From 3c8bf2167b8780288e9ed490a502e13bb3b90a2c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sun, 21 Mar 2021 18:01:43 +0100 Subject: [PATCH] Debug permissions --- htdocs/core/lib/functions.lib.php | 2 +- htdocs/core/modules/modZapier.class.php | 2 +- htdocs/expedition/card.php | 6 + htdocs/expedition/contact.php | 12 +- htdocs/expedition/document.php | 21 +- htdocs/expedition/note.php | 15 +- htdocs/expedition/shipment.php | 5 + htdocs/expedition/stats/index.php | 8 +- htdocs/expedition/stats/month.php | 6 + htdocs/langs/en_US/zapier.lang | 16 +- .../modulebuilder/template/myobject_card.php | 4 +- htdocs/zapier/README.md | 10 + htdocs/zapier/admin/about.php | 11 +- htdocs/zapier/admin/setup.php | 20 +- htdocs/zapier/hook_agenda.php | 256 ------------------ htdocs/zapier/hook_card.php | 4 +- htdocs/zapier/hook_document.php | 147 ---------- htdocs/zapier/hook_list.php | 4 +- htdocs/zapier/hook_note.php | 153 ----------- htdocs/zapier/lib/zapier.lib.php | 2 +- htdocs/zapier/zapierindex.php | 5 +- 21 files changed, 96 insertions(+), 613 deletions(-) create mode 100644 htdocs/zapier/README.md delete mode 100644 htdocs/zapier/hook_agenda.php delete mode 100644 htdocs/zapier/hook_document.php delete mode 100644 htdocs/zapier/hook_note.php diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 5151a0a39dc..ab9a476c923 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -6322,7 +6322,7 @@ function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, */ function dol_string_onlythesehtmlattributes($stringtoclean, $allowed_attributes = array("alt", "class", "contenteditable", "data-html", "href", "id", "name", "src", "style", "target", "title")) { - if (class_exists('DOMDocument')) { + if (class_exists('DOMDocument') && !empty($stringtoclean)) { $dom = new DOMDocument(); $dom->loadHTML($stringtoclean, LIBXML_ERR_NONE|LIBXML_HTML_NOIMPLIED|LIBXML_HTML_NODEFDTD|LIBXML_NONET|LIBXML_NOWARNING|LIBXML_NOXMLDECL); if (is_object($dom)) { diff --git a/htdocs/core/modules/modZapier.class.php b/htdocs/core/modules/modZapier.class.php index 816e9cca072..4f25e05190e 100644 --- a/htdocs/core/modules/modZapier.class.php +++ b/htdocs/core/modules/modZapier.class.php @@ -110,7 +110,7 @@ class modZapier extends DolibarrModules $this->dirs = array("/zapier/temp"); // Config pages. Put here list of php page, stored into zapier/admin directory, to use to setup module. $this->config_page_url = array( - // "setup.php@zapier" + "setup.php@zapier" ); // Dependencies // A condition to hide module diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index f46891b6847..7e10b5b5f1f 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -126,6 +126,12 @@ $permissiondellink = $user->rights->expedition->delivery->creer; // Used by the $date_delivery = dol_mktime(GETPOST('date_deliveryhour', 'int'), GETPOST('date_deliverymin', 'int'), 0, GETPOST('date_deliverymonth', 'int'), GETPOST('date_deliveryday', 'int'), GETPOST('date_deliveryyear', 'int')); +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expedition', $object->id, ''); + /* * Actions diff --git a/htdocs/expedition/contact.php b/htdocs/expedition/contact.php index a096b2155ce..174b97b4a7e 100644 --- a/htdocs/expedition/contact.php +++ b/htdocs/expedition/contact.php @@ -41,12 +41,6 @@ $id = GETPOST('id', 'int'); $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'expedition', $id, ''); - $object = new Expedition($db); if ($id > 0 || !empty($ref)) { $object->fetch($id, $ref); @@ -69,6 +63,12 @@ if ($id > 0 || !empty($ref)) { } } +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expedition', $object->id, ''); + /* * Actions diff --git a/htdocs/expedition/document.php b/htdocs/expedition/document.php index 836b469cb77..faff2a8d0a0 100644 --- a/htdocs/expedition/document.php +++ b/htdocs/expedition/document.php @@ -45,12 +45,6 @@ $confirm = GETPOST('confirm'); $id = GETPOST('id', 'int'); $ref = GETPOST('ref'); -// Security check -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, 'expedition', $id, ''); - // Get parameters $limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; $sortfield = GETPOST("sortfield", 'alpha'); @@ -71,14 +65,21 @@ if (!