FIX #yogosha5748
This commit is contained in:
Laurent Destailleur
parent
92da23945b
commit
5ce9bc5801
@ -563,6 +563,8 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
|
||||
foreach ($featuresarray as $feature) {
|
||||
$sql = '';
|
||||
|
||||
//var_dump($feature);
|
||||
|
||||
// For backward compatibility
|
||||
if ($feature == 'member') {
|
||||
$feature = 'adherent';
|
||||
@ -574,7 +576,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
|
||||
$feature = 'projet_task';
|
||||
}
|
||||
|
||||
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'website'); // Test on entity only (Objects with no link to company)
|
||||
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salary', 'website'); // Test on entity only (Objects with no link to company)
|
||||
$checksoc = array('societe'); // Test for societe object
|
||||
$checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
|
||||
$checkproject = array('projet', 'project'); // Test for project object
|
||||
|
||||
@ -45,6 +45,7 @@ if (!empty($conf->projet->enabled)) {
|
||||
}
|
||||
|
||||
$id = GETPOSTINT('id');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$cancel = GETPOST('cancel', 'aZ09');
|
||||
$accountid = GETPOST('accountid', 'int') > 0 ? GETPOST('accountid', 'int') : 0;
|
||||
@ -63,13 +64,6 @@ $dateep = dol_mktime(12, 0, 0, GETPOST("dateepmonth", 'int'), GETPOST("dateepday
|
||||
$label = GETPOST('label', 'alphanohtml');
|
||||
$fk_user = GETPOSTINT('userid');
|
||||
|
||||
// Security check
|
||||
$socid = GETPOSTINT('socid');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'salaries', '', '', '');
|
||||
|
||||
$object = new Salary($db);
|
||||
$extrafields = new ExtraFields($db);
|
||||
|
||||
@ -79,6 +73,18 @@ $extrafields->fetch_name_optionals_label($object->table_element);
|
||||
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
|
||||
$hookmanager->initHooks(array('salarycard', 'globalcard'));
|
||||
|
||||
$object = new Salary($db);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
}
|
||||
|
||||
// Security check
|
||||
$socid = GETPOSTINT('socid');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
restrictedArea($user, 'salaries', $object->id, 'salary', '');
|
||||
|
||||
|
||||
/**
|
||||
* Actions
|
||||
@ -885,21 +891,22 @@ if ($id) {
|
||||
/*
|
||||
* Action bar
|
||||
*/
|
||||
|
||||
print '<div class="tabsAction">'."\n";
|
||||
if ($action != 'edit') {
|
||||
// Reopen
|
||||
if ($object->paye && $user->rights->salaries->write) {
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".dol_buildpath("/salaries/card.php", 1)."?id=$object->id&action=reopen\">".$langs->trans("ReOpen")."</a></div>";
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".dol_buildpath("/salaries/card.php", 1)."?id=".$object->id.'&action=reopen&token='.newToken().'">'.$langs->trans("ReOpen")."</a></div>";
|
||||
}
|
||||
|
||||
// Edit
|
||||
if ($object->paye == 0 && $user->rights->salaries->write) {
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/card.php?id=$object->id&action=edit\">".$langs->trans("Modify")."</a></div>";
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/card.php?id=".$object->id.'&action=edit&token='.newToken().'">'.$langs->trans("Modify")."</a></div>";
|
||||
}
|
||||
|
||||
// Emit payment
|
||||
if ($object->paye == 0 && ((price2num($object->amount) < 0 && price2num($resteapayer, 'MT') < 0) || (price2num($object->amount) > 0 && price2num($resteapayer, 'MT') > 0)) && $user->rights->salaries->write) {
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/paiement_salary.php?id=$object->id&action=create\">".$langs->trans("DoPayment")."</a></div>";
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/paiement_salary.php?id=".$object->id.'&action=create&token='.newToken().'">'.$langs->trans("DoPayment")."</a></div>";
|
||||
}
|
||||
|
||||
// Classify 'paid'
|
||||
@ -909,16 +916,16 @@ if ($id) {
|
||||
|| (round($resteapayer) >= 0 && $object->amount < 0)
|
||||
)
|
||||
&& $user->rights->salaries->write) {
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/card.php?id=$object->id&action=paid\">".$langs->trans("ClassifyPaid")."</a></div>";
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/card.php?id=".$object->id.'&action=paid&token='.newToken().'">'.$langs->trans("ClassifyPaid")."</a></div>";
|
||||
}
|
||||
|
||||
// Clone
|
||||
if ($user->rights->salaries->write) {
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".dol_buildpath("/salaries/card.php", 1)."?id=$object->id&action=clone\">".$langs->trans("ToClone")."</a></div>";
