diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php index c90630b39a5..67bdefa6fc9 100644 --- a/htdocs/core/lib/company.lib.php +++ b/htdocs/core/lib/company.lib.php @@ -435,7 +435,7 @@ function show_projects($conf,$langs,$db,$object,$backtopage='') $projectstatic->fetch($obj->rowid); // To verify role of users - $userAccess = $projectstatic->restrictedProjectArea($user,1); + $userAccess = $projectstatic->restrictedProjectArea($user); if ($user->rights->projet->lire && $userAccess > 0) { diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php index 00a53319a8c..6d0dc520c89 100644 --- a/htdocs/core/lib/project.lib.php +++ b/htdocs/core/lib/project.lib.php @@ -687,7 +687,7 @@ function print_projecttasks_array($db, $socid, $projectsListId, $mytasks=0) $projectstatic->public = $objp->public; // Check is user has read permission on project - $userAccess = $projectstatic->restrictedProjectArea($user,1); + $userAccess = $projectstatic->restrictedProjectArea($user); if ($userAccess >= 0) { $var=!$var; diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 94e75a45637..3d682c7ca37 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -170,9 +170,9 @@ class Project extends CommonObject function update($user, $notrigger=0) { global $langs, $conf; - + $error=0; - + // Clean parameters $this->title = trim($this->title); $this->description = trim($this->description); @@ -499,7 +499,7 @@ class Project extends CommonObject global $langs, $conf; $error=0; - + if ($this->statut != 1) { $this->db->begin(); @@ -558,7 +558,7 @@ class Project extends CommonObject global $langs, $conf; $error=0; - + if ($this->statut != 2) { $this->db->begin(); @@ -789,21 +789,21 @@ class Project extends CommonObject } /** - * Check if user has read permission on project + * Check if user has permission on current project * * @param User $user Object user to evaluate - * @param int $noprint 0=Print forbidden message if no permission, 1=Return -1 if no permission - * @return void + * @param string $mode Type of permission we want to know: 'read', 'write' + * @return int >0 if user has permission, <0 if user has no permission */ - function restrictedProjectArea($user, $noprint=0) + function restrictedProjectArea($user, $mode='read') { // To verify role of users $userAccess = 0; - if ($user->rights->projet->all->lire) + if (($mode == 'read' && $user->rights->projet->all->lire) || ($mode == 'write' && $user->rights->projet->all->creer) || ($mode == 'delete' && $user->rights->projet->all->supprimer)) { $userAccess = 1; } - else if ($this->public && $user->rights->projet->lire) + else if ($this->public && (($mode == 'read' && $user->rights->projet->lire) || ($mode == 'write' && $user->rights->projet->creer) || ($mode == 'delete' && $user->rights->projet->supprimer))) { $userAccess = 1; } @@ -819,7 +819,9 @@ class Project extends CommonObject { if (preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id']) { - $userAccess++; + if ($mode == 'read' && $user->rights->projet->lire) $userAccess++; + if ($mode == 'write' && $user->rights->projet->creer) $userAccess++; + if ($mode == 'delete' && $user->rights->projet->supprimer) $userAccess++; } $nblinks++; } @@ -833,19 +835,7 @@ class Project extends CommonObject //} } - if (!$userAccess) - { - if (!$noprint) - { - accessforbidden('', 0); - } - else - { - return -1; - } - } - - return $userAccess; + return ($userAccess?$userAccess:-1); } /** diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php index 9409a9dc997..2a218703394 100644 --- a/htdocs/projet/contact.php +++ b/htdocs/projet/contact.php @@ -30,7 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php'); $langs->load("projects"); $langs->load("companies"); -$projectid = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id'); +$ref= GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects @@ -38,7 +39,7 @@ $mine = $_REQUEST['mode']=='mine' ? 