From 46b281f703a039d0bcbee4d327d069d054898242 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 1 Dec 2017 19:29:29 +0100
Subject: [PATCH] Fix for #7697

---
 htdocs/core/boxes/box_produits.php            |  7 ++-
 .../core/boxes/box_produits_alerte_stock.php  |  7 ++-
 htdocs/core/lib/functions.lib.php             | 33 +++++++++++
 htdocs/core/menus/standard/eldy.lib.php       | 55 ++++---------------
 htdocs/fourn/product/list.php                 |  2 +
 htdocs/societe/card.php                       |  1 +
 6 files changed, 57 insertions(+), 48 deletions(-)

diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php
index a6727d4bb06..3ccbc05be24 100644
--- a/htdocs/core/boxes/box_produits.php
+++ b/htdocs/core/boxes/box_produits.php
@@ -53,11 +53,14 @@ class box_produits extends ModeleBoxes
 	 */
 	function __construct($db,$param)
 	{
-	    global $user;
+	    global $conf, $user;
 
 	    $this->db=$db;
 
-	    $this->hidden=! ($user->rights->produit->lire || $user->rights->service->lire);
+	    $listofmodulesforexternal=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+	    $tmpentry=array('enabled'=>(! empty($conf->product->enabled) || ! empty($conf->service->enabled)), 'perms'=>(! empty($user->rights->produit->lire) || ! empty($user->rights->service->lire)), 'module'=>'product|service');
+	    $showmode=isVisibleToUserType(($user->societe_id > 0 ? 1 : 0), $tmpentry, $listofmodulesforexternal);
+	    $this->hidden=($showmode != 1);
 	}
 
 	/**
diff --git a/htdocs/core/boxes/box_produits_alerte_stock.php b/htdocs/core/boxes/box_produits_alerte_stock.php
index 43297d6954a..e244d276fac 100644
--- a/htdocs/core/boxes/box_produits_alerte_stock.php
+++ b/htdocs/core/boxes/box_produits_alerte_stock.php
@@ -55,11 +55,14 @@ class box_produits_alerte_stock extends ModeleBoxes
 	 */
 	function __construct($db,$param='')
 	{
-	    global $user;
+	    global $conf,$user;
 
 	    $this->db = $db;
 
-		$this->hidden = ! (($user->rights->produit->lire || $user->rights->service->lire) && $user->rights->stock->lire);
+	    $listofmodulesforexternal=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+	    $tmpentry=array('enabled'=>((! empty($conf->product->enabled) || ! empty($conf->service->enabled)) && ! empty($conf->stock->enabled)), 'perms'=>($user->rights->stock->lire), 'module'=>'product|service|stock');
+	    $showmode=isVisibleToUserType(($user->societe_id > 0 ? 1 : 0), $tmpentry, $listofmodulesforexternal);
+	    $this->hidden=($showmode != 1);
 	}
 
