diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 02f974a6d25..075de81629a 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -233,6 +233,7 @@ class Form if ($type == 'info') $img=img_help(0,$alt); if ($type == 'help' || $type ==1) $img=img_help(1,$alt); if ($type == 'superadmin') $img=img_redstar($alt); + if ($type == 'admin') $img=img_picto($alt,"star"); // Warnings if ($type == 'warning') $img=img_warning($alt); diff --git a/htdocs/langs/en_US/users.lang b/htdocs/langs/en_US/users.lang index a6f3452e059..95c560b9c1b 100755 --- a/htdocs/langs/en_US/users.lang +++ b/htdocs/langs/en_US/users.lang @@ -44,7 +44,8 @@ NameNotDefined=Name is not defined. ListOfUsers=List of users Administrator=Administrator SuperAdministrator=Super Administrator -SuperAdministratorDesc=Administrator with all rights +SuperAdministratorDesc=Global administrator +AdministratorDesc=Administrator's entity DefaultRights=Default permissions DefaultRightsDesc=Define here default permissions that are automatically granted to a new created user (Go on user card to change permission of an existing user). DolibarrUsers=Dolibarr users @@ -110,4 +111,5 @@ LoginToCreate=Login to create NameToCreate=Name of third party to create YourRole=Your roles YourQuotaOfUsersIsReached=Your quota of active users is reached ! -NbOfUsers=Nb of users \ No newline at end of file +NbOfUsers=Nb of users +DontDowngradeSuperAdmin=Only a superadmin can downgrade a superadmin \ No newline at end of file diff --git a/htdocs/langs/fr_FR/users.lang b/htdocs/langs/fr_FR/users.lang index 5b44e4e8f49..9698b8b3cb5 100755 --- a/htdocs/langs/fr_FR/users.lang +++ b/htdocs/langs/fr_FR/users.lang @@ -44,7 +44,8 @@ NameNotDefined=Le nom n'est pas défini. ListOfUsers=Liste des utilisateurs Administrator=Administrateur SuperAdministrator=Super Administrateur -SuperAdministratorDesc=Administrateur principal ayant tous les droits +SuperAdministratorDesc=Administrateur global +AdministratorDesc=Administrateur de l'entité DefaultRights=Permissions par défaut DefaultRightsDesc=Définissez ici les permissions par défaut, c'est-à-dire les permissions qui seront attribuées automatiquement à un nouvel utilisateur lors de sa création (Voir la fiche utilisateur pour changer les permissions d'un utilisateur existant). DolibarrUsers=Utilisateurs Dolibarr @@ -110,4 +111,5 @@ LoginToCreate=Login à créer NameToCreate=Nom du tiers à créer YourRole=Vos rôles YourQuotaOfUsersIsReached=Votre quota d'utilisateurs actifs est atteint ! -NbOfUsers=Nb d'utilisateurs \ No newline at end of file +NbOfUsers=Nb d'utilisateurs +DontDowngradeSuperAdmin=Seul un superadmin peut rétrograder un superadmin \ No newline at end of file diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 7d0970b5e29..9486a840f5c 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1036,7 +1036,7 @@ class User extends CommonObject $sql.= ", note = '".$this->db->escape($this->note)."'"; $sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null"); $sql.= ", openid = ".($this->openid?"'".$this->db->escape($this->openid)."'":"null"); - //$sql.= ", entity = '".$this->entity."'"; + $sql.= ", entity = '".$this->entity."'"; $sql.= " WHERE rowid = ".$this->id; dol_syslog("User::update sql=".$sql, LOG_DEBUG); @@ -1834,17 +1834,24 @@ class User extends CommonObject /** * Return number of existing users - * @param limitToActive limit to active users - * @return int Number of users + * @param limitTo limit to 'active' or 'superadmin' users + * @return int Number of users */ - function getNbOfUsers($limitToActive=0) + function getNbOfUsers($limitTo='') { global $conf; $sql = "SELECT count(rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."user"; - $sql.= " WHERE entity = ".$conf->entity; - if ($limitToActive) $sql.= " AND statut = 1"; + if ($limitTo == 'superadmin') + { + $sql.= " WHERE entity = 0"; + } + else + { + $sql.= " WHERE entity = ".$conf->entity; + if ($limitTo == 'active') $sql.= " AND statut = 1"; + } $resql=$this->db->query($sql); if ($resql) diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 51143b850a7..57a6852aee5 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -115,7 +115,7 @@ if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser) if (!empty($conf->file->main_limit_users)) { - $nb = $edituser->getNbOfUsers(1); + $nb = $edituser->getNbOfUsers("active"); if ($nb >= $conf->file->main_limit_users) { $message='
'.$langs->trans("YourQuotaOfUsersIsReached").'
