diff --git a/ChangeLog b/ChangeLog
index fd431b407d1..a7bbaf440ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ English Dolibarr ChangeLog
For developers:
NEW: Add a lot of API REST: dictionaryevents, memberstypes, ...
+NEW: Big refactorization of multicompany transverse mode
NEW: getEntity function use true $shared value by default
WARNING:
@@ -22,6 +23,7 @@ Following changes may create regression for some external modules, but were nece
* Removed Societe::set_commnucation_level (was deprecated in 4.0). Was not used.
* Removed the trigger file of PAYPAL module that stored data that was not used by Dolibarr. The trigger event still
exists, but if an external module need action on it, it must provides itself its trigger file.
+* Use $conf->global->MULTICOMPANY_TRANSVERSE_MODE instead $conf->multicompany->transverse_mode
* Use getEntity('xxx') instead getEntity('xxx', 1) and use getEntity('xxx', 0) instead getEntity('xxx')
***** ChangeLog for 5.0.3 compared to 5.0.2 *****
diff --git a/htdocs/admin/boxes.php b/htdocs/admin/boxes.php
index c76c35dfdeb..03e4a0ec9f3 100644
--- a/htdocs/admin/boxes.php
+++ b/htdocs/admin/boxes.php
@@ -235,7 +235,7 @@ $sql = "SELECT b.rowid, b.box_id, b.position, b.box_order,";
$sql.= " bd.rowid as boxid";
$sql.= " FROM ".MAIN_DB_PREFIX."boxes as b, ".MAIN_DB_PREFIX."boxes_def as bd";
$sql.= " WHERE b.box_id = bd.rowid";
-$sql.= " AND b.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+$sql.= " AND b.entity IN (0,".$conf->entity.")";
$sql.= " AND b.fk_user=0";
$sql.= " ORDER by b.position, b.box_order";
@@ -342,7 +342,7 @@ print "\n";
$var=true;
foreach($boxtoadd as $box)
{
-
+
if (preg_match('/^([^@]+)@([^@]+)$/i',$box->boximg))
{
@@ -479,7 +479,7 @@ print '';
// Activate FileCache - Developement
if ($conf->global->MAIN_FEATURES_LEVEL == 2 || ! empty($conf->global->MAIN_ACTIVATE_FILECACHE)) {
-
+
print '
';
$sql = "SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
-$sql.= " AND entity IN (".(! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+$sql.= " AND entity = ".$conf->entity;
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is not enabled
$sql.= " ORDER BY r.module, r.id";
@@ -185,7 +185,7 @@ if ($result)
print "\n";
}
-
+
print '
';
print '
'.img_object('',$picto).' '.$objMod->getName();
print '';
diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example
index 89e1458d4fd..356e76ba374 100644
--- a/htdocs/conf/conf.php.example
+++ b/htdocs/conf/conf.php.example
@@ -324,14 +324,4 @@ $dolibarr_nocsrfcheck='0';
// External module
//##############################
-// multicompany_transverse_mode
-// Prerequisite: Need external module "multicompany"
-// Pyramidal (0): The rights and groups are managed in each entity. Each user belongs to the entity he was created into.
-// Transversal (1): The user is created and managed only into master entity but can login to all entities if he is admmin
-// of entity or belongs to at least one user group created into entity.
-
-// Default value: 0 (pyramidal)
-// Examples:
-// $multicompany_transverse_mode='1';
-
diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php
index edac78e9b30..8a96e18bf7d 100644
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@@ -132,14 +132,7 @@ class Conf
$sql = "SELECT ".$db->decrypt('name')." as name,";
$sql.= " ".$db->decrypt('value')." as value, entity";
$sql.= " FROM ".MAIN_DB_PREFIX."const";
- if (! empty($this->multicompany->transverse_mode))
- {
- $sql.= " WHERE entity IN (0,1,".$this->entity.")";
- }
- else
- {
- $sql.= " WHERE entity IN (0,".$this->entity.")";
- }
+ $sql.= " WHERE entity IN (0,".$this->entity.")";
$sql.= " ORDER BY entity"; // This is to have entity 0 first, then entity 1 that overwrite.
