diff --git a/htdocs/hrm/admin/evaluation_extrafields.php b/htdocs/hrm/admin/evaluation_extrafields.php index 6513ea311e3..ddf20696ff7 100644 --- a/htdocs/hrm/admin/evaluation_extrafields.php +++ b/htdocs/hrm/admin/evaluation_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/evaluation_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/evaluation_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm evaluation */ // Load Dolibarr environment @@ -44,10 +44,12 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->transnoentitiesnoconv($val); } +// Get Parameters $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_evaluation'; //Must be the $table_element of the class that manage extrafield +// Security Check if (!$user->admin) { accessforbidden(); } diff --git a/htdocs/hrm/admin/job_extrafields.php b/htdocs/hrm/admin/job_extrafields.php index 5d6ea5d6990..6af5f1ffc67 100644 --- a/htdocs/hrm/admin/job_extrafields.php +++ b/htdocs/hrm/admin/job_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/job_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/job_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm jobs */ // Load Dolibarr environment @@ -44,10 +44,12 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->transnoentitiesnoconv($val); } +// Get Parameters $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_job'; //Must be the $table_element of the class that manage extrafield +// Security Check if (!$user->admin) { accessforbidden(); } diff --git a/htdocs/hrm/admin/skill_extrafields.php b/htdocs/hrm/admin/skill_extrafields.php index adcf6277dd0..1ca37038e93 100644 --- a/htdocs/hrm/admin/skill_extrafields.php +++ b/htdocs/hrm/admin/skill_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/skill_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/skill_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm skills */ // Load Dolibarr environment @@ -48,6 +48,7 @@ $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_skill'; //Must be the $table_element of the class that manage extrafield +// Security check if (!$user->admin) { accessforbidden(); } diff --git a/htdocs/hrm/skill_agenda.php b/htdocs/hrm/skill_agenda.php index 23f98d75f3f..9646aaccb88 100644 --- a/htdocs/hrm/skill_agenda.php +++ b/htdocs/hrm/skill_agenda.php @@ -20,24 +20,24 @@ */ /** - * \file skill_agenda.php - * \ingroup hrm - * \brief Tab of events on skill + * \file htdocs/hrm/skill_agenda.php + * \ingroup hrm + * \brief Tab of events on skill */ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; +require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; +require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php'; +require_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); // Get parameters $id = GETPOST('id', 'int'); @@ -56,6 +56,7 @@ if (GETPOST('actioncode', 'array')) { } $search_agenda_label = GETPOST('search_agenda_label'); +// Get Parameters for Pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); @@ -87,6 +88,7 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity]."/".$object->id; } +// Permissions $permissiontoread = $user->rights->hrm->all->read; $permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index 4fd3a0bc28b..c057d0e0e31 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -20,9 +20,9 @@ */ /** - * \file skill_card.php + * \file htdocs/hrm/skill_card.php * \ingroup hrm - * \brief Page to create/edit/view skill + * \brief Page to create/edit/view skills */ @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other", 'products')); +$langs->loadLangs(array('hrm', 'other', 'products')); // why products? // Get parameters $id = GETPOST('id', 'int'); @@ -77,9 +77,9 @@ if (empty($action) && empty($id) && empty($ref)) { // Load object include DOL_DOCUMENT_ROOT . '/core/actions_fetchobject.inc.php'; // Must be include, not include_once. - -$permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +// Permissions +$permissiontoread = $user->rights->hrm->all->read; +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php $permissiontodelete = $user->rights->hrm->all->delete; $upload_dir = $conf->hrm->multidir_output[isset($object->entity) ? $object->entity : 1] . '/skill'; diff --git a/htdocs/hrm/skill_contact.php b/htdocs/hrm/skill_contact.php index c5fe154557c..562421a5272 100644 --- a/htdocs/hrm/skill_contact.php +++ b/htdocs/hrm/skill_contact.php @@ -20,22 +20,25 @@ */ /** - * \file skill_contact.php - * \ingroup hrm - * \brief Tab for contacts linked to Skill + * \file htdocs/hrm/skill_contact.php + * \ingroup hrm + * \brief Tab for contacts linked to Skill */ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; +require_once DOL_DOCUMENT_ROOT . '/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; -// Load translation files required by the page -$langs->loadLangs(array("hrm", "companies", "other", "mails")); +// Load translation files required by the page +$langs->loadLangs(array('hrm', 'companies', 'other', 'mails')); + + +// Get Parameters $id = (GETPOST('id') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); @@ -53,6 +56,7 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals +// Permissions $permission = $user->rights->hrm->skill->write; // Security check (enable the most restrictive one) @@ -65,9 +69,11 @@ $permission = $user->rights->hrm->skill->write; /* - * Add a new contact + * Action */ +// Add a new contact + if ($action == 'addcontact' && $permission) { $contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int')); $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type')); diff --git a/htdocs/hrm/skill_document.php b/htdocs/hrm/skill_document.php index c0fe492be06..2f9f8e0db81 100644 --- a/htdocs/hrm/skill_document.php +++ b/htdocs/hrm/skill_document.php @@ -20,9 +20,9 @@ */ /** - * \file skill_document.php - * \ingroup hrm - * \brief Tab for documents linked to skill + * \file htdocs/hrm/skill_document.php + * \ingroup hrm + * \brief Tab for documents linked to skill */ @@ -37,15 +37,15 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "companies", "other", "mails")); - +$langs->loadLangs(array('hrm', 'companies', 'other', 'mails')); +// Get Parameters $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm'); $id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); $ref = GETPOST('ref', 'alpha'); -// Get parameters +// Get Parameters for Pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); @@ -79,8 +79,9 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity ? $object->entity : $conf->entity]."/skill/".get_exdir(0, 0, 0, 1, $object); } +// Permissions $permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); diff --git a/htdocs/hrm/skill_list.php b/htdocs/hrm/skill_list.php index 65a3cac0ecf..664d54212a3 100644 --- a/htdocs/hrm/skill_list.php +++ b/htdocs/hrm/skill_list.php @@ -20,9 +20,9 @@ */ /** - * \file skill_list.php - * \ingroup hrm - * \brief List page for skill + * \file htdocs/hrm/skill_list.php + * \ingroup hrm + * \brief List page for skill */ @@ -40,8 +40,11 @@ require_once __DIR__.'/class/skill.class.php'; //dol_include_once('/othermodule/class/otherobject.class.php'); // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); + +// Get Parameters +$id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk actions ? @@ -49,10 +52,8 @@ $confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation $cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button $toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'skilllist'; // To manage different context of search -$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page -$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') - -$id = GETPOST('id', 'int'); +$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page +$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -130,8 +131,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -$permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; +// Permissions +$permissiontoread = $user->rights->hrm->all->read; +$permissiontoadd = $user->rights->hrm->all->write; $permissiontodelete = $user->rights->hrm->all->delete; // Security check diff --git a/htdocs/hrm/skill_note.php b/htdocs/hrm/skill_note.php index 45a0690f176..3b892e0694e 100644 --- a/htdocs/hrm/skill_note.php +++ b/htdocs/hrm/skill_note.php @@ -20,9 +20,9 @@ */ /** - * \file skill_note.php - * \ingroup hrm - * \brief Tab for notes on skill + * \file htdocs/hrm/skill_note.php + * \ingroup hrm + * \brief Tab for notes on skill */ @@ -33,12 +33,12 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "companies")); +$langs->loadLangs(array('hrm', 'companies')); // Get parameters -$id = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); @@ -56,7 +56,8 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity]."/".$object->id; } -$permissionnote = $user->rights->hrm->all->write; +// Permissions +$permissionnote = $user->rights->hrm->all->write; $permissiontoread = $user->rights->hrm->all->read; // Used by the include of actions_addupdatedelete.inc.php // Security check (enable the most restrictive one) diff --git a/htdocs/hrm/skill_tab.php b/htdocs/hrm/skill_tab.php index 393e20ba3c4..d479a843776 100644 --- a/htdocs/hrm/skill_tab.php +++ b/htdocs/hrm/skill_tab.php @@ -20,13 +20,12 @@ */ /** - * \file skill_tab.php - * \ingroup hrm - * \brief Page to add/delete/view skill to jobs/users + * \file htdocs/hrm/skill_tab.php + * \ingroup hrm + * \brief Page to add/delete/view skill to jobs/users */ - // Load Dolibarr environment require '../main.inc.php'; @@ -39,8 +38,9 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skillrank.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); +// Get Parameters $id = GETPOST('id', 'int'); $TSkillsToAdd = GETPOST('fk_skill', 'array'); $objecttype = GETPOST('objecttype', 'alpha'); @@ -73,8 +73,9 @@ $hookmanager->initHooks(array('skilltab', 'globalcard')); // Note that conf->hoo // Load object include DOL_DOCUMENT_ROOT . '/core/actions_fetchobject.inc.php'; // Must be include, not include_once. +// Permissions $permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php // Security check (enable the most restrictive one) if ($user->socid > 0) accessforbidden(); diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 1c46028b142..8e60b2a296c 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -97,7 +97,7 @@ if (!class_exists('FormSetup')) { $formSetup = new FormSetup($db); -// Hôte +// HTTP HOST $item = $formSetup->newItem('NO_PARAM_JUST_TEXT'); $item->fieldOverride = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST']; $item->cssClass = 'minwidth500'; @@ -106,7 +106,7 @@ $item->cssClass = 'minwidth500'; $item = $formSetup->newItem('MYMODULE_MYPARAM1'); $item->defaultFieldValue = 'default value'; -// Setup conf MYMODULE_MYPARAM1 as a simple textarea input but we replace the text of field title +// Setup conf MYMODULE_MYPARAM2 as a simple textarea input but we replace the text of field title $item = $formSetup->newItem('MYMODULE_MYPARAM2'); $item->nameText = $item->getNameText().' more html text ';