lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: A lot of fix into project permissions. Uniformize code.

Browse Source
This commit is contained in:
Laurent Destailleur 2012-02-04 18:34:52 +01:00
parent 01e5fabd0d
commit 62054f2f98
13 changed files with 179 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/company.lib.php
View File

@ -435,7 +435,7 @@ function show_projects($conf,$langs,$db,$object,$backtopage='')
$projectstatic->fetch($obj->rowid);
// To verify role of users
$userAccess = $projectstatic->restrictedProjectArea($user,1);
$userAccess = $projectstatic->restrictedProjectArea($user);
if ($user->rights->projet->lire && $userAccess > 0)
{

2
htdocs/core/lib/project.lib.php
View File

@ -687,7 +687,7 @@ function print_projecttasks_array($db, $socid, $projectsListId, $mytasks=0)
$projectstatic->public = $objp->public;
// Check is user has read permission on project
$userAccess = $projectstatic->restrictedProjectArea($user,1);
$userAccess = $projectstatic->restrictedProjectArea($user);
if ($userAccess >= 0)
{
$var=!$var;

38
htdocs/projet/class/project.class.php
View File

@ -170,9 +170,9 @@ class Project extends CommonObject
function update($user, $notrigger=0)
{
global $langs, $conf;
$error=0;
// Clean parameters
$this->title = trim($this->title);
$this->description = trim($this->description);
@ -499,7 +499,7 @@ class Project extends CommonObject
global $langs, $conf;
$error=0;
if ($this->statut != 1)
{
$this->db->begin();
@ -558,7 +558,7 @@ class Project extends CommonObject
global $langs, $conf;
$error=0;
if ($this->statut != 2)
{
$this->db->begin();
@ -789,21 +789,21 @@ class Project extends CommonObject
}
/**
* Check if user has read permission on project
* Check if user has permission on current project
*
* @param User $user Object user to evaluate
* @param int $noprint 0=Print forbidden message if no permission, 1=Return -1 if no permission
* @return void
* @param string $mode Type of permission we want to know: 'read', 'write'
* @return int >0 if user has permission, <0 if user has no permission
*/
function restrictedProjectArea($user, $noprint=0)
function restrictedProjectArea($user, $mode='read')
{
// To verify role of users
$userAccess = 0;
if ($user->rights->projet->all->lire)
if (($mode == 'read' && $user->rights->projet->all->lire) || ($mode == 'write' && $user->rights->projet->all->creer) || ($mode == 'delete' && $user->rights->projet->all->supprimer))
{
$userAccess = 1;
}
else if ($this->public && $user->rights->projet->lire)
else if ($this->public && (($mode == 'read' && $user->rights->projet->lire) || ($mode == 'write' && $user->rights->projet->creer) || ($mode == 'delete' && $user->rights->projet->supprimer)))
{
$userAccess = 1;
}
@ -819,7 +819,9 @@ class Project extends CommonObject
{
if (preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
{
$userAccess++;
if ($mode == 'read' && $user->rights->projet->lire) $userAccess++;
if ($mode == 'write' && $user->rights->projet->creer) $userAccess++;
if ($mode == 'delete' && $user->rights->projet->supprimer) $userAccess++;
}
$nblinks++;
}
@ -833,19 +835,7 @@ class Project extends CommonObject
//}
}
if (!$userAccess)
{
if (!$noprint)
{
accessforbidden('', 0);
}
else
{
return -1;
}
}
return $userAccess;
return ($userAccess?$userAccess:-1);
}
/**

