From 1fd45ffec80a951fb8b5a2b235c835d985562210 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 16 Dec 2008 19:12:42 +0000 Subject: [PATCH] Can upload files with no read permission in ECM module --- dev/initdemo/initdemo.sql | 2 +- htdocs/admin/perms.php | 14 ++++++++++---- htdocs/document.php | 2 +- htdocs/ecm/docmine.php | 6 +++--- htdocs/ecm/index.php | 4 ++-- htdocs/ecm/pre.inc.php | 6 +++--- htdocs/includes/modules/modDocument.class.php | 16 ++++++++-------- htdocs/includes/modules/modECM.class.php | 12 ++++++------ htdocs/langs/en_US/main.lang | 1 + htdocs/langs/fr_FR/main.lang | 1 + htdocs/user.class.php | 2 +- 11 files changed, 37 insertions(+), 29 deletions(-) diff --git a/dev/initdemo/initdemo.sql b/dev/initdemo/initdemo.sql index 1c2f596ca22..6bbe2b4ce4f 100644 --- a/dev/initdemo/initdemo.sql +++ b/dev/initdemo/initdemo.sql @@ -3447,7 +3447,7 @@ SET character_set_client = @saved_cs_client; LOCK TABLES `llx_menu` WRITE; /*!40000 ALTER TABLE `llx_menu` DISABLE KEYS */; -INSERT INTO `llx_menu` VALUES (1,'all','agenda','top','agenda',0,100,'/comm/action/index.php','','Agenda','commercial',0,'0','$user->rights->agenda->myactions->read',0,'2008-08-07 19:59:53'),(2,'all','ecm','top','ecm',0,100,'/ecm/index.php','','MenuECM','ecm',0,'1','$user->rights->ecm->create || $user->rights->ecm->read || $user->rights->ecm->setup',0,'2008-08-07 20:00:42'),(3,'all','ecm','left','ecm',2,100,'/ecm/index.php','','ECMArea','ecm',0,'','$user->rights->ecm->read',0,'2008-08-07 20:00:42'),(4,'all','ecm','left','ecm',3,100,'/ecm/index.php','','List','ecm',0,'','$user->rights->ecm->read',0,'2008-08-07 20:00:42'),(5,'all','ecm','left','ecm',3,100,'/ecm/docdir.php?action=create','','ECMNewSection','ecm',0,'','$user->rights->ecm->setup',0,'2008-08-07 20:00:42'); +INSERT INTO `llx_menu` VALUES (1,'all','agenda','top','agenda',0,100,'/comm/action/index.php','','Agenda','commercial',0,'0','$user->rights->agenda->myactions->read',0,'2008-08-07 19:59:53'),(2,'all','ecm','top','ecm',0,100,'/ecm/index.php','','MenuECM','ecm',0,'1','$user->rights->ecm->upload || $user->rights->ecm->download || $user->rights->ecm->setup',0,'2008-08-07 20:00:42'),(3,'all','ecm','left','ecm',2,100,'/ecm/index.php','','ECMArea','ecm',0,'','$user->rights->ecm->download',0,'2008-08-07 20:00:42'),(4,'all','ecm','left','ecm',3,100,'/ecm/index.php','','List','ecm',0,'','$user->rights->ecm->download',0,'2008-08-07 20:00:42'),(5,'all','ecm','left','ecm',3,100,'/ecm/docdir.php?action=create','','ECMNewSection','ecm',0,'','$user->rights->ecm->setup',0,'2008-08-07 20:00:42'); /*!40000 ALTER TABLE `llx_menu` ENABLE KEYS */; UNLOCK TABLES; diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 14f0ba620ee..b960132d1fc 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2006 Laurent Destailleur + * Copyright (C) 2004-2008 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -98,7 +98,7 @@ $db->commit(); // Affiche lignes des permissions -$sql ="SELECT r.id, r.libelle, r.module, r.bydefault"; +$sql ="SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault"; $sql.=" FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.=" WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" $sql.=" ORDER BY r.module, r.id"; @@ -106,7 +106,7 @@ $sql.=" ORDER BY r.module, r.id"; $result = $db->query($sql); if ($result) { - $num = $db->num_rows(); + $num = $db->num_rows($result); $i = 0; $var=True; $old = ""; @@ -121,9 +121,15 @@ if ($result) continue; } + // Check if permission is inside module definition + // TODO If not, we remove it + foreach($objMod->rights as $key => $val) + { + } + + // Break found, it's a new module to catch if ($old <> $obj->module) { - // Rupture d�tect�e, on r�cup�re objMod $objMod=$modules[$obj->module]; $picto=($objMod->picto?