$sortfield) { $object = new Expedition($db); +if ($object->fetch($id, $ref)) { + $object->fetch_thirdparty(); + $upload_dir = $conf->expedition->dir_output."/sending/".dol_sanitizeFileName($object->ref); +} + +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expedition', $object->id, ''); + /* * Actions */ -if ($object->fetch($id)) { - $object->fetch_thirdparty(); - $upload_dir = $conf->expedition->dir_output."/sending/".dol_sanitizeFileName($object->ref); -} include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; diff --git a/htdocs/expedition/note.php b/htdocs/expedition/note.php index c8209910b48..db28e409309 100644 --- a/htdocs/expedition/note.php +++ b/htdocs/expedition/note.php @@ -39,13 +39,6 @@ $id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // $ref = GETPOST('ref', 'alpha'); $action = GETPOST('action', 'aZ09'); -// Security check -$socid = ''; -if ($user->socid) { - $socid = $user->socid; -} -$result = restrictedArea($user, $origin, $origin_id); - $object = new Expedition($db); if ($id > 0 || !empty($ref)) { $object->fetch($id, $ref); @@ -66,10 +59,18 @@ if ($id > 0 || !empty($ref)) { $objectsrc = new Propal($db); $objectsrc->fetch($object->$typeobject->id); } + + $upload_dir = $conf->expedition->dir_output."/sending/".dol_sanitizeFileName($object->ref); } $permissionnote = $user->rights->expedition->creer; // Used by the include of actions_setnotes.inc.php +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expedition', $object->id, ''); + /* * Actions diff --git a/htdocs/expedition/shipment.php b/htdocs/expedition/shipment.php index 66efd5c4ca7..809b4803ff5 100644 --- a/htdocs/expedition/shipment.php +++ b/htdocs/expedition/shipment.php @@ -73,6 +73,11 @@ $extrafields->fetch_name_optionals_label($object->table_element); // Load object include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once +// Security check +if ($user->socid) { + $socid = $user->socid; +} +$result = restrictedArea($user, 'expedition', $object->id, ''); diff --git a/htdocs/expedition/stats/index.php b/htdocs/expedition/stats/index.php index 151edbdba2b..6bdc495472c 100644 --- a/htdocs/expedition/stats/index.php +++ b/htdocs/expedition/stats/index.php @@ -39,7 +39,7 @@ if ($user->socid > 0) { $socid = $user->socid; } -$nowyear = strftime("%Y", dol_now()); +$nowyear = dol_print_date(dol_now(), "%Y"); $year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear; //$startyear=$year-2; $startyear = $year - 1; @@ -48,6 +48,12 @@ $endyear = $year; // Load translation files required by the page $langs->loadLangs(array('sendings', 'other', 'companies')); +// Security check +if ($user->socid) { + $socid = $user->socid; +} +restrictedArea($user, 'expedition'); + /* * View diff --git a/htdocs/expedition/stats/month.php b/htdocs/expedition/stats/month.php index 74455d7dca2..254fd9aad90 100644 --- a/htdocs/expedition/stats/month.php +++ b/htdocs/expedition/stats/month.php @@ -29,6 +29,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php'; $year = GETPOST('year', 'int'); +// Security check +if ($user->socid) { + $socid = $user->socid; +} +restrictedArea($user, 'expedition'); + /* * View diff --git a/htdocs/langs/en_US/zapier.lang b/htdocs/langs/en_US/zapier.lang index c688a0c307f..ababab4a39b 100644 --- a/htdocs/langs/en_US/zapier.lang +++ b/htdocs/langs/en_US/zapier.lang @@ -13,17 +13,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# -# Generic -# - -# Module label 'ModuleZapierForDolibarrName' ModuleZapierForDolibarrName = Zapier for Dolibarr -# Module description 'ModuleZapierForDolibarrDesc' ModuleZapierForDolibarrDesc = Zapier for Dolibarr module - -# -# Admin page -# -ZapierForDolibarrSetup = Setup of Zapier for Dolibarr -ZapierDescription=Interface with Zapier \ No newline at end of file +ZapierForDolibarrSetup=Setup of Zapier for Dolibarr +ZapierDescription=Interface with Zapier +ZapierAbout=About the module Zapier +ZapierSetupPage=Page to setup the module Zapier \ No newline at end of file diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index 8e40c1071e2..76131c70719 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -133,8 +133,8 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object- //if ($user->socid > 0) accessforbidden(); //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0); -//$result = restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft); - +//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +//if (empty($conf->mymodule->enabled)) accessforbidden(); //if (empty($permissiontoread)) accessforbidden(); diff --git a/htdocs/zapier/README.md b/htdocs/zapier/README.md new file mode 100644 index 00000000000..66c4385ebc7 --- /dev/null +++ b/htdocs/zapier/README.md @@ -0,0 +1,10 @@ +Module Zapier +============== + +This is a module to add interface between Zapier and Dolibarr ERP CRM. + + +Documentation +------------- + +[Module documentation](https://wiki.dolibarr.org/index.php/Module_Zapier) diff --git a/htdocs/zapier/admin/about.php b/htdocs/zapier/admin/about.php index b24fe42ed22..28dd30eb41d 100644 --- a/htdocs/zapier/admin/about.php +++ b/htdocs/zapier/admin/about.php @@ -31,7 +31,7 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; require_once '../lib/zapier.lib.php'; // Translations -$langs->loadLangs(array("errors", "admin", "zapier@zapier")); +$langs->loadLangs(array("errors", "admin", "zapier")); // Access control if (!$user->admin) { @@ -42,6 +42,9 @@ if (!$user->admin) { $action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); +if (empty($conf->zapier->enabled)) accessforbidden(); +if (empty($user->admin)) accessforbidden(); + /* * Actions @@ -62,13 +65,13 @@ llxHeader('', $langs->trans($page_name)); // Subheader $linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans($page_name), $linkback, 'object_zapier@zapier'); +print load_fiche_titre($langs->trans($page_name), $linkback, 'object_zapier'); // Configuration header $head = zapierAdminPrepareHead(); -print dol_get_fiche_head($head, 'about', '', 0, 'zapier@zapier'); +print dol_get_fiche_head($head, 'about', '', 0, 'zapier'); -dol_include_once('/zapier/core/modules/modZapier.class.php'); +dol_include_once('/core/modules/modZapier.class.php'); $tmpmodule = new modZapier($db); print $tmpmodule->getDescLong(); diff --git a/htdocs/zapier/admin/setup.php b/htdocs/zapier/admin/setup.php index 606da5509e3..958a13328ff 100644 --- a/htdocs/zapier/admin/setup.php +++ b/htdocs/zapier/admin/setup.php @@ -27,10 +27,10 @@ require '../../main.inc.php'; // Libraries require_once DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php"; -require_once '../lib/zapier.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/zapier/lib/zapier.lib.php'; // Translations -$langs->loadLangs(array("admin", "zapier@zapier")); +$langs->loadLangs(array("admin", "zapier")); // Access control if (!