$resql = $db->query($sql);
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 7b112a2d333..79200e09871 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1468,7 +1468,7 @@ class Form
}
else
{
- if (! empty($conf->multicompany->transverse_mode))
+ if (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
{
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."usergroup_user as ug";
$sql.= " ON ug.fk_user = u.rowid";
@@ -1565,7 +1565,7 @@ class Form
$moreinfo++;
}
}
- if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity)
+ if (! empty($conf->multicompany->enabled) && empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) && $conf->entity == 1 && $user->admin && ! $user->entity)
{
if ($obj->admin && ! $obj->entity)
{
@@ -6196,7 +6196,7 @@ class Form
$out.= '>';
$out.= $obj->name;
- if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode) && $conf->entity == 1)
+ if (! empty($conf->multicompany->enabled) && empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) && $conf->entity == 1)
{
$out.= " (".$obj->label.")";
}
diff --git a/htdocs/core/class/infobox.class.php b/htdocs/core/class/infobox.class.php
index 419f31dca4d..e77a1196530 100644
--- a/htdocs/core/class/infobox.class.php
+++ b/htdocs/core/class/infobox.class.php
@@ -60,7 +60,7 @@ class InfoBox
$sql.= " d.rowid as box_id, d.file, d.note, d.tms";
$sql.= " FROM ".MAIN_DB_PREFIX."boxes as b, ".MAIN_DB_PREFIX."boxes_def as d";
$sql.= " WHERE b.box_id = d.rowid";
- $sql.= " AND b.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+ $sql.= " AND b.entity IN (0,".$conf->entity.")";
if ($zone >= 0) $sql.= " AND b.position = ".$zone;
if (is_object($user)) $sql.= " AND b.fk_user IN (0,".$user->id.")";
else $sql.= " AND b.fk_user = 0";
@@ -70,9 +70,9 @@ class InfoBox
{
$sql = "SELECT d.rowid as box_id, d.file, d.note, d.tms";
$sql.= " FROM ".MAIN_DB_PREFIX."boxes_def as d";
- $sql.= " WHERE d.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+ $sql.= " WHERE d.entity IN (0,".$conf->entity.")";
}
-
+
dol_syslog(get_class()."::listBoxes get default box list for mode=".$mode." userid=".(is_object($user)?$user->id:'')."", LOG_DEBUG);
$resql = $db->query($sql);
if ($resql)
diff --git a/htdocs/core/class/menubase.class.php b/htdocs/core/class/menubase.class.php
index ed6b9929a32..a6770b57c37 100644
--- a/htdocs/core/class/menubase.class.php
+++ b/htdocs/core/class/menubase.class.php
@@ -508,7 +508,7 @@ class Menubase
$sql = "SELECT m.rowid, m.type, m.module, m.fk_menu, m.fk_mainmenu, m.fk_leftmenu, m.url, m.titre, m.langs, m.perms, m.enabled, m.target, m.mainmenu, m.leftmenu, m.position";
$sql.= " FROM ".MAIN_DB_PREFIX."menu as m";
- $sql.= " WHERE m.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+ $sql.= " WHERE m.entity IN (0,".$conf->entity.")";
$sql.= " AND m.menu_handler IN ('".$menu_handler."','all')";
if ($type_user == 0) $sql.= " AND m.usertype IN (0,2)";
if ($type_user == 1) $sql.= " AND m.usertype IN (1,2)";
diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php
index c3d8714ab89..b68d7706e43 100755
--- a/htdocs/core/lib/functions2.lib.php
+++ b/htdocs/core/lib/functions2.lib.php
@@ -98,7 +98,7 @@ function dolGetModulesDirs($subdir='')
while (($file = readdir($handle))!==false)
{
if (preg_match('/disabled/',$file)) continue; // We discard module if it contains disabled into name.
-
+
if (is_dir($dirroot.'/'.$file) && substr($file, 0, 1) <> '.' && substr($file, 0, 3) <> 'CVS' && $file != 'includes')
{
if (is_dir($dirroot . '/' . $file . '/core/modules'.$subdir.'/'))
@@ -207,7 +207,7 @@ function dol_print_object_info($object, $usetable=0)
//print "x".$deltadateforserver." - ".$deltadateforclient." - ".$deltadateforuser;
if ($usetable) print '
';
-
+
// Import key
if (! empty($object->import_key))
{
@@ -378,7 +378,7 @@ function dol_print_object_info($object, $usetable=0)
if ($usetable) print '';
else print ' ';
}
-
+
// Date approve
if (! empty($object->date_approve2))
{
@@ -391,7 +391,7 @@ function dol_print_object_info($object, $usetable=0)
if ($usetable) print '';
else print ' ';
}
-
+
// User close
if (! empty($object->user_cloture))
{
@@ -476,7 +476,7 @@ function dol_print_object_info($object, $usetable=0)
if ($usetable) print '';
else print ' ';
}
-
+
if ($usetable) print '
';
}
@@ -799,7 +799,7 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
if(!empty($user->array_options['options_'.$extra])){
$mask = preg_replace('#('.$start.')(.*?)('.$end.')#si', $user->array_options['options_'.$extra], $mask);
}
- }
+ }
$maskwithonlyymcode=$mask;
$maskwithonlyymcode=preg_replace('/\{(0+)([@\+][0-9\-\+\=]+)?([@\+][0-9\-\+\=]+)?\}/i',$maskcounter,$maskwithonlyymcode);
$maskwithonlyymcode=preg_replace('/\{dd\}/i','dd',$maskwithonlyymcode);
@@ -928,11 +928,11 @@ function get_next_value($db,$mask,$table,$field,$where='',$objsoc='',$date='',$m
//print "masktri=".$masktri." maskcounter=".$maskcounter." maskraz=".$maskraz." maskoffset=".$maskoffset." \n";
// Define $sqlstring
- if (function_exists('mb_strrpos'))
+ if (function_exists('mb_strrpos'))
{
$posnumstart=mb_strrpos($maskwithnocode,$maskcounter, 'UTF-8');
- }
- else
+ }
+ else
{
$posnumstart=strrpos($maskwithnocode,$maskcounter);
} // Pos of counter in final string (from 0 to ...)