'; @@ -168,7 +168,7 @@ if ($_POST["action"] == 'add' && $canadduser) if (!empty($conf->file->main_limit_users)) // If option to limit users is set { - $nb = $edituser->getNbOfUsers(1); + $nb = $edituser->getNbOfUsers("active"); if ($nb >= $conf->file->main_limit_users) { $message='
'.$langs->trans("YourQuotaOfUsersIsReached").'
'; @@ -191,7 +191,8 @@ if ($_POST["action"] == 'add' && $canadduser) $edituser->phenix_pass = $_POST["phenix_pass"]; $edituser->note = $_POST["note"]; $edituser->ldap_sid = $_POST["ldap_sid"]; - $edituser->entity = ($_POST["admin"] && empty($conf->multicompany->enabled))?0:$_POST["entity"]; // If multicompany is off, admin users must all be on entity 0. + // If multicompany is off, admin users must all be on entity 0. + $edituser->entity = ( ! empty($_POST["admin"]) && (! empty($_POST["superadmin"]) || empty($conf->multicompany->enabled)) ? 0 : $_POST["entity"]); $db->begin(); @@ -283,11 +284,11 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"]) $edituser->office_fax = $_POST["office_fax"]; $edituser->user_mobile = $_POST["user_mobile"]; $edituser->email = $_POST["email"]; - $edituser->openid = $_POST["openid"]; + $edituser->openid = $_POST["openid"]; $edituser->webcal_login = $_POST["webcal_login"]; $edituser->phenix_login = $_POST["phenix_login"]; $edituser->phenix_pass = $_POST["phenix_pass"]; - $edituser->entity = $_POST["entity"]; + $edituser->entity = ( (! empty($_POST["superadmin"]) && ! empty($_POST["admin"])) ? 0 : $_POST["entity"]); if (! empty($_FILES['photo']['name'])) $edituser->photo = $_FILES['photo']['name']; $ret=$edituser->update($user); @@ -653,6 +654,30 @@ if (($action == 'create') || ($action == 'adduserldap')) print ''.$langs->trans("Administrator").''; print ''; print $form->selectyesno('admin',$_POST["admin"],1); + + if (! empty($conf->multicompany->enabled) && ! $user->entity) + { + if ($conf->use_javascript_ajax) + { + print ''; + } + $checked=($_POST["superadmin"]?' checked':''); + $disabled=($_POST["superadmin"]?'':' disabled'); + print ' '.$langs->trans("SuperAdministrator"); + } print "\n"; } @@ -950,22 +975,23 @@ else print ''."\n"; // Administrator - print ''.$langs->trans("Administrator").''; - print ''.yn($fuser->admin); - if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY) && $fuser->admin && ! $fuser->entity) + print ''.$langs->trans("Administrator").''; + if (! empty($conf->multicompany->enabled) && $fuser->admin && ! $fuser->entity) { - print ' '.img_redstar($langs->trans("SuperAdministrator")); + print $html->textwithpicto(yn($fuser->admin),$langs->trans("SuperAdministratorDesc"),1,"superadmin"); } else if ($fuser->admin) { - print ' '.img_picto($langs->trans("Administrator"),"star"); + print $html->textwithpicto(yn($fuser->admin),$langs->trans("AdministratorDesc"),1,"admin"); } - print ''; - print ''."\n"; + else + { + print yn($fuser->admin); + } + print ''."\n"; // Type - print ''.$langs->trans("Type").''; - print ''; + print ''.$langs->trans("Type").''; if ($fuser->societe_id) { print $html->textwithpicto($langs->trans("External"),$langs->trans("InternalExternalDesc")); @@ -974,16 +1000,11 @@ else { print $langs->trans("DomainUser",$ldap->domainFQDN); } - else if (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ! empty($fuser->entity)) + else { print $html->textwithpicto($langs->trans("Internal"),$langs->trans("InternalExternalDesc")); } - else - { - print $html->textwithpicto($langs->trans("SuperAdministrator"),$langs->trans("SuperAdministratorDesc")); - } - print ''; - print ''."\n"; + print ''."\n"; // Tel pro print ''.$langs->trans("PhonePro").''; @@ -1112,7 +1133,7 @@ else print '
