From f4a4ecfdf3ac40d8a4650cbe0bf40e279448d6ee Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 3 Sep 2022 10:52:33 +0200 Subject: [PATCH 1/7] NEW private and public note on user.php use same code on Dolibarr --- htdocs/install/mysql/tables/llx_user.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/tables/llx_user.sql b/htdocs/install/mysql/tables/llx_user.sql index a47b40cb3d1..7b86b5c3396 100644 --- a/htdocs/install/mysql/tables/llx_user.sql +++ b/htdocs/install/mysql/tables/llx_user.sql @@ -76,7 +76,7 @@ create table llx_user idpers3 varchar(128), note_public text, - note text DEFAULT NULL, + note_private text DEFAULT NULL, model_pdf varchar(255) DEFAULT NULL, datelastlogin datetime, datepreviouslogin datetime, From 55f8d722194c7530e7acd1d3f1156d16a7b820c1 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 3 Sep 2022 10:56:19 +0200 Subject: [PATCH 2/7] Update 16.0.0-17.0.0.sql --- htdocs/install/mysql/migration/16.0.0-17.0.0.sql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index 2c093019e72..016dc7283df 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -142,3 +142,5 @@ CREATE TABLE llx_bank_extrafields )ENGINE=innodb; ALTER TABLE llx_bank_extrafields ADD INDEX idx_bank_extrafields (fk_object); + +ALTER TABLE llx_user RENAME COLUMN note TO note_private; From 98362881a673d3f2d9556254c6dd5e346b820dc4 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 3 Sep 2022 11:06:38 +0200 Subject: [PATCH 3/7] Update note.php --- htdocs/user/note.php | 84 +++++++++++++------------------------------- 1 file changed, 24 insertions(+), 60 deletions(-) diff --git a/htdocs/user/note.php b/htdocs/user/note.php index e0ac0bd4dcf..c0c93a75d64 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -27,6 +27,7 @@ require '../main.inc.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php'; require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php'; +// Get parameters $id = GETPOST('id', 'int'); $action = GETPOST('action', 'aZ09'); $contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'usernote'; // To manage different context of search @@ -39,16 +40,19 @@ $object->fetch($id, '', '', 1); $object->getrights(); // If user is not user read and no permission to read other users, we stop -if (($object->id != $user->id) && (!$user->hasRight("user", "user", "read"))) { +if (($object->id != $user->id) && (!$user->rights->user->user->lire)) { accessforbidden(); } +// Permissions +$permissionnote = $user->hasRight("user", "self", "write"); // Used by the include of actions_setnotes.inc.php + // Security check $socid = 0; if ($user->socid > 0) { $socid = $user->socid; } -$feature2 = (($socid && $user->hasRight("user", "self", "write")) ? '' : 'user'); +$feature2 = (($socid && $user->rights->user->self->creer) ? '' : 'user'); $result = restrictedArea($user, 'user', $id, 'user&user', $feature2); @@ -59,37 +63,23 @@ $hookmanager->initHooks(array('usercard', 'usernote', 'globalcard')); /* * Actions */ - $parameters = array('id'=>$socid); -$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks +$reshook = $hookmanager->executeHooks('doActions', array(), $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } - if (empty($reshook)) { - if ($action == 'update' && $user->hasRight("user", "user", "write") && !GETPOST("cancel")) { - $db->begin(); - - $res = $object->update_note(dol_html_entity_decode(GETPOST('note_private', 'restricthtml'), ENT_QUOTES | ENT_HTML5)); - if ($res < 0) { - $mesg = '
'.$adh->error.'