$user->admin) { @@ -42,14 +42,18 @@ $action = GETPOST('action', 'aZ09'); $backtopage = GETPOST('backtopage', 'alpha'); $arrayofparameters = array( - 'ZAPIERFORDOLIBARR_MYPARAM1'=>array('css'=>'minwidth200', 'enabled'=>1), - 'ZAPIERFORDOLIBARR_MYPARAM2'=>array('css'=>'minwidth500', 'enabled'=>1) +// 'ZAPIERFORDOLIBARR_MYPARAM1'=>array('css'=>'minwidth200', 'enabled'=>1), +// 'ZAPIERFORDOLIBARR_MYPARAM2'=>array('css'=>'minwidth500', 'enabled'=>1) ); +if (empty($conf->zapier->enabled)) accessforbidden(); +if (empty($user->admin)) accessforbidden(); + /* * Actions */ + if ((float) DOL_VERSION >= 6) { include DOL_DOCUMENT_ROOT.'/core/actions_setmoduleoptions.inc.php'; } @@ -59,20 +63,20 @@ if ((float) DOL_VERSION >= 6) { * View */ -$page_name = "ZapierSetup"; +$page_name = "ZapierForDolibarrSetup"; llxHeader('', $langs->trans($page_name)); // Subheader $linkback = ''.$langs->trans("BackToModuleList").''; -print load_fiche_titre($langs->trans($page_name), $linkback, 'object_zapier@zapier'); +print load_fiche_titre($langs->trans($page_name), $linkback, 'object_zapier'); // Configuration header $head = zapierAdminPrepareHead(); -print dol_get_fiche_head($head, 'settings', '', -1, "zapier@zapier"); +print dol_get_fiche_head($head, 'settings', '', -1, "zapier"); // Setup page goes here -echo $langs->trans("ZapierSetupPage").'

'; +echo ''.$langs->trans("ZapierSetupPage").'

'; if ($action == 'edit') { diff --git a/htdocs/zapier/hook_agenda.php b/htdocs/zapier/hook_agenda.php deleted file mode 100644 index 14f1aeda682..00000000000 --- a/htdocs/zapier/hook_agenda.php +++ /dev/null @@ -1,256 +0,0 @@ - - * Copyright (C) ---Put here your own copyright and developer email--- - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/zapier/hook_agenda.php - * \ingroup mymodule - * \brief Page of MyObject events - */ - -// Load Dolibarr environment -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; -dol_include_once('/mymodule/class/myobject.class.php'); -dol_include_once('/mymodule/lib/mymodule_myobject.lib.php'); - - -// Load translation files required by the page -$langs->loadLangs(array("mymodule@mymodule", "other")); - -// Get parameters -$id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); -$backtopage = GETPOST('backtopage', 'alpha'); - -if (GETPOST('actioncode', 'array')) { - $actioncode = GETPOST('actioncode', 'array', 3); - if (!count($actioncode)) { - $actioncode = '0'; - } -} else { - $actioncode = GETPOST("actioncode", "alpha", 3) ?GETPOST("actioncode", "alpha", 3) : (GETPOST("actioncode") == '0' ? '0' : (empty($conf->global->AGENDA_DEFAULT_FILTER_TYPE_FOR_OBJECT) ? '' : $conf->global->AGENDA_DEFAULT_FILTER_TYPE_FOR_OBJECT)); -} -$search_agenda_label = GETPOST('search_agenda_label'); - -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'mymodule', $id); - -$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; -$sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); -$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -if (empty($page) || $page == -1) { - $page = 0; -} // If $page is not defined, or '' or -1 -$offset = $limit * $page; -$pageprev = $page - 1; -$pagenext = $page + 1; -if (!$sortfield) { - $sortfield = 'a.datep,a.id'; -} -if (!$sortorder) { - $sortorder = 'DESC'; -} - -// Initialize technical objects -$object = new MyObject($db); -$extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->mymodule->dir_output.'/temp/massgeneration/'.$user->id; -$hookmanager->initHooks(array('myobjectagenda', 'globalcard')); // Note that conf->hooks_modules contains array - -// Fetch optionals attributes and labels -$extrafields->fetch_name_optionals_label($object->table_element); - -// Load object -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals -if ($id > 0 || !empty($ref)) { - $upload_dir = $conf->mymodule->multidir_output[$object->entity]."/".$object->id; -} - - - -/* - * Actions - */ - -$parameters = array('id'=>$socid); -$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks -if ($reshook < 0) { - setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); -} - -if (empty($reshook)) { - // Cancel - if (GETPOST('cancel', 'alpha') && !empty($backtopage)) { - header("Location: ".