diff --git a/htdocs/cashdesk/admin/cashdesk.php b/htdocs/cashdesk/admin/cashdesk.php index 382dd062131..eee5cac755f 100644 --- a/htdocs/cashdesk/admin/cashdesk.php +++ b/htdocs/cashdesk/admin/cashdesk.php @@ -45,6 +45,7 @@ $langs->loadLangs(array("admin", "cashdesk")); /* * Actions */ + if (GETPOST('action', 'alpha') == 'set') { $db->begin(); diff --git a/htdocs/cashdesk/affContenu.php b/htdocs/cashdesk/affContenu.php index 384e3490fa1..7d9af18913e 100644 --- a/htdocs/cashdesk/affContenu.php +++ b/htdocs/cashdesk/affContenu.php @@ -22,6 +22,7 @@ * \ingroup cashdesk * \brief Include to show main page for cashdesk module */ + require_once 'class/Facturation.class.php'; // Si nouvelle vente, reinitialisation des donnees (destruction de l'objet et vidage de la table contenant la liste des articles) @@ -39,6 +40,15 @@ if (isset($_SESSION['serObjFacturation'])) { $obj_facturation = new Facturation(); } +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + +/* + * View + */ + // $obj_facturation contains data for all invoice total + selection of current product $obj_facturation->calculTotaux(); // Redefine prix_total_ttc, prix_total_ht et montant_tva from $_SESSION['poscart'] diff --git a/htdocs/cashdesk/affIndex.php b/htdocs/cashdesk/affIndex.php index 931bcd76f6f..a352649feb4 100644 --- a/htdocs/cashdesk/affIndex.php +++ b/htdocs/cashdesk/affIndex.php @@ -38,6 +38,10 @@ if ($_SESSION['uid'] <= 0) { // Load translation files required by the page $langs->loadLangs(array("companies", "compta", "cashdesk")); +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + /* * View diff --git a/htdocs/cashdesk/affPied.php b/htdocs/cashdesk/affPied.php index 1a7c9c5b6a7..6481a0c2aff 100644 --- a/htdocs/cashdesk/affPied.php +++ b/htdocs/cashdesk/affPied.php @@ -21,6 +21,10 @@ * \brief Bottom of main page of point of sale module */ +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + ?>
diff --git a/htdocs/cashdesk/deconnexion.php b/htdocs/cashdesk/deconnexion.php index 9cac758be1a..f7506902ab5 100644 --- a/htdocs/cashdesk/deconnexion.php +++ b/htdocs/cashdesk/deconnexion.php @@ -40,5 +40,9 @@ require_once '../main.inc.php'; // This destroy tag that say "Point of Sale session is on". unset($_SESSION['uid']); +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php'); exit; diff --git a/htdocs/cashdesk/facturation.php b/htdocs/cashdesk/facturation.php index 446cd161756..edce8acd781 100644 --- a/htdocs/cashdesk/facturation.php +++ b/htdocs/cashdesk/facturation.php @@ -26,6 +26,9 @@ */ +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} /* diff --git a/htdocs/cashdesk/facturation_dhtml.php b/htdocs/cashdesk/facturation_dhtml.php index b37c3f41dec..3d0e9ff84ec 100644 --- a/htdocs/cashdesk/facturation_dhtml.php +++ b/htdocs/cashdesk/facturation_dhtml.php @@ -47,6 +47,15 @@ if (!defined('NOREQUIREAJAX')) { require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + +/* + * View + */ + top_httphead('text/html'); $search = GETPOST("code", "alpha"); diff --git a/htdocs/cashdesk/facturation_verif.php b/htdocs/cashdesk/facturation_verif.php index 77df185c7cd..eed48555e20 100644 --- a/htdocs/cashdesk/facturation_verif.php +++ b/htdocs/cashdesk/facturation_verif.php @@ -34,6 +34,14 @@ $action = GETPOST('action', 'aZ09'); $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset($_SESSION['serObjFacturation']); +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + +/* + * View + */ switch ($action) { default: diff --git a/htdocs/cashdesk/index.php b/htdocs/cashdesk/index.php index