'; - $db->rollback(); - } else { - $db->commit(); - } - } + include DOL_DOCUMENT_ROOT.'/core/actions_setnotes.inc.php'; // Must be include, not include_once } /* * View */ -$form = new Form($db); -$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname; -$title = $person_name." - ".$langs->trans('Notes'); -$help_url = ''; -llxHeader('', $title, $help_url); +llxHeader(); + +$form = new Form($db); if ($id) { $head = user_prepare_head($object); @@ -99,7 +89,7 @@ if ($id) { $linkback = ''; - if ($user->hasRight("user", "user", "read") || $user->admin) { + if ($user->rights->user->user->lire || $user->admin) { $linkback = ''.$langs->trans("BackToList").''; } @@ -107,7 +97,7 @@ if ($id) { $morehtmlref .= img_picto($langs->trans("Download").' '.$langs->trans("VCard"), 'vcard.png', 'class="valignmiddle marginleftonly paddingrightonly"'); $morehtmlref .= ''; - dol_banner_tab($object, 'id', $linkback, $user->hasRight("user", "user", "read") || $user->admin, 'rowid', 'ref', $morehtmlref); + dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin, 'rowid', 'ref', $morehtmlref); print '
'; @@ -127,7 +117,7 @@ if ($id) { print ''; $addadmin = ''; if (property_exists($object, 'admin')) { - if (isModEnabled('multicompany') && !empty($object->admin) && empty($object->entity)) { + if (!empty($conf->multicompany->enabled) && !empty($object->admin) && empty($object->entity)) { $addadmin .= img_picto($langs->trans("SuperAdministratorDesc"), "redstar", 'class="paddingleft"'); } elseif (!empty($object->admin)) { $addadmin .= img_picto($langs->trans("AdministratorDesc"), "star", 'class="paddingleft"'); @@ -138,46 +128,20 @@ if ($id) { } print ''; - $editenabled = (($action == 'edit') && $user->hasRight("user", "user", "write")); - - // Note - print ''.$langs->trans("Note").''; - print ''; - if ($editenabled) { - print ""; - print "id."\">"; - // Editeur wysiwyg - require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php'; - $doleditor = new DolEditor('note_private', $object->note_private, '', 280, 'dolibarr_notes', 'In', true, false, getDolGlobalInt('FCKEDITOR_ENABLE_SOCIETE'), ROWS_8, '90%'); - $doleditor->Create(); - } else { - print dol_string_onlythesehtmltags(dol_htmlentitiesbr($object->note_private)); - } - print ""; - print ""; + print ''; + + //print '
'; + + //print '
'; + include DOL_DOCUMENT_ROOT.'/core/tpl/notes.tpl.php'; + print dol_get_fiche_end(); - - if ($action == 'edit') { - print $form->buttonsSaveCancel(); - } - - - /* - * Actions - */ - - print '
'; - - if ($user->hasRight("user", "user", "write") && $action != 'edit') { - print ''.$langs->trans('Modify').""; - } - - print "
"; - - print "\n"; +} else { + $langs->load("errors"); + print $langs->trans("ErrorRecordNotFound"); } // End of page From a0bb17aea90612341608e5b19f0e616358702b9c Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 3 Sep 2022 11:07:47 +0200 Subject: [PATCH 4/7] wip --- htdocs/core/tpl/notes.tpl.php | 2 ++ htdocs/user/class/user.class.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/tpl/notes.tpl.php b/htdocs/core/tpl/notes.tpl.php index 1110e91b019..dfa9b0e4591 100644 --- a/htdocs/core/tpl/notes.tpl.php +++ b/htdocs/core/tpl/notes.tpl.php @@ -91,6 +91,8 @@ if ($module == 'propal') { $permission = $user->rights->produit->creer; } elseif ($module == 'ecmfiles') { $permission = $user->rights->ecm->setup; +} elseif ($module == 'user') { + $permission = $user->hasRight("user", "self", "write"); } //else dol_print_error('','Bad value '.$module.' for param module'); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index df2b6bc0174..a521be145ef 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -433,7 +433,7 @@ class User extends CommonObject $sql .= " u.socialnetworks,"; $sql .= " u.signature, u.office_phone, u.office_fax, u.user_mobile, u.personal_mobile,"; $sql .= " u.address, u.zip, u.town, u.fk_state as state_id, u.fk_country as country_id,"; - $sql .= " u.admin, u.login, u.note as note_private, u.note_public,"; + $sql .= " u.admin, u.login, u.note_private, u.note_public,"; $sql .= " u.pass, u.pass_crypted, u.pass_temp, u.api_key,"; $sql .= " u.fk_soc, u.fk_socpeople, u.fk_member, u.fk_user, u.ldap_sid, u.fk_user_expense_validator, u.fk_user_holiday_validator,"; $sql .= " u.statut, u.lang, u.entity,"; @@ -1979,7 +1979,7 @@ class User extends CommonObject $sql .= ", dateemploymentend=".(strval($this->dateemploymentend) != '' ? "'".