$backtopage); - exit; - } - - // Purge search criteria - if (GETPOST('button_removefilter_x', 'alpha') || GETPOST('button_removefilter.x', 'alpha') || GETPOST('button_removefilter', 'alpha')) { // All tests are required to be compatible with all browsers - $actioncode = ''; - $search_agenda_label = ''; - } -} - - - -/* - * View - */ - -$contactstatic = new Contact($db); - -$form = new Form($db); - -if ($object->id > 0) { - $title = $langs->trans("Agenda"); - //if (! empty($conf->global->MAIN_HTML_TITLE) && preg_match('/thirdpartynameonly/',$conf->global->MAIN_HTML_TITLE) && $object->name) $title=$object->name." - ".$title; - $help_url = ''; - llxHeader('', $title, $help_url); - - if (!empty($conf->notification->enabled)) { - $langs->load("mails"); - } - $head = myobjectPrepareHead($object); - - - print dol_get_fiche_head($head, 'agenda', $langs->trans("MyObject"), -1, 'myobject@mymodule'); - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - $morehtmlref = '
'; - /* - // Ref customer - $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . $object->thirdparty->getNomUrl(1); - // Project - if (! empty($conf->projet->enabled)) - { - $langs->load("projects"); - $morehtmlref.='
'.$langs->trans('Project') . ' '; - if ($user->rights->mymodule->creer) - { - if ($action != 'classify') - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; - $morehtmlref.=' : '; - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref.='
'; - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref.=''; - $morehtmlref.='
'; - } else { - $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } - } else { - if (! empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref.=''; - $morehtmlref.=$proj->ref; - $morehtmlref.=''; - } else { - $morehtmlref.=''; - } - } - }*/ - $morehtmlref .= '
'; - - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - print '
'; - - $object->info($object->id); - dol_print_object_info($object, 1); - - print '
'; - - print dol_get_fiche_end(); - - - - // Actions buttons - - $objthirdparty = $object; - $objcon = new stdClass(); - - $out = ''; - $permok = $user->rights->agenda->myactions->create; - if ((!empty($objthirdparty->id) || !empty($objcon->id)) && $permok) { - //$out.='trans("AddAnAction"),'filenew'); - //$out.=""; - } - - - print '
'; - - if (!empty($conf->agenda->enabled)) { - if (!empty($user->rights->agenda->myactions->create) || !empty($user->rights->agenda->allactions->create)) { - print ''.$langs->trans("AddAction").''; - } else { - print ''.$langs->trans("AddAction").''; - } - } - - print '
'; - - if (!empty($conf->agenda->enabled) && (!empty($user->rights->agenda->myactions->read) || !empty($user->rights->agenda->allactions->read))) { - $param = '&socid='.$socid; - if (!empty($contextpage) && $contextpage != $_SERVER["PHP_SELF"]) { - $param .= '&contextpage='.$contextpage; - } - if ($limit > 0 && $limit != $conf->liste_limit) { - $param .= '&limit='.$limit; - } - - - print load_fiche_titre($langs->trans("ActionsOnMyObject"), '', ''); - - // List of all actions - $filters = array(); - $filters['search_agenda_label'] = $search_agenda_label; - - // TODO Replace this with same code than into list.php - //show_actions_done($conf,$langs,$db,$object,null,0,$actioncode, '', $filters, $sortfield, $sortorder); - } -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/zapier/hook_card.php b/htdocs/zapier/hook_card.php index f57f8873aba..a4405ae1f85 100644 --- a/htdocs/zapier/hook_card.php +++ b/htdocs/zapier/hook_card.php @@ -73,12 +73,12 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ //if ($user->socid > 0) $socid = $user->socid; //$isdraft = (($object->statut == MyObject::STATUS_DRAFT) ? 