From a8ecce9e6d1d8e550833f69c285ebb9ce0f7bc54 Mon Sep 17 00:00:00 2001 From: altatof Date: Sat, 5 May 2018 14:31:17 +0200 Subject: [PATCH 01/20] add hook for more permissions control --- htdocs/core/lib/security.lib.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 4cfc077f0be..15047b2f2d7 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -331,10 +331,17 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // is linked to a company allowed to $user. if (! empty($objectid) && $objectid > 0) { - $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select); - return $ok ? 1 : accessforbidden(); + if (!checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select)) + accessforbidden(); } + // get more permissions checks from hooks + global $hookmanager; + $hookmanager->initHooks(array('permissions')); + $parameters=array('features'=>$features,'objectid'=>preg_replace("/'/", '', $objectid),'idtype'=>$dbt_select); + $reshook=$hookmanager->executeHooks('restricted',$parameters); + if ($reshook < 0) accessforbidden(); + return 1; } From c2696996791a72e05db356035512902a4143bbd4 Mon Sep 17 00:00:00 2001 From: wdammak <26695620+wdammak@users.noreply.github.com> Date: Sat, 5 May 2018 13:33:34 +0100 Subject: [PATCH 02/20] Add model_pdf to warehouse module --- htdocs/core/modules/modStock.class.php | 83 ++++++++++++++++++++++++-- 1 file changed, 79 insertions(+), 4 deletions(-) diff --git a/htdocs/core/modules/modStock.class.php b/htdocs/core/modules/modStock.class.php index ca518ed8851..2cb53a52da4 100644 --- a/htdocs/core/modules/modStock.class.php +++ b/htdocs/core/modules/modStock.class.php @@ -60,7 +60,7 @@ class modStock extends DolibarrModules $this->picto='stock'; // Data directories to create when module is enabled - $this->dirs = array(); + $this->dirs = array("/stock/temp"); $this->config_page_url = array("stock.php"); @@ -70,9 +70,38 @@ class modStock extends DolibarrModules $this->langfiles = array("stocks"); // Constants - $this->const = array( - 0=>array('STOCK_ALLOW_NEGATIVE_TRANSFER','chaine','1','',1) - ); + $this->const = array(); + $r=0; + + $this->const[$r] = array('STOCK_ALLOW_NEGATIVE_TRANSFER','chaine','1','',1); + + $r++; + $this->const[$r][0] = "STOCK_ADDON_PDF"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "Standard"; + $this->const[$r][3] = 'Name of PDF model of stock'; + $this->const[$r][4] = 0; + + $r++; + $this->const[$r][0] = "MOUVEMENT_ADDON_PDF"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "StdMouvement"; + $this->const[$r][3] = 'Name of PDF model of stock mouvement'; + $this->const[$r][4] = 0; + + $r++; + $this->const[$r][0] = "STOCK_ADDON_PDF_ODT_PATH"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "DOL_DATA_ROOT/doctemplates/stocks"; + $this->const[$r][3] = ""; + $this->const[$r][4] = 0; + + $r++; + $this->const[$r][0] = "MOUVEMENT_ADDON_PDF_ODT_PATH"; + $this->const[$r][1] = "chaine"; + $this->const[$r][2] = "DOL_DATA_ROOT/doctemplates/stocks/mouvements"; + $this->const[$r][3] = ""; + $this->const[$r][4] = 0; // Boxes $this->boxes = array(); @@ -266,4 +295,50 @@ class modStock extends DolibarrModules ); } + + + /** + * Function called when module is enabled. + * The init function add constants, boxes, permissions and menus (defined in constructor) into Dolibarr database. + * It also creates data directories + * + * @param string $options Options when enabling module ('', 'noboxes') + * @return int 1 if OK, 0 if KO + */ + function init($options='') + { + global $conf,$langs; + + // Permissions + $this->remove($options); + + //ODT template + $src=DOL_DOCUMENT_ROOT.'/install/doctemplates/stock/template_stock.odt'; + $dirodt=DOL_DATA_ROOT.'/doctemplates/stock'; + $dest=$dirodt.'/template_stock.odt'; + + if (file_exists($src) && ! file_exists($dest)) + { + require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + dol_mkdir($dirodt); + $result=dol_copy($src,$dest,0,0); + if ($result < 0) + { + $langs->load("errors"); + $this->error=$langs->trans('ErrorFailToCopyFile',$src,$dest); + return 0; + } + } + + $sql = array(); + + $sql = array( + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[1][2])."' AND type = 'stock' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[1][2])."','stock',".$conf->entity.")", + "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[2][2])."' AND type = 'mouvement' AND entity = ".$conf->entity, + "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[2][2])."','mouvement',".$conf->entity.")", + ); + + return $this->_init($sql,$options); + } } From a2c93e56aef79e40ec0d35ccc3987442bba7178c Mon Sep 17 00:00:00 2001 From: delcroix Patrick Date: Sun, 6 May 2018 13:36:37 +0200 Subject: [PATCH 03/20] fixAdd properly the project models Previous code was adding only the Task model (project model where actually push during the installation) and only one of the two model available. --- htdocs/core/modules/modProjet.class.