60
htdocs/projet/contact.php
View File

@ -30,7 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
$langs->load("projects");
$langs->load("companies");
$projectid = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id');
$ref= GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
@ -38,7 +39,7 @@ $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
// Security check
$socid=0;
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
$result = restrictedArea($user, 'projet', $id);
/*
@ -51,9 +52,9 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
$result = 0;
$project = new Project($db);
$result = $project->fetch($projectid);
$result = $project->fetch($id);
if ($result > 0 && $projectid > 0)
if ($result > 0 && $id > 0)
{
$result = $project->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
}
@ -81,7 +82,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
{
$project = new Project($db);
if ($project->fetch($projectid))
if ($project->fetch($id))
{
$result=$project->swapContactStatus(GETPOST('ligne'));
}
@ -95,7 +96,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
if ($_GET["action"] == 'deleteline' && $user->rights->projet->creer)
{
$project = new Project($db);
$project->fetch($projectid);
$project->fetch($id);
$result = $project->delete_contact($_GET["lineid"]);
if ($result >= 0)
@ -130,8 +131,6 @@ $userstatic=new User($db);
/* *************************************************************************** */
dol_htmloutput_mesg($mesg);
$id = $_GET['id'];
$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$project = new Project($db);
@ -141,7 +140,10 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
//$userAccess = $project->restrictedProjectArea($user,'read');
$userWrite = $project->restrictedProjectArea($user,'write');
//$userDelete = $project->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'contact', $langs->trans("Project"), 0, ($project->public?'projectpub':'project'));
@ -157,8 +159,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
if (! $user->rights->projet->all->lire)
{
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
$project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref',$linkback,1,'ref','ref','');
print '</td></tr>';
@ -194,7 +199,7 @@ if ($id > 0 || ! empty($ref))
* Ajouter une ligne de contact
* Non affiche en mode modification de ligne
*/
if ($_GET["action"] != 'editline' && $user->rights->projet->creer && $userAccess)
if ($_GET["action"] != 'editline')
{
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Source").'</td>';
@ -230,7 +235,14 @@ if ($id > 0 || ! empty($ref))
print '<td>';
$formcompany->selectTypeContact($project, '', 'type','internal','rowid');
print '</td>';
print '<td align="right" colspan="3" ><input type="submit" class="button" value="'.$langs->trans("Add").'"></td>';
print '<td align="right" colspan="3" >';
if ($userWrite > 0 || $user->admin)
{
print '<input type="submit" class="button" value="'.$langs->trans("Add").'"';
if (! ($userWrite > 0 || $user->admin)) print ' disabled="disabled"';
print '>';
}
print '</td>';
print '</tr>';
print '</form>';
@ -263,9 +275,15 @@ if ($id > 0 || ! empty($ref))
print '<td>';
$formcompany->selectTypeContact($project, '', 'type','external','rowid');
print '</td>';
print '<td align="right" colspan="3" ><input type="submit" class="button" value="'.$langs->trans("Add").'"';
if (! $nbofcontacts) print ' disabled="disabled"';
print '></td>';
print '<td align="right" colspan="3" >';
if ($userWrite > 0 || $user->admin)
{
print '<input type="submit" class="button" value="'.$langs->trans("Add").'"';
if (! $nbofcontacts || ! ($userWrite > 0 || $user->admin)) print ' disabled="disabled"';
print '>';
}
print '</td>';
print '</tr>';
print "</form>";
@ -346,14 +364,14 @@ if ($id > 0 || ! empty($ref))
// Statut
print '<td align="center">';
// Activation desativation du contact
if ($project->statut >= 0 && $userAccess) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&amp;action=swapstatut&amp;ligne='.$tab[$i]['rowid'].'">';
if ($project->statut >= 0 && $userWrite > 0) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&amp;action=swapstatut&amp;ligne='.$tab[$i]['rowid'].'">';
print $contactstatic->LibStatut($tab[$i]['status'],3);
if ($project->statut >= 0 && $userAccess) print '</a>';
if ($project->statut >= 0 && $userWrite > 0) print '</a>';
print '</td>';
// Icon update et delete
print '<td align="center" nowrap>';
if ($user->rights->projet->creer && $userAccess)
if ($user->rights->projet->creer && $userWrite > 0)
{
print '&nbsp;';
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&amp;action=deleteline&amp;lineid='.$tab[$i]['rowid'].'">';
@ -375,7 +393,7 @@ if ($id > 0 || ! empty($ref))
}
}
$db->close();
llxFooter();
$db->close();
?>