$objMod->picto:'generic'); diff --git a/htdocs/document.php b/htdocs/document.php index b4a0bea7d11..06da4114faa 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -327,7 +327,7 @@ if ($modulepart) if ($modulepart == 'ecm') { $user->getrights('ecm'); - if ($user->rights->ecm->read) + if ($user->rights->ecm->download) { $accessallowed=1; } diff --git a/htdocs/ecm/docmine.php b/htdocs/ecm/docmine.php index 773a104d54b..72a9d0e0dab 100644 --- a/htdocs/ecm/docmine.php +++ b/htdocs/ecm/docmine.php @@ -355,16 +355,16 @@ $formfile=new FormFile($db); /* // Affiche formulaire upload -if ($user->rights->ecm->create) +if ($user->rights->ecm->upload) { $formfile->form_attach_new_file(DOL_URL_ROOT.'/ecm/docmine.php','',0,$section); } // List of document -if ($user->rights->ecm->read) +if ($user->rights->ecm->download) { $param='&section='.$section; - $formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->create); + $formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->upload); } */ diff --git a/htdocs/ecm/index.php b/htdocs/ecm/index.php index e5306f68993..c7b22bed631 100644 --- a/htdocs/ecm/index.php +++ b/htdocs/ecm/index.php @@ -592,7 +592,7 @@ $filearray=dol_dir_list($upload_dir,"files",0,'','\.meta$',$sortfield,(strtolowe $formfile=new FormFile($db); $param='&section='.$section; $textifempty=($section?$langs->trans("NoFileFound"):$langs->trans("ECMSelectASection")); -$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->create,1,$textifempty); +$formfile->list_of_documents($filearray,'','ecm',$param,1,$relativepath,$user->rights->ecm->upload,1,$textifempty); // print ''; @@ -617,7 +617,7 @@ if (empty($action) || $action == 'file_manager' || eregi('refresh',$action)) } } print '
'; -if ($user->rights->ecm->create && ! empty($section)) +if ($user->rights->ecm->upload && ! empty($section)) { $formfile->form_attach_new_file(DOL_URL_ROOT.'/ecm/index.php','',0,$section,1); } diff --git a/htdocs/ecm/pre.inc.php b/htdocs/ecm/pre.inc.php index 997f19a6f46..54f8091c39c 100644 --- a/htdocs/ecm/pre.inc.php +++ b/htdocs/ecm/pre.inc.php @@ -38,9 +38,9 @@ function llxHeader($head = "", $title="", $help_url='', $morehtml='') $menu = new Menu(); - $menu->add(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("MenuECM"),0,$user->rights->ecm->read); - $menu->add_submenu(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("List"),1,$user->rights->ecm->read); - //$menu->add_submenu(DOL_URL_ROOT."/ecm/index?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewDocument"),1,$user->rights->ecm->create); + $menu->add(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("MenuECM"),0,$user->rights->ecm->download); + $menu->add_submenu(DOL_URL_ROOT."/ecm/index.php?mainmenu=ecm&idmenu=".$_SESSION["idmenu"], $langs->trans("List"),1,$user->rights->ecm->download); + //$menu->add_submenu(DOL_URL_ROOT."/ecm/index?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewDocument"),1,$user->rights->ecm->upload); $menu->add_submenu(DOL_URL_ROOT."/ecm/docdir.php?mainmenu=ecm&action=create&idmenu=".$_SESSION["idmenu"], $langs->trans("ECMNewSection"),1,$user->rights->ecm->setup); diff --git a/htdocs/includes/modules/modDocument.class.php b/htdocs/includes/modules/modDocument.class.php index e7b9b69eaf9..45fb17cc879 100644 --- a/htdocs/includes/modules/modDocument.class.php +++ b/htdocs/includes/modules/modDocument.class.php @@ -17,23 +17,23 @@ */ /** - \defgroup document Module de generation de documents - \brief Module pour gerer des generations de documents - \version $Id$ + * \defgroup document Module de generation de documents + * \brief Module pour gerer des generations de documents + * \version $Id$ */ /** - \file htdocs/includes/modules/modDocument.class.php - \ingroup document - \brief Fichier de description et activation du module Generation document + * \file htdocs/includes/modules/modDocument.class.php + * \ingroup document + * \brief Fichier de description et activation du module Generation document */ include_once(DOL_DOCUMENT_ROOT ."