|
||||
print "<div class=\"inline-block divButAction\"><a class=\"butAction\" href=\"".DOL_URL_ROOT."/salaries/card.php?id=".$object->id.'&action=clone&token='.newToken().'">'.$langs->trans("ToClone")."</a></div>";
|
||||
}
|
||||
|
||||
if (!empty($user->rights->salaries->delete) && empty($totalpaye)) {
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?id='.$object->id.'&action=delete">'.$langs->trans("Delete").'</a></div>';
|
||||
print '<div class="inline-block divButAction"><a class="butActionDelete" href="card.php?id='.$object->id.'&action=delete&token='.newToken().'">'.$langs->trans("Delete").'</a></div>';
|
||||
} else {
|
||||
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.(dol_escape_htmltag($langs->trans("DisabledBecausePayments"))).'">'.$langs->trans("Delete").'</a></div>';
|
||||
}
|
||||
|
||||
@ -44,14 +44,6 @@ $ref = GETPOST('ref', 'alpha');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$confirm = GETPOST('confirm', 'alpha');
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'salaries', '', '', '');
|
||||
|
||||
|
||||
// Get parameters
|
||||
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
|
||||
$sortfield = GETPOST('sortfield', 'aZ09comma');
|
||||
@ -70,13 +62,21 @@ if (!$sortfield) {
|
||||
$sortfield = "name";
|
||||
}
|
||||
|
||||
|
||||
$object = new Salary($db);
|
||||
$object->fetch($id, $ref);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
}
|
||||
|
||||
$upload_dir = $conf->salaries->dir_output.'/'.dol_sanitizeFileName($object->id);
|
||||
$modulepart = 'salaries';
|
||||
|
||||
// Security check
|
||||
$socid = GETPOSTINT('socid');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
restrictedArea($user, 'salaries', $object->id, 'salary', '');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -33,14 +33,20 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
|
||||
$langs->loadLangs(array("compta", "bills", "users", "salaries", "hrm"));
|
||||
|
||||
$id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
|
||||
$object = new Salary($db);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
}
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'salaries', '', '', '');
|
||||
restrictedArea($user, 'salaries', $object->id, 'salary', '');
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -108,13 +108,6 @@ if (!GETPOST('search_type_id', 'int')) {
|
||||
|
||||
$childids = $user->getAllChildIds(1);
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'salaries', '', '', '');
|
||||
|
||||
// Initialize array of search criterias
|
||||
$search_all = GETPOST("search_all", 'alpha');
|
||||
$search = array();
|
||||
@ -161,6 +154,13 @@ $permissiontoread = $user->rights->salaries->read;
|
||||
$permissiontoadd = $user->rights->salaries->write;
|
||||
$permissiontodelete = $user->rights->salaries->delete;
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
restrictedArea($user, 'salaries', '', 'salary', '');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -18,9 +18,9 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file htdocs/compta/paiement_charge.php
|
||||
* \ingroup tax
|
||||
* \brief Page to add payment of a tax
|
||||
* \file htdocs/compta/paiement_salary.php
|
||||
* \ingroup salary
|
||||
* \brief Page to add payment of a salary
|
||||
*/
|
||||
|
||||
require '../main.inc.php';
|
||||
@ -31,16 +31,25 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->load("bills");
|
||||
|
||||
$chid = GETPOST("id", 'int');
|
||||
$action = GETPOST('action', 'alpha');
|
||||
$cancel = GETPOST('cancel', 'alpha');
|
||||
$confirm = GETPOST('confirm', 'alpha');
|
||||
|
||||
$id = GETPOSTINT('id');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
$amounts = array();
|
||||
|
||||
$object = new Salary($db);
|
||||
if ($id > 0 || !empty($ref)) {
|
||||
$object->fetch($id, $ref);
|
||||
}
|
||||
|
||||
// Security check
|
||||
$socid = 0;
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid > 0) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
restrictedArea($user, 'salaries', $object->id, 'salary', '');
|
||||
|
||||
|
||||
/*
|
||||
@ -51,7 +60,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
|
||||
$error = 0;
|
||||
|
||||
if ($cancel) {
|
||||
$loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid;
|
||||
$loc = DOL_URL_ROOT.'/salaries/card.php?id='.$id;
|
||||
header("Location: ".$loc);
|
||||
exit;
|
||||
}
|
||||
@ -96,7 +105,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
|
