lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use user->hasRight

Browse Source
This commit is contained in:
Frédéric FRANCE 2022-12-21 08:50:13 +01:00
parent 3680f20465
commit 6bb8badfdf
7 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
View File

@ -128,7 +128,7 @@ if (empty($user->socid)) {
echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=edit&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans('Modify').'</a>'; echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=edit&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans('Modify').'</a>';
} }
if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) { if (!$this->control->tpl['user_id'] && $user->hasRight('user', 'user', 'creer')) {
echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=create_user&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans("CreateDolibarrLogin").'</a>'; echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=create_user&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans("CreateDolibarrLogin").'</a>';
} }

4
htdocs/adherents/card.php
View File

@ -342,7 +342,7 @@ if (empty($reshook)) {
// Check if we need to also synchronize user information // Check if we need to also synchronize user information
$nosyncuser = 0; $nosyncuser = 0;
if ($object->user_id) { // If linked to a user if ($object->user_id) { // If linked to a user
if ($user->id != $object->user_id && empty($user->rights->user->user->creer)) { if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'creer')) {
$nosyncuser = 1; // Disable synchronizing $nosyncuser = 1; // Disable synchronizing
} }
} }
@ -350,7 +350,7 @@ if (empty($reshook)) {
// Check if we need to also synchronize password information // Check if we need to also synchronize password information
$nosyncuserpass = 0; $nosyncuserpass = 0;
if ($object->user_id) { // If linked to a user if ($object->user_id) { // If linked to a user
if ($user->id != $object->user_id && empty($user->rights->user->user->password)) { if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'password')) {
$nosyncuserpass = 1; // Disable synchronizing $nosyncuserpass = 1; // Disable synchronizing
} }
} }

6
htdocs/adherents/ldap.php
View File

@ -51,14 +51,14 @@ if ($id > 0 || !empty($ref)) {
$result = $object->fetch($id, $ref); $result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users // Define variables to know what current user can do on users
$canadduser = (!empty($user->admin) || !empty($user->rights->user->user->creer)); $canadduser = (!empty($user->admin) || $user->hasRight('user', 'user', 'creer'));
// Define variables to know what current user can do on properties of user linked to edited member // Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) { if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member // $User is the user who edits, $object->user_id is the id of the related user in the edited member
$caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer)) $caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer))
|| (($user->id != $object->user_id) && !empty($user->rights->user->user->creer))); || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer')));
$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password) $caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
|| (($user->id != $object->user_id) && !empty($user->rights->user->user->password))); || (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password')));
} }
} }

2
htdocs/adherents/list.php
View File

@ -262,7 +262,7 @@ if (empty($reshook)) {
} }
// Create external user // Create external user
if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) { if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->hasRight('user', 'user', 'creer')) {
$tmpmember = new Adherent($db); $tmpmember = new Adherent($db);
$error = 0; $error = 0;
$nbcreated = 0; $nbcreated = 0;

14
htdocs/adherents/partnership.php
View File

@ -76,13 +76,13 @@ foreach ($object->fields as $key => $val) {
// Load object // Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once. include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
$permissiontoread = $user->rights->partnership->read; $permissiontoread = $user->hasRight('partnership', 'read');
$permissiontoadd = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php $permissiontoadd = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
$permissiontodelete = $user->rights->partnership->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT); $permissiontodelete = $user->hasRight('partnership', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
$permissionnote = $user->rights->partnership->write; // Used by the include of actions_setnotes.inc.php $permissionnote = $user->hasRight('partnership', 'write'); // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->partnership->write; // Used by the include of actions_dellink.inc.php $permissiondellink = $user->hasRight('partnership', 'write'); // Used by the include of actions_dellink.inc.php
$usercanclose = $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php $usercanclose = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1]; $upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1];
if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') { if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') {

4
htdocs/adherents/subscription.php
View File

@ -151,9 +151,9 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
} }
} }
if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) { if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->hasRight('user', 'user', 'creer'))) {
$error = 0; $error = 0;
if (empty($user->rights->user->user->creer)) { // If can edit only itself user, we can link to itself only if (!$user->hasRight('user', 'user', 'creer')) { // If can edit only itself user, we can link to itself only
if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) { if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
$error++; $error++;
setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors'); setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');

4
htdocs/adherents/vcard.php
View File

@ -35,14 +35,14 @@ $id = GETPOST('id', 'int');
$ref = GETPOST('ref', 'alphanohtml'); $ref = GETPOST('ref', 'alphanohtml');
$object = new adherent($db); $object = new adherent($db);
global $user;
// Fetch object // Fetch object
if ($id > 0 || !empty($ref)) { if ($id > 0 || !empty($ref)) {
// Load member // Load member
$result = $object->fetch($id, $ref); $result = $object->fetch($id, $ref);
// Define variables to know what current user can do on users // Define variables to know what current user can do on users
$canadduser = ($user->admin || $user->rights->user->user->creer); $canadduser = ($user->admin || $user->hasRight('user', 'user', 'creer'));
// Define variables to know what current user can do on properties of user linked to edited member // Define variables to know what current user can do on properties of user linked to edited member
if ($object->user_id) { if ($object->user_id) {
// $User is the user who edits, $object->user_id is the id of the related user in the edited member // $User is the user who edits, $object->user_id is the id of the related user in the edited member