/includes/modules/DolibarrModules.class.php"); /** - \class modDocument - \brief Classe de description et activation du module Document + * \class modDocument + * \brief Classe de description et activation du module Document */ class modDocument extends DolibarrModules diff --git a/htdocs/includes/modules/modECM.class.php b/htdocs/includes/modules/modECM.class.php index 5c3b152011d..b39d7caa295 100644 --- a/htdocs/includes/modules/modECM.class.php +++ b/htdocs/includes/modules/modECM.class.php @@ -100,14 +100,14 @@ class modECM extends DolibarrModules $this->rights[$r][1] = 'Consulter les documents'; $this->rights[$r][2] = 'r'; $this->rights[$r][3] = 1; - $this->rights[$r][4] = 'read'; + $this->rights[$r][4] = 'download'; $r++; $this->rights[$r][0] = 2501; $this->rights[$r][1] = 'Soumettre ou supprimer des documents'; $this->rights[$r][2] = 'w'; $this->rights[$r][3] = 1; - $this->rights[$r][4] = 'create'; + $this->rights[$r][4] = 'upload'; $r++; $this->rights[$r][0] = 2515; @@ -131,7 +131,7 @@ class modECM extends DolibarrModules 'url'=>'/ecm/index.php', 'langs'=>'ecm', 'position'=>100, - 'perms'=>'$user->rights->ecm->create || $user->rights->ecm->read || $user->rights->ecm->setup', + 'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload || $user->rights->ecm->setup', 'target'=>'', 'user'=>0); $r++; @@ -144,7 +144,7 @@ class modECM extends DolibarrModules 'url'=>'/ecm/index.php', 'langs'=>'ecm', 'position'=>101, - 'perms'=>'$user->rights->ecm->read', + 'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload', 'target'=>'', 'user'=>0); $r++; @@ -156,7 +156,7 @@ class modECM extends DolibarrModules 'url'=>'/ecm/index.php?action=file_manager', 'langs'=>'ecm', 'position'=>102, - 'perms'=>'$user->rights->ecm->read', + 'perms'=>'$user->rights->ecm->download || $user->rights->ecm->upload', 'target'=>'', 'user'=>0); $r++; @@ -168,7 +168,7 @@ class modECM extends DolibarrModules 'url'=>'/ecm/index.php?action=search_form', 'langs'=>'ecm', 'position'=>103, - 'perms'=>'$user->rights->ecm->read', + 'perms'=>'$user->rights->ecm->download', 'target'=>'', 'user'=>0); $r++; diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 1a5953166d0..a17d95ce7b7 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -367,6 +367,7 @@ FillTownFromZip=Fill town from zip ShowLog=Show log File=File Files=Files +NotAllowed=Not allowed ReadPermissionNotAllowed=Read permission not allowed AmountInCurrency=Amount in %s currency Example=Example diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang index 72180294a53..564226b263f 100644 --- a/htdocs/langs/fr_FR/main.lang +++ b/htdocs/langs/fr_FR/main.lang @@ -368,6 +368,7 @@ FillTownFromZip=Renseigner ville ShowLog=Afficher historique File=Fichier Files=Fichiers +NotAllowed=Non autorisé ReadPermissionNotAllowed=Lecture non autorisée AmountInCurrency=Montants exprimés en %s Example=Exemple diff --git a/htdocs/user.class.php b/htdocs/user.class.php index b6fd4f02e70..624b53f20cb 100644 --- a/htdocs/user.class.php +++ b/htdocs/user.class.php @@ -280,7 +280,7 @@ class User extends CommonObject $sql = "SELECT module, perms, subperms"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def"; $sql.= " WHERE "; - $sql.=" id = '".$rid."'"; + $sql.= " id = '".$rid."'"; $result=$this->db->query($sql); if ($result) {