Can upload files with no read permission in ECM module
This commit is contained in:
Laurent Destailleur
parent
8cd57c2129
commit
1fd45ffec8
@ -3447,7 +3447,7 @@ SET character_set_client = @saved_cs_client;
|
||||
|
||||
LOCK TABLES `llx_menu` WRITE;
|
||||
/*!40000 ALTER TABLE `llx_menu` DISABLE KEYS */;
|
||||
INSERT INTO `llx_menu` VALUES (1,'all','agenda','top','agenda',0,100,'/comm/action/index.php','','Agenda','commercial',0,'0','$user->rights->agenda->myactions->read',0,'2008-08-07 19:59:53'),(2,'all','ecm','top','ecm',0,100,'/ecm/index.php','','MenuECM','ecm',0,'1','$user->rights->ecm->create || $user->rights->ecm->read || $user->rights->ecm->setup',0,'2008-08-07 20:00:42'),(3,'all','ecm','left','ecm',2,100,'/ecm/index.php','','ECMArea','ecm',0,'','$user->rights->ecm->read',0,'2008-08-07 20:00:42'),(4,'all','ecm','left','ecm',3,100,'/ecm/index.php','','List','ecm',0,'','$user->rights->ecm->read',0,'2008-08-07 20:00:42'),(5,'all','ecm','left','ecm',3,100,'/ecm/docdir.php?action=create','','ECMNewSection','ecm',0,'','$user->rights->ecm->setup',0,'2008-08-07 20:00:42');
|
||||
INSERT INTO `llx_menu` VALUES (1,'all','agenda','top','agenda',0,100,'/comm/action/index.php','','Agenda','commercial',0,'0','$user->rights->agenda->myactions->read',0,'2008-08-07 19:59:53'),(2,'all','ecm','top','ecm',0,100,'/ecm/index.php','','MenuECM','ecm',0,'1','$user->rights->ecm->upload || $user->rights->ecm->download || $user->rights->ecm->setup',0,'2008-08-07 20:00:42'),(3,'all','ecm','left','ecm',2,100,'/ecm/index.php','','ECMArea','ecm',0,'','$user->rights->ecm->download',0,'2008-08-07 20:00:42'),(4,'all','ecm','left','ecm',3,100,'/ecm/index.php','','List','ecm',0,'','$user->rights->ecm->download',0,'2008-08-07 20:00:42'),(5,'all','ecm','left','ecm',3,100,'/ecm/docdir.php?action=create','','ECMNewSection','ecm',0,'','$user->rights->ecm->setup',0,'2008-08-07 20:00:42');
|
||||
/*!40000 ALTER TABLE `llx_menu` ENABLE KEYS */;
|
||||
UNLOCK TABLES;
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -98,7 +98,7 @@ $db->commit();
|
||||
|
||||
|
||||
// Affiche lignes des permissions
|
||||
$sql ="SELECT r.id, r.libelle, r.module, r.bydefault";
|
||||
$sql ="SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault";
|
||||
$sql.=" FROM ".MAIN_DB_PREFIX."rights_def as r";
|
||||
$sql.=" WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
|
||||
$sql.=" ORDER BY r.module, r.id";
|
||||
@ -106,7 +106,7 @@ $sql.=" ORDER BY r.module, r.id";
|
||||
$result = $db->query($sql);
|
||||
if ($result)
|
||||
{
|
||||
$num = $db->num_rows();
|
||||
$num = $db->num_rows($result);
|
||||
$i = 0;
|
||||
$var=True;
|
||||
$old = "";
|
||||
@ -121,9 +121,15 @@ if ($result)
|
||||
continue;
|
||||
}
|
||||
|
||||
// Check if permission is inside module definition
|
||||
// TODO If not, we remove it
|
||||
foreach($objMod->rights as $key => $val)
|
||||
{
|
||||
}
|
||||
|
||||
// Break found, it's a new module to catch
|
||||
if ($old <> $obj->module)
|
||||
{
|
||||
// Rupture d<>tect<63>e, on r<>cup<75>re objMod
|
||||
$objMod=$modules[$obj->module];
|
||||
$picto=($objMod->picto?$objMod->picto:'generic');
|
||||
|
||||
|
||||
@ -327,7 +327,7 @@ if ($modulepart)
|
||||
if ($modulepart == 'ecm')
|
||||
{
|
||||
$user->getrights('ecm');
|
||||
if ($user->rights->ecm->read)
|
||||
if ($user->rights->ecm->download)
