From 06ec607f22d89e60e594976484fe3047f3173fad Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:27:02 +0200 Subject: [PATCH 01/12] Update skill_agenda.php --- htdocs/hrm/skill_agenda.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/htdocs/hrm/skill_agenda.php b/htdocs/hrm/skill_agenda.php index 23f98d75f3f..9646aaccb88 100644 --- a/htdocs/hrm/skill_agenda.php +++ b/htdocs/hrm/skill_agenda.php @@ -20,24 +20,24 @@ */ /** - * \file skill_agenda.php - * \ingroup hrm - * \brief Tab of events on skill + * \file htdocs/hrm/skill_agenda.php + * \ingroup hrm + * \brief Tab of events on skill */ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; +require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; +require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php'; +require_once DOL_DOCUMENT_ROOT . '/core/lib/functions2.lib.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); // Get parameters $id = GETPOST('id', 'int'); @@ -56,6 +56,7 @@ if (GETPOST('actioncode', 'array')) { } $search_agenda_label = GETPOST('search_agenda_label'); +// Get Parameters for Pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); @@ -87,6 +88,7 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity]."/".$object->id; } +// Permissions $permissiontoread = $user->rights->hrm->all->read; $permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php From 95a94a7c899e8882057fd2a57ec0dabbe30b27c3 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:29:11 +0200 Subject: [PATCH 02/12] Update skill_card.php --- htdocs/hrm/skill_card.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/htdocs/hrm/skill_card.php b/htdocs/hrm/skill_card.php index 4fd3a0bc28b..c057d0e0e31 100644 --- a/htdocs/hrm/skill_card.php +++ b/htdocs/hrm/skill_card.php @@ -20,9 +20,9 @@ */ /** - * \file skill_card.php + * \file htdocs/hrm/skill_card.php * \ingroup hrm - * \brief Page to create/edit/view skill + * \brief Page to create/edit/view skills */ @@ -36,7 +36,7 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other", 'products')); +$langs->loadLangs(array('hrm', 'other', 'products')); // why products? // Get parameters $id = GETPOST('id', 'int'); @@ -77,9 +77,9 @@ if (empty($action) && empty($id) && empty($ref)) { // Load object include DOL_DOCUMENT_ROOT . '/core/actions_fetchobject.inc.php'; // Must be include, not include_once. - -$permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +// Permissions +$permissiontoread = $user->rights->hrm->all->read; +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php $permissiontodelete = $user->rights->hrm->all->delete; $upload_dir = $conf->hrm->multidir_output[isset($object->entity) ? $object->entity : 1] . '/skill'; From c44725b080e34eecd382d4f01100278b73fb224b Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:32:08 +0200 Subject: [PATCH 03/12] Update skill_contact.php --- htdocs/hrm/skill_contact.php | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/htdocs/hrm/skill_contact.php b/htdocs/hrm/skill_contact.php index c5fe154557c..562421a5272 100644 --- a/htdocs/hrm/skill_contact.php +++ b/htdocs/hrm/skill_contact.php @@ -20,22 +20,25 @@ */ /** - * \file skill_contact.php - * \ingroup hrm - * \brief Tab for contacts linked to Skill + * \file htdocs/hrm/skill_contact.php + * \ingroup hrm + * \brief Tab for contacts linked to Skill */ // Load Dolibarr environment require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'; +require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php'; +require_once DOL_DOCUMENT_ROOT . '/core/class/html.formcompany.