1 : 0; // Security check $socid=0; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'projet', $projectid); +$result = restrictedArea($user, 'projet', $id); /* @@ -51,9 +52,9 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer) $result = 0; $project = new Project($db); - $result = $project->fetch($projectid); + $result = $project->fetch($id); - if ($result > 0 && $projectid > 0) + if ($result > 0 && $id > 0) { $result = $project->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]); } @@ -81,7 +82,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer) if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer) { $project = new Project($db); - if ($project->fetch($projectid)) + if ($project->fetch($id)) { $result=$project->swapContactStatus(GETPOST('ligne')); } @@ -95,7 +96,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer) if ($_GET["action"] == 'deleteline' && $user->rights->projet->creer) { $project = new Project($db); - $project->fetch($projectid); + $project->fetch($id); $result = $project->delete_contact($_GET["lineid"]); if ($result >= 0) @@ -130,8 +131,6 @@ $userstatic=new User($db); /* *************************************************************************** */ dol_htmloutput_mesg($mesg); -$id = $_GET['id']; -$ref= $_GET['ref']; if ($id > 0 || ! empty($ref)) { $project = new Project($db); @@ -141,7 +140,10 @@ if ($id > 0 || ! empty($ref)) if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); // To verify role of users - $userAccess = $project->restrictedProjectArea($user); + //$userAccess = $project->restrictedProjectArea($user,'read'); + $userWrite = $project->restrictedProjectArea($user,'write'); + //$userDelete = $project->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; $head = project_prepare_head($project); dol_fiche_head($head, 'contact', $langs->trans("Project"), 0, ($project->public?'projectpub':'project')); @@ -157,8 +159,11 @@ if ($id > 0 || ! empty($ref)) // Ref print ''.$langs->trans('Ref').''; // Define a complementary filter for search of next/prev ref. - $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1); - $project->next_prev_filter=" rowid in (".$projectsListId.")"; + if (! $user->rights->projet->all->lire) + { + $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0); + $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; + } print $form->showrefnav($project,'ref',$linkback,1,'ref','ref',''); print ''; @@ -194,7 +199,7 @@ if ($id > 0 || ! empty($ref)) * Ajouter une ligne de contact * Non affiche en mode modification de ligne */ - if ($_GET["action"] != 'editline' && $user->rights->projet->creer && $userAccess) + if ($_GET["action"] != 'editline') { print ''; print ''.$langs->trans("Source").''; @@ -230,7 +235,14 @@ if ($id > 0 || ! empty($ref)) print ''; $formcompany->selectTypeContact($project, '', 'type','internal','rowid'); print ''; - print ''; + print ''; + if ($userWrite > 0 || $user->admin) + { + print ' 0 || $user->admin)) print ' disabled="disabled"'; + print '>'; + } + print ''; print ''; print ''; @@ -263,9 +275,15 @@ if ($id > 0 || ! empty($ref)) print ''; $formcompany->selectTypeContact($project, '', 'type','external','rowid'); print ''; - print ''; + + print ''; + if ($userWrite > 0 || $user->admin) + { + print ' 0 || $user->admin)) print ' disabled="disabled"'; + print '>'; + } + print ''; print ''; print ""; @@ -346,14 +364,14 @@ if ($id > 0 || ! empty($ref)) // Statut print ''; // Activation desativation du contact - if ($project->statut >= 0 && $userAccess) print ''; + if ($project->statut >= 0 && $userWrite > 0) print ''; print $contactstatic->LibStatut($tab[$i]['status'],3); - if ($project->statut >= 0 && $userAccess) print ''; + if ($project->statut >= 0 && $userWrite > 0) print ''; print ''; // Icon update et delete print ''; - if ($user->rights->projet->creer && $userAccess) + if ($user->rights->projet->creer && $userWrite > 0) { print ' '; print ''; @@ -375,7 +393,7 @@ if ($id > 0 || ! empty($ref)) } } -$db->close(); - llxFooter(); + +$db->close(); ?> \ No newline at end of file diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php index 69d67b4c5a3..4fe2de8542a 100644 --- a/htdocs/projet/document.php +++ b/htdocs/projet/document.php @@ -30,10 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php"); $langs->load('projects'); $langs->load('other'); +$action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects - -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id'); +$ref= GETPOST('ref'); // Security check $socid=0; @@ -51,11 +52,8 @@ $pagenext = $page + 1; if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="name"; - -$id = $_GET['id']; -$ref= $_GET['ref']; $project = new Project($db); -if (! $project->fetch($_GET['id'],$_GET['ref']) > 0) +if (! $project->fetch($id,$ref) > 0) { dol_print_error($db); exit; @@ -100,7 +98,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC)) } // Delete -if ($_REQUEST['action'] == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer) +if ($action == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer) { $upload_dir = $conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref); $file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). @@ -126,8 +124,11 @@ if ($id > 0 || ! empty($ref)) if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); - // To verify role of users - $userAccess = $project->restrictedProjectArea($user); + // To verify role of users + //$userAccess = $project->restrictedProjectArea($user,'read'); + $userWrite = $project->restrictedProjectArea($user,'write'); + //$userDelete = $project->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; $head = project_prepare_head($project); dol_fiche_head($head, 'document', $langs->trans("Project"), 0, ($project->public?'projectpub':'project')); @@ -140,7 +141,7 @@ if ($id > 0 || ! empty($ref)) $totalsize+=$file['size']; } - if ($_GET["action"] == 'delete') + if ($action == 'delete') { $ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&urlfile=".$_GET['urlfile'],$langs->trans("DeleteAFile"),$langs->trans("ConfirmDeleteAFile"),"confirm_delete",'','',1); if ($ret == 'html') print '
'; @@ -151,8 +152,11 @@ if ($id > 0 || ! empty($ref)) // Ref print ''.$langs->trans("Ref").''; // Define a complementary filter for search of next/prev ref. - $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1); - $project->next_prev_filter=" rowid in (".$projectsListId.")"; + if (! $user->rights->projet->all->lire) + { + $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0); + $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; + } print $form->showrefnav($project,'ref','',1,'ref','ref'); print ''; @@ -181,25 +185,25 @@ if ($id > 0 || ! empty($ref)) print "\n"; print "\n"; - if ($mesg) { print $mesg."
"; } + dol_htmloutput_mesg($mesg); // Affiche formulaire upload $formfile=new FormFile($db); - $formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,$user->rights->projet->creer); + $formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,($userWrite>0)); // List of document $param='&id='.$project->id; - $formfile->list_of_documents($filearray,$project,'projet',$param); + $formfile->list_of_documents($filearray,$project,'projet',$param,0,'',($userWrite>0)); } else { - Header('Location: index.php'); + dol_print_error('','NoRecordFound'); } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index bc53b2bb416..136014cf0e6 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -89,8 +89,11 @@ print ''; print ''; @@ -223,7 +226,7 @@ foreach ($listofreferent as $key => $value) // Amount if (empty($value['disableamount'])) print ''; - + // Status print ''; @@ -281,7 +284,7 @@ foreach ($listofreferent as $key => $value) } } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index 563b8839e05..995a9365f61 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2004-2012 Laurent Destailleur * Copyright (C) 2005-2011 Regis Houssin * * This program is free software; you can redistribute it and/or modify @@ -33,10 +33,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/modules/project/modules_project.php"); $langs->load("projects"); $langs->load('companies'); -$projectid = GETPOST('id','int'); -$projectref = GETPOST('ref'); +$id=GETPOST('id','int'); +$ref = GETPOST('ref'); +$action=GETPOST('action'); -if ($projectid == '' && $projectref == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden(); +if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && ! $_POST["cancel"])) accessforbidden(); $mine = GETPOST('mode')=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects @@ -44,7 +45,7 @@ $mine = GETPOST('mode')=='mine' ? 1 : 0; // Security check $socid=0; if ($user->societe_id > 0) $socid=$user->societe_id; -$result = restrictedArea($user, 'projet', $projectid); +$result = restrictedArea($user, 'projet', $id); @@ -60,7 +61,7 @@ if (GETPOST("cancel") && GETPOST('backtopage')) exit; } -if ($_POST["action"] == 'add' && $user->rights->projet->creer) +if ($action == 'add' && $user->rights->projet->creer) { $error=0; if (empty($_POST["ref"])) @@ -121,20 +122,20 @@ if ($_POST["action"] == 'add' && $user->rights->projet->creer) { $db->rollback(); - $_GET["action"] = 'create'; + $action = 'create'; } } else { - $_GET["action"] = 'create'; + $action = 'create'; } } -if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer) +if ($action == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer) { $error=0; - if (empty($_POST["ref"])) + if (empty($ref)) { $error++; //$_GET["id"]=$_POST["id"]; // On retourne sur la fiche projet @@ -161,20 +162,19 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet- $result=$project->update($user); - $_GET["id"]=$project->id; // On retourne sur la fiche projet + $id=$project->id; // On retourne sur la fiche projet } else { - $_GET["id"]=$_POST["id"]; - $_GET['action']='edit'; + $action='edit'; } } // Build doc -if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer) +if ($action == 'builddoc' && $user->rights->projet->creer) { $project = new Project($db); - $project->fetch($_GET['id']); + $project->fetch($id); if (GETPOST('model')) { $project->setDocModel($user, GETPOST('model')); @@ -199,10 +199,10 @@ if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer) } } -if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes') +if ($action == 'confirm_validate' && GETPOST('confirm') == 'yes') { $project = new Project($db); - $project->fetch(GETPOST("id")); + $project->fetch($id); $result = $project->setValid($user); if ($result <= 0) @@ -211,10 +211,10 @@ if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes') } } -if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes') +if ($action == 'confirm_close' && GETPOST('confirm') == 'yes') { $project = new Project($db); - $project->fetch(GETPOST("id")); + $project->fetch($id); $result = $project->setClose($user); if ($result <= 0) { @@ -222,10 +222,10 @@ if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes') } } -if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes') +if ($action == 'confirm_reopen' && GETPOST('confirm') == 'yes') { $project = new Project($db); - $project->fetch(GETPOST("id")); + $project->fetch($id); $result = $project->setValid($user); if ($result <= 0) { @@ -233,10 +233,10 @@ if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes') } } -if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer) +if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer) { $project = new Project($db); - $project->fetch(GETPOST("id")); + $project->fetch($id); $result=$project->delete($user); if ($result > 0) { @@ -264,20 +264,20 @@ $help_url="EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos"; llxHeader("",$langs->trans("Projects"),$help_url); -if ($_GET["action"] == 'create' && $user->rights->projet->creer) +if ($action == 'create' && $user->rights->projet->creer) { /* * Create */ print_fiche_titre($langs->trans("NewProject")); - if ($mesg) print $mesg.'
'; + dol_htmloutput_mesg($mesg); print '
'; print ''; print ''; print ''; - + print '
'.$langs->trans("Ref").''; // Define a complementary filter for search of next/prev ref. -$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1); -$project->next_prev_filter=" rowid in (".$projectsListId.")"; +if (! $user->rights->projet->all->lire) +{ + $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0); + $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; +} print $form->showrefnav($project,'ref','',1,'ref','ref'); print '
'.(isset($element->total_ttc)?price($element->total_ttc):' ').''.$element->getLibStatut(5).'
'; $project = new Project($db); @@ -347,39 +347,43 @@ else * Show or edit */ - if ($mesg) print $mesg; + dol_htmloutput_mesg($mesg); $project = new Project($db); - $project->fetch($projectid,$projectref); + $project->fetch($id,$ref); if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); // To verify role of users - $userAccess = $project->restrictedProjectArea($user); + $userAccess = $project->restrictedProjectArea($user,'read'); + $userWrite = $project->restrictedProjectArea($user,'write'); + $userDelete = $project->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; + $head=project_prepare_head($project); dol_fiche_head($head, 'project', $langs->trans("Project"),0,($project->public?'projectpub':'project')); // Confirmation validation - if ($_GET['action'] == 'validate') + if ($action == 'validate') { $ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$project->id, $langs->trans('ValidateProject'), $langs->trans('ConfirmValidateProject'), 'confirm_validate','',0,1); if ($ret == 'html') print '
'; } // Confirmation close - if ($_GET["action"] == 'close') + if ($action == 'close') { $ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("CloseAProject"),$langs->trans("ConfirmCloseAProject"),"confirm_close",'','',1); if ($ret == 'html') print '