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/htdocs/core/modules/modProjet.class.php b/htdocs/core/modules/modProjet.class.php index ab837803349..d38fc743de1 100644 --- a/htdocs/core/modules/modProjet.class.php +++ b/htdocs/core/modules/modProjet.class.php @@ -352,15 +352,14 @@ class modProjet extends DolibarrModules } } - $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[0][2])."' AND type = 'project' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[0][2])."','project',".$conf->entity.")", - ); - - $sql = array( - "DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity, - "INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")" - ); + $sql = array(); + $sql[] ="DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = '".$this->db->escape($this->const[3][2])."' AND type = 'task' AND entity = ".$conf->entity; + $sql[] ="INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('".$this->db->escape($this->const[3][2])."','task',".$conf->entity.")"; + $sql[] ="DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'beluga' AND type = 'project' AND entity = ".$conf->entity; + $sql[] ="INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('beluga','project',".$conf->entity.")"; + $sql[] ="DELETE FROM ".MAIN_DB_PREFIX."document_model WHERE nom = 'baleine' AND type = 'project' AND entity = ".$conf->entity; + $sql[] ="INSERT INTO ".MAIN_DB_PREFIX."document_model (nom, type, entity) VALUES('baleine','project',".$conf->entity.")"; + return $this->_init($sql,$options); } From 5ac2b515174d2b5825e686db777c85947fc4da66 Mon Sep 17 00:00:00 2001 From: delcroix Patrick Date: Sun, 6 May 2018 17:29:30 +0200 Subject: [PATCH 04/20] new: log message for missing traduction It's often difficult to find out the missing translation --- htdocs/core/class/translate.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index 0df169a3c3e..ec3ed00a313 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -576,6 +576,7 @@ class Translate // TODO OrderSourceX must be replaced with content of table llx_c_input_reason or llx_c_input_method //$newstr=$this->getLabelFromKey($db,$reg[1],'c_ordersource','code','label'); } + dol_syslog(__METHOD__."missing translation ".$newstr." in ".$_SERVER["PHP_SELF"], LOG_DEBUG); return $newstr; } From de8bd3f8868aa3b72f4d4e00b29b46bdea455c20 Mon Sep 17 00:00:00 2001 From: Abbes Bahfir Date: Mon, 7 May 2018 08:31:40 +0100 Subject: [PATCH 05/20] New : Translate accountancy journal menu entries --- htdocs/core/menus/standard/eldy.lib.php | 3 ++- htdocs/install/mysql/data/llx_accounting_abc.sql | 14 +++++++------- htdocs/langs/en_US/accountancy.lang | 5 ++++- htdocs/langs/fr_FR/accountancy.lang | 4 +++- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 3d05ac3ceb3..4d3951f7b5e 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1069,7 +1069,8 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu if ($nature) { - $newmenu->add('/accountancy/journal/'.$nature.'journal.php?mainmenu=accountancy&leftmenu=accountancy_journal&id_journal='.$objp->rowid, dol_trunc($objp->label,25), 2, $user->rights->accounting->comptarapport->lire); + $langs->load('accountancy'); + $newmenu->add('/accountancy/journal/'.$nature.'journal.php?mainmenu=accountancy&leftmenu=accountancy_journal&id_journal='.$objp->rowid, $langs->trans($objp->label), 2, $user->rights->accounting->comptarapport->lire); } $i++; } diff --git a/htdocs/install/mysql/data/llx_accounting_abc.sql b/htdocs/install/mysql/data/llx_accounting_abc.sql index 6345768e6a8..e80de82b6ad 100644 --- a/htdocs/install/mysql/data/llx_accounting_abc.sql +++ b/htdocs/install/mysql/data/llx_accounting_abc.sql @@ -29,13 +29,13 @@ -- -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('VT', 'Sale Journal', 2, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('AC', 'Purchase Journal', 3, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('BQ', 'Bank Journal', 4, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('OD', 'Other Journal', 1, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('AN', 'Has new Journal', 9, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('ER', 'Expense Report Journal', 5, 1, 1); -INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('INV', 'Inventory Journal' , 8, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('VT', 'ACCOUNTING_SELL_JOURNAL', 2, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('AC', 'ACCOUNTING_PURCHASE_JOURNAL', 3, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('BQ', 'FinanceJournal', 4, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('OD', 'ACCOUNTING_MISCELLANEOUS_JOURNAL', 1, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('AN', 'ACCOUNTING_HAS_NEW_JOURNAL', 9, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('ER', 'ExpenseReportsJournal', 5, 1, 1); +INSERT INTO llx_accounting_journal (code, label, nature, active, entity) VALUES ('INV', 'InventoryJournal' , 8, 1, 1); -- Description of chart of account FR PCG99-ABREGE diff --git a/htdocs/langs/en_US/accountancy.lang b/htdocs/langs/en_US/accountancy.lang index f3acb7ac39c..a7b7e345682 100644 --- a/htdocs/langs/en_US/accountancy.lang +++ b/htdocs/langs/en_US/accountancy.lang @@ -137,6 +137,7 @@ ACCOUNTING_PURCHASE_JOURNAL=Purchase journal ACCOUNTING_MISCELLANEOUS_JOURNAL=Miscellaneous journal ACCOUNTING_EXPENSEREPORT_JOURNAL=Expense report journal ACCOUNTING_SOCIAL_JOURNAL=Social journal +ACCOUNTING_HAS_NEW_JOURNAL=Has new Journal ACCOUNTING_ACCOUNT_TRANSFER_CASH=Accounting account of transfer ACCOUNTING_ACCOUNT_SUSPENSE=Accounting account of wait @@ -294,4 +295,6 @@ Binded=Lines bound ToBind=Lines to bind UseMenuToSetBindindManualy=Autodection not possible, use menu %s to make the binding manually -WarningReportNotReliable=Warning, this report is not based on the Ledger, so does not contains transaction modified manualy in the Ledger. If your journalization is up to date, the bookkeeping view is more accurate. +WarningReportNotReliable=Warning, this report is not based on the Ledger, so does not contains transaction modified manualy in the Ledger. If your journalization is up to date, the bookkeeping view is more accurate. +ExpenseReportJournal=Expense Report Journal +InventoryJournal=Inventory Journal diff --git a/htdocs/langs/fr_FR/accountancy.lang b/htdocs/langs/fr_FR/accountancy.lang index 0bb7e235410..2ff8dc59dd9 100644 --- a/htdocs/langs/fr_FR/accountancy.lang +++ b/htdocs/langs/fr_FR/accountancy.lang @@ -133,9 +133,10 @@ BANK_DISABLE_DIRECT_INPUT=Désactiver la saisie directe de transactions en banqu ACCOUNTING_SELL_JOURNAL=Journal des ventes ACCOUNTING_PURCHASE_JOURNAL=Journal des achats -ACCOUNTING_MISCELLANEOUS_JOURNAL=Journal des opérations diverses +ACCOUNTING_MISCELLANEOUS_JOURNAL=Journal des ops. diverses ACCOUNTING_EXPENSEREPORT_JOURNAL=Journal des notes de frais ACCOUNTING_SOCIAL_JOURNAL=Journal de paie +ACCOUNTING_HAS_NEW_JOURNAL=Journal d'ouverture ACCOUNTING_ACCOUNT_TRANSFER_CASH=Compte comptable de tranfert ACCOUNTING_ACCOUNT_SUSPENSE=Compte comptable d'attente @@ -294,3 +295,4 @@ ToBind=Lignes à lier UseMenuToSetBindindManualy=L'autodection n'est pas possible, utilisez le menu %s pour effectuer la liaison manuellement WarningReportNotReliable=Attention : ce rapport n'est pas basé sur le grand livre et ne contient donc pas les écritures manuelles qui lui ont été ajoutées. Si votre journalisation est à jour, la vue depuis le grand livre sera plus précise. +InventoryJournal=Journal d'inventaire From fd9b6365a76883b487870225d36df6a90c06e038 Mon Sep 17 00:00:00 2001 From: Abbes Bahfir Date: Mon, 7 May 2018 09:19:45 +0100 Subject: [PATCH 06/20] New : Translate list element in journal selection --- htdocs/core/class/html.formaccounting.class.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/htdocs/core/class/html.formaccounting.class.php b/htdocs/core/class/html.formaccounting.class.php index 18cf165e641..17e437f5223 100644 --- a/htdocs/core/class/html.formaccounting.class.php +++ b/htdocs/core/class/html.formaccounting.class.php @@ -64,7 +64,7 @@ class FormAccounting extends Form */ function select_journal($selectid, $htmlname = 'journal', $nature=0, $showempty = 0, $select_in = 0, $select_out = 0, $morecss='maxwidth300 maxwidthonsmartphone', $usecache='', $disabledajaxcombo=0) { - global $conf; + global $conf,$langs; $out = ''; @@ -93,9 +93,10 @@ class FormAccounting extends Form } $selected = 0; + $langs->load('accountancy'); while ($obj = $this->db->fetch_object($resql)) { - $label = $obj->code . ' - ' . $obj->label; + $label = $obj->code . ' - ' . $langs->trans($obj->label); $select_value_in = $obj->rowid; $select_value_out = $obj->rowid; From 5bc9799bf1d48e232cd8b11d430b974264b88331 Mon Sep 17 00:00:00 2001 From: ATM-Nicolas Date: Mon, 7 May 2018 16:30:22 +0200 Subject: [PATCH 07/20] FIX : Drag and drop lines with extrafields --- htdocs/core/tpl/ajaxrow.tpl.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/tpl/ajaxrow.tpl.php b/htdocs/core/tpl/ajaxrow.tpl.php index 070eefc0ff0..4ae64ea82ed 100644 --- a/htdocs/core/tpl/ajaxrow.tpl.php +++ b/htdocs/core/tpl/ajaxrow.tpl.php @@ -55,6 +55,7 @@ $(document).ready(function(){ var reloadpage = ""; console.log("tableDND onDrop"); console.log(decodeURI($("#").tableDnDSerialize())); + $('# tr[data-element=extrafield]').attr('id', ''); // Set extrafields id to empty value in order to ignore them in tableDnDSerialize function var roworder = cleanSerialize(decodeURI($("#").tableDnDSerialize())); var table_element_line = ""; var fk_element = ""; From fb9ace010fdb0e07ef0c8cd75f31f7fa4224ec05 Mon Sep 17 00:00:00 2001 From: ATM-Nicolas Date: Mon, 7 May 2018 17:16:20 +0200 Subject: [PATCH 08/20] FIX : Missing translations --- htdocs/langs/en_US/categories.lang | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/langs/en_US/categories.lang b/htdocs/langs/en_US/categories.lang index 8b38b2f1f42..c0c8d4c0cef 100644 --- a/htdocs/langs/en_US/categories.lang +++ b/htdocs/langs/en_US/categories.lang @@ -85,3 +85,4 @@ CategorieRecursivHelp=If activated, product will also linked to parent category AddProductServiceIntoCategory=Add the following product/service ShowCategory=Show tag/category ByDefaultInList=By default in list +ChooseCategory=Choose category From 415b7425fdbaadf26e24428f508526f395182931 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 8 May 2018 09:45:10 +0200 Subject: [PATCH 09/20] NEW add pdf function to check if pdf file is protected/encrypted --- htdocs/core/lib/pdf.lib.