From 6a8f4ac8927675d879979eac4f0f81e0a7ce989b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 20 Mar 2021 19:30:08 +0100 Subject: [PATCH] NEW Add permission "export website" --- htdocs/exports/export.php | 3 +++ htdocs/exports/index.php | 5 +++-- htdocs/website/index.php | 32 ++++++++++++++++++-------------- 3 files changed, 24 insertions(+), 16 deletions(-) diff --git a/htdocs/exports/export.php b/htdocs/exports/export.php index 117cb7968d4..b3d0cf49a32 100644 --- a/htdocs/exports/export.php +++ b/htdocs/exports/export.php @@ -154,6 +154,9 @@ $upload_dir = $conf->export->dir_temp.'/'.$user->id; //$usefilters=($conf->global->MAIN_FEATURES_LEVEL > 1); $usefilters = 1; +// Security check +$result = restrictedArea($user, 'export'); + /* * Actions diff --git a/htdocs/exports/index.php b/htdocs/exports/index.php index 22b1729550d..3ba5e0a3591 100644 --- a/htdocs/exports/index.php +++ b/htdocs/exports/index.php @@ -27,11 +27,12 @@ require_once DOL_DOCUMENT_ROOT.'/exports/class/export.class.php'; // Load translation files required by the page $langs->load("exports"); +$export = new Export($db); +$export->load_arrays($user); + // Security check $result = restrictedArea($user, 'export'); -$export = new Export($db); -$export->load_arrays($user); /* * View diff --git a/htdocs/website/index.php b/htdocs/website/index.php index 034583d3440..021edc52920 100644 --- a/htdocs/website/index.php +++ b/htdocs/website/index.php @@ -477,7 +477,7 @@ if ($massaction == 'setcategory' && GETPOST('confirmmassaction', 'alpha') && $us } // Replacement of string into pages -if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha')) { +if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha') && $usercanedit) { $replacestring = GETPOST('replacestring', 'none'); if (empty($user->rights->website->writephp)) { @@ -567,7 +567,7 @@ if ($action == 'adddir' && $permtouploadfile) */ // Add site -if ($action == 'addsite') { +if ($action == 'addsite' && $usercanedit) { $db->begin(); if (GETPOST('virtualhost', 'alpha') && !preg_match('/^http/', GETPOST('virtualhost', 'alpha'))) { @@ -625,7 +625,7 @@ if ($action == 'addsite') { } // Add page/container -if ($action == 'addcontainer') { +if ($action == 'addcontainer' && $usercanedit) { dol_mkdir($pathofwebsite); $db->begin(); @@ -1148,7 +1148,7 @@ if ($action == 'addcontainer') { } // Delete site -if ($action == 'confirm_deletesite' && $confirm == 'yes') { +if ($action == 'confirm_deletesite' && $confirm == 'yes' && $permissiontodelete) { $error = 0; $db->begin(); @@ -1276,7 +1276,7 @@ if (!GETPOSTISSET('pageid')) { } // Update css Update site properties -if ($action == 'updatecss') { +if ($action == 'updatecss' && $usercanedit) { // If we tried to reload another site/page, we stay on editcss mode. if (GETPOST('refreshsite') || GETPOST('refreshsite_x') || GETPOST('refreshsite.x') || GETPOST('refreshpage') || GETPOST('refreshpage_x') || GETPOST('refreshpage.x')) { $action = 'editcss'; @@ -1523,7 +1523,7 @@ if ($action == 'updatecss') { } // Update page -if ($action == 'setashome') { +if ($action == 'setashome' && $usercanedit) { $db->begin(); $object->fetch(0, $websitekey); $website = $object; @@ -1556,7 +1556,7 @@ if ($action == 'setashome') { } // Update page properties (meta) -if ($action == 'updatemeta') { +if ($action == 'updatemeta' && $usercanedit) { $db->begin(); $result = $object->fetch(0, $websitekey); @@ -1778,8 +1778,8 @@ if ($action == 'updatemeta') { } // Update page -if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'confirm_createfromclone' || $action == 'confirm_createpagefromclone') - || ($action == 'preview' && (GETPOST('refreshsite') || GETPOST('refreshpage') || GETPOST('preview')))) { +if ($usercanedit && (($action == 'updatesource' || $action == 'updatecontent' || $action == 'confirm_createfromclone' || $action == 'confirm_createpagefromclone') + || ($action == 'preview' && (GETPOST('refreshsite') || GETPOST('refreshpage') || GETPOST('preview'))))) { $object->fetch(0, $websitekey); $website = $object; @@ -2041,7 +2041,7 @@ if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'conf } // Export site -if ($action == 'exportsite') { +if ($action == 'exportsite' && !empty($user->rights->website->export)) { $fileofzip = $object->exportWebSite(); if ($fileofzip) { @@ -2060,7 +2060,7 @@ if ($action == 'exportsite') { } // Regenerate site -if ($action == 'regeneratesite') { +if ($action == 'regeneratesite' && $usercanedit) { // Check symlink to medias and restore it if ko. Recreate also dir of website if not found. $pathtomedias = DOL_DATA_ROOT.'/medias'; $pathtomediasinwebsite = $pathofwebsite.'/medias'; @@ -2085,7 +2085,7 @@ if ($action == 'regeneratesite') { } // Import site -if ($action == 'importsiteconfirm') { +if ($action == 'importsiteconfirm' && $usercanedit) { if (empty($_FILES) && !GETPOSTISSET('templateuserfile')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("File")), null, 'errors'); $action = 'importsite'; @@ -2162,7 +2162,7 @@ $domainname = '0.0.0.0:8080'; $tempdir = $conf->website->dir_output.'/'.$websitekey.'/'; // Generate web site sitemaps -if ($action == 'generatesitemaps') { +if ($action == 'generatesitemaps' && $usercanedit) { $domtree = new DOMDocument('1.0', 'UTF-8'); $root = $domtree->createElementNS('http://www.sitemaps.org/schemas/sitemap/0.9', 'urlset'); $domtree->formatOutput = true; @@ -2331,6 +2331,10 @@ if (!GETPOST('hide_websitemenu')) { if (empty($user->rights->website->write)) { $disabled = ' disabled="disabled"'; } + $disabledexport = ''; + if (empty($user->rights->website->export)) { + $disabledexport = ' disabled="disabled"'; + } if ($websitekey) { $virtualurl = ''; @@ -2446,7 +2450,7 @@ if (!GETPOST('hide_websitemenu')) { } //print ''; - print ''; + print ''; print '';