Fix #yogosha5731

htdocs/cashdesk/admin/cashdesk.php

@@ -45,6 +45,7 @@ $langs->loadLangs(array("admin", "cashdesk"));
 /*
  * Actions
  */
+
 if (GETPOST('action', 'alpha') == 'set') {
 	$db->begin();
 

htdocs/cashdesk/affContenu.php

@@ -22,6 +22,7 @@
  *	\ingroup    cashdesk
  *	\brief      Include to show main page for cashdesk module
  */
+
 require_once 'class/Facturation.class.php';
 
 // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles)
@@ -39,6 +40,15 @@ if (isset($_SESSION['serObjFacturation'])) {
 	$obj_facturation = new Facturation();
 }
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
+/*
+ * View
+ */
+
 // $obj_facturation contains data for all invoice total + selection of current product
 
 $obj_facturation->calculTotaux(); // Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart']

htdocs/cashdesk/affIndex.php

@@ -38,6 +38,10 @@ if ($_SESSION['uid'] <= 0) {
 // Load translation files required by the page
 $langs->loadLangs(array("companies", "compta", "cashdesk"));
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
 
 /*
  * View

htdocs/cashdesk/affPied.php

@@ -21,6 +21,10 @@
  *	\brief      Bottom of main page of point of sale module
  */
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
 ?>
 <!-- affPied.php -->
 <div class="pied">

htdocs/cashdesk/deconnexion.php

@@ -40,5 +40,9 @@ require_once '../main.inc.php';
 // This destroy tag that say "Point of Sale session is on".
 unset($_SESSION['uid']);
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
 header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php');
 exit;

htdocs/cashdesk/facturation.php

@@ -26,6 +26,9 @@
  */
 
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
 
 
 /*

htdocs/cashdesk/facturation_dhtml.php

@@ -47,6 +47,15 @@ if (!defined('NOREQUIREAJAX')) {
 require '../main.inc.php';
 require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
+/*
+ * View
+ */
+
 top_httphead('text/html');
 
 $search = GETPOST("code", "alpha");

htdocs/cashdesk/facturation_verif.php

@@ -34,6 +34,14 @@ $action = GETPOST('action', 'aZ09');
 $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 unset($_SESSION['serObjFacturation']);
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
+/*
+ * View
+ */
 
 switch ($action) {
 	default:

htdocs/cashdesk/index.php

@@ -43,6 +43,11 @@ $err = GETPOST("err");
 // Instantiate hooks of thirdparty module only if not already define
 $hookmanager->initHooks(array('cashdeskloginpage'));
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
 /*
  * View
  */

htdocs/cashdesk/index_verif.php

@@ -41,6 +41,12 @@ $bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH") > 0) ?GETPOST("CASHDESK_
 $bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE;
 $bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CB", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CB;
 
+
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
 // Check username
 if (empty($username)) {
 	$retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Login"));

htdocs/cashdesk/validation_ticket.php

@@ -26,6 +26,15 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php';
 require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php';
 require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php';
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
+/*
+ * Actions
+ */
+
 $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 unset($_SESSION['serObjFacturation']);
 

htdocs/cashdesk/validation_verif.php

@@ -36,6 +36,15 @@ $obj_facturation = unserialize($_SESSION['serObjFacturation']);
 $action = GETPOST('action', 'aZ09');
 $bankaccountid = GETPOST('cashdeskbank');
 
+if (empty($user->rights->cashdesk->run)) {
+	accessforbidden();
+}
+
+
+/*
+ * Actions
+ */
+
 switch ($action) {
 	default:
 		$redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=validation';

htdocs/core/ajax/row.php

@@ -95,7 +95,7 @@ if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2)
 	} else {
 		$tmparray = explode('_', $table_element_line);
 		$tmpmodule = $tmparray[0]; $tmpobject = preg_replace('/line$/', '', $tmparray[1]);
-		if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->read)) {
+		if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->write)) {
 			$perm = 1;
 		}
 	}

htdocs/theme/eldy/global.inc.php

@@ -6260,12 +6260,6 @@ div.tabsElem a.tab {
 /*  POS                                                                           */
 /* ============================================================================== */
 
-.menu_choix1 a {
-	background: url('<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/menus_black/money.png', 1) ?>') top left no-repeat;
-}
-.menu_choix2 a {
-	background: url('<?php echo dol_buildpath($path.'/theme/'.$theme.'/img/menus_black/home.png', 1) ?>') top left no-repeat;
-}
 .menu_choix1,.menu_choix2 {
 	font-size: 1.4em;
 	text-align: left;
@@ -6277,7 +6271,7 @@ div.tabsElem a.tab {
 	color: #fff;
 	text-decoration: none;
 	padding-top: 18px;
-	padding-left: 54px;
+	padding-left: 10px;
 	font-size: 14px;
 	height: 38px;
 }