40
htdocs/projet/document.php
View File

@ -30,10 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
$langs->load('projects');
$langs->load('other');
$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
$id = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id');
$ref= GETPOST('ref');
// Security check
$socid=0;
@ -51,11 +52,8 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$id = $_GET['id'];
$ref= $_GET['ref'];
$project = new Project($db);
if (! $project->fetch($_GET['id'],$_GET['ref']) > 0)
if (! $project->fetch($id,$ref) > 0)
{
dol_print_error($db);
exit;
@ -100,7 +98,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
}
// Delete
if ($_REQUEST['action'] == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer)
if ($action == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer)
{
$upload_dir = $conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref);
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
@ -126,8 +124,11 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
// To verify role of users
//$userAccess = $project->restrictedProjectArea($user,'read');
$userWrite = $project->restrictedProjectArea($user,'write');
//$userDelete = $project->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'document', $langs->trans("Project"), 0, ($project->public?'projectpub':'project'));
@ -140,7 +141,7 @@ if ($id > 0 || ! empty($ref))
$totalsize+=$file['size'];
}
if ($_GET["action"] == 'delete')
if ($action == 'delete')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&urlfile=".$_GET['urlfile'],$langs->trans("DeleteAFile"),$langs->trans("ConfirmDeleteAFile"),"confirm_delete",'','',1);
if ($ret == 'html') print '<br>';
@ -151,8 +152,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
if (! $user->rights->projet->all->lire)
{
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
$project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@ -181,25 +185,25 @@ if ($id > 0 || ! empty($ref))
print "</table>\n";
print "</div>\n";
if ($mesg) { print $mesg."<br>"; }
dol_htmloutput_mesg($mesg);
// Affiche formulaire upload
$formfile=new FormFile($db);
$formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,$user->rights->projet->creer);
$formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,($userWrite>0));
// List of document
$param='&id='.$project->id;
$formfile->list_of_documents($filearray,$project,'projet',$param);
$formfile->list_of_documents($filearray,$project,'projet',$param,0,'',($userWrite>0));
}
else
{
Header('Location: index.php');
dol_print_error('','NoRecordFound');
}
$db->close();
llxFooter();
$db->close();
?>

13
htdocs/projet/element.php
View File

@ -89,8 +89,11 @@ print '<table class="border" width="100%">';
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
if (! $user->rights->projet->all->lire)
{
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
$project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@ -223,7 +226,7 @@ foreach ($listofreferent as $key => $value)
// Amount
if (empty($value['disableamount'])) print '<td align="right">'.(isset($element->total_ttc)?price($element->total_ttc):'&nbsp;').'</td>';
// Status
print '<td align="right">'.$element->getLibStatut(5).'</td>';
@ -281,7 +284,7 @@ foreach ($listofreferent as $key => $value)
}
}
$db->close();
llxFooter();
$db->close();
?>

