Fix: refining permissions to modify an action without the right to remove
This commit is contained in:
Regis Houssin
parent
c7d2a62e24
commit
65c9b69f7c
@ -294,8 +294,8 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes')
|
||||
$actioncomm = new ActionComm($db);
|
||||
$actioncomm->fetch($_GET["id"]);
|
||||
|
||||
if ($user->rights->agenda->myactions->create
|
||||
|| $user->rights->agenda->allactions->create)
|
||||
if ($user->rights->agenda->myactions->delete
|
||||
|| $user->rights->agenda->allactions->delete)
|
||||
{
|
||||
$result=$actioncomm->delete();
|
||||
|
||||
@ -313,7 +313,6 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes')
|
||||
|
||||
/*
|
||||
* Action mise a jour de l'action
|
||||
*
|
||||
*/
|
||||
if ($_POST["action"] == 'update')
|
||||
{
|
||||
@ -441,11 +440,9 @@ llxHeader('',$langs->trans("Agenda"),$help_url);
|
||||
$html = new Form($db);
|
||||
$htmlactions = new FormActions($db);
|
||||
|
||||
/* ************************************************************************** */
|
||||
/* */
|
||||
/* Affichage fiche en mode creation */
|
||||
/* */
|
||||
/* ************************************************************************** */
|
||||
/*
|
||||
* Affichage fiche en mode creation
|
||||
*/
|
||||
|
||||
if ($_GET["action"] == 'create')
|
||||
{
|
||||
@ -861,7 +858,7 @@ if ($_GET["id"])
|
||||
print $act->priority;
|
||||
print '</td></tr>';
|
||||
|
||||
// Objet lie
|
||||
// Linked object
|
||||
if ($act->objet_url)
|
||||
{
|
||||
print '<tr><td>'.$langs->trans("LinkedObject").'</td>';
|
||||
@ -879,7 +876,7 @@ if ($_GET["id"])
|
||||
print "</div>\n";
|
||||
|
||||
|
||||
/**
|
||||
/*
|
||||
* Barre d'actions
|
||||
*
|
||||
*/
|
||||
@ -888,7 +885,9 @@ if ($_GET["id"])
|
||||
|
||||
if ($_GET["action"] != 'edit')
|
||||
{
|
||||
if ($user->rights->agenda->allactions->create)
|
||||
if ($user->rights->agenda->allactions->modify ||
|
||||
(($act->author->id == $user->id && $user->rights->agenda->myactions->modify) ||
|
||||
($act->usertodo->id == $user->id && $user->rights->agenda->myactions->modify)))
|
||||
{
|
||||
print '<a class="butAction" href="fiche.php?action=edit&id='.$act->id.'">'.$langs->trans("Modify").'</a>';
|
||||
}
|
||||
@ -897,7 +896,9 @@ if ($_GET["id"])
|
||||
print '<a class="butActionRefused" href="#" title="'.$langs->trans("NotAllowed").'">'.$langs->trans("Modify").'</a>';
|
||||
}
|
||||
|
||||
if ($user->rights->agenda->allactions->create)
|
||||
if ($user->rights->agenda->allactions->delete ||
|
||||
(($act->author->id == $user->id && $user->rights->agenda->myactions->delete) ||
|
||||
($act->usertodo->id == $user->id && $user->rights->agenda->myactions->delete)))
|
||||
{
|
||||
print '<a class="butActionDelete" href="fiche.php?action=delete&id='.$act->id.'">'.$langs->trans("Delete").'</a>';
|
||||
}
|
||||
@ -916,8 +917,8 @@ llxFooter('$Date$ - $Revision$');
|
||||
|
||||
|
||||
/**
|
||||
\brief Ajoute une ligne de tableau a 2 colonnes pour avoir l'option synchro calendrier
|
||||
\return int Retourne le nombre de lignes ajoutees
|
||||
* \brief Ajoute une ligne de tableau a 2 colonnes pour avoir l'option synchro calendrier
|
||||
* \return int Retourne le nombre de lignes ajoutees
|
||||
*/
|
||||
function add_row_for_calendar_link()
|
||||
{
|
||||
|
||||
@ -109,14 +109,22 @@ class modAgenda extends DolibarrModules
|
||||
$r++;
|
||||
|
||||
$this->rights[$r][0] = 2402;
|
||||
$this->rights[$r][1] = 'Create/modify/delete actions/tasks linked to his account';
|
||||
$this->rights[$r][1] = 'Create/delete actions/tasks linked to his account';
|
||||
$this->rights[$r][2] = 'w';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'myactions';
|
||||