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/htdocs/core/lib/pdf.lib.php b/htdocs/core/lib/pdf.lib.php index e2c01f90f47..b0cda2ecd6a 100644 --- a/htdocs/core/lib/pdf.lib.php +++ b/htdocs/core/lib/pdf.lib.php @@ -169,6 +169,25 @@ function pdf_getInstance($format='',$metric='mm',$pagetype='P') return $pdf; } +/** + * Return if pdf file is protected/encrypted + * + * @param TCPDF $pdf PDF initialized object + * @param string $pathoffile Path of file + * @return boolean True or false + */ +function pdf_getEncryption(&$pdf, $pathoffile) +{ + $isencrypted = false; + + $pdfparser = $pdf->_getPdfParser($pathoffile); + $data = $pdfparser->getParsedData(); + if (isset($data[0]['trailer'][1]['/Encrypt'])) { + $isencrypted = true; + } + + return $isencrypted; +} /** * Return font name to use for PDF generation From 70527e64c51be73c1e621b33682cc76c6df5e1b2 Mon Sep 17 00:00:00 2001 From: Ferran Marcet Date: Tue, 8 May 2018 18:15:02 +0200 Subject: [PATCH 10/20] New: Add Date delivery and Availability on Propals List --- htdocs/comm/propal/list.php | 102 +++++++++++++++++++++++++- htdocs/core/class/html.form.class.php | 3 +- 2 files changed, 100 insertions(+), 5 deletions(-) diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index d5d155ce0bf..ced465dfdb7 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -10,7 +10,7 @@ * Copyright (C) 2012 Christophe Battarel * Copyright (C) 2013 Cédric Salvador * Copyright (C) 2015 Jean-François Ferry - * Copyright (C) 2016 Ferran Marcet + * Copyright (C) 2016-2018 Ferran Marcet * Copyright (C) 2017 Charlene Benke * Copyright (C) 2018 Nicolas ZABOURI * @@ -44,7 +44,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; -$langs->loadLangs(array('companies','propal','compta','bills','orders','products')); +$langs->loadLangs(array('companies','propal','compta','bills','orders','products','deliveries')); $socid=GETPOST('socid','int'); @@ -76,6 +76,13 @@ $search_type_thirdparty=GETPOST("search_type_thirdparty",'int'); $search_day=GETPOST("search_day","int"); $search_month=GETPOST("search_month","int"); $search_year=GETPOST("search_year","int"); +$search_dayfin=GETPOST("search_dayfin","int"); +$search_monthfin=GETPOST("search_monthfin","int"); +$search_yearfin=GETPOST("search_yearfin","int"); +$search_daydelivery=GETPOST("search_daydelivery","int"); +$search_monthdelivery=GETPOST("search_monthdelivery","int"); +$search_yeardelivery=GETPOST("search_yeardelivery","int"); +$search_availability=GETPOST('search_availability','int'); $search_categ_cus=trim(GETPOST("search_categ_cus",'int')); $viewstatut=GETPOST('viewstatut','alpha'); @@ -145,6 +152,8 @@ $arrayfields=array( 'typent.code'=>array('label'=>$langs->trans("ThirdPartyType"), 'checked'=>$checkedtypetiers), 'p.date'=>array('label'=>$langs->trans("Date"), 'checked'=>1), 'p.fin_validite'=>array('label'=>$langs->trans("DateEnd"), 'checked'=>1), + 'p.date_livraison'=>array('label'=>$langs->trans("DeliveryDate"), 'checked'=>0), + 'ava.rowid'=>array('label'=>$langs->trans("AvailabilityPeriod"), 'checked'=>0), 'p.total_ht'=>array('label'=>$langs->trans("AmountHT"), 'checked'=>1), 'p.total_vat'=>array('label'=>$langs->trans("AmountVAT"), 'checked'=>0), 'p.total_ttc'=>array('label'=>$langs->trans("AmountTTC"), 'checked'=>0), @@ -202,6 +211,13 @@ if (GETPOST('button_removefilter_x','alpha') || GETPOST('button_removefilter.x', $search_year=''; $search_month=''; $search_day=''; + $search_yearfin=''; + $search_monthfin=''; + $search_dayfin=''; + $search_yeardelivery=''; + $search_monthdelivery=''; + $search_daydelivery=''; + $search_availability=''; $viewstatut=''; $object_statut=''; $toselect=''; @@ -245,8 +261,9 @@ $sql = 'SELECT'; if ($sall || $search_product_category > 0) $sql = 'SELECT DISTINCT'; $sql.= ' s.rowid as socid, s.nom as name, s.email, s.town, s.zip, s.fk_pays, s.client, s.code_client, '; $sql.= " typent.code as typent_code,"; +$sql.= " ava.rowid as availability,"; $sql.= " state.code_departement as state_code, state.nom as state_name,"; -$sql.= ' p.rowid, p.entity, p.note_private, p.total_ht, p.tva as total_vat, p.total as total_ttc, p.localtax1, p.localtax2, p.ref, p.ref_client, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,'; +$sql.= ' p.rowid, p.entity, p.note_private, p.total_ht, p.tva as total_vat, p.total as total_ttc, p.localtax1, p.localtax2, p.ref, p.ref_client, p.fk_statut, p.fk_user_author, p.datep as dp, p.fin_validite as dfv,p.date_livraison as ddelivery,'; $sql.= ' p.datec as date_creation, p.tms as date_update,'; $sql.= " pr.rowid as project_id, pr.ref as project_ref,"; if (! $user->rights->societe->client->voir && ! $socid) $sql .