98
htdocs/projet/fiche.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
@ -33,10 +33,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/modules/project/modules_project.php");
$langs->load("projects");
$langs->load('companies');
$projectid = GETPOST('id','int');
$projectref = GETPOST('ref');
$id=GETPOST('id','int');
$ref = GETPOST('ref');
$action=GETPOST('action');
if ($projectid == '' && $projectref == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();
if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && ! $_POST["cancel"])) accessforbidden();
$mine = GETPOST('mode')=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
@ -44,7 +45,7 @@ $mine = GETPOST('mode')=='mine' ? 1 : 0;
// Security check
$socid=0;
if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
$result = restrictedArea($user, 'projet', $id);
@ -60,7 +61,7 @@ if (GETPOST("cancel") && GETPOST('backtopage'))
exit;
}
if ($_POST["action"] == 'add' && $user->rights->projet->creer)
if ($action == 'add' && $user->rights->projet->creer)
{
$error=0;
if (empty($_POST["ref"]))
@ -121,20 +122,20 @@ if ($_POST["action"] == 'add' && $user->rights->projet->creer)
{
$db->rollback();
$_GET["action"] = 'create';
$action = 'create';
}
}
else
{
$_GET["action"] = 'create';
$action = 'create';
}
}
if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
if ($action == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
{
$error=0;
if (empty($_POST["ref"]))
if (empty($ref))
{
$error++;
//$_GET["id"]=$_POST["id"]; // On retourne sur la fiche projet
@ -161,20 +162,19 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet-
$result=$project->update($user);
$_GET["id"]=$project->id; // On retourne sur la fiche projet
$id=$project->id; // On retourne sur la fiche projet
}
else
{
$_GET["id"]=$_POST["id"];
$_GET['action']='edit';
$action='edit';
}
}
// Build doc
if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer)
if ($action == 'builddoc' && $user->rights->projet->creer)
{
$project = new Project($db);
$project->fetch($_GET['id']);
$project->fetch($id);
if (GETPOST('model'))
{
$project->setDocModel($user, GETPOST('model'));
@ -199,10 +199,10 @@ if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer)
}
}
if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes')
if ($action == 'confirm_validate' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
$project->fetch(GETPOST("id"));
$project->fetch($id);
$result = $project->setValid($user);
if ($result <= 0)
@ -211,10 +211,10 @@ if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes')
}
}
if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes')
if ($action == 'confirm_close' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
$project->fetch(GETPOST("id"));
$project->fetch($id);
$result = $project->setClose($user);
if ($result <= 0)
{
@ -222,10 +222,10 @@ if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes')
}
}
if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes')
if ($action == 'confirm_reopen' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
$project->fetch(GETPOST("id"));
$project->fetch($id);
$result = $project->setValid($user);
if ($result <= 0)
{
@ -233,10 +233,10 @@ if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes')
}
}
if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer)
if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer)
{
$project = new Project($db);
$project->fetch(GETPOST("id"));
$project->fetch($id);
$result=$project->delete($user);
if ($result > 0)
{
@ -264,20 +264,20 @@ $help_url="EN:Module_Projects|FR:Module_Projets|ES:M&oacute;dulo_Proyectos";
llxHeader("",$langs->trans("Projects"),$help_url);
if ($_GET["action"] == 'create' && $user->rights->projet->creer)
if ($action == 'create' && $user->rights->projet->creer)
{
/*
* Create
*/
print_fiche_titre($langs->trans("NewProject"));
if ($mesg) print $mesg.'<br>';
dol_htmloutput_mesg($mesg);
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
print '<table class="border" width="100%">';