||||
|
||||
// Create a line of payments
|
||||
$paiement = new PaymentSalary($db);
|
||||
$paiement->chid = $chid;
|
||||
$paiement->chid = $id;
|
||||
$paiement->datepaye = $datepaye;
|
||||
$paiement->amounts = $amounts; // Tableau de montant
|
||||
$paiement->paiementtype = GETPOST("paiementtype", 'alphanohtml');
|
||||
@ -124,7 +133,7 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
|
||||
|
||||
if (!$error) {
|
||||
$db->commit();
|
||||
$loc = DOL_URL_ROOT.'/salaries/card.php?id='.$chid;
|
||||
$loc = DOL_URL_ROOT.'/salaries/card.php?id='.$id;
|
||||
header('Location: '.$loc);
|
||||
exit;
|
||||
} else {
|
||||
@ -139,15 +148,16 @@ if ($action == 'add_payment' || ($action == 'confirm_paiement' && $confirm == 'y
|
||||
* View
|
||||
*/
|
||||
|
||||
llxHeader();
|
||||
|
||||
$form = new Form($db);
|
||||
|
||||
$help_url = '';
|
||||
|
||||
llxHeader('', '', $help_url);
|
||||
|
||||
$salary = $object;
|
||||
|
||||
// Formulaire de creation d'un paiement de charge
|
||||
if ($action == 'create') {
|
||||
$salary = new Salary($db); // Salary to pay
|
||||
$salary->fetch($chid);
|
||||
$salary->accountid = $salary->fk_account ? $salary->fk_account : $salary->accountid;
|
||||
$salary->paiementtype = $salary->mode_reglement_id ? $salary->mode_reglement_id : $salary->paiementtype;
|
||||
|
||||
@ -171,15 +181,15 @@ if ($action == 'create') {
|
||||
|
||||
print '<form name="add_payment" action="'.$_SERVER['PHP_SELF'].'" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="id" value="'.$chid.'">';
|
||||
print '<input type="hidden" name="chid" value="'.$chid.'">';
|
||||
print '<input type="hidden" name="id" value="'.$id.'">';
|
||||
print '<input type="hidden" name="chid" value="'.$id.'">';
|
||||
print '<input type="hidden" name="action" value="add_payment">';
|
||||
|
||||
print dol_get_fiche_head();
|
||||
|
||||
print '<table class="border centpercent">';
|
||||
|
||||
print '<tr><td class="titlefieldcreate">'.$langs->trans("Ref").'</td><td><a href="'.DOL_URL_ROOT.'/salaries/card.php?id='.$chid.'">'.$chid.'</a></td></tr>';
|
||||
print '<tr><td class="titlefieldcreate">'.$langs->trans("Ref").'</td><td><a href="'.DOL_URL_ROOT.'/salaries/card.php?id='.$id.'">'.$id.'</a></td></tr>';
|
||||
print '<tr><td>'.$langs->trans("DateStart")."</td><td>".dol_print_date($salary->datesp, 'day')."</td></tr>\n";
|
||||
print '<tr><td>'.$langs->trans("DateEnd")."</td><td>".dol_print_date($salary->dateep, 'day')."</td></tr>\n";
|
||||
print '<tr><td>'.$langs->trans("Label").'</td><td>'.$salary->label."</td></tr>\n";
|
||||
@ -188,7 +198,7 @@ if ($action == 'create') {
|
||||
|
||||
$sql = "SELECT sum(p.amount) as total";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."payment_salary as p";
|
||||
$sql .= " WHERE p.fk_salary = ".((int) $chid);
|
||||
$sql .= " WHERE p.fk_salary = ".((int) $id);
|
||||
$resql = $db->query($sql);
|
||||
if ($resql) {
|
||||
$obj = $db->fetch_object($resql);
|
||||
|
||||
@ -41,14 +41,13 @@ $id = GETPOST("id", 'int');
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$confirm = GETPOST('confirm');
|
||||
if ($user->socid) $socid = $user->socid;
|
||||
// TODO ajouter regle pour restreindre acces paiement
|
||||
//$result = restrictedArea($user, 'facture', $id,'');
|
||||
|
||||
$object = new PaymentSalary($db);
|
||||
if ($id > 0) {
|
||||
$result = $object->fetch($id);
|
||||
if (!$result) dol_print_error($db, 'Failed to get payment id '.$id);
|
||||
}
|
||||
restrictedArea($user, 'salaries', $object->fk_salary, 'salary', ''); // $object is payment of salary
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -97,11 +97,6 @@ if (!GETPOST('search_type_id', 'int')) {
|
||||
|
||||
$childids = $user->getAllChildIds(1);
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid) $socid = $user->socid;
|
||||
$result = restrictedArea($user, 'salaries', '', '', '');
|
||||
|
||||
// Initialize array of search criterias
|
||||
$search_all = GETPOST("search_all", 'alpha');
|
||||
$search = array();
|
||||
@ -119,6 +114,13 @@ $permissiontoread = $user->rights->salaries->read;
|
||||
$permissiontoadd = $user->rights->salaries->write;
|
||||
$permissiontodelete = $user->rights->salaries->delete;
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST("socid", "int");
|
||||
if ($user->socid > 0) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
restrictedArea($user, 'salaries', 0, 'salary', '');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
Loading…
Reference in New Issue
Block a user