lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #6680 User with restricted supplier invoice permissions sees "reopen" button even if he has no permission to do it

Browse Source 
Close #6680
This commit is contained in:
Marcos García de La Fuente 2017-04-09 17:38:59 +02:00
parent fe4f71296f
commit 59fa5c2fe6
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/fourn/facture/card.php
View File

@ -2135,13 +2135,17 @@ else
// Reopen a standard paid invoice
if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_REPLACEMENT) && ($object->statut == 2 || $object->statut == 3)) // A paid invoice (partially or completely)
{
if (! $facidnext && $object->close_code != 'replaced') // Not replaced by another invoice
if (! $facidnext && $object->close_code != 'replaced' && $user->rights->fournisseur->facture->creer) // Not replaced by another invoice
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans('ReOpen').'</a>';
}
else
{
print '<span class="butActionRefused" title="'.$langs->trans("DisabledBecauseReplacedInvoice").'">'.$langs->trans('ReOpen').'</span>';
if ($user->rights->fournisseur->facture->creer) {
print '<span class="butActionRefused" title="'.$langs->trans("DisabledBecauseReplacedInvoice").'">'.$langs->trans('ReOpen').'</span>';
} elseif (!$conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED) {
print '<span class="butActionRefused">'.$langs->trans('ReOpen').'</span>';
}
}
}