Fix: External user should not see boxes of modules not allowed to

external users.
2013-01-14 13:06:08 +01:00 · 2013-01-14 13:06:08 +01:00 · 49313fff3b
commit 49313fff3b
parent b9dc76ebaf
5 changed files with 26 additions and 13 deletions
--- a/htdocs/core/boxes/box_comptes.php
+++ b/htdocs/core/boxes/box_comptes.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2005      Christophe
- * Copyright (C) 2005-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2009 Regis Houssin        <regis.houssin@capnetworks.com>
 *
 * This program is free software; you can redistribute it and/or modify
@ -38,20 +38,25 @@ class box_comptes extends ModeleBoxes

 	var $db;
 	var $param;
-
+	var $enabled = 1;
+	
 	var $info_box_head = array();
 	var $info_box_contents = array();

-
+	
 	/**
 	 *  Constructor
 	 */
 	function __construct()
 	{
-		global $langs;
+		global $conf, $langs, $user;
 		$langs->load("boxes");

 		$this->boxlabel=$langs->transnoentitiesnoconv('BoxCurrentAccounts');
+		
+		// disable module for such cases
+		$listofmodulesforexternal=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+		if (! in_array('banque',$listofmodulesforexternal) && ! empty($user->societe_id)) $this->enabled=0;	// disabled for external users
 	}

 	/**
--- a/htdocs/core/boxes/box_members.php
+++ b/htdocs/core/boxes/box_members.php
@ -1,6 +1,6 @@
 <?php
 /* Copyright (C) 2003-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2013 Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
 *
 * This program is free software; you can redistribute it and/or modify
@ -19,8 +19,8 @@

 /**
 *	\file       htdocs/core/boxes/box_members.php
- *	\ingroup    societes
- *	\brief      Module de generation de l'affichage de la box clients
+ *	\ingroup    adherent
+ *	\brief      Module to show box of members
 */

 include_once DOL_DOCUMENT_ROOT.'/core/boxes/modules_boxes.php';
@ -38,19 +38,25 @@ class box_members extends ModeleBoxes

 	var $db;
 	var $param;
-
+	var $enabled = 1;
+	
 	var $info_box_head = array();
 	var $info_box_contents = array();

+
 	/**
     *  Constructor
 	 */
 	function __construct()
 	{
-		global $langs;
+		global $conf, $langs, $user;
 		$langs->load("boxes");

 		$this->boxlabel=$langs->transnoentitiesnoconv("BoxLastMembers");
+		
+		// disable module for such cases
+		$listofmodulesforexternal=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+		if (! in_array('banque',$listofmodulesforexternal) && ! empty($user->societe_id)) $this->enabled=0;	// disabled for external users
 	}

 	/**
--- a/htdocs/core/boxes/modules_boxes.php
+++ b/htdocs/core/boxes/modules_boxes.php
@ -32,7 +32,8 @@ class ModeleBoxes    // Can't be abtract as it is instanciated to build "empty"
 	var $db;
 	var $error='';
 	var $max=5;
-
+	var $enabled=1;
+	
 	var $rowid;
 	var $id;
 	var $position;
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@ -409,7 +409,7 @@ class Conf
 		$this->maxfilesize = (empty($this->global->MAIN_UPLOAD_DOC) ? 0 : $this->global->MAIN_UPLOAD_DOC * 1024);

 		// Define list of limited modules
-		if (! isset($this->global->MAIN_MODULES_FOR_EXTERNAL)) $this->global->MAIN_MODULES_FOR_EXTERNAL='facture,commande,contact,propal,projet,contrat,societe,ficheinter,expedition,agenda';	// '' means 'all'. Note that contact is added here as it should be a module later.
+		if (! isset($this->global->MAIN_MODULES_FOR_EXTERNAL)) $this->global->MAIN_MODULES_FOR_EXTERNAL='facture,commande,fournisseur,contact,propal,projet,contrat,societe,ficheinter,expedition,agenda';	// '' means 'all'. Note that contact is added here as it should be a module later.

 		// Timeouts
        if (empty($this->global->MAIN_USE_CONNECT_TIMEOUT)) $this->global->MAIN_USE_CONNECT_TIMEOUT=10;
--- a/htdocs/core/class/infobox.class.php
+++ b/htdocs/core/class/infobox.class.php
@ -119,15 +119,16 @@ class InfoBox
                        $box->box_id	= (! empty($obj->box_id) ? $obj->box_id : '');
                        $box->note		= (! empty($obj->note) ? $obj->note : '');

-                        $enabled=true;
+                        $enabled=$box->enabled;
                        if (isset($box->depends) && count($box->depends) > 0)
                        {
                            foreach($box->depends as $module)
                            {
                                //print $boxname.'-'.$module.'<br>';
-                                if (empty($conf->$module->enabled)) $enabled=false;
+                                if (empty($conf->$module->enabled)) $enabled=0;
                            }
                        }
+                        //print 'xx module='.$module.' enabled='.$enabled;
                        if ($enabled) $boxes[]=$box;
                    }
                }