1 : 0); //$result = restrictedArea($user, 'mymodule', $object->id, '', '', 'fk_soc', 'rowid', $isdraft); +if (empty($conf->zapier->enabled)) accessforbidden(); +if (empty($user->admin)) accessforbidden(); /* * Actions - * - * Put here all code to do according to value of "action" parameter */ $parameters = array(); diff --git a/htdocs/zapier/hook_document.php b/htdocs/zapier/hook_document.php deleted file mode 100644 index 8751f184821..00000000000 --- a/htdocs/zapier/hook_document.php +++ /dev/null @@ -1,147 +0,0 @@ - - * Copyright (C) ---Put here your own copyright and developer email--- - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/zapier/myobject_document.php - * \ingroup mymodule - * \brief Tab for documents linked to MyObject - */ - -// Load Dolibarr environment -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; -dol_include_once('/mymodule/class/myobject.class.php'); -dol_include_once('/mymodule/lib/mymodule_myobject.lib.php'); - -// Load translation files required by the page -$langs->loadLangs(array("mymodule@mymodule", "companies", "other", "mails")); - - -$action = GETPOST('action', 'aZ09'); -$confirm = GETPOST('confirm'); -$id = (GETPOST('socid', 'int') ? GETPOST('socid', 'int') : GETPOST('id', 'int')); -$ref = GETPOST('ref', 'alpha'); - -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'mymodule', $id); - -// Get parameters -$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit; -$sortfield = GETPOST("sortfield", 'alpha'); -$sortorder = GETPOST("sortorder", 'alpha'); -$page = GETPOSTISSET('pageplusone') ? (GETPOST('pageplusone') - 1) : GETPOST("page", 'int'); -if (empty($page) || $page == -1) { - $page = 0; -} // If $page is not defined, or '' or -1 -$offset = $limit * $page; -$pageprev = $page - 1; -$pagenext = $page + 1; -if (!$sortorder) { - $sortorder = "ASC"; -} -if (!$sortfield) { - $sortfield = "name"; -} -//if (! $sortfield) $sortfield="position_name"; - -// Initialize technical objects -$object = new MyObject($db); -$extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->mymodule->dir_output.'/temp/massgeneration/'.$user->id; -$hookmanager->initHooks(array('myobjectdocument', 'globalcard')); // Note that conf->hooks_modules contains array - -// Fetch optionals attributes and labels -$extrafields->fetch_name_optionals_label($object->table_element); - -// Load object -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals - -//if ($id > 0 || ! empty($ref)) $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity] . "/myobject/" . dol_sanitizeFileName($object->id); -if ($id > 0 || !empty($ref)) { - $upload_dir = $conf->sellyoursaas->multidir_output[$object->entity]."/myobject/".dol_sanitizeFileName($object->ref); -} - - -/* - * Actions - */ - -include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; - - -/* - * View - */ - -$form = new Form($db); - -$title = $langs->trans("MyObject").' - '.$langs->trans("Files"); -$help_url = 'EN:Module_Zapier|ES:Módulo Zapier|FR:Module_Zapier_FR|DE:Modul_Zapier'; - -llxHeader('', $title, $help_url); - -if ($object->id) { - /* - * Show tabs - */ - $head = myobjectPrepareHead($object); - - print dol_get_fiche_head($head, 'document', $langs->trans("MyObject"), -1, 'myobject@mymodule'); - - - // Build file list - $filearray = dol_dir_list($upload_dir, "files", 0, '', '(\.meta|_preview.*\.png)$', $sortfield, (strtolower($sortorder) == 'desc' ?SORT_DESC:SORT_ASC), 1); - $totalsize = 0; - foreach ($filearray as $key => $file) { - $totalsize += $file['size']; - } - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - print '
'; - - print '
'; - print ''; - - // Number of files - print ''; - - // Total size - print ''; - - print '
'.$langs->trans("NbOfAttachedFiles").''.count($filearray).'