$this->db->idate($this->dateemploymentend)."'" : 'null'); $sql .= ", datestartvalidity=".(strval($this->datestartvalidity) != '' ? "'".$this->db->idate($this->datestartvalidity)."'" : 'null'); $sql .= ", dateendvalidity=".(strval($this->dateendvalidity) != '' ? "'".$this->db->idate($this->dateendvalidity)."'" : 'null'); - $sql .= ", note = '".$this->db->escape($this->note_private)."'"; + $sql .= ", note_private = '".$this->db->escape($this->note_private)."'"; $sql .= ", note_public = '".$this->db->escape($this->note_public)."'"; $sql .= ", photo = ".($this->photo ? "'".$this->db->escape($this->photo)."'" : "null"); $sql .= ", openid = ".($this->openid ? "'".$this->db->escape($this->openid)."'" : "null"); From 98b88fab9b301e1b6913fefed4438f748c264f64 Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sat, 3 Sep 2022 11:12:45 +0200 Subject: [PATCH 5/7] Update note.php --- htdocs/user/note.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/user/note.php b/htdocs/user/note.php index c0c93a75d64..2b9e8388063 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -40,7 +40,7 @@ $object->fetch($id, '', '', 1); $object->getrights(); // If user is not user read and no permission to read other users, we stop -if (($object->id != $user->id) && (!$user->rights->user->user->lire)) { +if (($object->id != $user->id) && (!$user->hasRight("user", "user", "read"))) { accessforbidden(); } @@ -52,7 +52,7 @@ $socid = 0; if ($user->socid > 0) { $socid = $user->socid; } -$feature2 = (($socid && $user->rights->user->self->creer) ? '' : 'user'); +$feature2 = (($socid && $user->hasRight("user", "self", "write")) ? '' : 'user'); $result = restrictedArea($user, 'user', $id, 'user&user', $feature2); @@ -89,7 +89,7 @@ if ($id) { $linkback = ''; - if ($user->rights->user->user->lire || $user->admin) { + if ($user->hasRight("user", "user", "read") || $user->admin) { $linkback = ''.$langs->trans("BackToList").''; } @@ -97,7 +97,7 @@ if ($id) { $morehtmlref .= img_picto($langs->trans("Download").' '.$langs->trans("VCard"), 'vcard.png', 'class="valignmiddle marginleftonly paddingrightonly"'); $morehtmlref .= ''; - dol_banner_tab($object, 'id', $linkback, $user->rights->user->user->lire || $user->admin, 'rowid', 'ref', $morehtmlref); + dol_banner_tab($object, 'id', $linkback, $user->hasRight("user", "user", "read") || $user->admin, 'rowid', 'ref', $morehtmlref); print '
'; @@ -117,7 +117,7 @@ if ($id) { print ''; $addadmin = ''; if (property_exists($object, 'admin')) { - if (!empty($conf->multicompany->enabled) && !empty($object->admin) && empty($object->entity)) { + if (isModEnabled('multicompany') && !empty($object->admin) && empty($object->entity)) { $addadmin .= img_picto($langs->trans("SuperAdministratorDesc"), "redstar", 'class="paddingleft"'); } elseif (!empty($object->admin)) { $addadmin .= img_picto($langs->trans("AdministratorDesc"), "star", 'class="paddingleft"'); From 013bdc5c5f6a9ca59ca8d9d2717c4130f3e66581 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 3 Sep 2022 11:51:28 +0200 Subject: [PATCH 6/7] Update 16.0.0-17.0.0.sql --- htdocs/install/mysql/migration/16.0.0-17.0.0.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql index 016dc7283df..f1b18c740c5 100644 --- a/htdocs/install/mysql/migration/16.0.0-17.0.0.sql +++ b/htdocs/install/mysql/migration/16.0.0-17.0.0.sql @@ -143,4 +143,4 @@ CREATE TABLE llx_bank_extrafields ALTER TABLE llx_bank_extrafields ADD INDEX idx_bank_extrafields (fk_object); -ALTER TABLE llx_user RENAME COLUMN note TO note_private; +ALTER TABLE llx_user CHANGE COLUMN note note_private text; From cacad721234e0450cada25709628a257d817c94a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 3 Sep 2022 11:53:14 +0200 Subject: [PATCH 7/7] Update note.php --- htdocs/user/note.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/user/note.php b/htdocs/user/note.php index 2b9e8388063..2b5a05dcd68 100644 --- a/htdocs/user/note.php +++ b/htdocs/user/note.php @@ -64,7 +64,7 @@ $hookmanager->initHooks(array('usercard', 'usernote', 'globalcard')); * Actions */ $parameters = array('id'=>$socid); -$reshook = $hookmanager->executeHooks('doActions', array(), $object, $action); // Note that $action and $object may have been modified by some hooks +$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks if ($reshook < 0) { setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); }