lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: A lot of bugs in project permission

Browse Source
This commit is contained in:
Laurent Destailleur 2010-05-30 20:25:08 +00:00
parent a7c809d0dd
commit 3c4aa3b085
10 changed files with 51 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/lib/project.lib.php
View File

@ -80,7 +80,7 @@ function project_prepare_head($object)
}
// Then tab for sub level of projet, i mean tasks
$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/fiche.php?id='.$object->id;
$head[$h][0] = DOL_URL_ROOT.'/projet/tasks.php?id='.$object->id;
$head[$h][1] = $langs->trans("Tasks");
$head[$h][2] = 'tasks';
$h++;
@ -349,8 +349,9 @@ function PLinesb(&$inc, $parent, $lines, &$level, &$projectsrole)
* @param $var Color
* @param $showproject Show project columns
* @param $taskrole Array of roles of user for each tasks
* @param $projectsListId List of id of project allowed to user (separated with comma)
*/
function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole)
function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole, $projectsListId='')
{
global $user, $bc, $langs;
@ -359,6 +360,8 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
$projectstatic = new Project($db);
$taskstatic = new Task($db);
$projectsArrayId=explode(',',$projectsListId);
for ($i = 0 ; $i < sizeof($lines) ; $i++)
{
if ($parent == 0) $level = 0;
@ -413,7 +416,8 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
$projectstatic->id=$lines[$i]->fk_project;
$projectstatic->ref=$lines[$i]->projectref;
$projectstatic->public=$lines[$i]->public;
print $projectstatic->getNomUrl(1);
if ($lines[$i]->public || in_array($lines[$i]->fk_project,$projectsArrayId)) print $projectstatic->getNomUrl(1);
else print $projectstatic->getNomUrl(1,'nolink');
if ($showlineingray) print '</i>';
print "</td>";
}
@ -436,7 +440,7 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
// Title of task
print "<td>";
if ($showlineingray) print '<i>';
else print '<a href="task.php?id='.$lines[$i]->id.'">';
else print '<a href="'.DOL_URL_ROOT.'/projet/tasks/task.php?id='.$lines[$i]->id.'">';
for ($k = 0 ; $k < $level ; $k++)
{
print "&nbsp; &nbsp; &nbsp;";
@ -466,7 +470,7 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
if (! $showlineingray) $inc++;
$level++;
if ($lines[$i]->id) PLines($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole);
if ($lines[$i]->id) PLines($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId);
$level--;
}
}

5
htdocs/projet/activity/index.php
View File

@ -89,6 +89,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND date_format(task_date,'%d%m%y') = ".strftime("%d%m%y",time());
$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@ -139,6 +140,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND date_format(date_add(task_date, INTERVAL 1 DAY),'%d%m%y') = ".strftime("%d%m%y",time());
$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@ -191,6 +193,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND week(task_date) = ".strftime("%W",time());
$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@ -241,6 +244,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND month(task_date) = ".strftime("%m",$now);
$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@ -284,6 +288,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND YEAR(task_date) = ".strftime("%Y",$now);
$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$var=false;

11
htdocs/projet/class/project.class.php
View File

@ -592,7 +592,7 @@ class Project extends CommonObject
/**
* \brief Renvoie nom clicable (avec eventuellement le picto)
* \param withpicto 0=Pas de picto, 1=Inclut le picto dans le lien, 2=Picto seul
* \param option Sur quoi pointe le lien
* \param option Variante ('', 'nolink')
* \return string Chaine avec URL
*/
function getNomUrl($withpicto=0,$option='')
@ -600,9 +600,14 @@ class Project extends CommonObject
global $langs;
$result='';
$lien='';
$lienfin='';
$lien = '<a href="'.DOL_URL_ROOT.'/projet/fiche.php?id='.$this->id.'">';
$lienfin='</a>';
if ($option != 'nolink')
{
$lien = '<a href="'.DOL_URL_ROOT.'/projet/fiche.php?id='.$this->id.'">';
$lienfin='</a>';
}
$picto='projectpub';
if (! $this->public) $picto='project';

6
htdocs/projet/tasks/fiche.php → htdocs/projet/tasks.php
View File

@ -19,13 +19,13 @@
*/
/**
* \file htdocs/projet/tasks/fiche.php
* \file htdocs/projet/tasks.php
* \ingroup projet
* \brief Fiche taches d'un projet
* \brief List all tasks of a project
* \version $Id$
*/
require ("../../main.inc.php");
require ("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");

2
htdocs/projet/tasks/contact.php
View File

@ -196,6 +196,8 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">';
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';

7
htdocs/projet/tasks/document.php
View File

@ -128,9 +128,10 @@ if ($action=='delete')
* View
*/
llxHeader('',$langs->trans('Project'));
$form = new Form($db);
$project = new Project($db);
llxHeader('',$langs->trans('Project'));
if ($id > 0 || ! empty($ref))
{
@ -154,6 +155,8 @@ if ($id > 0 || ! empty($ref))
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $form->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td>';
print '</tr>';

8
htdocs/projet/tasks/index.php
View File

@ -32,6 +32,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
$langs->load('projects');
$langs->load('users');
// Security check
$socid=0;
@ -77,9 +78,8 @@ else
else print $langs->trans("ProjectsPublicDesc").'<br><br>';
}
//$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
// Get list of project id allowed to user
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1);
// Get list of tasks in tasksarray and taskarrayfiltered
// We need all tasks (even not limited to a user because a task to user
// can have a parent that is not affected to him).
@ -97,7 +97,7 @@ print '<td align="right">'.$langs->trans("TimeSpent").'</td>';
print "</tr>\n";
// Show all lines in taskarray (recursive function to go down on tree)
$j=0; $level=0;
$nboftaskshown=PLines($j, 0, $tasksarray, $level, true, 1, $tasksrole);
$nboftaskshown=PLines($j, 0, $tasksarray, $level, true, 1, $tasksrole, $projectsListId);
print "</table>";
print '</div>';

3
htdocs/projet/tasks/note.php
View File

@ -90,6 +90,7 @@ if ($_POST['action'] == 'update_private' && $user->rights->projet->creer)
llxHeader();
$html = new Form($db);
$project = new Project($db);
$id = $_GET['id'];
$ref= $_GET['ref'];
@ -120,6 +121,8 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';

3
htdocs/projet/tasks/task.php
View File

@ -115,6 +115,7 @@ llxHeader("",$langs->trans("Task"));
$html = new Form($db);
$formother = new FormOther($db);
$project = new Project($db);
if ($taskid)
{
@ -215,6 +216,8 @@ if ($taskid)
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td>';
print '</tr>';

9
htdocs/projet/tasks/time.php
View File

@ -51,6 +51,11 @@ if ($_POST["action"] == 'addtimespent' && $user->rights->projet->creer)
$mesg='<div class="error">'.$langs->trans('ErrorFieldRequired',$langs->transnoentitiesnoconv("Duration")).'</div>';
$error++;
}
if (empty($_POST["userid"]))
{
$mesg='<div class="error">'.$langs->trans('ErrorUserNotAffectedToTask').'</div>';
$error++;
}
if (! $error)
{
@ -137,6 +142,8 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes" &&
* View
*/
$project=new Project($db);
llxHeader("",$langs->trans("Task"));
$html = new Form($db);
@ -177,6 +184,8 @@ if ($_GET["id"] > 0)
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';