Fix #yogosha
This commit is contained in:
Laurent Destailleur
parent
6ac65400c3
commit
1e2e438103
@ -51,12 +51,12 @@ if ($id > 0) {
|
||||
$object->fetch($id);
|
||||
}
|
||||
|
||||
|
||||
// Security check
|
||||
if (empty($user->rights->bookmark->lire)) {
|
||||
restrictedArea($user, 'bookmarks');
|
||||
}
|
||||
restrictedArea($user, 'bookmark', $object);
|
||||
|
||||
$permissiontoread = $user->hasRight('bookmark', 'lire');
|
||||
$permissiontoadd = $user->hasRight('bookmark', 'creer');
|
||||
$permissiontodelete = $user->hasRight('bookmark', 'supprimer');
|
||||
|
||||
|
||||
|
||||
@ -326,12 +326,12 @@ if ($id > 0 && !preg_match('/^add/i', $action)) {
|
||||
print "<div class=\"tabsAction\">\n";
|
||||
|
||||
// Edit
|
||||
if ($user->rights->bookmark->creer && $action != 'edit') {
|
||||
if ($permissiontoadd && $action != 'edit') {
|
||||
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken().'">'.$langs->trans("Edit").'</a>'."\n";
|
||||
}
|
||||
|
||||
// Remove
|
||||
if ($user->rights->bookmark->supprimer && $action != 'edit') {
|
||||
if ($permissiontodelete && $action != 'edit') {
|
||||
print '<a class="butActionDelete" href="list.php?bid='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete").'</a>'."\n";
|
||||
}
|
||||
|
||||
|
||||
@ -60,7 +60,7 @@ class Bookmark extends CommonObject
|
||||
public $id;
|
||||
|
||||
/**
|
||||
* @var int User ID
|
||||
* @var int User ID. If > 0, bookmark of one user. If == 0, bookmark public (for everybody)
|
||||
*/
|
||||
public $fk_user;
|
||||
|
||||
@ -233,15 +233,14 @@ class Bookmark extends CommonObject
|
||||
/**
|
||||
* Removes the bookmark
|
||||
*
|
||||
* @param int $id Id removed bookmark
|
||||
* @return int <0 si ko, >0 si ok
|
||||
* @param User $user User deleting
|
||||
* @return int <0 if KO, >0 if OK
|
||||
*/
|
||||
public function remove($id)
|
||||
public function delete($user)
|
||||
{
|
||||
$sql = "DELETE FROM ".MAIN_DB_PREFIX."bookmark";
|
||||
$sql .= " WHERE rowid = ".((int) $id);
|
||||
$sql .= " WHERE rowid = ".((int) $this->id);
|
||||
|
||||
dol_syslog("Bookmark::remove", LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
if ($resql) {
|
||||
return 1;
|
||||
|
||||
@ -63,14 +63,17 @@ if (!$sortorder) {
|
||||
|
||||
// Initialize Objects
|
||||
$object = new Bookmark($db);
|
||||
if ($id > 0) {
|
||||
$object->fetch($id);
|
||||
}
|
||||
|
||||
// Security check
|
||||
restrictedArea($user, 'bookmark');
|
||||
restrictedArea($user, 'bookmark', $object);
|
||||
|
||||
// Permissions
|
||||
$permissiontoread = !empty($user->rights->bookmark->lire);
|
||||
$permissiontoadd = !empty($user->rights->bookmark->creer);
|
||||
$permissiontodelete = !empty($user->rights->bookmark->supprimer);
|
||||
$permissiontoread = $user->hasRight('bookmark', 'lire');
|
||||
$permissiontoadd = $user->hasRight('bookmark', 'creer');
|
||||
$permissiontodelete = ($user->hasRight('bookmark', 'supprimer') || ($permissiontoadd && $object->fk_user == $user->id));
|
||||
|
||||
|
||||
/*
|
||||
@ -85,13 +88,15 @@ if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massa
|
||||
$massaction = '';
|
||||
}
|
||||
|
||||
if ($action == 'delete') {
|
||||
$res = $object->remove($id);
|
||||
if ($action == 'delete' && $permissiontodelete) {
|
||||
$object->fetch($id);
|
||||
$res = $object->delete($user);
|
||||
if ($res > 0) {
|
||||