'; } // Confirmation reopen - if ($_GET["action"] == 'reopen') + if ($action == 'reopen') { $ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("ReOpenAProject"),$langs->trans("ConfirmReOpenAProject"),"confirm_reopen",'','',1); if ($ret == 'html') print '
'; } // Confirmation delete - if ($_GET["action"] == 'delete') + if ($action == 'delete') { $text=$langs->trans("ConfirmDeleteAProject"); $task=new Task($db); @@ -391,7 +395,7 @@ else } - if ($_GET["action"] == 'edit' && $userAccess) + if ($action == 'edit' && $userWrite > 0) { print ''; print ''; @@ -453,8 +457,8 @@ else // Define a complementary filter for search of next/prev ref. if (! $user->rights->projet->all->lire) { - $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1); - $project->next_prev_filter=" rowid in (".$projectsListId.")"; + $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0); + $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; } print $form->showrefnav($project,'ref','',1,'ref','ref'); print ''; @@ -502,12 +506,12 @@ else */ print '
'; - if ($_GET["action"] != "edit" ) + if ($action != "edit" ) { // Validate if ($project->statut == 0 && $user->rights->projet->creer) { - if ($userAccess) + if ($userWrite > 0) { print ''.$langs->trans("Valid").''; } @@ -520,7 +524,7 @@ else // Modify if ($project->statut != 2 && $user->rights->projet->creer) { - if ($userAccess) + if ($userWrite > 0) { print ''.$langs->trans("Modify").''; } @@ -533,7 +537,7 @@ else // Close if ($project->statut == 1 && $user->rights->projet->creer) { - if ($userAccess) + if ($userWrite > 0) { print ''.$langs->trans("Close").''; } @@ -546,7 +550,7 @@ else // Reopen if ($project->statut == 2 && $user->rights->projet->creer) { - if ($userAccess) + if ($userWrite > 0) { print ''.$langs->trans("ReOpen").''; } @@ -559,7 +563,7 @@ else // Delete if ($user->rights->projet->supprimer) { - if ($userAccess) + if ($userDelete > 0) { print ''.$langs->trans("Delete").''; } @@ -573,7 +577,7 @@ else print "
"; print "
\n"; - if ($_GET['action'] != 'presend') + if ($action != 'presend') { print '
'; print ''; // ancre @@ -585,8 +589,8 @@ else $filename=dol_sanitizeFileName($project->ref); $filedir=$conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref); $urlsource=$_SERVER["PHP_SELF"]."?id=".$project->id; - $genallowed=($user->rights->projet->creer && $userAccess); - $delallowed=($user->rights->projet->supprimer && $userAccess); + $genallowed=($user->rights->projet->lire && $userAccess > 0); + $delallowed=($user->rights->projet->creer && $userWrite > 0); $var=true; @@ -604,7 +608,7 @@ else } -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index 7da800e1304..bcb5f12024e 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -30,15 +30,15 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php"); require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php"); -$projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"]; - +$id=GETPOST('id'); +$ref=GETPOST('ref'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects // Security check $socid=0; if ($user->societe_id > 0) $socid=$user->societe_id; -$result = restrictedArea($user, 'projet', $projectid); +$result = restrictedArea($user, 'projet', $id); $userAccess=0; @@ -73,16 +73,14 @@ llxHeader("",$langs->trans("Tasks"),$help_url,'',0,0,$arrayofjs,$arrayofcss); $task = new Task($db); -$id = $_REQUEST['id']; -$ref= $_GET['ref']; if ($id > 0 || ! empty($ref)) { $project = new Project($db); - $project->fetch($_REQUEST["id"],$_GET["ref"]); + $project->fetch($id,$ref); if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); // To verify role of users - $userAccess = $project->restrictedProjectArea($user); + $userAccess = $project->restrictedProjectArea($user,'read'); } diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index 6efc3f1e058..1cc4fc638f8 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -130,7 +130,7 @@ print "