|
||||
{
|
||||
$accessallowed=1;
|
||||
}
|
||||
|
||||
@ -355,16 +355,16 @@ $formfile=new FormFile($db);
|
||||
|
||||
/*
|
||||
// Affiche formulaire upload
|
||||
if ($user->rights->ecm->create)
|
||||
if ($user->rights->ecm->upload)
|
||||
{
|
||||
$formfile->form_attach_new_file(DOL_URL_ROOT.'/ecm/docmine.php','',0,$section);
|
||||
}
|
||||
|
||||
// List of document
|
||||
if ($user->rights->ecm->read)
|
||||
if ($user->rights->ecm->download)
|
||||
{
|
||||
$param='&section='.$section;
|
||||
$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->create);
|
||||
$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->upload);
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
@ -592,7 +592,7 @@ $filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolowe
|
||||
$formfile=new FormFile($db);
|
||||
$param='&section='.$section;
|
||||
$textifempty=($section?$langs->trans("NoFileFound"):$langs->trans("ECMSelectASection"));
|
||||
$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->create,1,$textifempty);
|
||||
$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->upload,1,$textifempty);
|
||||
|
||||
// print '<table width="100%" class="border">';
|
||||
|
||||
@ -617,7 +617,7 @@ if (empty($action) || $action == 'file_manager' || eregi('refresh',$action))
|
||||
}
|
||||
}
|
||||
print '</td><td>';
|
||||
if ($user->rights->ecm->create && ! empty($section))
|
||||
if ($user->rights->ecm->upload && ! empty($section))
|
||||
{
|
||||
$formfile->form_attach_new_file(DOL_URL_ROOT.'/ecm/index.php','',0,$section,1);
|
||||
}
|
||||
|
||||
@ -38,9 +38,9 @@ function llxHeader($head = "", $title="", $help_url='', $morehtml='')
|
||||
|
||||
$menu = new Menu();
|
||||
|
||||
$menu->add(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("MenuECM"),0,$user->rights->ecm->read);
|
||||
$menu->add_submenu(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("List"),1,$user->rights->ecm->read);
|
||||
//$menu->add_submenu(DOL_URL_ROOT."/ecm/index?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewDocument"),1,$user->rights->ecm->create);
|
||||
$menu->add(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("MenuECM"),0,$user->rights->ecm->download);
|
||||
$menu->add_submenu(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("List"),1,$user->rights->ecm->download);
|
||||
//$menu->add_submenu(DOL_URL_ROOT."/ecm/index?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewDocument"),1,$user->rights->ecm->upload);
|
||||
|
||||
$menu->add_submenu(DOL_URL_ROOT."/ecm/docdir.php?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewSection"),1,$user->rights->ecm->setup);
|
||||
|
||||
|
||||
@ -17,23 +17,23 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
\defgroup document Module de generation de documents
|
||||
\brief Module pour gerer des generations de documents
|
||||
\version $Id$
|
||||
* \defgroup document Module de generation de documents
|
||||
* \brief Module pour gerer des generations de documents
|
||||
* \version $Id$
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/includes/modules/modDocument.class.php
|
||||
\ingroup document
|
||||
\brief Fichier de description et activation du module Generation document
|
||||
* \file htdocs/includes/modules/modDocument.class.php
|
||||
* \ingroup document
|
||||
* \brief Fichier de description et activation du module Generation document