'.$langs->trans("TotalSizeOfAttachedFiles").''.$totalsize.' '.$langs->trans("bytes").'
'; - - print '
'; - - print dol_get_fiche_end(); -} else { - accessforbidden('', 0, 0); -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/zapier/hook_list.php b/htdocs/zapier/hook_list.php index 3894ca3f0a3..e717f0fe457 100644 --- a/htdocs/zapier/hook_list.php +++ b/htdocs/zapier/hook_list.php @@ -123,6 +123,8 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); +if (empty($conf->zapier->enabled)) accessforbidden(); +if (empty($user->admin)) accessforbidden(); /* @@ -278,7 +280,7 @@ if (is_numeric($nbtotalofrecords) && $limit > $nbtotalofrecords) { if ($num == 1 && !empty($conf->global->MAIN_SEARCH_DIRECT_OPEN_IF_ONLY_ONE) && $search_all) { $obj = $db->fetch_object($resql); $id = $obj->rowid; - header("Location: ".dol_buildpath('/zapierfordolibarr/hook_card.php', 1).'?id='.$id); + header("Location: ".dol_buildpath('/zapier/hook_card.php', 1).'?id='.$id); exit; } diff --git a/htdocs/zapier/hook_note.php b/htdocs/zapier/hook_note.php deleted file mode 100644 index ce613da2989..00000000000 --- a/htdocs/zapier/hook_note.php +++ /dev/null @@ -1,153 +0,0 @@ - - * Copyright (C) ---Put here your own copyright and developer email--- - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file htdocs/modulebuilder/template/myobject_note.php - * \ingroup mymodule - * \brief Car with notes on MyObject - */ - -// Load Dolibarr environment -require '../main.inc.php'; -dol_include_once('/mymodule/class/myobject.class.php'); -dol_include_once('/mymodule/lib/mymodule_myobject.lib.php'); - -// Load translation files required by the page -$langs->loadLangs(array("mymodule@mymodule", "companies")); - -// Get parameters -$id = GETPOST('id', 'int'); -$ref = GETPOST('ref', 'alpha'); -$action = GETPOST('action', 'aZ09'); -$cancel = GETPOST('cancel', 'aZ09'); -$backtopage = GETPOST('backtopage', 'alpha'); - -// Initialize technical objects -$object = new MyObject($db); -$extrafields = new ExtraFields($db); -$diroutputmassaction = $conf->mymodule->dir_output.'/temp/massgeneration/'.$user->id; -$hookmanager->initHooks(array('myobjectnote', 'globalcard')); // Note that conf->hooks_modules contains array - -// Fetch optionals attributes and labels -$extrafields->fetch_name_optionals_label($object->table_element); - -// Security check - Protection if external user -//if ($user->socid > 0) accessforbidden(); -//if ($user->socid > 0) $socid = $user->socid; -//$result = restrictedArea($user, 'mymodule', $id); - -// Load object -include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals -if ($id > 0 || !empty($ref)) { - $upload_dir = $conf->mymodule->multidir_output[$object->entity]."/".$object->id; -} - -$permissionnote = 1; -//$permissionnote=$user->rights->mymodule->creer; // Used by the include of actions_setnotes.inc.php - - - -/* - * Actions - */ - -include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, not include_once - - -/* - * View - */ - -$form = new Form($db); - -//$help_url='EN:Customers_Orders|FR:Commandes_Clients|ES:Pedidos de clientes'; -$help_url = ''; -llxHeader('', $langs->trans('MyObject'), $help_url); - -if ($id > 0 || !empty($ref)) { - $object->fetch_thirdparty(); - - $head = myobjectPrepareHead($object); - - print dol_get_fiche_head($head, 'note', $langs->trans("MyObject"), -1, 'myobject@mymodule'); - - // Object card - // ------------------------------------------------------------ - $linkback = ''.$langs->trans("BackToList").''; - - $morehtmlref = '