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; -// Load translation files required by the page -$langs->loadLangs(array("hrm", "companies", "other", "mails")); +// Load translation files required by the page +$langs->loadLangs(array('hrm', 'companies', 'other', 'mails')); + + +// Get Parameters $id = (GETPOST('id') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility $ref = GETPOST('ref', 'alpha'); $lineid = GETPOST('lineid', 'int'); @@ -53,6 +56,7 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals +// Permissions $permission = $user->rights->hrm->skill->write; // Security check (enable the most restrictive one) @@ -65,9 +69,11 @@ $permission = $user->rights->hrm->skill->write; /* - * Add a new contact + * Action */ +// Add a new contact + if ($action == 'addcontact' && $permission) { $contactid = (GETPOST('userid') ? GETPOST('userid', 'int') : GETPOST('contactid', 'int')); $typeid = (GETPOST('typecontact') ? GETPOST('typecontact') : GETPOST('type')); From fa3451fb7474c4ff93021f109a041f48feebce0c Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:34:40 +0200 Subject: [PATCH 04/12] Update skill_document.php --- htdocs/hrm/skill_document.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/htdocs/hrm/skill_document.php b/htdocs/hrm/skill_document.php index c0fe492be06..2f9f8e0db81 100644 --- a/htdocs/hrm/skill_document.php +++ b/htdocs/hrm/skill_document.php @@ -20,9 +20,9 @@ */ /** - * \file skill_document.php - * \ingroup hrm - * \brief Tab for documents linked to skill + * \file htdocs/hrm/skill_document.php + * \ingroup hrm + * \brief Tab for documents linked to skill */ @@ -37,15 +37,15 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "companies", "other", "mails")); - +$langs->loadLangs(array('hrm', 'companies', 'other', 'mails')); +// Get Parameters $action = GETPOST('action', 'aZ09'); $confirm = GETPOST('confirm'); $id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); $ref = GETPOST('ref', 'alpha'); -// Get parameters +// Get Parameters for Pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST('sortfield', 'aZ09comma'); $sortorder = GETPOST('sortorder', 'aZ09comma'); @@ -79,8 +79,9 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity ? $object->entity : $conf->entity]."/skill/".get_exdir(0, 0, 0, 1, $object); } +// Permissions $permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php // Security check (enable the most restrictive one) //if ($user->socid > 0) accessforbidden(); From 710f755efe126377b0e1d88d591e8c7dce67fa81 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:37:16 +0200 Subject: [PATCH 05/12] Update skill_list.php --- htdocs/hrm/skill_list.php | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/htdocs/hrm/skill_list.php b/htdocs/hrm/skill_list.php index 65a3cac0ecf..032dbcacdcd 100644 --- a/htdocs/hrm/skill_list.php +++ b/htdocs/hrm/skill_list.php @@ -20,9 +20,9 @@ */ /** - * \file skill_list.php - * \ingroup hrm - * \brief List page for skill + * \file htdocs/hrm/skill_list.php + * \ingroup hrm + * \brief List page for skill */ @@ -40,8 +40,11 @@ require_once __DIR__.'/class/skill.class.php'; //dol_include_once('/othermodule/class/otherobject.class.php'); // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); + +// Get Parameters +$id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09') ?GETPOST('action', 'aZ09') : 'view'; // The action 'add', 'create', 'edit', 'update', 'view', ... $massaction = GETPOST('massaction', 'alpha'); // The bulk action (combo box choice into lists) $show_files = GETPOST('show_files', 'int'); // Show files area generated by bulk actions ? @@ -49,10 +52,8 @@ $confirm = GETPOST('confirm', 'alpha'); // Result of a confirmation $cancel = GETPOST('cancel', 'alpha'); // We click on a Cancel button $toselect = GETPOST('toselect', 'array'); // Array of ids of elements selected into a list $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'skilllist'; // To manage different context of search -$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page -$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') - -$id = GETPOST('id', 'int'); +$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page +$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print') // Load variable for pagination $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; @@ -130,8 +131,9 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -$permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; +// Permissions +$permissiontoread = $user->rights->hrm->all->read; +$permissiontoadd = $user->rights->hrm->all->write; $permissiontodelete = $user->rights->hrm->all->delete; // Security check From 6d57f4f0c70c6bc38b005b2f5816795fcfb6d3cf Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Sun, 11 Sep 2022 09:38:05 +0000 Subject: [PATCH 06/12] Fixing style errors. --- htdocs/hrm/skill_list.