@@ -1123,7 +1123,7 @@ function get_string_between($string, $start, $end){
$string = " ".$string;
$ini = strpos($string,$start);
if ($ini == 0) return "";
- $ini += strlen($start);
+ $ini += strlen($start);
$len = strpos($string,$end,$ini) - $ini;
return substr($string,$ini,$len);
}
@@ -1539,9 +1539,9 @@ function getListOfModels($db,$type,$maxfilenamelength=0)
$sql = "SELECT nom as id, nom as lib, libelle as label, description as description";
$sql.= " FROM ".MAIN_DB_PREFIX."document_model";
$sql.= " WHERE type = '".$type."'";
- $sql.= " AND entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+ $sql.= " AND entity IN (0,".$conf->entity.")";
$sql.= " ORDER BY description DESC";
-
+
dol_syslog('/core/lib/function2.lib.php::getListOfModels', LOG_DEBUG);
$resql = $db->query($sql);
if ($resql)
@@ -1625,7 +1625,7 @@ function getListOfModels($db,$type,$maxfilenamelength=0)
/**
* This function evaluates a string that should be a valid IPv4
* Note: For ip 169.254.0.0, it returns 0 with some PHP (5.6.24) and 2 with some minor patchs of PHP (5.6.25). See https://github.com/php/php-src/pull/1954.
- *
+ *
* @param string $ip IP Address
* @return int 0 if not valid or reserved range, 1 if valid and public IP, 2 if valid and private range IP
*/
diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php
index 1c919237f44..f39e6ecd628 100644
--- a/htdocs/core/lib/usergroups.lib.php
+++ b/htdocs/core/lib/usergroups.lib.php
@@ -1,6 +1,6 @@
- * Copyright (C) 2010-2012 Regis Houssin
+ * Copyright (C) 2010-2017 Regis Houssin
* Copyright (C) 2015 Alexandre Spangaro
*
* This program is free software; you can redistribute it and/or modify
@@ -76,7 +76,7 @@ function user_prepare_head($object)
{
if (empty($conf->global->AGENDA_EXT_NB)) $conf->global->AGENDA_EXT_NB=5;
$MAXAGENDA=$conf->global->AGENDA_EXT_NB;
-
+
$i=1;
$nbagenda = 0;
while ($i <= $MAXAGENDA)
@@ -87,10 +87,10 @@ function user_prepare_head($object)
$offsettz='AGENDA_EXT_OFFSETTZ_'.$object->id.'_'.$key;
$color='AGENDA_EXT_COLOR_'.$object->id.'_'.$key;
$i++;
-
+
if (! empty($object->conf->$name)) $nbagenda++;
}
-
+
$head[$h][0] = DOL_URL_ROOT.'/user/agenda_extsites.php?id='.$object->id;
$head[$h][1] = $langs->trans("ExtSites").($nbagenda ? ' '.$nbagenda.'' : '');
$head[$h][2] = 'extsites';
@@ -238,8 +238,6 @@ function group_prepare_head($object)
return $head;
}
-
-
/**
* Prepare array with list of tabs
*
@@ -283,32 +281,6 @@ function user_admin_prepare_head()
return $head;
}
-
-
-/**
- * Prepare array with list of tabs
- *
- * @param Object $object Object related to tabs
- * @param array $aEntities Entities array
- * @return array Array of tabs
- */
-function entity_prepare_head($object, $aEntities)
-{
- global $mc;
-
- $head = array();
-
- foreach($aEntities as $entity)
- {
- $mc->getInfo($entity);
- $head[$entity][0] = $_SERVER['PHP_SELF'].'?id='.$object->id.'&entity='.$entity;
- $head[$entity][1] = $mc->label;
- $head[$entity][2] = $entity;
- }
-
- return $head;
-}
-
/**
* Show list of themes. Show all thumbs of themes
*
@@ -485,7 +457,7 @@ function show_theme($fuser,$edit=0,$foruserprofile=false)
print $form->textwithpicto('', $langs->trans("NotSupportedByAllThemes").', '.$langs->trans("PressF5AfterChangingThis"));
print '
\n";
}
- // Multicompany
- // TODO check if user not linked with the current entity before change entity (thirdparty, invoice, etc.) !!
- if (! empty($conf->multicompany->enabled) && is_object($mc))
- {
- if (empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity)
- {
- print "
".'
'.$langs->trans("Entity").'