$project = new Project($db);
@ -347,39 +347,43 @@ else
* Show or edit
*/
if ($mesg) print $mesg;
dol_htmloutput_mesg($mesg);
$project = new Project($db);
$project->fetch($projectid,$projectref);
$project->fetch($id,$ref);
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
$userAccess = $project->restrictedProjectArea($user,'read');
$userWrite = $project->restrictedProjectArea($user,'write');
$userDelete = $project->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head=project_prepare_head($project);
dol_fiche_head($head, 'project', $langs->trans("Project"),0,($project->public?'projectpub':'project'));
// Confirmation validation
if ($_GET['action'] == 'validate')
if ($action == 'validate')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$project->id, $langs->trans('ValidateProject'), $langs->trans('ConfirmValidateProject'), 'confirm_validate','',0,1);
if ($ret == 'html') print '<br>';
}
// Confirmation close
if ($_GET["action"] == 'close')
if ($action == 'close')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("CloseAProject"),$langs->trans("ConfirmCloseAProject"),"confirm_close",'','',1);
if ($ret == 'html') print '<br>';
}
// Confirmation reopen
if ($_GET["action"] == 'reopen')
if ($action == 'reopen')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("ReOpenAProject"),$langs->trans("ConfirmReOpenAProject"),"confirm_reopen",'','',1);
if ($ret == 'html') print '<br>';
}
// Confirmation delete
if ($_GET["action"] == 'delete')
if ($action == 'delete')
{
$text=$langs->trans("ConfirmDeleteAProject");
$task=new Task($db);
@ -391,7 +395,7 @@ else
}
if ($_GET["action"] == 'edit' && $userAccess)
if ($action == 'edit' && $userWrite > 0)
{
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@ -453,8 +457,8 @@ else
// Define a complementary filter for search of next/prev ref.
if (! $user->rights->projet->all->lire)
{
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
$project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@ -502,12 +506,12 @@ else
*/
print '<div class="tabsAction">';
if ($_GET["action"] != "edit" )
if ($action != "edit" )
{
// Validate
if ($project->statut == 0 && $user->rights->projet->creer)
{
if ($userAccess)
if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&action=validate">'.$langs->trans("Valid").'</a>';
}
@ -520,7 +524,7 @@ else
// Modify
if ($project->statut != 2 && $user->rights->projet->creer)
{
if ($userAccess)
if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&amp;action=edit">'.$langs->trans("Modify").'</a>';
}
@ -533,7 +537,7 @@ else
// Close
if ($project->statut == 1 && $user->rights->projet->creer)
{
if ($userAccess)
if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&amp;action=close">'.$langs->trans("Close").'</a>';
}
@ -546,7 +550,7 @@ else
// Reopen
if ($project->statut == 2 && $user->rights->projet->creer)
{
if ($userAccess)
if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&amp;action=reopen">'.$langs->trans("ReOpen").'</a>';
}
@ -559,7 +563,7 @@ else
// Delete
if ($user->rights->projet->supprimer)
{
if ($userAccess)
if ($userDelete > 0)
{
print '<a class="butActionDelete" href="fiche.php?id='.$project->id.'&amp;action=delete">'.$langs->trans("Delete").'</a>';
}
@ -573,7 +577,7 @@ else
print "</div>";
print "<br>\n";
if ($_GET['action'] != 'presend')
if ($action != 'presend')
{
print '<table width="100%"><tr><td width="50%" valign="top">';
print '<a name="builddoc"></a>'; // ancre
@ -585,8 +589,8 @@ else
$filename=dol_sanitizeFileName($project->ref);
$filedir=$conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref);
$urlsource=$_SERVER["PHP_SELF"]."?id=".$project->id;
$genallowed=($user->rights->projet->creer && $userAccess);
$delallowed=($user->rights->projet->supprimer && $userAccess);
$genallowed=($user->rights->projet->lire && $userAccess > 0);
$delallowed=($user->rights->projet->creer && $userWrite > 0);
$var=true;
@ -604,7 +608,7 @@ else
}
$db->close();
llxFooter();
$db->close();
?>