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/hrm/skill_list.php b/htdocs/hrm/skill_list.php index 032dbcacdcd..664d54212a3 100644 --- a/htdocs/hrm/skill_list.php +++ b/htdocs/hrm/skill_list.php @@ -131,7 +131,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -// Permissions +// Permissions $permissiontoread = $user->rights->hrm->all->read; $permissiontoadd = $user->rights->hrm->all->write; $permissiontodelete = $user->rights->hrm->all->delete; From e617c2678b3f9ae088b03afa35bc5a9a7df3fa87 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:38:33 +0200 Subject: [PATCH 07/12] Update skill_note.php --- htdocs/hrm/skill_note.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/htdocs/hrm/skill_note.php b/htdocs/hrm/skill_note.php index 45a0690f176..3b892e0694e 100644 --- a/htdocs/hrm/skill_note.php +++ b/htdocs/hrm/skill_note.php @@ -20,9 +20,9 @@ */ /** - * \file skill_note.php - * \ingroup hrm - * \brief Tab for notes on skill + * \file htdocs/hrm/skill_note.php + * \ingroup hrm + * \brief Tab for notes on skill */ @@ -33,12 +33,12 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skill.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "companies")); +$langs->loadLangs(array('hrm', 'companies')); // Get parameters -$id = GETPOST('id', 'int'); +$id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09'); +$action = GETPOST('action', 'aZ09'); $cancel = GETPOST('cancel', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); @@ -56,7 +56,8 @@ if ($id > 0 || !empty($ref)) { $upload_dir = $conf->hrm->multidir_output[$object->entity]."/".$object->id; } -$permissionnote = $user->rights->hrm->all->write; +// Permissions +$permissionnote = $user->rights->hrm->all->write; $permissiontoread = $user->rights->hrm->all->read; // Used by the include of actions_addupdatedelete.inc.php // Security check (enable the most restrictive one) From 3752272f1b3cc0463dde249ec3b598e7f7d7d9a9 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:41:00 +0200 Subject: [PATCH 08/12] Update skill_tab.php --- htdocs/hrm/skill_tab.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/htdocs/hrm/skill_tab.php b/htdocs/hrm/skill_tab.php index 393e20ba3c4..d479a843776 100644 --- a/htdocs/hrm/skill_tab.php +++ b/htdocs/hrm/skill_tab.php @@ -20,13 +20,12 @@ */ /** - * \file skill_tab.php - * \ingroup hrm - * \brief Page to add/delete/view skill to jobs/users + * \file htdocs/hrm/skill_tab.php + * \ingroup hrm + * \brief Page to add/delete/view skill to jobs/users */ - // Load Dolibarr environment require '../main.inc.php'; @@ -39,8 +38,9 @@ require_once DOL_DOCUMENT_ROOT . '/hrm/class/skillrank.class.php'; require_once DOL_DOCUMENT_ROOT . '/hrm/lib/hrm_skill.lib.php'; // Load translation files required by the page -$langs->loadLangs(array("hrm", "other")); +$langs->loadLangs(array('hrm', 'other')); +// Get Parameters $id = GETPOST('id', 'int'); $TSkillsToAdd = GETPOST('fk_skill', 'array'); $objecttype = GETPOST('objecttype', 'alpha'); @@ -73,8 +73,9 @@ $hookmanager->initHooks(array('skilltab', 'globalcard')); // Note that conf->hoo // Load object include DOL_DOCUMENT_ROOT . '/core/actions_fetchobject.inc.php'; // Must be include, not include_once. +// Permissions $permissiontoread = $user->rights->hrm->all->read; -$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +$permissiontoadd = $user->rights->hrm->all->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php // Security check (enable the most restrictive one) if ($user->socid > 0) accessforbidden(); From 733a7d2c81e62c756adc00a0b13a02ddf495caef Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:42:59 +0200 Subject: [PATCH 09/12] Update skill_extrafields.php --- htdocs/hrm/admin/skill_extrafields.