 	/**
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 62a67a56ddd..9683517f377 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -6965,3 +6965,36 @@ function colorIsLight($stringcolor)
 	}
 	return $res;
 }
+
+/**
+ * Function to test if an entry is enabled or not
+ *
+ * @param	string		$type_user					0=We test for internal user, 1=We test for external user
+ * @param	array		$menuentry					Array for feature entry to test
+ * @param	array		$listofmodulesforexternal	Array with list of modules allowed to external users
+ * @return	int										0=Hide, 1=Show, 2=Show gray
+ */
+function isVisibleToUserType($type_user, &$menuentry, &$listofmodulesforexternal)
+{
+	global $conf;
+
+	//print 'type_user='.$type_user.' module='.$menuentry['module'].' enabled='.$menuentry['enabled'].' perms='.$menuentry['perms'];
+	//print 'ok='.in_array($menuentry['module'], $listofmodulesforexternal);
+	if (empty($menuentry['enabled'])) return 0;	// Entry disabled by condition
+	if ($type_user && $menuentry['module'])
+	{
+		$tmploops=explode('|',$menuentry['module']);
+		$found=0;
+		foreach($tmploops as $tmploop)
+		{
+			if (in_array($tmploop, $listofmodulesforexternal)) {
+				$found++; break;
+			}
+		}
+		if (! $found) return 0;	// Entry is for menus all excluded to external users
+	}
+	if (! $menuentry['perms'] && $type_user) return 0; 											// No permissions and user is external
+	if (! $menuentry['perms'] && ! empty($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED))	return 0;	// No permissions and option to hide when not allowed, even for internal user, is on
+	if (! $menuentry['perms']) return 2;															// No permissions and user is external
+	return 1;
+}
diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php
index cfe44b7229c..80e91f9b40d 100644
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@@ -74,7 +74,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 
 	// Third parties
 	$tmpentry=array('enabled'=>(( ! empty($conf->societe->enabled) && (empty($conf->global->SOCIETE_DISABLE_PROSPECTS) || empty($conf->global->SOCIETE_DISABLE_CUSTOMERS))) || ! empty($conf->fournisseur->enabled)), 'perms'=>(! empty($user->rights->societe->lire) || ! empty($user->rights->fournisseur->lire)), 'module'=>'societe|fournisseur');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("companies");
@@ -90,7 +90,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 
 	// Products-Services
 	$tmpentry=array('enabled'=>(! empty($conf->product->enabled) || ! empty($conf->service->enabled)), 'perms'=>(! empty($user->rights->produit->lire) || ! empty($user->rights->service->lire)), 'module'=>'product|service');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("products");
@@ -125,7 +125,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	    'enabled'=>$menuqualified,
 	    'perms'=>(! empty($user->rights->societe->lire) || ! empty($user->rights->societe->contact->lire)),
 	    'module'=>'propal|commande|supplier_order|contrat|ficheinter');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("commercial");
@@ -151,7 +151,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	   'enabled'=>$menuqualified,
 	   'perms'=>(! empty($user->rights->facture->lire) || ! empty($user->rights->don->lire) || ! empty($user->rights->tax->charges->lire) || ! empty($user->rights->salaries->read) || ! empty($user->rights->fournisseur->facture->lire) || ! empty($user->rights->loan->read) || ! empty($user->rights->banque->lire)),
 	   'module'=>'facture|supplier_invoice|don|tax|salaries|loan|banque');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("compta");
@@ -172,7 +172,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 		'enabled'=>$menuqualified,
 		'perms'=>(! empty($user->rights->compta->resultat->lire) || ! empty($user->rights->accounting->mouvements->lire)),
 		'module'=>'comptabilite|accounting');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("compta");
@@ -190,7 +190,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	$tmpentry=array('enabled'=>(! empty($conf->banque->enabled) || ! empty($conf->prelevement->enabled)),
 	'perms'=>(! empty($user->rights->banque->lire) || ! empty($user->rights->prelevement->lire)),
 	'module'=>'banque|prelevement');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("compta");
@@ -208,7 +208,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	$tmpentry=array('enabled'=>(! empty($conf->projet->enabled)),
 	'perms'=>(! empty($user->rights->projet->lire)),
 	'module'=>'projet');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("projects");
@@ -225,7 +225,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	$tmpentry=array('enabled'=>(! empty($conf->hrm->enabled) || ! empty($conf->holiday->enabled) || ! empty($conf->deplacement->enabled) || ! empty($conf->expensereport->enabled)),
 	'perms'=>(! empty($user->rights->hrm->employee->read) || ! empty($user->rights->holiday->write) || ! empty($user->rights->deplacement->lire) || ! empty($user->rights->expensereport->lire)),
 	'module'=>'hrm|holiday|deplacement|expensereport');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("holiday");
@@ -245,7 +245,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	'enabled'=>1,
 	'perms'=>1,
 	'module'=>'');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$langs->load("other");
@@ -262,7 +262,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	$tmpentry=array('enabled'=>(! empty($conf->adherent->enabled)),
 	'perms'=>(! empty($user->rights->adherent->lire)),
 	'module'=>'adherent');
-	$showmode=dol_eldy_showmenu($type_user, $tmpentry, $listofmodulesforexternal);
+	$showmode=isVisibleToUserType($type_user, $tmpentry, $listofmodulesforexternal);
 	if ($showmode)
 	{
 		$classname="";
@@ -283,7 +283,7 @@ function print_eldy_menu($db,$atarget,$type_user,&$tabMenu,&$menu,$noout=0,$mode
 	{
 		$idsel=(empty($newTabMenu[$i]['mainmenu'])?'none':$newTabMenu[$i]['mainmenu']);
 