';
- print "
".$mc->select_entities($object->entity, 'entity', '', 0, 1); // last parameter 1 means, show also a choice 0=>'all entities'
- print "
\n";
- }
- else
- {
- print '';
- }
- }
-
// Other attributes
$parameters=array('colspan' => ' colspan="2"');
$reshook=$hookmanager->executeHooks('formObjectOptions',$parameters,$object,$action); // Note that $action and $object may have been modified by hook
+ print $hookmanager->resPrint;
if (empty($reshook) && ! empty($extrafields->attribute_label))
{
print $object->showOptionals($extrafields,'edit');
@@ -2491,7 +2470,8 @@ else
$genallowed = $user->rights->user->user->creer;
$delallowed = $user->rights->user->user->supprimer;
- $somethingshown = $formfile->show_documents('user', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang);
+ print $formfile->showdocuments('user', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang);
+ $somethingshown = $formfile->numoffiles;
// Show links to link elements
$linktoelem = $form->showLinkToObjectBlock($object, null, null);
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 869059d359b..a69ed968dfb 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -107,16 +107,16 @@ class User extends CommonObject
public $all_permissions_are_loaded; // All permission are loaded
public $nb_rights; // Number of rights granted to the user
private $_tab_loaded=array(); // Cache array of already loaded permissions
-
+
public $conf; // To store personal config
public $default_values; // To store default values for user
public $lastsearch_values_tmp; // To store current search criterias for user
public $lastsearch_values; // To store last saved search criterias for user
-
+
public $users; // To store all tree of users hierarchy
public $parentof; // To store an array of all parents for all ids.
private $cache_childids;
-
+
public $accountancy_code; // Accountancy code in prevision of the complete accountancy module
public $thm; // Average cost of employee - Used for valuation of time spent
@@ -207,7 +207,7 @@ class User extends CommonObject
if ($entity < 0)
{
- if ((empty($conf->multicompany->enabled) || empty($conf->multicompany->transverse_mode)) && (! empty($user->entity)))
+ if ((empty($conf->multicompany->enabled) || empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) && (! empty($user->entity)))
{
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
}
@@ -218,7 +218,7 @@ class User extends CommonObject
}
else // The fetch was forced on an entity
{
- if (!empty($conf->multicompany->enabled) && !empty($conf->multicompany->transverse_mode))
+ if (!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
$sql.= " WHERE u.entity IS NOT NULL"; // multicompany is on in transverse mode or user making fetch is on entity 0, so user is allowed to fetch anywhere into database
else
$sql.= " WHERE u.entity IN (0, ".$conf->entity.")";
@@ -365,7 +365,7 @@ class User extends CommonObject
$this->error=$this->db->lasterror();
return -2;
}
-
+
// Load user->default_values for user. TODO Save this in memcached ?
$sql = "SELECT rowid, entity, type, page, param, value";
$sql.= " FROM ".MAIN_DB_PREFIX."default_values";
@@ -376,7 +376,7 @@ class User extends CommonObject
{
while ($obj = $this->db->fetch_object($resql))
{
- if (! empty($obj->page) && ! empty($obj->type) && ! empty($obj->param))
+ if (! empty($obj->page) && ! empty($obj->type) && ! empty($obj->param))
{
$this->default_values[$obj->page][$obj->type][$obj->param]=$obj->value;
}
@@ -389,7 +389,7 @@ class User extends CommonObject
return -3;
}
}
-
+
return 1;
}
@@ -469,9 +469,9 @@ class User extends CommonObject
$obj = $this->db->fetch_object($result);
$nid = $obj->id;
- $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid;
+ $sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights WHERE fk_user = ".$this->id." AND fk_id=".$nid." AND entity = ".$entity;
if (! $this->db->query($sql)) $error++;
- $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (fk_user, fk_id) VALUES (".$this->id.", ".$nid.")";
+ $sql = "INSERT INTO ".MAIN_DB_PREFIX."user_rights (entity, fk_user, fk_id) VALUES (".$entity.", ".$this->id.", ".$nid.")";
if (! $this->db->query($sql)) $error++;
$i++;
@@ -581,6 +581,7 @@ class User extends CommonObject
$sql = "DELETE FROM ".MAIN_DB_PREFIX."user_rights";
$sql.= " WHERE fk_user = ".$this->id." AND fk_id=".$nid;
+ $sql.= " AND entity = ".$entity;
if (! $this->db->query($sql)) $error++;
$i++;
@@ -660,7 +661,7 @@ class User extends CommonObject
$sql.= " FROM ".MAIN_DB_PREFIX."user_rights as ur";
$sql.= ", ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.id = ur.fk_id";
- $sql.= " AND r.entity IN (0,".(! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)?"1,":"").$conf->entity.")";