= " sc.fk_soc, sc.fk_user,"; @@ -271,6 +288,7 @@ if ($sall || $search_product_category > 0) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.' if ($search_product_category > 0) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product=pd.fk_product'; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'user as u ON p.fk_user_author = u.rowid'; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet as pr ON pr.rowid = p.fk_projet"; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_availability as ava on (ava.rowid = p.fk_availability)"; // We'll need this table joined to the select in order to filter by sale if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; if ($search_user > 0) @@ -292,6 +310,7 @@ if ($search_type_thirdparty) $sql .= " AND s.fk_typent IN (".$db->escape($search if ($search_ref) $sql .= natural_search('p.ref', $search_ref); if ($search_refcustomer) $sql .= natural_search('p.ref_client', $search_refcustomer); if ($search_refproject) $sql .= natural_search('pr.ref', $search_refprojet); +if ($search_availability) $sql .= " AND p.fk_availability IN (".$db->escape($search_availability).')'; if ($search_societe) $sql .= natural_search('s.nom', $search_societe); if ($search_login) $sql .= natural_search("u.login", $search_login); @@ -323,6 +342,32 @@ else if ($search_year > 0) { $sql.= " AND p.datep BETWEEN '".$db->idate(dol_get_first_day($search_year,1,false))."' AND '".$db->idate(dol_get_last_day($search_year,12,false))."'"; } +if ($search_monthfin > 0) +{ + if ($search_yearfin > 0 && empty($search_dayfin)) + $sql.= " AND p.fin_validite BETWEEN '".$db->idate(dol_get_first_day($search_yearfin,$search_monthfin,false))."' AND '".$db->idate(dol_get_last_day($search_yearfin,$search_monthfin,false))."'"; + else if ($search_yearfin > 0 && ! empty($search_dayfin)) + $sql.= " AND p.fin_validite BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $search_monthfin, $search_dayfin, $search_yearfin))."' AND '".$db->idate(dol_mktime(23, 59, 59, $search_monthfin, $search_dayfin, $search_yearfin))."'"; + else + $sql.= " AND date_format(p.fin_validite, '%m') = '".$db->escape($search_monthfin)."'"; +} +else if ($search_yearfin > 0) +{ + $sql.= " AND p.fin_validite BETWEEN '".$db->idate(dol_get_first_day($search_yearfin,1,false))."' AND '".$db->idate(dol_get_last_day($search_yearfin,12,false))."'"; +} +if ($search_monthdelivery > 0) +{ + if ($search_yeardelivery > 0 && empty($search_daydelivery)) + $sql.= " AND p.date_livraison BETWEEN '".$db->idate(dol_get_first_day($search_yeardelivery,$search_monthdelivery,false))."' AND '".$db->idate(dol_get_last_day($search_yeardelivery,$search_monthdelivery,false))."'"; + else if ($search_yeardelivery > 0 && ! empty($search_daydelivery)) + $sql.= " AND p.date_livraison BETWEEN '".$db->idate(dol_mktime(0, 0, 0, $search_monthdelivery, $search_daydelivery, $search_yeardelivery))."' AND '".$db->idate(dol_mktime(23, 59, 59, $search_monthdelivery, $search_daydelivery, $search_yeardelivery))."'"; + else + $sql.= " AND date_format(p.date_livraison, '%m') = '".$db->escape($search_monthdelivery)."'"; +} +else if ($search_yeardelivery > 0) +{ + $sql.= " AND p.date_livraison BETWEEN '".$db->idate(dol_get_first_day($search_yeardelivery,1,false))."' AND '".$db->idate(dol_get_last_day($search_yeardelivery,12,false))."'"; +} if ($search_sale > 0) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$db->escape($search_sale); if ($search_user > 0) { @@ -566,7 +611,32 @@ if ($resql) // Date end if (! empty($arrayfields['p.fin_validite']['checked'])) { - print ' '; + print ''; + //print $langs->trans('Month').': '; + if (! empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) print ''; + print ''; + //print ' '.$langs->trans('Year').': '; + $formother->select_year($search_yearfin,'search_yearfin',1, 20, 5); + print ''; + } + // Date delivery + if (! empty($arrayfields['p.date_livraison']['checked'])) + { + print ''; + //print $langs->trans('Month').': '; + if (! empty($conf->global->MAIN_LIST_FILTER_ON_DAY)) print ''; + print ''; + //print ' '.$langs->trans('Year').': '; + $formother->select_year($search_yeardelivery,'search_yeardelivery',1, 20, 5); + print ''; + } + // Availability + if (! empty($arrayfields['ava.rowid']['checked'])) + { + print ''; + print $form->selectAvailabilityDelay($search_availability, 'search_availability', '', 1); + print ajax_combobox('search_availability'); + print ''; } if (! empty($arrayfields['p.total_ht']['checked'])) { @@ -644,6 +714,8 @@ if ($resql) if (! empty($arrayfields['typent.code']['checked'])) print_liste_field_titre($arrayfields['typent.code']['label'],$_SERVER["PHP_SELF"],"typent.code","",$param,'align="center"',$sortfield,$sortorder); if (! empty($arrayfields['p.date']['checked'])) print_liste_field_titre($arrayfields['p.date']['label'],$_SERVER["PHP_SELF"],'p.datep','',$param, 'align="center"',$sortfield,$sortorder); if (! empty($arrayfields['p.fin_validite']['checked'])) print_liste_field_titre($arrayfields['p.fin_validite']['label'],$_SERVER["PHP_SELF"],'dfv','',$param, 