-		$showmode=dol_eldy_showmenu($type_user,$newTabMenu[$i],$listofmodulesforexternal);
+		$showmode=isVisibleToUserType($type_user,$newTabMenu[$i],$listofmodulesforexternal);
 		if ($showmode == 1)
 		{
 		    // url = url from host, shorturl = relative path into dolibarr sources
@@ -1696,36 +1696,3 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu
 }
 
 
-/**
- * Function to test if an entry is enabled or not
- *
- * @param	string		$type_user					0=We need backoffice menu, 1=We need frontoffice menu
- * @param	array		$menuentry					Array for menu entry
- * @param	array		$listofmodulesforexternal	Array with list of modules allowed to external users
- * @return	int										0=Hide, 1=Show, 2=Show gray
- */
-function dol_eldy_showmenu($type_user, &$menuentry, &$listofmodulesforexternal)
-{
-	global $conf;
-
-	//print 'type_user='.$type_user.' module='.$menuentry['module'].' enabled='.$menuentry['enabled'].' perms='.$menuentry['perms'];
-	//print 'ok='.in_array($menuentry['module'], $listofmodulesforexternal);
-	if (empty($menuentry['enabled'])) return 0;	// Entry disabled by condition
-	if ($type_user && $menuentry['module'])
-	{
-		$tmploops=explode('|',$menuentry['module']);
-		$found=0;
-		foreach($tmploops as $tmploop)
-		{
-			if (in_array($tmploop, $listofmodulesforexternal)) {
-				$found++; break;
-			}
-		}
-		if (! $found) return 0;	// Entry is for menus all excluded to external users
-	}
-	if (! $menuentry['perms'] && $type_user) return 0; 											// No permissions and user is external
-	if (! $menuentry['perms'] && ! empty($conf->global->MAIN_MENU_HIDE_UNAUTHORIZED))	return 0;	// No permissions and option to hide when not allowed, even for internal user, is on
-	if (! $menuentry['perms']) return 2;															// No permissions and user is external
-	return 1;
-}
-
diff --git a/htdocs/fourn/product/list.php b/htdocs/fourn/product/list.php
index b705d0be450..c71825eda0f 100644
--- a/htdocs/fourn/product/list.php
+++ b/htdocs/fourn/product/list.php
@@ -54,6 +54,8 @@ if (! $sortfield) $sortfield="p.ref"; // Set here default search field
 if (! $sortorder) $sortorder="ASC";
 
 $fourn_id = GETPOST('fourn_id', 'intcomma');
+if ($user->societe_id) $fourn_id=$user->societe_id;
+
 $catid = GETPOST('catid', 'intcomma');
 
 // Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index d059b63c0e7..836c73d7e90 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -59,6 +59,7 @@ $action		= (GETPOST('action','aZ09') ? GETPOST('action','aZ09') : 'view');
 $cancel     = GETPOST('cancel','alpha');
 $backtopage = GETPOST('backtopage','alpha');
 $confirm	= GETPOST('confirm');
+
 $socid		= GETPOST('socid','int')?GETPOST('socid','int'):GETPOST('id','int');
 if ($user->societe_id) $socid=$user->societe_id;
 if (empty($socid) && $action == 'view') $action='create';