+ $sql.= " AND ur.entity = ".$conf->entity;
$sql.= " AND ur.fk_user= ".$this->id;
$sql.= " AND r.perms IS NOT NULL";
if ($moduletag) $sql.= " AND r.module = '".$this->db->escape($moduletag)."'";
@@ -706,11 +707,8 @@ class User extends CommonObject
$sql.= " ".MAIN_DB_PREFIX."usergroup_user as gu,";
$sql.= " ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.id = gr.fk_id";
- if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) {
- $sql.= " AND gu.entity IN (0,".$conf->entity.")";
- } else {
- $sql.= " AND r.entity = ".$conf->entity;
- }
+ $sql.= " AND gr.entity = ".$conf->entity;
+ $sql.= " AND r.entity = ".$conf->entity;
$sql.= " AND gr.fk_usergroup = gu.fk_usergroup";
$sql.= " AND gu.fk_user = ".$this->id;
$sql.= " AND r.perms IS NOT NULL";
@@ -2014,14 +2012,14 @@ class User extends CommonObject
$result=''; $label='';
$link=''; $linkstart=''; $linkend='';
-
+
if (! empty($this->photo))
{
$label.= '
';
diff --git a/htdocs/user/group/ldap.php b/htdocs/user/group/ldap.php
index 2ced8e11d4b..6d987be85cb 100644
--- a/htdocs/user/group/ldap.php
+++ b/htdocs/user/group/ldap.php
@@ -1,6 +1,6 @@
- * Copyright (C) 2006-2012 Regis Houssin
+ * Copyright (C) 2006-2017 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -33,6 +33,12 @@ $langs->load("companies");
$langs->load("ldap");
$langs->load("users");
+// Users/Groups management only in master entity if transverse mode
+if (! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE)
+{
+ accessforbidden();
+}
+
$canreadperms=true;
if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
{
@@ -98,7 +104,7 @@ $head = group_prepare_head($object);
dol_fiche_head($head, 'ldap', $langs->trans("Group"), -1, 'group');
dol_banner_tab($object,'id','',$user->rights->user->user->lire || $user->admin);
-
+
print '
';
print '';
diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php
index 5262857afb2..77532de7c3e 100644
--- a/htdocs/user/group/perms.php
+++ b/htdocs/user/group/perms.php
@@ -3,7 +3,7 @@
* Copyright (C) 2002-2003 Jean-Louis Bergamo
* Copyright (C) 2004-2010 Laurent Destailleur
* Copyright (C) 2004 Eric Seigne
- * Copyright (C) 2005-2012 Regis Houssin
+ * Copyright (C) 2005-2017 Regis Houssin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -38,6 +38,12 @@ $confirm=GETPOST('confirm', 'alpha');
$module=GETPOST('module', 'alpha');
$rights=GETPOST('rights', 'int');
+// Users/Groups management only in master entity if transverse mode
+if (! empty($conf->multicompany->enabled) && $conf->entity > 1 && $conf->global->MULTICOMPANY_TRANSVERSE_MODE)
+{
+ accessforbidden();
+}
+
// Defini si peux lire les permissions
$canreadperms=($user->admin || $user->rights->user->user->lire);
// Defini si peux modifier les permissions
@@ -53,22 +59,44 @@ if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
if (! $canreadperms) accessforbidden();
+$object = new Usergroup($db);
+$object->fetch($id);
+$object->getrights();
+
+$entity=$conf->entity;
+if (! empty($conf->multicompany->enabled))
+{
+ if (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
+ $entity=(GETPOST('entity','int') ? GETPOST('entity','int') : $conf->entity);
+ else
+ $entity=(! empty($object->entity) ? $object->entity : $conf->entity);
+}
+
+// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
+$hookmanager->initHooks(array('groupcard','globalcard'));
+
/**
* Actions
*/
-if ($action == 'addrights' && $caneditperms)
-{
- $editgroup = new Usergroup($db);
- $result=$editgroup->fetch($id);
- if ($result > 0) $editgroup->addrights($rights, $module);
-}
+$parameters=array();
+$reshook=$hookmanager->executeHooks('doActions',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
-if ($action == 'delrights' && $caneditperms)
-{
- $editgroup = new Usergroup($db);
- $result=$editgroup->fetch($id);
- if ($result > 0) $editgroup->delrights($rights, $module);
+if (empty($reshook)) {
+ if ($action == 'addrights' && $caneditperms)
+ {
+ $editgroup = new Usergroup($db);
+ $result=$editgroup->fetch($id);
+ if ($result > 0) $editgroup->addrights($rights, $module, '', $entity);
+ }
+
+ if ($action == 'delrights' && $caneditperms)
+ {
+ $editgroup = new Usergroup($db);
+ $result=$editgroup->fetch($id);
+ if ($result > 0) $editgroup->delrights($rights, $module, '', $entity);
+ }
}
@@ -80,12 +108,8 @@ $form = new Form($db);
llxHeader('',$langs->trans("Permissions"));
-if ($id)
+if ($object->id)
{
- $object = new Usergroup($db);
- $object->fetch($id);
- $object->getrights();
-
/*
* Affichage onglets
*/
@@ -127,7 +151,6 @@ if ($id)
// Load all permissions
if ($objMod->rights_class)
{
- $entity=((! empty($conf->multicompany->enabled) && ! empty($object->entity)) ? $object->entity : null);