$this->rights[$r][5] = 'create';
|
||||
$r++;
|
||||
|
||||
|
||||
$this->rights[$r][0] = 2403;
|
||||
$this->rights[$r][1] = 'Modify actions/tasks linked to his account';
|
||||
$this->rights[$r][2] = 'w';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'myactions';
|
||||
$this->rights[$r][5] = 'modify';
|
||||
$r++;
|
||||
|
||||
$this->rights[$r][0] = 2411;
|
||||
$this->rights[$r][1] = 'Read actions/tasks of others';
|
||||
$this->rights[$r][2] = 'r';
|
||||
$this->rights[$r][3] = 0;
|
||||
@ -124,13 +132,21 @@ class modAgenda extends DolibarrModules
|
||||
$this->rights[$r][5] = 'read';
|
||||
$r++;
|
||||
|
||||
$this->rights[$r][0] = 2405;
|
||||
$this->rights[$r][1] = 'Create/modify/delete actions/tasks of others';
|
||||
$this->rights[$r][0] = 2412;
|
||||
$this->rights[$r][1] = 'Create/delete actions/tasks of others';
|
||||
$this->rights[$r][2] = 'w';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'allactions';
|
||||
$this->rights[$r][5] = 'create';
|
||||
$r++;
|
||||
|
||||
$this->rights[$r][0] = 2413;
|
||||
$this->rights[$r][1] = 'Modify actions/tasks of others';
|
||||
$this->rights[$r][2] = 'w';
|
||||
$this->rights[$r][3] = 0;
|
||||
$this->rights[$r][4] = 'allactions';
|
||||
$this->rights[$r][5] = 'modify';
|
||||
$r++;
|
||||
|
||||
// Main menu entries
|
||||
$this->menu = array(); // List of menus to add
|
||||
|
||||
@ -548,9 +548,11 @@ Permission1251=Run mass imports of external data into database (data load)
|
||||
Permission1321=Export customer invoices, attributes and payments
|
||||
Permission1421=Export customer orders and attributes
|
||||
Permission2401=Read actions (events or tasks) linked to his account
|
||||
Permission2402=Create/modify/delete actions (events or tasks) linked to his account
|
||||
Permission2403=Read actions (events or tasks) of others
|
||||
Permission2405=Create/modify/delete actions (events or tasks) of others
|
||||
Permission2402=Create/delete actions (events or tasks) linked to his account
|
||||
Permission2403=Modify actions (events or tasks) linked to his account
|
||||
Permission2411=Read actions (events or tasks) of others
|
||||
Permission2412=Create/delete actions (events or tasks) of others
|
||||
Permission2413=Modify actions (events or tasks) of others
|
||||
Permission2500=Read documents
|
||||
Permission2501=Submit or delete documents
|
||||
Permission2515=Setup documents directories
|
||||
|
||||
@ -548,9 +548,11 @@ Permission1251 = Lancer des imports de masse dans la base (chargement de donnée
|
||||
Permission1321 = Exporter les factures clients, attributs et règlements
|
||||
Permission1421 = Exporter les commandes clients et attributs
|
||||
Permission2401 = Lire les actions (évènements ou tâches) liées à son compte
|
||||
Permission2402 = Creer/modifier/supprimer les actions (évènements ou tâches) liées à son compte
|
||||
Permission2403 = Lire les actions (évènements ou tâches) des autres
|
||||
Permission2405 = Creer/modifier/supprimer les actions (évènements ou tâches) pour les autres
|
||||
Permission2402 = Creer/supprimer les actions (évènements ou tâches) liées à son compte
|
||||
Permission2403 = Modifier les actions (évènements ou tâches) liées à son compte
|
||||
Permission2411 = Lire les actions (évènements ou tâches) des autres
|
||||
Permission2412 = Creer/supprimer les actions (évènements ou tâches) pour les autres
|
||||
Permission2413 = Modifier les actions (évènements ou tâches) pour les autres
|
||||
Permission2500 = Consulter les documents
|
||||
Permission2501 = Soumettre ou supprimer des documents
|
||||
Permission2515 = Administrer les rubriques de documents
|
||||
|
||||
Loading…
Reference in New Issue
Block a user