'; - /* - // Ref customer - $morehtmlref.=$form->editfieldkey("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', 0, 1); - $morehtmlref.=$form->editfieldval("RefCustomer", 'ref_client', $object->ref_client, $object, 0, 'string', '', null, null, '', 1); - // Thirdparty - $morehtmlref.='
'.$langs->trans('ThirdParty') . ' : ' . $object->thirdparty->getNomUrl(1); - // Project - if (! empty($conf->projet->enabled)) - { - $langs->load("projects"); - $morehtmlref.='
'.$langs->trans('Project') . ' '; - if ($user->rights->mymodule->creer) - { - if ($action != 'classify') - //$morehtmlref.='' . img_edit($langs->transnoentitiesnoconv('SetProject')) . ' : '; - $morehtmlref.=' : '; - if ($action == 'classify') { - //$morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'projectid', 0, 0, 1, 1); - $morehtmlref.='
'; - $morehtmlref.=''; - $morehtmlref.=''; - $morehtmlref.=$formproject->select_projects($object->socid, $object->fk_project, 'projectid', $maxlength, 0, 1, 0, 1, 0, 0, '', 1); - $morehtmlref.=''; - $morehtmlref.='
'; - } else { - $morehtmlref.=$form->form_project($_SERVER['PHP_SELF'] . '?id=' . $object->id, $object->socid, $object->fk_project, 'none', 0, 0, 0, 1); - } - } else { - if (! empty($object->fk_project)) { - $proj = new Project($db); - $proj->fetch($object->fk_project); - $morehtmlref.=''; - $morehtmlref.=$proj->ref; - $morehtmlref.=''; - } else { - $morehtmlref.=''; - } - } - }*/ - $morehtmlref .= '
'; - - - dol_banner_tab($object, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref); - - - print '
'; - print '
'; - - - $cssclass = "titlefield"; - include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; - - print '
'; - - print dol_get_fiche_end(); -} - -// End of page -llxFooter(); -$db->close(); diff --git a/htdocs/zapier/lib/zapier.lib.php b/htdocs/zapier/lib/zapier.lib.php index 1e2d4f5ec64..a92f2879b4d 100644 --- a/htdocs/zapier/lib/zapier.lib.php +++ b/htdocs/zapier/lib/zapier.lib.php @@ -30,7 +30,7 @@ function zapierAdminPrepareHead() { global $langs, $conf; - $langs->load("zapier@zapier"); + $langs->load("zapier"); $h = 0; $head = array(); diff --git a/htdocs/zapier/zapierindex.php b/htdocs/zapier/zapierindex.php index 357777000f6..481bc16694b 100644 --- a/htdocs/zapier/zapierindex.php +++ b/htdocs/zapier/zapierindex.php @@ -29,7 +29,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; // Load translation files required by the page -$langs->loadLangs(array("zapier@zapier")); +$langs->loadLangs(array("zapier")); $action = GETPOST('action', 'aZ09'); @@ -47,6 +47,9 @@ if (isset($user->socid) && $user->socid > 0) { $max = 5; $now = dol_now(); +if (empty($conf->zapier->enabled)) accessforbidden(); +if (empty($user->admin)) accessforbidden(); + /* * Actions