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/htdocs/hrm/admin/skill_extrafields.php b/htdocs/hrm/admin/skill_extrafields.php index adcf6277dd0..1ca37038e93 100644 --- a/htdocs/hrm/admin/skill_extrafields.php +++ b/htdocs/hrm/admin/skill_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/skill_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/skill_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm skills */ // Load Dolibarr environment @@ -48,6 +48,7 @@ $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_skill'; //Must be the $table_element of the class that manage extrafield +// Security check if (!$user->admin) { accessforbidden(); } From a5c216e16a4dd82f8e35aae9659de15834e5b43a Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:44:31 +0200 Subject: [PATCH 10/12] Update job_extrafields.php --- htdocs/hrm/admin/job_extrafields.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/hrm/admin/job_extrafields.php b/htdocs/hrm/admin/job_extrafields.php index 5d6ea5d6990..6af5f1ffc67 100644 --- a/htdocs/hrm/admin/job_extrafields.php +++ b/htdocs/hrm/admin/job_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/job_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/job_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm jobs */ // Load Dolibarr environment @@ -44,10 +44,12 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->transnoentitiesnoconv($val); } +// Get Parameters $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_job'; //Must be the $table_element of the class that manage extrafield +// Security Check if (!$user->admin) { accessforbidden(); } From f911e79b1cb0404a0434a1b89ed82579ba187fb5 Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Sun, 11 Sep 2022 11:46:13 +0200 Subject: [PATCH 11/12] Update evaluation_extrafields.php --- htdocs/hrm/admin/evaluation_extrafields.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/htdocs/hrm/admin/evaluation_extrafields.php b/htdocs/hrm/admin/evaluation_extrafields.php index 6513ea311e3..ddf20696ff7 100644 --- a/htdocs/hrm/admin/evaluation_extrafields.php +++ b/htdocs/hrm/admin/evaluation_extrafields.php @@ -21,9 +21,9 @@ */ /** - * \file admin/evaluation_extrafields.php - * \ingroup hrm - * \brief Page to setup extra fields of hrm + * \file htdocs/hrm/admin/evaluation_extrafields.php + * \ingroup hrm + * \brief Page to setup extra fields of hrm evaluation */ // Load Dolibarr environment @@ -44,10 +44,12 @@ foreach ($tmptype2label as $key => $val) { $type2label[$key] = $langs->transnoentitiesnoconv($val); } +// Get Parameters $action = GETPOST('action', 'aZ09'); $attrname = GETPOST('attrname', 'alpha'); $elementtype = 'hrm_evaluation'; //Must be the $table_element of the class that manage extrafield +// Security Check if (!$user->admin) { accessforbidden(); } From d90ca726f48cda5d0fafacd74c30eb787cdaff8e Mon Sep 17 00:00:00 2001 From: UT from dolibit <45215329+dolibit-ut@users.noreply.github.com> Date: Tue, 13 Sep 2022 08:53:02 +0200 Subject: [PATCH 12/12] Update setup.php --- htdocs/modulebuilder/template/admin/setup.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/modulebuilder/template/admin/setup.php b/htdocs/modulebuilder/template/admin/setup.php index 1c46028b142..8e60b2a296c 100644 --- a/htdocs/modulebuilder/template/admin/setup.php +++ b/htdocs/modulebuilder/template/admin/setup.php @@ -97,7 +97,7 @@ if (!class_exists('FormSetup')) { $formSetup = new FormSetup($db); -// Hôte +// HTTP HOST $item = $formSetup->newItem('NO_PARAM_JUST_TEXT'); $item->fieldOverride = (empty($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST']; $item->cssClass = 'minwidth500'; @@ -106,7 +106,7 @@ $item->cssClass = 'minwidth500'; $item = $formSetup->newItem('MYMODULE_MYPARAM1'); $item->defaultFieldValue = 'default value'; -// Setup conf MYMODULE_MYPARAM1 as a simple textarea input but we replace the text of field title +// Setup conf MYMODULE_MYPARAM2 as a simple textarea input but we replace the text of field title $item = $formSetup->newItem('MYMODULE_MYPARAM2'); $item->nameText = $item->getNameText().' more html text ';