$ret=$objMod->insert_permissions(0, $entity);
$modules[$objMod->rights_class]=$objMod;
}
@@ -140,56 +163,42 @@ if ($id)
$db->commit();
// Lecture des droits groupes
- $permsgroup = array();
+ $permsgroupbyentity = array();
- $sql = "SELECT r.id, r.libelle, r.module ";
- $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
- $sql.= ", ".MAIN_DB_PREFIX."usergroup_rights as ugr";
- $sql.= " WHERE ugr.fk_id = r.id";
- if(! empty($conf->multicompany->enabled))
- {
- if (empty($conf->multicompany->transverse_mode))
- {
- $sql.= " AND r.entity = ".$object->entity;
- }
- else
- {
- $sql.= " AND r.entity IN (0,1)";
- }
- }
- else
- {
- $sql.= " AND r.entity IN (0,".$conf->entity.")";
- }
-
- $sql.= " AND ugr.fk_usergroup = ".$object->id;
+ $sql = "SELECT DISTINCT r.id, r.libelle, r.module, gr.entity";
+ $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
+ $sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr";
+ $sql.= " WHERE gr.fk_id = r.id";
+ $sql.= " AND gr.entity = ".$entity;
+ $sql.= " AND gr.fk_usergroup = ".$object->id;
+ dol_syslog("get user perms", LOG_DEBUG);
$result=$db->query($sql);
-
if ($result)
{
- $num = $db->num_rows($result);
- $i = 0;
- while ($i < $num)
- {
- $obj = $db->fetch_object($result);
- array_push($permsgroup,$obj->id);
- $i++;
- }
- $db->free($result);
+ $num = $db->num_rows($result);
+ $i = 0;
+ while ($i < $num)
+ {
+ $obj = $db->fetch_object($result);
+ if (! isset($permsgroupbyentity[$obj->entity]))
+ $permsgroupbyentity[$obj->entity] = array();
+ array_push($permsgroupbyentity[$obj->entity], $obj->id);
+ $i++;
+ }
+ $db->free($result);
}
else
{
- dol_print_error($db);
+ dol_print_error($db);
}
-
-
+
dol_banner_tab($object,'id','',$user->rights->user->user->lire || $user->admin);
-
+
print '
';
print '';
-
+
/*
* Ecran ajout/suppression permission
*/
@@ -214,6 +223,10 @@ if ($id)
if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
+ $parameters=array();
+ $reshook=$hookmanager->executeHooks('insertExtraHeader',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
+ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
print '
';
print '
';
print '
'.$langs->trans("Module").'
';
@@ -225,22 +238,7 @@ if ($id)
$sql = "SELECT r.id, r.libelle, r.module";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
- if(! empty($conf->multicompany->enabled))
- {
- if (empty($conf->multicompany->transverse_mode))
- {
- $sql.= " AND r.entity = ".$object->entity;
- }
- else
- {
- $sql.= " AND r.entity IN (0,1)";
- }
- }
- else
- {
- $sql.= " AND r.entity = ".$conf->entity;
- }
-
+ $sql.= " AND r.entity = " . $entity;
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable
$sql.= " ORDER BY r.module, r.id";
@@ -279,9 +277,9 @@ if ($id)
print '
';
- if (in_array($obj->id, $permsgroup))
+ if (is_array($permsgroupbyentity[$entity]))
{
- // Own permission by group
- if ($caneditperms)
- {
- print '
';
-
+
+ $parameters=array();
+ $reshook=$hookmanager->executeHooks('insertExtraFooter',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
+ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
dol_fiche_end();
}
diff --git a/htdocs/user/hierarchy.php b/htdocs/user/hierarchy.php
index 9e7f6583f6e..3e82e2b6357 100644
--- a/htdocs/user/hierarchy.php
+++ b/htdocs/user/hierarchy.php
@@ -73,7 +73,7 @@ $user_arbo = $userstatic->get_full_tree(0, ($search_statut != '' && $search_stat
if (! is_array($user_arbo) && $user_arbo < 0)
{
- setEventMessages($userstatic->error, $userstatic->errors, 'warnings');
+ setEventMessages($userstatic->error, $userstatic->errors, 'warnings');
}
else
{
@@ -97,24 +97,21 @@ foreach($fulltree as $key => $val)
$userstatic->admin=$val['admin'];
$userstatic->entity=$val['entity'];
$userstatic->photo=$val['photo'];
-
+
$entity=$val['entity'];
$entitystring='';
// TODO Set of entitystring should be done with a hook
- if (is_object($mc))
+ if (! empty($conf->multicompany->enabled) && is_object($mc))
{
- if (! empty($conf->multicompany->enabled))
+ if (empty($entity))
{
- if (empty($entity))
- {
- $entitystring=$langs->trans("AllEntities");
- }
- else
- {
- $mc->getInfo($entity);
- $entitystring=$mc->label;
- }
+ $entitystring=$langs->trans("AllEntities");
+ }
+ else
+ {
+ $mc->getInfo($entity);
+ $entitystring=$mc->label;
}
}
@@ -128,7 +125,7 @@ foreach($fulltree as $key => $val)
$li.=img_picto($langs->trans("Administrator"),'star');
}
$li.=' ('.$val['login'].($entitystring?' - '.$entitystring:'').')';
-
+
$data[] = array(
'rowid'=>$val['rowid'],
'fk_menu'=>$val['fk_user'],
diff --git a/htdocs/user/home.php b/htdocs/user/home.php
index 66a4448491e..7c464ce2e45 100644
--- a/htdocs/user/home.php
+++ b/htdocs/user/home.php
@@ -100,7 +100,7 @@ $sql.= ", s.code_client";
