Fix permissions
This commit is contained in:
Laurent Destailleur
parent
a2c2d46e5c
commit
4c90e93108
@ -86,25 +86,6 @@ if (empty($origin_id)) {
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$line_id = GETPOST('lineid', 'int') ?GETPOST('lineid', 'int') : '';
|
||||
|
||||
// Security check
|
||||
$socid = '';
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
|
||||
if ($origin == 'reception') {
|
||||
$result = restrictedArea($user, $origin, $id);
|
||||
} else {
|
||||
$result = restrictedArea($user, 'reception');
|
||||
if ($origin == 'supplierorder') {
|
||||
if (empty($user->rights->fournisseur->commande->lire) && empty($user->rights->fournisseur->commande->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
} elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
$action = GETPOST('action', 'alpha');
|
||||
//Select mail models is same action as presend
|
||||
if (GETPOST('modelselected')) {
|
||||
@ -136,6 +117,25 @@ $permissiondellink = $user->rights->reception->creer; // Used by the include of
|
||||
|
||||
$date_delivery = dol_mktime(GETPOST('date_deliveryhour', 'int'), GETPOST('date_deliverymin', 'int'), 0, GETPOST('date_deliverymonth', 'int'), GETPOST('date_deliveryday', 'int'), GETPOST('date_deliveryyear', 'int'));
|
||||
|
||||
// Security check
|
||||
$socid = '';
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
|
||||
if ($origin == 'reception') {
|
||||
$result = restrictedArea($user, $origin, $id);
|
||||
} else {
|
||||
$result = restrictedArea($user, 'reception');
|
||||
if ($origin == 'supplierorder') {
|
||||
if (empty($user->rights->fournisseur->commande->lire) && empty($user->rights->fournisseur->commande->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
} elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -784,7 +784,7 @@ if ($action == 'create') {
|
||||
print '<tr>';
|
||||
print '<td>'.$langs->trans("Project").'</td><td colspan="2">';
|
||||
$numprojet = $formproject->select_projects($soc->id, $projectid, 'projectid', 0);
|
||||
print ' <a href="'.DOL_URL_ROOT.'/projet/card.php?socid='.$soc->id.'&action=create&status=1&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=create&socid='.$soc->id).'"><span class="valignmiddle text-plus-circle">'.$langs->trans("AddProject").'</span><span class="fa fa-plus-circle valignmiddle"></span></a>';
|
||||
print ' <a href="'.DOL_URL_ROOT.'/projet/card.php?socid='.$soc->id.'&action=create&status=1&backtopage='.urlencode($_SERVER["PHP_SELF"].'?action=create&socid='.$soc->id).'"><span class="fa fa-plus-circle valignmiddle" title="'.$langs->trans("AddProject").'"></span></a>';
|
||||
print '</td>';
|
||||
print '</tr>';
|
||||
}
|
||||
@ -1122,12 +1122,12 @@ if ($action == 'create') {
|
||||
if (!empty($product->status_batch)) {
|
||||
print '<td><input name="batch'.$indiceAsked.'" value="'.$dispatchLines[$indiceAsked]['lot'].'"></td>';
|
||||
if (empty($conf->global->PRODUCT_DISABLE_EATBY)) {
|
||||
print '<td>';
|
||||
print '<td class="nowraponall">';
|
||||
print $form->selectDate($dispatchLines[$indiceAsked]['DLC'], 'dlc'.$indiceAsked, '', '', 1, "");
|
||||
print '</td>';
|
||||
}
|
||||
if (empty($conf->global->PRODUCT_DISABLE_SELLBY)) {
|
||||
print '<td>';
|
||||
print '<td class="nowraponall">';
|
||||
print $form->selectDate($dispatchLines[$indiceAsked]['DLUO'], 'dluo'.$indiceAsked, '', '', 1, "");
|
||||
print '</td>';
|
||||
}
|
||||
@ -1798,7 +1798,7 @@ if ($action == 'create') {
|
||||
print '<td>'.$formproduct->selectWarehouses($lines[$i]->fk_entrepot, 'entl'.$line_id, '', 1, 0, $lines[$i]->fk_product, '', 1).'</td>';
|
||||
// Batch number managment
|
||||
if ($conf->productbatch->enabled && !empty($lines[$i]->product->status_batch)) {
|
||||
print '<td> <input name="batch'.$line_id.'" id="batch'.$line_id.'" type="text" value="'.$lines[$i]->batch.'"> </br>';
|
||||
print '<td class="nowraponall"><input name="batch'.$line_id.'" id="batch'.$line_id.'" type="text" value="'.$lines[$i]->batch.'"></br>';
|
||||
if (empty($conf->global->PRODUCT_DISABLE_EATBY)) {
|
||||
print $langs->trans('EatByDate').' : ';
|
||||
print $form->selectDate($lines[$i]->eatby, 'dlc'.$line_id, '', '', 1, "").'</br>';
|
||||
|
||||
@ -43,12 +43,6 @@ $id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', $id, '');
|
||||
|
||||
$object = new Reception($db);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
@ -69,6 +63,24 @@ if ($id > 0 || !empty($ref)) {
|
||||
}
|
||||
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($origin == 'reception') {