12
htdocs/projet/ganttview.php
View File

@ -30,15 +30,15 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
$projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"];
$id=GETPOST('id');
$ref=GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
// Security check
$socid=0;
if ($user->societe_id > 0) $socid=$user->societe_id;
$result = restrictedArea($user, 'projet', $projectid);
$result = restrictedArea($user, 'projet', $id);
$userAccess=0;
@ -73,16 +73,14 @@ llxHeader("",$langs->trans("Tasks"),$help_url,'',0,0,$arrayofjs,$arrayofcss);
$task = new Task($db);
$id = $_REQUEST['id'];
$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$project = new Project($db);
$project->fetch($_REQUEST["id"],$_GET["ref"]);
$project->fetch($id,$ref);
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
$userAccess = $project->restrictedProjectArea($user,'read');
}

4
htdocs/projet/index.php
View File

@ -130,7 +130,7 @@ print "</table>";
print '</td></tr></table>';
$db->close();
llxFooter();
$db->close();
?>

8
htdocs/projet/liste.php
View File

@ -143,12 +143,12 @@ if ($resql)
$projectstatic->user_author_id = $objp->fk_user_creat;
$projectstatic->public = $objp->public;
$userAccess = $projectstatic->restrictedProjectArea($user,1);
$userAccess = $projectstatic->restrictedProjectArea($user);
if ($userAccess >= 0)
{
$var=!$var;
print "<tr $bc[$var]>";
print "<tr ".$bc[$var].">";
// Project url
print "<td>";
@ -201,8 +201,8 @@ else
print "</table>";
$db->close();
llxFooter();
$db->close();
?>

19
htdocs/projet/note.php
View File

@ -107,8 +107,11 @@ if ($id > 0 || ! empty($ref))
{
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
$userAccess = $project->restrictedProjectArea($user);
// To verify role of users
//$userAccess = $project->restrictedProjectArea($user,'read');
$userWrite = $project->restrictedProjectArea($user,'write');
//$userDelete = $project->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'note', $langs->trans('Project'), 0, ($project->public?'projectpub':'project'));
@ -120,8 +123,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
$project->next_prev_filter=" rowid in (".$projectsListId.")";
if (! $user->rights->projet->all->lire)
{
$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
$project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@ -193,7 +199,7 @@ if ($id > 0 || ! empty($ref))
print '<div class="tabsAction">';
if ($user->rights->projet->creer && $_GET['action'] <> 'edit')
{
if ($userAccess)
if ($userWrite > 0)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>';
}
@ -205,7 +211,8 @@ if ($id > 0 || ! empty($ref))
print '</div>';
}
}
$db->close();
llxFooter();
$db->close();
?>

27
htdocs/projet/tasks.php
View File

@ -150,11 +150,14 @@ if ($id > 0 || ! empty($ref))
$object->fetch($id, $ref);
if ($object->societe->id > 0) $result=$object->societe->fetch($object->societe->id);
// To verify role of users
$userAccess = $object->restrictedProjectArea($user);
// To verify role of users
//$userAccess = $object->restrictedProjectArea($user,'read');
$userWrite = $object->restrictedProjectArea($user,'write');
//$userDelete = $object->restrictedProjectArea($user,'delete');
//print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
}
if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess))
if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess > 0))
{
print_fiche_titre($langs->trans("NewTask"));
@ -203,12 +206,12 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->socie
print '</td></tr>';
print '</table>';
print '<center><br>';
print '<div align="center"><br>';
print '<input type="submit" class="button" name="add" value="'.$langs->trans("Add").'">';
print ' &nbsp; &nbsp; ';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
print '</center>';
print '</div>';
print '</form>';
@ -234,8 +237,11 @@ else
print $langs->trans("Ref");
print '</td><td>';
// Define a complementary filter for search of next/prev ref.
$projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,1);
$object->next_prev_filter=" rowid in (".$projectsListId.")";
if (! $user->rights->projet->all->lire)
{
$projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,0);
$object->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($object,'ref','',1,'ref','ref','',$param);
print '</td></tr>';
@ -267,7 +273,7 @@ else
if ($user->rights->projet->all->creer || $user->rights->projet->creer)
{
if ($object->public || $userAccess)
if ($object->public || $userWrite > 0)
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=create'.$param.'">'.$langs->trans('AddTask').'</a>';
}
@ -313,7 +319,7 @@ else
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
if (! empty($object->id)) print '<td>'.$langs->trans("Project").'</td>';
// print '<td>'.$langs->trans("Project").'</td>';
print '<td width="80">'.$langs->trans("RefTask").'</td>';
print '<td>'.$langs->trans("LabelTask").'</td>';
print '<td align="right">'.$langs->trans("Progress").'</td>';
@ -347,5 +353,4 @@ else
llxFooter();
$db->close();
?>

9
htdocs/projet/tasks/document.php
View File

@ -32,12 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
$langs->load('projects');
$langs->load('other');
$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
$id = isset($_GET["id"])?$_GET["id"]:'';
$id = GETPOST('id');
$ref= GETPOST('ref');
// Security check
$socid=0;
@ -57,8 +56,6 @@ if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
$id = $_GET['id'];
$ref= $_GET['ref'];
$task = new Task($db);