ad92f9edd81..a4ee6fa415c 100644 --- a/htdocs/cashdesk/index.php +++ b/htdocs/cashdesk/index.php @@ -43,6 +43,11 @@ $err = GETPOST("err"); // Instantiate hooks of thirdparty module only if not already define $hookmanager->initHooks(array('cashdeskloginpage')); +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + /* * View */ diff --git a/htdocs/cashdesk/index_verif.php b/htdocs/cashdesk/index_verif.php index 0c0281e5414..47a1d90b76c 100644 --- a/htdocs/cashdesk/index_verif.php +++ b/htdocs/cashdesk/index_verif.php @@ -41,6 +41,12 @@ $bankid_cash = (GETPOST("CASHDESK_ID_BANKACCOUNT_CASH") > 0) ?GETPOST("CASHDESK_ $bankid_cheque = (GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CHEQUE", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CHEQUE; $bankid_cb = (GETPOST("CASHDESK_ID_BANKACCOUNT_CB") > 0) ?GETPOST("CASHDESK_ID_BANKACCOUNT_CB", 'int') : $conf->global->CASHDESK_ID_BANKACCOUNT_CB; + +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + // Check username if (empty($username)) { $retour = $langs->trans("ErrorFieldRequired", $langs->transnoentities("Login")); diff --git a/htdocs/cashdesk/validation_ticket.php b/htdocs/cashdesk/validation_ticket.php index 0c32dfa8c44..5fcf017ada1 100644 --- a/htdocs/cashdesk/validation_ticket.php +++ b/htdocs/cashdesk/validation_ticket.php @@ -26,6 +26,15 @@ require_once DOL_DOCUMENT_ROOT.'/cashdesk/include/environnement.php'; require_once DOL_DOCUMENT_ROOT.'/cashdesk/class/Facturation.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'; +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + +/* + * Actions + */ + $obj_facturation = unserialize($_SESSION['serObjFacturation']); unset($_SESSION['serObjFacturation']); diff --git a/htdocs/cashdesk/validation_verif.php b/htdocs/cashdesk/validation_verif.php index b9ad0d94a02..76cba5d3d95 100644 --- a/htdocs/cashdesk/validation_verif.php +++ b/htdocs/cashdesk/validation_verif.php @@ -36,6 +36,15 @@ $obj_facturation = unserialize($_SESSION['serObjFacturation']); $action = GETPOST('action', 'aZ09'); $bankaccountid = GETPOST('cashdeskbank'); +if (empty($user->rights->cashdesk->run)) { + accessforbidden(); +} + + +/* + * Actions + */ + switch ($action) { default: $redirection = DOL_URL_ROOT.'/cashdesk/affIndex.php?menutpl=validation'; diff --git a/htdocs/core/ajax/row.php b/htdocs/core/ajax/row.php index 7f3d7d4cc3a..4662c3a1406 100644 --- a/htdocs/core/ajax/row.php +++ b/htdocs/core/ajax/row.php @@ -95,7 +95,7 @@ if (GETPOST('roworder', 'alpha', 2) && GETPOST('table_element_line', 'aZ09', 2) } else { $tmparray = explode('_', $table_element_line); $tmpmodule = $tmparray[0]; $tmpobject = preg_replace('/line$/', '', $tmparray[1]); - if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->read)) { + if (!empty($tmpmodule) && !empty($tmpobject) && !empty($conf->$tmpmodule->enabled) && !empty($user->rights->$tmpobject->write)) { $perm = 1; } } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index d5a9cae132b..fee496c4fab 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -6260,12 +6260,6 @@ div.tabsElem a.tab { /* POS */ /* ============================================================================== */ -.menu_choix1 a { - background: url('') top left no-repeat; -} -.menu_choix2 a { - background: url('') top left no-repeat; -} .menu_choix1,.menu_choix2 { font-size: 1.4em; text-align: left; @@ -6277,7 +6271,7 @@ div.tabsElem a.tab { color: #fff; text-decoration: none; padding-top: 18px; - padding-left: 54px; + padding-left: 10px; font-size: 14px; height: 38px; }