'align="center"',$sortfield,$sortorder); + if (! empty($arrayfields['p.date_livraison']['checked'])) print_liste_field_titre($arrayfields['p.date_livraison']['label'],$_SERVER["PHP_SELF"],'ddelivery','',$param, 'align="center"',$sortfield,$sortorder); + if (! empty($arrayfields['ava.rowid']['checked'])) print_liste_field_titre($arrayfields['ava.rowid']['label'],$_SERVER["PHP_SELF"],'availability','',$param, '',$sortfield,$sortorder); if (! empty($arrayfields['p.total_ht']['checked'])) print_liste_field_titre($arrayfields['p.total_ht']['label'],$_SERVER["PHP_SELF"],'p.total_ht','',$param, 'align="right"',$sortfield,$sortorder); if (! empty($arrayfields['p.total_vat']['checked'])) print_liste_field_titre($arrayfields['p.total_vat']['label'],$_SERVER["PHP_SELF"],'p.tva','',$param, 'align="right"',$sortfield,$sortorder); if (! empty($arrayfields['p.total_ttc']['checked'])) print_liste_field_titre($arrayfields['p.total_ttc']['label'],$_SERVER["PHP_SELF"],'p.total','',$param, 'align="right"',$sortfield,$sortorder); @@ -809,6 +881,28 @@ if ($resql) } if (! $i) $totalarray['nbfield']++; } + // Date delivery + if (! empty($arrayfields['p.date_livraison']['checked'])) + { + if ($obj->ddelivery) + { + print ''.dol_print_date($db->jdate($obj->ddelivery),'day'); + print ''; + } + else + { + print ' '; + } + if (! $i) $totalarray['nbfield']++; + } + // Availability + if (! empty($arrayfields['ava.rowid']['checked'])) + { + print ''; + $form->form_availability('', $obj->availability, 'none', 1); + print ''; + if (! $i) $totalarray['nbfield']++; + } // Amount HT if (! empty($arrayfields['p.total_ht']['checked'])) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index c02ada175fd..fa606639bcc 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -16,6 +16,7 @@ * Copyright (C) 2012 Cedric Salvador * Copyright (C) 2012-2015 Raphaël Doursenaud * Copyright (C) 2014 Alexandre Spangaro + * Copyright (C) 2018 Ferran Marcet * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -2903,7 +2904,7 @@ class Form dol_syslog(__METHOD__." selected=".$selected.", htmlname=".$htmlname, LOG_DEBUG); - print ''; if ($addempty) print ''; foreach($this->cache_availability as $id => $arrayavailability) { From ea4c48047a80e19ddc458cdf24795cd09c21b27c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:30:27 +0200 Subject: [PATCH 11/20] All new hooks must be addreplace hooks --- htdocs/core/lib/security.lib.php | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 15047b2f2d7..b599fac3cfb 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -111,21 +111,23 @@ function dol_hash($chain,$type=0) */ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $objcanvas=null) { - global $db, $conf; + global $db, $conf; + global $hookmanager; //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select"); //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid; //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."
"; - // If we use canvas, we try to use function that overlod restrictarea if provided with canvas - if (is_object($objcanvas)) - { - if (method_exists($objcanvas->control,'restrictedArea')) return $objcanvas->control->restrictedArea($user,$features,$objectid,$dbtablename,$feature2,$dbt_keyfield,$dbt_select); - } - if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'"; + // Get more permissions checks from hooks + $hookmanager->initHooks(array('permissions')); + $parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); + $reshook=$hookmanager->executeHooks('restrictedArea',$parameters); + if (isset($hookmanager->resArray['result']) && empty($hookmanager->resArray['result']) return false; + if ($reshook > 0) return true; + // Features/modules to check $featuresarray = array($features); if (preg_match('/&/', $features)) $featuresarray = explode("&", $features); @@ -206,7 +208,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check write permission from module $createok=1; $nbko=0; - if (GETPOST("action") == 'create') + if (GETPOST("action","apha") == 'create') { foreach ($featuresarray as $feature) { @@ -261,7 +263,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check create user permission $createuserok=1; - if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') + if (GETPOST("action","alpha") == 'confirm_create_user' && GETPOST("confirm","alpha") == 'yes') { if (! $user->rights->user->user->creer) $createuserok=0; @@ -271,7 +273,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Check delete permission from module $deleteok=1; $nbko=0; - if ((GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes') || GETPOST("action") == 'delete') + if ((GETPOST("action","alpha") == 'confirm_delete' && GETPOST("confirm","alpha") == 'yes') || GETPOST("action","alpha") == 'delete') { foreach ($featuresarray as $feature) { @@ -335,13 +337,6 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu accessforbidden(); } - // get more permissions checks from hooks - global $hookmanager; - $hookmanager->initHooks(array('permissions')); - $parameters=array('features'=>$features,'objectid'=>preg_replace("/'/", '', $objectid),'idtype'=>$dbt_select); - $reshook=$hookmanager->executeHooks('restricted',$parameters); - if ($reshook < 0) accessforbidden(); - return 1; } From 0891766a3e631068e17363be7d8a5b532dc5b226 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:31:27 +0200 Subject: [PATCH 12/20] Update security.lib.php --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index b599fac3cfb..86226587416 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -333,8 +333,8 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // is linked to a company allowed to $user. if (! empty($objectid) && $objectid > 0) { - if (!checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select)) - accessforbidden(); + $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select); + if (!checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select)) + return $ok ? 1 : accessforbidden(); } return 1; From 7be804dcf552f62639bd29ff494e08ad70c8381c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:32:08 +0200 Subject: [PATCH 13/20] Update security.lib.php --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 86226587416..14c9be76abe 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -333,8 +333,8 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // is linked to a company allowed to $user. if (! empty($objectid) && $objectid > 0) { - $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select); + if (!checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select)) - return $ok ? 1 : accessforbidden(); + $ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select); + return $ok ? 1 : accessforbidden(); } return 1; From bc9eaaab8407f2b640b04fb43d6a383111ce4ff8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:34:20 +0200 Subject: [PATCH 14/20] Update security.lib.php --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 14c9be76abe..ceebdd63681 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -125,8 +125,8 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu $hookmanager->initHooks(array('permissions')); $parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); $reshook=$hookmanager->executeHooks('restrictedArea',$parameters); - if (isset($hookmanager->resArray['result']) && empty($hookmanager->resArray['result']) return false; - if ($reshook > 0) return true; + if (! empty($hookmanager->resArray['result']) return true; + if ($reshook > 0) return false; // Features/modules to check $featuresarray = array($features); From 9077f18dd683c43896096353bfd16575b34186c5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:37:22 +0200 Subject: [PATCH 15/20] Update security.lib.php --- htdocs/core/lib/security.lib.php | 1 - 1 file changed, 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 5101772ac66..f89bba09a76 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -189,7 +189,6 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'"; // Get more permissions checks from hooks - $hookmanager->initHooks(array('permissions')); $parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); $reshook=$hookmanager->executeHooks('restrictedArea',$parameters); if (! empty($hookmanager->resArray['result']) return true; From 56b80d81dd94f23dcf7c4267de44e819725b453a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:39:29 +0200 Subject: [PATCH 16/20] Declare hook as addreplace hook --- htdocs/core/class/hookmanager.class.php | 1 + 1 file changed, 1 insertion(+) diff --git a/htdocs/core/class/hookmanager.class.php b/htdocs/core/class/hookmanager.class.php index 5c1f1358784..cd33f1d8d02 100644 --- a/htdocs/core/class/hookmanager.class.php +++ b/htdocs/core/class/hookmanager.class.php @@ -182,6 +182,7 @@ class HookManager 'printTabsHead', 'printObjectLine', 'printObjectSubLine', + 'restrictedArea', 'sendMail', 'sendMailAfter', 'showLinkToObjectBlock', From 4efc9f95cd03be3234da33bba149796feb9d1b93 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:48:18 +0200 Subject: [PATCH 17/20] FIX #8775 (try better fix) --- htdocs/compta/ajaxpayment.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/compta/ajaxpayment.php b/htdocs/compta/ajaxpayment.php index 01fe12e50f4..5e83b3032c1 100644 --- a/htdocs/compta/ajaxpayment.php +++ b/htdocs/compta/ajaxpayment.php @@ -61,7 +61,7 @@ foreach ($remains as $key => $value) } // Treatment -$result = $amountPayment != '' ? ($amountPayment - array_sum($amounts)) : ($amountPayment + array_sum($amounts)); // Remaining amountPayment +$result = ($amountPayment != '') ? ($amountPayment - array_sum($amounts)) : array_sum($amounts); // Remaining amountPayment $toJsonArray = array(); $totalRemaining = price2num(array_sum($remains)); $toJsonArray['label'] = $amountPayment == '' ? '' : $langs->transnoentities('RemainingAmountPayment'); From f476e3e304e30acb079c2ee426a2f84f0be09d37 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 11:56:49 +0200 Subject: [PATCH 18/20] Update translate.class.php --- htdocs/core/class/translate.