"; print ''; -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php index 63abcd89195..34b131196ad 100644 --- a/htdocs/projet/liste.php +++ b/htdocs/projet/liste.php @@ -143,12 +143,12 @@ if ($resql) $projectstatic->user_author_id = $objp->fk_user_creat; $projectstatic->public = $objp->public; - $userAccess = $projectstatic->restrictedProjectArea($user,1); + $userAccess = $projectstatic->restrictedProjectArea($user); if ($userAccess >= 0) { $var=!$var; - print ""; + print ""; // Project url print ""; @@ -201,8 +201,8 @@ else print ""; -$db->close(); - llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php index 4edf8dc8976..6d193e771eb 100644 --- a/htdocs/projet/note.php +++ b/htdocs/projet/note.php @@ -107,8 +107,11 @@ if ($id > 0 || ! empty($ref)) { if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id); - // To verify role of users - $userAccess = $project->restrictedProjectArea($user); + // To verify role of users + //$userAccess = $project->restrictedProjectArea($user,'read'); + $userWrite = $project->restrictedProjectArea($user,'write'); + //$userDelete = $project->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; $head = project_prepare_head($project); dol_fiche_head($head, 'note', $langs->trans('Project'), 0, ($project->public?'projectpub':'project')); @@ -120,8 +123,11 @@ if ($id > 0 || ! empty($ref)) // Ref print ''.$langs->trans("Ref").''; // Define a complementary filter for search of next/prev ref. - $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1); - $project->next_prev_filter=" rowid in (".$projectsListId.")"; + if (! $user->rights->projet->all->lire) + { + $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0); + $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; + } print $form->showrefnav($project,'ref','',1,'ref','ref'); print ''; @@ -193,7 +199,7 @@ if ($id > 0 || ! empty($ref)) print '
'; if ($user->rights->projet->creer && $_GET['action'] <> 'edit') { - if ($userAccess) + if ($userWrite > 0) { print ''.$langs->trans('Modify').''; } @@ -205,7 +211,8 @@ if ($id > 0 || ! empty($ref)) print '
'; } } -$db->close(); llxFooter(); + +$db->close(); ?> diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php index 87e35a9c8ba..c54b349d258 100644 --- a/htdocs/projet/tasks.php +++ b/htdocs/projet/tasks.php @@ -150,11 +150,14 @@ if ($id > 0 || ! empty($ref)) $object->fetch($id, $ref); if ($object->societe->id > 0) $result=$object->societe->fetch($object->societe->id); - // To verify role of users - $userAccess = $object->restrictedProjectArea($user); + // To verify role of users + //$userAccess = $object->restrictedProjectArea($user,'read'); + $userWrite = $object->restrictedProjectArea($user,'write'); + //$userDelete = $object->restrictedProjectArea($user,'delete'); + //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete; } -if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess)) +if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess > 0)) { print_fiche_titre($langs->trans("NewTask")); @@ -203,12 +206,12 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->socie print ''; print ''; - - print '

'; + + print '

'; print ''; print '     '; print ''; - print '
'; + print ''; print ''; @@ -234,8 +237,11 @@ else print $langs->trans("Ref"); print ''; // Define a complementary filter for search of next/prev ref. - $projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,1); - $object->next_prev_filter=" rowid in (".$projectsListId.")"; + if (! $user->rights->projet->all->lire) + { + $projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,0); + $object->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")"; + } print $form->showrefnav($object,'ref','',1,'ref','ref','',$param); print ''; @@ -267,7 +273,7 @@ else if ($user->rights->projet->all->creer || $user->rights->projet->creer) { - if ($object->public || $userAccess) + if ($object->public || $userWrite > 0) { print ''.$langs->trans('AddTask').''; } @@ -313,7 +319,7 @@ else print ''; print ''; - if (! empty($object->id)) print ''; + // print ''; print ''; print ''; print ''; @@ -347,5 +353,4 @@ else llxFooter(); $db->close(); - ?> diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php index ac2dd13d9b4..c7c39012110 100644 --- a/htdocs/projet/tasks/document.php +++ b/htdocs/projet/tasks/document.php @@ -32,12 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php"); $langs->load('projects'); $langs->load('other'); -$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action']; - +$action=GETPOST('action'); $mine = $_REQUEST['mode']=='mine' ? 1 : 0; //if (! $user->rights->projet->all->lire) $mine=1; // Special for projects - -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = GETPOST('id'); +$ref= GETPOST('ref'); // Security check $socid=0; @@ -57,8 +56,6 @@ if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="name"; -$id = $_GET['id']; -$ref= $_GET['ref']; $task = new Task($db);
'.$langs->trans("Project").''.$langs->trans("Project").''.$langs->trans("RefTask").''.$langs->trans("LabelTask").''.$langs->trans("Progress").'