'; if ($caneditfield && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || (($fuser->entity == $conf->entity) || $fuser->entity == $user->entity)) ) + (empty($conf->multicompany->enabled) || (($fuser->entity == $conf->entity) || $fuser->entity == $user->entity)) ) { if (! empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED)) { @@ -1124,7 +1145,7 @@ else } } elseif ($caneditpassword && ! $fuser->ldap_sid && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) ) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("EditPassword").''; } @@ -1133,13 +1154,13 @@ else if ($conf->global->USER_PASSWORD_GENERATED != 'none') { if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity))) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity))) { print ''.$langs->trans("ReinitPassword").''; } if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) ) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { if ($fuser->email) print ''.$langs->trans("SendNewPassword").''; else print ''.$langs->trans("SendNewPassword").''; @@ -1148,19 +1169,19 @@ else // Activer if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 0 && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) ) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("Reactivate").''; } // Desactiver if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 1 && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) ) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("DisableUser").''; } // Delete if ($user->id <> $_GET["id"] && $candisableuser && - (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) ) + (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) { print ''.$langs->trans("DeleteUser").''; } @@ -1293,7 +1314,7 @@ else if ($_GET["action"] == 'edit' && ($canedituser || ($user->id == $fuser->id))) { - print '
'; + print ''; print ''; print ''; print ''; @@ -1400,15 +1421,47 @@ else else { print ''; - if ($user->admin && $fuser->entity!=0) // On ne doit pas rétrograder le superadmin + // Don't downgrade a superadmin if alone + $nbSuperAdmin = $user->getNbOfUsers('superadmin'); + if ($user->admin && ($fuser->entity > 0 || $nbSuperAdmin > 1) ) { print $form->selectyesno('admin',$fuser->admin,1); + + if (! empty($conf->multicompany->enabled) && ! $user->entity) + { + if ($conf->use_javascript_ajax) + { + print ''; + } + + $checked=(($fuser->admin && ! $fuser->entity) ? ' checked' : ''); + print ' '.$langs->trans("SuperAdministrator"); + } } else { $yn = yn($fuser->admin); print ''; - if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) print $html->textwithpicto($yn,$langs->trans("DontChangeSuperAdmin"),1,'warning'); + if (! empty($conf->multicompany->enabled) && ! $fuser->entity) print $html->textwithpicto($yn,$langs->trans("DontDowngradeSuperAdmin"),1,'warning'); else print $yn; } print ''; @@ -1425,11 +1478,6 @@ else { print $langs->trans("DomainUser"); } - else if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY) && $fuser->admin && !$fuser->entity) - { - print $langs->trans("SuperAdministrator"); - print ' '.img_picto($langs->trans("SuperAdministrator"),"redstar"); - } else { print $langs->trans("Internal");