|
||||
$result = restrictedArea($user, $origin, $object->id);
|
||||
} else {
|
||||
$result = restrictedArea($user, 'reception');
|
||||
if ($origin == 'supplierorder') {
|
||||
if (empty($user->rights->fournisseur->commande->lire) && empty($user->rights->fournisseur->commande->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
} elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
@ -36,13 +36,21 @@ $hookmanager->initHooks(array('receptionindex'));
|
||||
|
||||
$langs->loadLangs(array("orders", "receptions"));
|
||||
|
||||
$reception = new Reception($db);
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', 0, '');
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
*/
|
||||
|
||||
$orderstatic = new CommandeFournisseur($db);
|
||||
$companystatic = new Societe($db);
|
||||
$reception = new Reception($db);
|
||||
|
||||
$helpurl = 'EN:Module_Receptions|FR:Module_Receptions|ES:Módulo_Receptiones';
|
||||
llxHeader('', $langs->trans("Reception"), $helpurl);
|
||||
|
||||
@ -40,13 +40,6 @@ $socid = GETPOST('socid', 'int');
|
||||
$massaction = GETPOST('massaction', 'alpha');
|
||||
$toselect = GETPOST('toselect', 'array');
|
||||
|
||||
// Security check
|
||||
$receptionid = GETPOST('id', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', $receptionid, '');
|
||||
|
||||
$diroutputmassaction = $conf->reception->dir_output.'/temp/massgeneration/'.$user->id;
|
||||
|
||||
$search_ref_rcp = GETPOST("search_ref_rcp");
|
||||
@ -129,6 +122,13 @@ $arrayfields = dol_sort_array($arrayfields, 'position');
|
||||
|
||||
$error = 0;
|
||||
|
||||
// Security check
|
||||
$receptionid = GETPOST('id', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', $receptionid, '');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -33,26 +33,12 @@ if (!empty($conf->projet->enabled)) {
|
||||
require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php';
|
||||
}
|
||||
|
||||
$langs->load("receptions");
|
||||
$langs->load("companies");
|
||||
$langs->load("bills");
|
||||
$langs->load('deliveries');
|
||||
$langs->load('orders');
|
||||
$langs->load('stocks');
|
||||
$langs->load('other');
|
||||
$langs->load('propal');
|
||||
$langs->loadLangs(array("receptions", "companies", "bills", 'deliveries', 'orders', 'stocks', 'other', 'propal'));
|
||||
|
||||
$id = (GETPOST('id', 'int') ?GETPOST('id', 'int') : GETPOST('facid', 'int')); // For backward compatibility
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
|
||||
// Security check
|
||||
$socid = '';
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, $origin, $origin_id);
|
||||
|
||||
$object = new Reception($db);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
@ -77,6 +63,24 @@ if ($id > 0 || !empty($ref)) {
|
||||
|
||||
$permissionnote = $user->rights->reception->creer; // Used by the include of actions_setnotes.inc.php
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($origin == 'reception') {
|
||||
$result = restrictedArea($user, $origin, $object->id);
|
||||
} else {
|
||||
$result = restrictedArea($user, 'reception');
|
||||
if ($origin == 'supplierorder') {
|
||||
if (empty($user->rights->fournisseur->commande->lire) && empty($user->rights->fournisseur->commande->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
} elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) {
|
||||
accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -34,11 +34,6 @@ $HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
|
||||
|
||||
$userid = GETPOST('userid', 'int');
|
||||
$socid = GETPOST('socid', 'int');
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
$action = '';
|
||||
$socid = $user->socid;
|
||||
}
|
||||
|
||||
$nowyear = strftime("%Y", dol_now());
|
||||
$year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
|
||||
@ -46,10 +41,13 @@ $year = GETPOST('year') > 0 ?GETPOST('year') : $nowyear;
|
||||
$startyear = $year - 1;
|
||||
$endyear = $year;
|
||||
|
||||
$langs->load("reception");
|
||||
$langs->load("other");
|
||||
$langs->load("companies");
|
||||
$langs->loadLangs(array("reception", "other", "companies"));
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', 0, '');
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -29,6 +29,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/class/dolgraph.class.php';
|
||||
|
||||
$year = GETPOST("year", 'int');
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'reception', 0, '');
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
|
||||
Loading…
Reference in New Issue
Block a user