..1542e51a5f1 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -277,29 +277,32 @@ class User extends CommonObject /** * Ajoute un droit a l'utilisateur * - * @param int $rid id du droit a ajouter - * @param string $allmodule Ajouter tous les droits du module allmodule - * @param string $allperms Ajouter tous les droits du module allmodule, perms allperms - * @return int > 0 if OK, < 0 if KO + * @param int $rid id du droit a ajouter + * @param string $allmodule Ajouter tous les droits du module allmodule + * @param string $allperms Ajouter tous les droits du module allmodule, perms allperms + * @param int $entity Entity to use + * @return int > 0 if OK, < 0 if KO */ - function addrights($rid,$allmodule='',$allperms='') + function addrights($rid, $allmodule='', $allperms='', $entity='') { global $conf; - dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms"); + $entity = (! empty($entity)?$entity:$conf->entity); + + dol_syslog(get_class($this)."::addrights $rid, $allmodule, $allperms, $entity"); $err=0; $whereforadd=''; $this->db->begin(); - if ($rid) + if (! empty($rid)) { // Si on a demande ajout d'un droit en particulier, on recupere // les caracteristiques (module, perms et subperms) de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql.= " WHERE id = '".$rid."'"; - $sql.= " AND entity = ".$conf->entity; + $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); if ($result) { @@ -334,7 +337,7 @@ class User extends CommonObject $sql = "SELECT id"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql.= " WHERE ".$whereforadd; - $sql.= " AND entity = ".$conf->entity; + $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); if ($result) @@ -379,25 +382,27 @@ class User extends CommonObject * @param int $rid Id du droit a retirer * @param string $allmodule Retirer tous les droits du module allmodule * @param string $allperms Retirer tous les droits du module allmodule, perms allperms + * @param int $entity Entity to use * @return int > 0 if OK, < 0 if OK */ - function delrights($rid,$allmodule='',$allperms='') + function delrights($rid, $allmodule='', $allperms='', $entity='') { global $conf; $err=0; $wherefordel=''; + $entity = (! empty($entity)?$entity:$conf->entity); $this->db->begin(); - if ($rid) + if (! empty($rid)) { // Si on a demande supression d'un droit en particulier, on recupere // les caracteristiques module, perms et subperms de ce droit. $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql.= " WHERE id = '".$rid."'"; - $sql.= " AND entity = ".$conf->entity; + $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); if ($result) { @@ -431,7 +436,7 @@ class User extends CommonObject $sql = "SELECT id"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql.= " WHERE $wherefordel"; - $sql.= " AND entity = ".$conf->entity; + $sql.= " AND entity = ".$entity; $result=$this->db->query($sql); if ($result) diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 3191ae10578..429be1f16e6 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -90,19 +90,6 @@ $form = new Form($db); /** * Actions */ -if ($subaction == 'addrights' && $canedituser) -{ - $edituser = new User($db); - $edituser->fetch($id); - $edituser->addrights($_GET["rights"]); -} - -if ($subaction == 'delrights' && $canedituser) -{ - $edituser = new User($db); - $edituser->fetch($id); - $edituser->delrights($_GET["rights"]); -} if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser) { diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index e32bfa59620..f39bb207a8f 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -34,7 +34,9 @@ $langs->load("admin"); $id=GETPOST('id', 'int'); $action=GETPOST('action', 'alpha'); $confirm=GETPOST('confirm', 'alpha'); +$rights=GETPOST('rights','int'); $module=GETPOST('module'); +$entity=(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity); if (! isset($id) || empty($id)) accessforbidden(); @@ -71,7 +73,8 @@ if ($action == 'addrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($id); - $edituser->addrights($_GET["rights"],$module); + //$edituser->addrights($rights, $module, '', $entity); // FIXME unused for the moment + $edituser->addrights($rights, $module); // Si on a touche a ses propres droits, on recharge if ($id == $user->id) @@ -85,7 +88,8 @@ if ($action == 'delrights' && $caneditperms) { $edituser = new User($db); $edituser->fetch($id); - $edituser->delrights($_GET["rights"],$module); + //$edituser->delrights($rights, $module, '', $entity); // FIXME unused for the moment + $edituser->delrights($rights, $module); // Si on a touche a ses propres droits, on recharge if ($id == $user->id) @@ -148,8 +152,8 @@ foreach($modulesdir as $dir) // Load all permissions if ($objMod->rights_class) { - $entity=((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : null); - $ret=$objMod->insert_permissions(0, $entity); + $forceEntity=((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : null); + $ret=$objMod->insert_permissions(0, $forceEntity); $modules[$objMod->rights_class]=$objMod; //print "modules[".$objMod->rights_class."]=$objMod;"; } @@ -168,7 +172,15 @@ $sql = "SELECT r.id, r.libelle, r.module"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,"; $sql.= " ".MAIN_DB_PREFIX."user_rights as ur"; $sql.= " WHERE ur.fk_id = r.id"; -$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity); +if (! empty($conf->multicompany->enabled)) { + if (1==2 && ! empty($conf->multicompany->transverse_mode)) { + $sql.= " AND r.entity = ".(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity); // FIXME unused for the moment + } else { + $sql.= " AND r.entity = ".(! empty($fuser->entity) ? $fuser->entity : $conf->entity); + } +} else { + $sql.= " AND r.entity = ".$conf->entity; +} $sql.= " AND ur.fk_user = ".$fuser->id; $result=$db->query($sql); @@ -190,15 +202,19 @@ else } // Lecture des droits groupes -$permsgroup = array(); +$permsgroupbyentity = array(); +$aEntities = array(); -$sql = "SELECT r.id, r.libelle, r.module"; +$sql = "SELECT r.id, r.libelle, r.module, gu.entity"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,"; $sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr,"; $sql.= " ".MAIN_DB_PREFIX."usergroup_user as gu"; $sql.= " WHERE gr.fk_id = r.id"; -$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity); -$sql.= " AND gu.entity IN (0,".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity).")"; +if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) { + $sql.= " AND gu.entity IS NOT NULL"; +} else { + $sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($fuser->entity)) ? $fuser->entity : $conf->entity); +} $sql.= " AND gr.fk_usergroup = gu.fk_usergroup"; $sql.= " AND gu.fk_user = ".$fuser->id; @@ -210,7 +226,9 @@ if ($result) while ($i < $num) { $obj = $db->fetch_object($result); - array_push($permsgroup,$obj->id); + if (! isset($permsgroupbyentity[$obj->entity])) + $permsgroupbyentity[$obj->entity] = array(); + array_push($permsgroupbyentity[$obj->entity], $obj->id); $i++; } $db->free($result); @@ -248,11 +266,22 @@ print '
'; if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules")); +// For multicompany transversal mode +if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) +{ + $aEntities=array_keys($permsgroupbyentity); + sort($aEntities); + $entity = (GETPOST('entity', 'int')?GETPOST('entity', 'int'):$aEntities[0]); + $head = entity_prepare_head($fuser, $aEntities); + $title = $langs->trans("Entities"); + dol_fiche_head($head, $entity, $title, 1, 'multicompany@multicompany'); +} + print "\n"; print ''; print ''; print ''; -if ($caneditperms) print ''; +if ($caneditperms) print ''; print ''; print ''; print ''."