use user->hasRight
This commit is contained in:
Frédéric FRANCE
parent
53f9aef589
commit
3680f20465
@ -112,7 +112,7 @@ class ActionsAdherentCardDefault extends ActionsAdherentCardCommon
|
||||
$this->tpl['actionsdone'] = show_actions_done($conf, $langs, $db, $objsoc, $this->object, 1);
|
||||
} else {
|
||||
// Confirm delete contact
|
||||
if ($action == 'delete' && $user->rights->adherent->supprimer) {
|
||||
if ($action == 'delete' && $user->hasRight('adherent', 'supprimer')) {
|
||||
$this->tpl['action_delete'] = $form->formconfirm($_SERVER["PHP_SELF"]."?id=".$this->object->id, $langs->trans("DeleteAdherent"), $langs->trans("ConfirmDeleteAdherent"), "confirm_delete", '', 0, 1);
|
||||
}
|
||||
}
|
||||
|
||||
@ -132,8 +132,8 @@ if (empty($user->socid)) {
|
||||
echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=create_user&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans("CreateDolibarrLogin").'</a>';
|
||||
}
|
||||
|
||||
if ($user->rights->adherent->supprimer) {
|
||||
print dolGetButtonAction($langs->trans("Delete"), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=delete&token='.newToken().'&canvas='.$canvas, 'delete', $user->rights->adherent->supprimer);
|
||||
if ($user->hasRight('adherent', 'supprimer')) {
|
||||
print dolGetButtonAction($langs->trans("Delete"), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=delete&token='.newToken().'&canvas='.$canvas, 'delete', $user->hasRight('adherent', 'supprimer'));
|
||||
}
|
||||
|
||||
echo '</div><br>';
|
||||
|
||||
@ -62,7 +62,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function get($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -99,7 +99,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function getByThirdparty($thirdparty)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -132,7 +132,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function getByThirdpartyEmail($email)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -171,7 +171,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function getByThirdpartyBarcode($barcode)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -217,7 +217,7 @@ class Members extends DolibarrApi
|
||||
|
||||
$obj_ret = array();
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -370,7 +370,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->supprimer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'supprimer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
$member = new Adherent($this->db);
|
||||
@ -464,7 +464,7 @@ class Members extends DolibarrApi
|
||||
{
|
||||
$obj_ret = array();
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -495,7 +495,7 @@ class Members extends DolibarrApi
|
||||
*/
|
||||
public function createSubscription($id, $start_date, $end_date, $amount, $label = '')
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
|
||||
@ -55,7 +55,7 @@ class MembersTypes extends DolibarrApi
|
||||
*/
|
||||
public function get($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -92,7 +92,7 @@ class MembersTypes extends DolibarrApi
|
||||
|
||||
$obj_ret = array();
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -151,7 +151,7 @@ class MembersTypes extends DolibarrApi
|
||||
*/
|
||||
public function post($request_data = null)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->configurer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
// Check mandatory fields
|
||||
@ -176,7 +176,7 @@ class MembersTypes extends DolibarrApi
|
||||
*/
|
||||
public function put($id, $request_data = null)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->configurer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -216,7 +216,7 @@ class MembersTypes extends DolibarrApi
|
||||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->configurer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'configurer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
$membertype = new AdherentType($this->db);
|
||||
|
||||
@ -58,7 +58,7 @@ class Subscriptions extends DolibarrApi
|
||||
*/
|
||||
public function get($id)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -91,7 +91,7 @@ class Subscriptions extends DolibarrApi
|
||||
|
||||
$obj_ret = array();
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->lire) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'lire')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
|
||||
@ -148,7 +148,7 @@ class Subscriptions extends DolibarrApi
|
||||
*/
|
||||
public function post($request_data = null)
|
||||
{
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
// Check mandatory fields
|
||||
@ -206,7 +206,7 @@ class Subscriptions extends DolibarrApi
|
||||
public function delete($id)
|
||||
{
|
||||
// The right to delete a subscription comes with the right to create one.