header("Location: ".$_SERVER["PHP_SELF"]);
|
||||
exit;
|
||||
} else {
|
||||
setEventMessages($object->error, $object->errors, 'errors');
|
||||
$action = '';
|
||||
}
|
||||
}
|
||||
|
||||
@ -196,7 +201,7 @@ print '<input type="hidden" name="contextpage" value="'.$contextpage.'">';
|
||||
print '<input type="hidden" name="mode" value="'.$mode.'">';
|
||||
|
||||
$newcardbutton = '';
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/bookmarks/card.php?action=create&backtopage='.urlencode(DOL_URL_ROOT.'/bookmarks/list.php'), '', !empty($user->rights->bookmark->creer));
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/bookmarks/card.php?action=create&backtopage='.urlencode(DOL_URL_ROOT.'/bookmarks/list.php'), '', $permissiontoadd);
|
||||
|
||||
print_barre_liste($title, $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'bookmark', 0, $newcardbutton, '', $limit, 0, 0, 1);
|
||||
|
||||
@ -235,8 +240,8 @@ while ($i < min($num, $limit)) {
|
||||
}
|
||||
$title = $obj->title;
|
||||
$link = $obj->url;
|
||||
$canedit = $user->rights->bookmark->supprimer;
|
||||
$candelete = $user->rights->bookmark->creer;
|
||||
$canedit = $permissiontoadd;
|
||||
$candelete = $permissiontodelete;
|
||||
|
||||
// Title
|
||||
print '<td class="tdoverflowmax200" alt="'.dol_escape_htmltag($title).'">';
|
||||
@ -268,7 +273,7 @@ while ($i < min($num, $limit)) {
|
||||
|
||||
// Author
|
||||
print '<td class="center">';
|
||||
if ($obj->fk_user) {
|
||||
if ($obj->fk_user > 0) {
|
||||
if (empty($conf->cache['users'][$obj->fk_user])) {
|
||||
$tmpuser = new User($db);
|
||||
$tmpuser->fetch($obj->fk_user);
|
||||
@ -294,10 +299,10 @@ while ($i < min($num, $limit)) {
|
||||
// Actions
|
||||
print '<td class="nowraponall right">';
|
||||
if ($canedit) {
|
||||
print '<a class="editfielda marginleftonly" href="'.DOL_URL_ROOT.'/bookmarks/card.php?action=edit&token='.newToken().'&id='.$obj->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"]).'">'.img_edit()."</a>";
|
||||
print '<a class="editfielda marginleftonly marginrightonly" href="'.DOL_URL_ROOT.'/bookmarks/card.php?action=edit&token='.newToken().'&id='.$obj->rowid.'&backtopage='.urlencode($_SERVER["PHP_SELF"]).'">'.img_edit()."</a>";
|
||||
}
|
||||
if ($candelete) {
|
||||
print '<a class="marginleftonly" href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&id='.$obj->rowid.'">'.img_delete().'</a>';
|
||||
print '<a class="marginleftonly marginrightonly" href="'.$_SERVER["PHP_SELF"].'?action=delete&token='.newToken().'&id='.$obj->rowid.'">'.img_delete().'</a>';
|
||||
}
|
||||
print "</td>";
|
||||
print "</tr>\n";
|
||||
|
||||
@ -635,7 +635,13 @@ function restrictedArea(User $user, $features, $object = 0, $tableandshare = '',
|
||||
$nbko = 0;
|
||||
if ((GETPOST("action", "aZ09") == 'confirm_delete' && GETPOST("confirm", "aZ09") == 'yes') || GETPOST("action", "aZ09") == 'delete') {
|
||||
foreach ($featuresarray as $feature) {
|
||||
if ($feature == 'contact') {
|
||||
if ($feature == 'bookmark') {
|
||||
if (!$user->rights->bookmark->supprimer) {
|
||||
if ($user->id != $object->fk_user || empty($user->rights->bookmark->creer)) {
|
||||
$deleteok = 0;
|
||||
}
|
||||
}
|
||||
} elseif ($feature == 'contact') {
|
||||
if (!$user->rights->societe->contact->supprimer) {
|
||||
$deleteok = 0;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user