$sql.= ", s.canvas";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_soc = s.rowid";
-if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->multicompany->transverse_mode || ($user->admin && ! $user->entity)))
+if (! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->global->MULTICOMPANY_TRANSVERSE_MODE || ($user->admin && ! $user->entity)))
{
$sql.= " WHERE u.entity IS NOT NULL";
}
@@ -212,7 +212,7 @@ if ($canreadperms)
$sql = "SELECT g.rowid, g.nom as name, g.note, g.entity, g.datec";
$sql.= " FROM ".MAIN_DB_PREFIX."usergroup as g";
- if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->multicompany->transverse_mode || ($user->admin && ! $user->entity)))
+ if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && ($conf->global->MULTICOMPANY_TRANSVERSE_MODE || ($user->admin && ! $user->entity)))
{
$sql.= " WHERE g.entity IS NOT NULL";
}
diff --git a/htdocs/user/index.php b/htdocs/user/index.php
index 898851d2108..415665bc5fc 100644
--- a/htdocs/user/index.php
+++ b/htdocs/user/index.php
@@ -92,7 +92,7 @@ $arrayfields=array(
'u.accountancy_code'=>array('label'=>$langs->trans("AccountancyCode"), 'checked'=>0),
'u.email'=>array('label'=>$langs->trans("EMail"), 'checked'=>1),
'u.fk_soc'=>array('label'=>$langs->trans("Company"), 'checked'=>1),
- 'u.entity'=>array('label'=>$langs->trans("Entity"), 'checked'=>1, 'enabled'=>(! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode))),
+ 'u.entity'=>array('label'=>$langs->trans("Entity"), 'checked'=>1, 'enabled'=>(! empty($conf->multicompany->enabled) && empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))),
'u.fk_user'=>array('label'=>$langs->trans("HierarchicalResponsible"), 'checked'=>1),
'u.datelastlogin'=>array('label'=>$langs->trans("LastConnexion"), 'checked'=>1, 'position'=>100),
'u.datepreviouslogin'=>array('label'=>$langs->trans("PreviousConnexion"), 'checked'=>0, 'position'=>110),
@@ -194,7 +194,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."user as u";
if (is_array($extrafields->attribute_label) && count($extrafields->attribute_label)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user_extrafields as ef on (u.rowid = ef.fk_object)";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON u.fk_soc = s.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as u2 ON u.fk_user = u2.rowid";
-if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && (! empty($conf->multicompany->transverse_mode) || (! empty($user->admin) && empty($user->entity))))
+if(! empty($conf->multicompany->enabled) && $conf->entity == 1 && (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) || (! empty($user->admin) && empty($user->entity))))
{
$sql.= " WHERE u.entity IS NOT NULL";
}
@@ -545,7 +545,7 @@ while ($i < min($num,$limit))
print '';
}
// Multicompany enabled
- if (! empty($conf->multicompany->enabled) && empty($conf->multicompany->transverse_mode))
+ if (! empty($conf->multicompany->enabled) && is_object($mc) && empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
{
if (! empty($arrayfields['u.entity']['checked']))
{
@@ -556,12 +556,8 @@ while ($i < min($num,$limit))
}
else
{
- // $mc is defined in conf.class.php if multicompany enabled.
- if (is_object($mc))
- {
- $mc->getInfo($obj->entity);
- print $mc->label;
- }
+ $mc->getInfo($obj->entity);
+ print $mc->label;
}
print '';
}
@@ -581,7 +577,7 @@ while ($i < min($num,$limit))
$user2->photo=$obj->photo2;
$user2->admin=$obj->admin2;
$user2->email=$obj->email2;
- $user2->societe_id=$obj->fk_soc2;
+ $user2->socid=$obj->fk_soc2;
print $user2->getNomUrl(-1,'',0,0,24,0,'');
if (! empty($conf->multicompany->enabled) && $obj->admin2 && ! $obj->entity2)
{
diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php
index b40c79f783e..5de1a3b80ac 100644
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -3,7 +3,7 @@
* Copyright (C) 2002-2003 Jean-Louis Bergamo
* Copyright (C) 2004-2015 Laurent Destailleur
* Copyright (C) 2004 Eric Seigne
- * Copyright (C) 2005-2015 Regis Houssin
+ * Copyright (C) 2005-2017 Regis Houssin
* Copyright (C) 2012 Juanjo Menent
*
* This program is free software; you can redistribute it and/or modify
@@ -38,7 +38,6 @@ $action=GETPOST('action', 'alpha');
$confirm=GETPOST('confirm', 'alpha');
$module=GETPOST('module', 'alpha');
$rights=GETPOST('rights', 'int');
-$entity=(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity);
if (! isset($id) || empty($id)) accessforbidden();
@@ -71,6 +70,15 @@ $object = new User($db);
$object->fetch($id, '', '', 1);
$object->getrights();
+$entity=$conf->entity;
+if (! empty($conf->multicompany->enabled))
+{
+ if (! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
+ $entity=(GETPOST('entity','int') ? GETPOST('entity','int') : $conf->entity);
