From 22a3b5ea78a5fa211803bcca04a1d55fee3ba909 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 18 Jan 2022 16:24:28 +0100 Subject: [PATCH] FIX deletion of supplier order when draft --- htdocs/fourn/commande/card.php | 15 ++++++++------- htdocs/modulebuilder/template/myobject_card.php | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 915354b50b6..a44a1be11be 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -85,13 +85,6 @@ $hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($con $datelivraison = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), GETPOST('liv_sec', 'int'), GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); - -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); - // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('ordersuppliercard', 'globalcard')); @@ -101,6 +94,10 @@ $extrafields = new ExtraFields($db); // fetch optionals attributes and labels $extrafields->fetch_name_optionals_label($object->table_element); +if ($user->socid) { + $socid = $user->socid; +} + // Load object if ($id > 0 || !empty($ref)) { $ret = $object->fetch($id, $ref); @@ -124,6 +121,10 @@ if ($id > 0 || !empty($ref)) { } } +// Security check +$isdraft = (isset($object->statut) && ($object->statut == $object::STATUS_DRAFT) ? 1 : 0); +$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande', 'fk_soc', 'rowid', $isdraft); + // Common permissions $usercanread = ($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire); $usercancreate = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index b074412b6b3..346e9d907e6 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -132,7 +132,7 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object- // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; -//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); +//$isdraft = (isset($object->status) && ($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); //if (empty($conf->mymodule->enabled)) accessforbidden(); //if (!$permissiontoread) accessforbidden();