|
||||
if (!DolibarrApiAccess::$user->rights->adherent->cotisation->creer) {
|
||||
if (!DolibarrApiAccess::$user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
throw new RestException(401);
|
||||
}
|
||||
$subscription = new Subscription($this->db);
|
||||
|
||||
@ -37,7 +37,7 @@ $sortorder = GETPOST('sortorder', 'aZ09');
|
||||
if (!isModEnabled('adherent')) {
|
||||
accessforbidden();
|
||||
}
|
||||
if (empty($user->rights->adherent->export)) {
|
||||
if (!$user->hasRight('adherent', 'export')) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
@ -201,7 +201,7 @@ if (empty($reshook) && $action == 'setsocid') {
|
||||
}
|
||||
}
|
||||
|
||||
if ($user->rights->adherent->cotisation->creer && $action == 'subscription' && !$cancel) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'subscription' && !$cancel) {
|
||||
$error = 0;
|
||||
|
||||
$langs->load("banks");
|
||||
@ -674,7 +674,7 @@ if ($rowid > 0) {
|
||||
*/
|
||||
|
||||
// Button to create a new subscription if member no draft (-1) neither resiliated (0) neither excluded (-2)
|
||||
if ($user->rights->adherent->cotisation->creer) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
if ($action != 'addsubscription' && $action != 'create_thirdparty') {
|
||||
print '<div class="tabsAction">';
|
||||
|
||||
@ -814,7 +814,7 @@ if ($rowid > 0) {
|
||||
/*
|
||||
* Add new subscription form
|
||||
*/
|
||||
if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->rights->adherent->cotisation->creer) {
|
||||
if (($action == 'addsubscription' || $action == 'create_thirdparty') && $user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
print '<br>';
|
||||
|
||||
print load_fiche_titre($langs->trans("NewCotisation"));
|
||||
|
||||
@ -49,13 +49,13 @@ $note = GETPOST('note', 'alpha');
|
||||
$typeid = (int) GETPOST('typeid', 'int');
|
||||
$amount = price2num(GETPOST('amount', 'alpha'), 'MT');
|
||||
|
||||
if (empty($user->rights->adherent->cotisation->lire)) {
|
||||
if (!$user->hasRight('adherent', 'cotisation', 'lire')) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
$permissionnote = $user->rights->adherent->cotisation->creer; // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->rights->adherent->cotisation->creer; // Used by the include of actions_dellink.inc.php
|
||||
$permissiontoedit = $user->rights->adherent->cotisation->creer; // Used by the include of actions_lineupdonw.inc.php
|
||||
$permissionnote = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_setnotes.inc.php
|
||||
$permissiondellink = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_dellink.inc.php
|
||||
$permissiontoedit = $user->hasRight('adherent', 'cotisation', 'creer'); // Used by the include of actions_lineupdonw.inc.php
|
||||
|
||||
$hookmanager->initHooks(array('subscriptioncard', 'globalcard'));
|
||||
|
||||
@ -78,7 +78,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, n
|
||||
//include DOL_DOCUMENT_ROOT.'/core/actions_lineupdown.inc.php'; // Must be include, not include_once
|
||||
|
||||
|
||||
if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cancel) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'update' && !$cancel) {
|
||||
// Load current object
|
||||
$result = $object->fetch($rowid);
|
||||
if ($result > 0) {
|
||||
@ -140,7 +140,7 @@ if ($user->rights->adherent->cotisation->creer && $action == 'update' && !$cance
|
||||
}
|
||||
}
|
||||
|
||||
if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->adherent->cotisation->creer) {
|
||||
if ($action == 'confirm_delete' && $confirm == 'yes' && $user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
$result = $object->fetch($rowid);
|
||||
$result = $object->delete($user);
|
||||
if ($result > 0) {
|
||||
@ -166,7 +166,7 @@ llxHeader('', $langs->trans("SubscriptionCard"), $help_url);
|
||||
dol_htmloutput_errors($errmsg);
|
||||
|
||||
|
||||
if ($user->rights->adherent->cotisation->creer && $action == 'edit') {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer') && $action == 'edit') {
|
||||
/********************************************
|
||||
*
|
||||
* Subscription card in edit mode
|
||||
@ -350,7 +350,7 @@ if ($rowid && $action != 'edit') {
|
||||
*/
|
||||
print '<div class="tabsAction">';
|
||||
|
||||
if ($user->rights->adherent->cotisation->creer) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
if (!empty($bankline->rappro)) {
|
||||
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"]."?rowid=".$object->id.'&action=edit&token='.newToken().'">'.$langs->trans("Modify")."</a></div>";
|
||||
} else {
|
||||
@ -359,7 +359,7 @@ if ($rowid && $action != 'edit') {
|
||||
}
|
||||
|
||||
// Delete
|
||||
if ($user->rights->adherent->cotisation->creer) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER["PHP_SELF"]."?rowid=".$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete")."</a></div>\n";
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array("companies", "members", "bills", "users"));
|
||||
|
||||
if (empty($user->rights->adherent->lire)) {
|
||||
if (!$user->hasRight('adherent', 'lire')) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
@ -291,14 +291,14 @@ $arrayofmassactions = array(
|
||||
//'presend'=>img_picto('', 'email', 'class="pictofixedwidth"').$langs->trans("SendByMail"),
|
||||
//'builddoc'=>img_picto('', 'pdf', 'class="pictofixedwidth"').$langs->trans("PDFMerge"),
|
||||
);
|
||||
//if ($user->rights->adherent->supprimer) $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete");