+ else
+ $entity=(! empty($object->entity) ? $object->entity : $conf->entity);
+}
+
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('usercard','globalcard'));
@@ -86,12 +94,11 @@ if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'e
if (empty($reshook)) {
if ($action == 'addrights' && $caneditperms) {
$edituser = new User($db);
- $edituser->fetch($id);
- //$edituser->addrights($rights, $module, '', $entity); // TODO unused for the moment
- $edituser->addrights($rights, $module);
+ $edituser->fetch($object->id);
+ $edituser->addrights($rights, $module, '', $entity);
// Si on a touche a ses propres droits, on recharge
- if ($id == $user->id) {
+ if ($object->id == $user->id) {
$user->clearrights();
$user->getrights();
$menumanager->loadMenu();
@@ -100,12 +107,11 @@ if (empty($reshook)) {
if ($action == 'delrights' && $caneditperms) {
$edituser = new User($db);
- $edituser->fetch($id);
- //$edituser->delrights($rights, $module, '', $entity); // TODO unused for the moment
- $edituser->delrights($rights, $module);
+ $edituser->fetch($object->id);
+ $edituser->delrights($rights, $module, '', $entity);
// Si on a touche a ses propres droits, on recharge
- if ($id == $user->id) {
+ if ($object->id == $user->id) {
$user->clearrights();
$user->getrights();
$menumanager->loadMenu();
@@ -161,8 +167,7 @@ foreach($modulesdir as $dir)
// Load all permissions
if ($objMod->rights_class)
{
- $forceEntity=((! empty($conf->multicompany->enabled) && ! empty($object->entity)) ? $object->entity : null);
- $ret=$objMod->insert_permissions(0, $forceEntity);
+ $ret=$objMod->insert_permissions(0, $entity);
$modules[$objMod->rights_class]=$objMod;
//print "modules[".$objMod->rights_class."]=$objMod;";
}
@@ -177,22 +182,11 @@ $db->commit();
// Lecture des droits utilisateurs
$permsuser = array();
-$sql = "SELECT r.id, r.libelle, r.module";
+$sql = "SELECT DISTINCT r.id, r.libelle, r.module";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
$sql.= " ".MAIN_DB_PREFIX."user_rights as ur";
$sql.= " WHERE ur.fk_id = r.id";
-if (! empty($conf->multicompany->enabled))
-{
- if (1==2 && ! empty($conf->multicompany->transverse_mode)) {
- $sql.= " AND r.entity = ".(GETPOST('entity','int')?GETPOST('entity','int'):$conf->entity); // TODO unused for the moment
- } else {
- $sql.= " AND r.entity = ".(! empty($object->entity) ? $object->entity : $conf->entity);
- }
-}
-else
-{
- $sql.= " AND r.entity = ".$conf->entity;
-}
+$sql.= " AND ur.entity = ".$entity;
$sql.= " AND ur.fk_user = ".$object->id;
dol_syslog("get user perms", LOG_DEBUG);
@@ -216,18 +210,13 @@ else
// Lecture des droits groupes
$permsgroupbyentity = array();
-$aEntities = array();
-$sql = "SELECT r.id, r.libelle, r.module, gu.entity";
+$sql = "SELECT DISTINCT r.id, r.libelle, r.module, gu.entity";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r,";
$sql.= " ".MAIN_DB_PREFIX."usergroup_rights as gr,";
$sql.= " ".MAIN_DB_PREFIX."usergroup_user as gu";
$sql.= " WHERE gr.fk_id = r.id";
-if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode)) {
- $sql.= " AND gu.entity IS NOT NULL";
-} else {
- $sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($object->entity)) ? $object->entity : $conf->entity);
-}
+$sql.= " AND gr.entity = ".$entity;
$sql.= " AND gr.fk_usergroup = gu.fk_usergroup";
$sql.= " AND gu.fk_user = ".$object->id;
@@ -272,17 +261,10 @@ if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivat
// Show warning about external users
if (empty($user->societe_id)) print info_admin(showModulesExludedForExternal($modules))."\n";
-// For multicompany transversal mode
-// TODO Place a hook here
-if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
-{
- $aEntities=array_keys($permsgroupbyentity);
- sort($aEntities);
- $entity = (GETPOST('entity', 'int')?GETPOST('entity', 'int'):$aEntities[0]);
- $head = entity_prepare_head($object, $aEntities);
- $title = $langs->trans("Entities");
- dol_fiche_head($head, $entity, $title, 1, 'multicompany@multicompany');
-}
+$parameters=array('permsgroupbyentity'=>$permsgroupbyentity);
+$reshook=$hookmanager->executeHooks('insertExtraHeader',$parameters,$object,$action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+
print "\n";
print '
';
@@ -297,7 +279,7 @@ print ''."\n";
$sql = "SELECT r.id, r.libelle, r.module";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
-$sql.= " AND r.entity = ".((! empty($conf->multicompany->enabled) && ! empty($object->entity)) ? $object->entity : $conf->entity);
+$sql.= " AND r.entity = " . $entity;
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable
$sql.= " ORDER BY r.module, r.id";
@@ -336,9 +318,9 @@ if ($result)
print '