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php index ec3ed00a313..55b853f5c8e 100644 --- a/htdocs/core/class/translate.class.php +++ b/htdocs/core/class/translate.class.php @@ -576,7 +576,7 @@ class Translate // TODO OrderSourceX must be replaced with content of table llx_c_input_reason or llx_c_input_method //$newstr=$this->getLabelFromKey($db,$reg[1],'c_ordersource','code','label'); } - dol_syslog(__METHOD__."missing translation ".$newstr." in ".$_SERVER["PHP_SELF"], LOG_DEBUG); + dol_syslog(__METHOD__."missing translation for key '".$newstr."' in ".$_SERVER["PHP_SELF"], LOG_DEBUG); return $newstr; } From c094a6c43ed41c0af0027cd27399a9eaf683f065 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 12:29:58 +0200 Subject: [PATCH 19/20] Reorder permissions --- htdocs/core/lib/security.lib.php | 4 +- htdocs/core/modules/modFournisseur.class.php | 45 ++++++++------------ 2 files changed, 20 insertions(+), 29 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index f89bba09a76..45a96f9a527 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -191,9 +191,9 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu // Get more permissions checks from hooks $parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); $reshook=$hookmanager->executeHooks('restrictedArea',$parameters); - if (! empty($hookmanager->resArray['result']) return true; + if (! empty($hookmanager->resArray['result'])) return true; if ($reshook > 0) return false; - + // Features/modules to check $featuresarray = array($features); if (preg_match('/&/', $features)) $featuresarray = explode("&", $features); diff --git a/htdocs/core/modules/modFournisseur.class.php b/htdocs/core/modules/modFournisseur.class.php index 69e749a4c92..cfac00e14c1 100644 --- a/htdocs/core/modules/modFournisseur.class.php +++ b/htdocs/core/modules/modFournisseur.class.php @@ -165,14 +165,6 @@ class modFournisseur extends DolibarrModules $this->rights[$r][4] = 'commande'; $this->rights[$r][5] = 'approuver'; - /*$r++; - $this->rights[$r][0] = 1191; - $this->rights[$r][1] = 'Approuver une commande fournisseur (si supérieur hiérarchique)'; - $this->rights[$r][2] = 'w'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'commande'; - $this->rights[$r][5] = 'approve_ifsupervisor_advance';*/ - $r++; $this->rights[$r][0] = 1186; $this->rights[$r][1] = 'Commander une commande fournisseur'; @@ -205,6 +197,24 @@ class modFournisseur extends DolibarrModules $this->rights[$r][4] = 'commande'; $this->rights[$r][5] = 'supprimer'; + if (! empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) + { + $r++; + $this->rights[$r][0] = 1190; + $this->rights[$r][1] = 'Approve supplier order (second level)'; // $langs->trans("Permission1190"); + $this->rights[$r][2] = 'w'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'commande'; + $this->rights[$r][5] = 'approve2'; + } + + $r++; + $this->rights[$r][0] = 1191; + $this->rights[$r][1] = 'Exporter les commande fournisseurs, attributs'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'commande'; + $this->rights[$r][5] = 'export'; $r++; $this->rights[$r][0] = 1231; @@ -254,25 +264,6 @@ class modFournisseur extends DolibarrModules $this->rights[$r][4] = 'facture'; $this->rights[$r][5] = 'export'; - $r++; - $this->rights[$r][0] = 1237; - $this->rights[$r][1] = 'Exporter les commande fournisseurs, attributs'; - $this->rights[$r][2] = 'r'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'commande'; - $this->rights[$r][5] = 'export'; - - if (! empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) - { - $r++; - $this->rights[$r][0] = 1190; - $this->rights[$r][1] = 'Approve supplier order (second level)'; // $langs->trans("Permission1190"); - $this->rights[$r][2] = 'w'; - $this->rights[$r][3] = 0; - $this->rights[$r][4] = 'commande'; - $this->rights[$r][5] = 'approve2'; - } - // Menus //------- From 63b9384ef6ea3e0ad2af852ee301a1a2b21baa40 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 10 May 2018 12:34:23 +0200 Subject: [PATCH 20/20] No transmormation of data objectid before calling trigger --- htdocs/core/lib/security.lib.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 45a96f9a527..502f962dede 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -186,15 +186,15 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."
"; - if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'"; - // Get more permissions checks from hooks $parameters=array('features'=>$features, 'objectid'=>$objectid, 'idtype'=>$dbt_select); $reshook=$hookmanager->executeHooks('restrictedArea',$parameters); if (! empty($hookmanager->resArray['result'])) return true; if ($reshook > 0) return false; - // Features/modules to check + if ($dbt_select != 'rowid' && $dbt_select != 'id') $objectid = "'".$objectid."'"; + + // Features/modules to check $featuresarray = array($features); if (preg_match('/&/', $features)) $featuresarray = explode("&", $features); else if (preg_match('/\|/', $features)) $featuresarray = explode("|", $features);