|
||||
//if ($user->hasRight('adherent', 'supprimer')) $arrayofmassactions['predelete'] = img_picto('', 'delete', 'class="pictofixedwidth"').$langs->trans("Delete");
|
||||
if (in_array($massaction, array('presend', 'predelete'))) {
|
||||
$arrayofmassactions = array();
|
||||
}
|
||||
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
|
||||
|
||||
$newcardbutton = '';
|
||||
if ($user->rights->adherent->cotisation->creer) {
|
||||
if ($user->hasRight('adherent', 'cotisation', 'creer')) {
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewSubscription'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/list.php?status=-1,1');
|
||||
}
|
||||
|
||||
|
||||
@ -39,7 +39,7 @@ foreach ($linkedObjectBlock as $key => $objectlink) {
|
||||
echo '<td class="center"></td>';
|
||||
echo '<td class="center">'.dol_print_date($objectlink->dateh, 'day').'</td>';
|
||||
echo '<td class="right">';
|
||||
if ($user->rights->adherent->lire) {
|
||||
if ($user->hasRight('adherent', 'lire')) {
|
||||
$total = $total + $objectlink->amount;
|
||||
echo price($objectlink->amount);
|
||||
}
|
||||
|
||||
@ -171,7 +171,7 @@ if ($action == 'add' && $user->hasRight('adherent', 'configurer')) {
|
||||
}
|
||||
}
|
||||
|
||||
if ($action == 'update' && $user->rights->adherent->configurer) {
|
||||
if ($action == 'update' && $user->hasRight('adherent', 'configurer')) {
|
||||
$object->fetch($rowid);
|
||||
|
||||
$object->oldcopy = dol_clone($object);
|
||||
@ -207,7 +207,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) {
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($action == 'confirm_delete' && !empty($user->rights->adherent->configurer)) {
|
||||
if ($action == 'confirm_delete' && $user->hasRight('adherent', 'configurer')) {
|
||||
$object->fetch($rowid);
|
||||
$res = $object->delete();
|
||||
|
||||
@ -257,7 +257,7 @@ if (!$rowid && $action != 'create' && $action != 'edit') {
|
||||
}
|
||||
|
||||
$newcardbutton = '';
|
||||
if ($user->rights->adherent->configurer) {
|
||||
if ($user->hasRight('adherent', 'configurer')) {
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewMemberType'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/adherents/type.php?action=create');
|
||||
}
|
||||
|
||||
@ -323,7 +323,7 @@ if (!$rowid && $action != 'create' && $action != 'edit') {
|
||||
print '<td class="center">'.yn($objp->caneditamount).'</td>';
|
||||
print '<td class="center">'.yn($objp->vote).'</td>';
|
||||
print '<td class="center">'.$membertype->getLibStatut(5).'</td>';
|
||||
if ($user->rights->adherent->configurer) {
|
||||
if ($user->hasRight('adherent', 'configurer')) {
|
||||
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=edit&rowid='.$objp->rowid.'">'.img_edit().'</a></td>';
|
||||
} else {
|
||||
print '<td class="right"> </td>';
|
||||
|
||||
@ -71,7 +71,7 @@ if ($action == 'delete' && GETPOST('langtodelete', 'alpha')) {
|
||||
}
|
||||
|
||||
// Add translation
|
||||
if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) {
|
||||
if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) {
|
||||
$object = new AdherentType($db);
|
||||
$object->fetch($id);
|
||||
$current_lang = $langs->getDefaultLang();
|
||||
@ -99,7 +99,7 @@ if ($action == 'vadd' && $cancel != $langs->trans("Cancel") && $user->rights->ad
|
||||
}
|
||||
|
||||
// Edit translation
|
||||
if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) {
|
||||
if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) {
|
||||
$object = new AdherentType($db);
|
||||
$object->fetch($id);
|
||||
$current_lang = $langs->getDefaultLang();
|
||||
@ -125,7 +125,7 @@ if ($action == 'vedit' && $cancel != $langs->trans("Cancel") && $user->rights->a
|
||||
}
|
||||
|
||||
// Delete translation
|
||||
if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && $user->rights->adherent->configurer) {
|
||||
if ($action == 'vdelete' && $cancel != $langs->trans("Cancel") && $user->hasRight('adherent', 'configurer')) {
|
||||
$object = new AdherentType($db);
|
||||
$object->fetch($id);
|
||||
$langtodelete = GETPOST('langdel', 'alpha');
|
||||
|
||||
@ -35,7 +35,7 @@ $id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alphanohtml');
|
||||
|
||||
$object = new adherent($db);
|
||||
|
||||
global $user;
|
||||
// Fetch object
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
// Load member
|
||||
@ -46,10 +46,10 @@ if ($id > 0 || !empty($ref)) {
|
||||
// Define variables to know what current user can do on properties of user linked to edited member
|
||||
if ($object->user_id) {
|
||||
// $User is the user who edits, $object->user_id is the id of the related user in the edited member
|
||||
$caneditfielduser = ((($user->id == $object->user_id) && $user->rights->user->self->creer)
|
||||
|| (($user->id != $object->user_id) && $user->rights->user->user->creer));
|
||||
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|
||||
|| (($user->id != $object->user_id) && $user->rights->user->user->password));
|
||||
$caneditfielduser = ((($user->id == $object->user_id) && $user->hasRight('user', 'self', 'creer'))
|
||||
|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer')));
|
||||
$caneditpassworduser = ((($user->id == $object->user_id) && $user->hasRight('user', 'self', 'password'))
|
||||
|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password')));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user