\n"; @@ -285,79 +314,77 @@ if ($result) continue; } - if (isset($obj->module) && ($oldmod <> $obj->module)) - { - $oldmod = $obj->module; - $var = !$var; - - // Rupture detectee, on recupere objMod - $objMod=$modules[$obj->module]; - $picto=($objMod->picto?$objMod->picto:'generic'); - - if ($caneditperms && (empty($objMod->rights_admin_allowed) || empty($fuser->admin))) - { - // On affiche ligne pour modifier droits - print ''; - print ''; - print ''; - print ''; - print ''."\n"; - } + if (isset($obj->module) && ($oldmod <> $obj->module)) + { + $oldmod = $obj->module; + $var = !$var; + + // Rupture detectee, on recupere objMod + $objMod=$modules[$obj->module]; + $picto=($objMod->picto?$objMod->picto:'generic'); + + if ($caneditperms && (empty($objMod->rights_admin_allowed) || empty($fuser->admin))) + { + // On affiche ligne pour modifier droits + print ''; + print ''; + print ''; + print ''; + print ''."\n"; + } } print ''; // Picto and label of permission - print ''; + print ''; - // Permission and tick - if (! empty($fuser->admin) && ! empty($objMod->rights_admin_allowed)) // Permission own because admin - { - if ($caneditperms) - { - print ''; - } - print ''; - } - else if (in_array($obj->id, $permsuser)) // Permission own by user - { - if ($caneditperms) - { - print ''; - } - print ''; - } - else if (in_array($obj->id, $permsgroup)) // Permission own by group - { - if ($caneditperms) - { - print ''; - } - print ''; - } - else - { - // Do not own permission - if ($caneditperms) - { - print ''; - } - print ''; + // Permission and tick + if (! empty($fuser->admin) && ! empty($objMod->rights_admin_allowed)) // Permission own because admin + { + if ($caneditperms) + { + print ''; + } + print ''; + } + else if (in_array($obj->id, $permsuser)) // Permission own by user + { + if ($caneditperms) + { + print ''; + } + print ''; + } + else if (in_array($obj->id, $permsgroupbyentity[$entity])) // Permission own by group + { + if ($caneditperms) + { + print ''; + } + print ''; + } + else + { + // Do not own permission + if ($caneditperms) + { + print ''; + } + print ''; } $perm_libelle=($conf->global->MAIN_USE_ADVANCED_PERMS && ($langs->trans("PermissionAdvanced".$obj->id)!=("PermissionAdvanced".$obj->id))?$langs->trans("PermissionAdvanced".$obj->id):(($langs->trans("Permission".$obj->id)!=("Permission".$obj->id))?$langs->trans("Permission".$obj->id):$obj->libelle));
'.$langs->trans("Module").'   '.$langs->trans("Permissions").'
'.img_object('',$picto).' '.$objMod->getName(); - print ' '; - print ''.$langs->trans("All").""; - print '/'; - print ''.$langs->trans("None").""; - print ' 
'.img_object('',$picto).' '.$objMod->getName(); + print ' '; + print ''.$langs->trans("All").""; + print '/'; + print ''.$langs->trans("None").""; + print ' 
'.img_object('',$picto).' '.$objMod->getName(); - print ''.img_object('',$picto).' '.$objMod->getName().''.img_picto($langs->trans("Administrator"),'star').''; - print img_picto($langs->trans("Active"),'tick'); - print ''.img_edit_remove($langs->trans("Remove")).''; - print img_picto($langs->trans("Active"),'tick'); - print ''; - print $form->textwithtooltip($langs->trans("Inherited"),$langs->trans("PermissionInheritedFromAGroup")); - //print ''; - print ''; - print img_picto($langs->trans("Active"),'tick'); - print ''.img_edit_add($langs->trans("Add")).' '.img_picto($langs->trans("Administrator"),'star').''; + print img_picto($langs->trans("Active"),'tick'); + print ''.img_edit_remove($langs->trans("Remove")).''; + print img_picto($langs->trans("Active"),'tick'); + print ''; + print $form->textwithtooltip($langs->trans("Inherited"),$langs->trans("PermissionInheritedFromAGroup")); + print ''; + print img_picto($langs->trans("Active"),'tick'); + print ''.img_edit_add($langs->trans("Add")).'