|
||||
*/
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT ."/includes/modules/DolibarrModules.class.php");
|
||||
|
||||
|
||||
/**
|
||||
\class modDocument
|
||||
\brief Classe de description et activation du module Document
|
||||
* \class modDocument
|
||||
* \brief Classe de description et activation du module Document
|
||||
*/
|
||||
|
||||
class modDocument extends DolibarrModules
|
||||
|
||||
@ -100,14 +100,14 @@ class modECM extends DolibarrModules
|
||||
$this->rights[$r][1] = 'Consulter les documents';
|
||||
$this->rights[$r][2] = 'r';
|
||||
$this->rights[$r][3] = 1;
|
||||
$this->rights[$r][4] = 'read';
|
||||
$this->rights[$r][4] = 'download';
|
||||
|
||||
$r++;
|
||||
$this->rights[$r][0] = 2501;
|
||||
$this->rights[$r][1] = 'Soumettre ou supprimer des documents';
|
||||
$this->rights[$r][2] = 'w';
|
||||
$this->rights[$r][3] = 1;
|
||||
$this->rights[$r][4] = 'create';
|
||||
$this->rights[$r][4] = 'upload';
|
||||
|
||||
$r++;
|
||||
$this->rights[$r][0] = 2515;
|
||||
@ -131,7 +131,7 @@ class modECM extends DolibarrModules
|
||||
'url'=>'/ecm/index.php',
|
||||
'langs'=>'ecm',
|
||||
'position'=>100,
|
||||
'perms'=>'$user->rights->ecm->create || $user->rights->ecm->read || $user->rights->ecm->setup',
|
||||
'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload || $user->rights->ecm->setup',
|
||||
'target'=>'',
|
||||
'user'=>0);
|
||||
$r++;
|
||||
@ -144,7 +144,7 @@ class modECM extends DolibarrModules
|
||||
'url'=>'/ecm/index.php',
|
||||
'langs'=>'ecm',
|
||||
'position'=>101,
|
||||
'perms'=>'$user->rights->ecm->read',
|
||||
'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload',
|
||||
'target'=>'',
|
||||
'user'=>0);
|
||||
$r++;
|
||||
@ -156,7 +156,7 @@ class modECM extends DolibarrModules
|
||||
'url'=>'/ecm/index.php?action=file_manager',
|
||||
'langs'=>'ecm',
|
||||
'position'=>102,
|
||||
'perms'=>'$user->rights->ecm->read',
|
||||
'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload',
|
||||
'target'=>'',
|
||||
'user'=>0);
|
||||
$r++;
|
||||
@ -168,7 +168,7 @@ class modECM extends DolibarrModules
|
||||
'url'=>'/ecm/index.php?action=search_form',
|
||||
'langs'=>'ecm',
|
||||
'position'=>103,
|
||||
'perms'=>'$user->rights->ecm->read',
|
||||
'perms'=>'$user->rights->ecm->download',
|
||||
'target'=>'',
|
||||
'user'=>0);
|
||||
$r++;
|
||||
|
||||
@ -367,6 +367,7 @@ FillTownFromZip=Fill town from zip
|
||||
ShowLog=Show log
|
||||
File=File
|
||||
Files=Files
|
||||
NotAllowed=Not allowed
|
||||
ReadPermissionNotAllowed=Read permission not allowed
|
||||
AmountInCurrency=Amount in %s currency
|
||||
Example=Example
|
||||
|
||||
@ -368,6 +368,7 @@ FillTownFromZip=Renseigner ville
|
||||
ShowLog=Afficher historique
|
||||
File=Fichier
|
||||
Files=Fichiers
|
||||
NotAllowed=Non autorisé
|
||||
ReadPermissionNotAllowed=Lecture non autorisée
|
||||
AmountInCurrency=Montants exprimés en %s
|
||||
Example=Exemple
|
||||
|
||||
@ -280,7 +280,7 @@ class User extends CommonObject
|
||||
$sql = "SELECT module, perms, subperms";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def";
|
||||
$sql.= " WHERE ";
|
||||
$sql.=" id = '".$rid."'";
|
||||
$sql.= " id = '".$rid."'";
|
||||
|
||||
$result=$this->db->query($sql);
|
||||
if ($result) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user