lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX #15369 and standardize permission "readall"

Browse Source
This commit is contained in:
Laurent Destailleur 2020-11-13 09:55:53 +01:00
parent 7be3a2267e
commit 6d4d3c618d
15 changed files with 41 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/core/lib/usergroups.lib.php
View File

@ -137,7 +137,7 @@ function user_prepare_head($object)
if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read))
|| (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read))
|| (!empty($conf->expensereport->enabled) && !empty($user->rights->expensereport->lire) && ($user->id == $object->id || $user->rights->expensereport->readall))
|| (!empty($conf->holiday->enabled) && !empty($user->rights->holiday->read) && ($user->id == $object->id || $user->rights->holiday->read_all))
|| (!empty($conf->holiday->enabled) && !empty($user->rights->holiday->read) && ($user->id == $object->id || $user->rights->holiday->readall))
) {
// Bank
$head[$h][0] = DOL_URL_ROOT.'/user/bank.php?id='.$object->id;

2
htdocs/core/menus/standard/eldy.lib.php
View File

@ -1800,7 +1800,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
$newmenu->add("/holiday/list.php?search_statut=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read);
}
$newmenu->add("/holiday/define_holiday.php?mainmenu=hrm&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read);
$newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->read_all);
$newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->readall);
$newmenu->add("/holiday/view_log.php?mainmenu=hrm&leftmenu=holiday&action=request", $langs->trans("MenuLogCP"), 1, $user->rights->holiday->define_holiday);
}

2
htdocs/core/modules/facture/doc/pdf_crabe.modules.php
View File

@ -322,7 +322,7 @@ class pdf_crabe extends ModelePDFFactures
$pdf->SetAutoPageBreak(1, 0);
$heightforinfotot = 50 + (4 * $nbpayments); // Height reserved to output the info and total part and payment part
if($heightforinfotot > 220) $heightforinfotot = 220;
if ($heightforinfotot > 220) $heightforinfotot = 220;
$heightforfreetext = (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT) ? $conf->global->MAIN_PDF_FREETEXT_HEIGHT : 5); // Height reserved to output the free text on last page
$heightforfooter = $this->marge_basse + 8; // Height reserved to output the footer (value include bottom margin)
if (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS)) $heightforfooter += 6;

8
htdocs/core/modules/modHoliday.class.php
View File

@ -140,14 +140,14 @@ class modHoliday extends DolibarrModules
$r = 0;
$this->rights[$r][0] = 20001; // Permission id (must not be already used)
$this->rights[$r][1] = 'Read your own leave requests'; // Permission label
$this->rights[$r][1] = 'Read leave requests (yours and your subordinates)'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'read'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$r++;
$this->rights[$r][0] = 20002; // Permission id (must not be already used)
$this->rights[$r][1] = 'Create/modify your own leave requests'; // Permission label
$this->rights[$r][1] = 'Create/modify leave requests'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'write'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
@ -170,7 +170,7 @@ class modHoliday extends DolibarrModules
$this->rights[$r][0] = 20004; // Permission id (must not be already used)
$this->rights[$r][1] = 'Read leave requests for everybody'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'read_all'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[$r][4] = 'readall'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2)
$r++;
@ -201,7 +201,7 @@ class modHoliday extends DolibarrModules
$this->export_code[$r] = 'leaverequest_'.$r;
$this->export_label[$r] = 'ListeCP';
$this->export_icon[$r] = 'holiday';
$this->export_permission[$r] = array(array("holiday", "read_all"));
$this->export_permission[$r] = array(array("holiday", "readall"));
$this->export_fields_array[$r] = array(
'd.rowid'=>"LeaveId", 'd.fk_type'=>'TypeOfLeaveId', 't.code'=>'TypeOfLeaveCode', 't.label'=>'TypeOfLeaveLabel', 'd.fk_user'=>'UserID',
'u.lastname'=>'Lastname', 'u.firstname'=>'Firstname', 'u.login'=>"Login", 'd.date_debut'=>'DateStart', 'd.date_fin'=>'DateEnd', 'd.halfday'=>'HalfDay', 'none.num_open_days'=>'NbUseDaysCP',

10
htdocs/core/modules/modSalaries.class.php
View File

@ -101,7 +101,7 @@ class modSalaries extends DolibarrModules
$r++;
$this->rights[$r][0] = 511;
$this->rights[$r][1] = 'Read payments of employee salaries';
$this->rights[$r][1] = 'Read payments of employee salaries (yours and your subordinates)';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'read';
@ -125,6 +125,13 @@ class modSalaries extends DolibarrModules
$r++;
$this->rights[$r][0] = 517;
$this->rights[$r][1] = 'Read payments of salariests of every employee';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'readall';
$r++;
$this->rights[$r][0] = 519;
$this->rights[$r][1] = 'Export payments of employee salaries';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 0;
@ -132,6 +139,7 @@ class modSalaries extends DolibarrModules
$this->rights[$r][5] = '';
// Menus
//-------
$this->menu = 1; // This module add menu entries. They are coded into menu manager.

2
htdocs/holiday/card.php
View File

@ -73,7 +73,7 @@ if (($id > 0) || $ref)
// Check current user can read this leave request
$canread = 0;
if (!empty($user->rights->holiday->read_all)) $canread = 1;
if (!empty($user->rights->holiday->readall)) $canread = 1;
if (!empty($user->rights->holiday->read) && in_array($object->fk_user, $childids)) $canread = 1;
if (!$canread)
{

2
htdocs/holiday/class/holiday.class.php
View File

@ -2116,7 +2116,7 @@ class Holiday extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."holiday as h";
$sql .= " WHERE h.statut > 1";
$sql .= " AND h.entity IN (".getEntity('holiday').")";
if (empty($user->rights->expensereport->read_all))
if (empty($user->rights->expensereport->readall))
{
$userchildids = $user->getAllChildIds(1);
$sql .= " AND (h.fk_user IN (".join(',', $userchildids).")";

4
htdocs/holiday/define_holiday.php
View File

@ -206,7 +206,7 @@ $filters = '';
// Filter on array of ids of all childs
$userchilds = array();
if (empty($user->rights->holiday->read_all))
if (empty($user->rights->holiday->readall))
{
$userchilds = $user->getAllChildIds(1);
$filters .= ' AND u.rowid IN ('.join(', ', $userchilds).')';
@ -293,7 +293,7 @@ if (count($typeleaves) == 0)
foreach ($listUsers as $users)
{
// If user has not permission to edit/read all, we must see only subordinates
if (empty($user->rights->holiday->read_all))
if (empty($user->rights->holiday->readall))
{
if (($users['rowid'] != $user->id) && (!in_array($users['rowid'], $userchilds))) continue; // This user is not into hierarchy of current user, we hide it.
}

10
htdocs/holiday/list.php
View File

@ -70,7 +70,7 @@ if ($id > 0)
{
$canread = 0;
if ($id == $user->id) $canread = 1;
if (!empty($user->rights->holiday->read_all)) $canread = 1;
if (!empty($user->rights->holiday->readall)) $canread = 1;
if (!empty($user->rights->holiday->read) && in_array($id, $childids)) $canread = 1;
if (!$canread)
{
@ -318,7 +318,7 @@ if (!empty($search_status) && $search_status != -1) {
$sql .= " AND cp.statut = '".$db->escape($search_status)."'\n";
}
if (empty($user->rights->holiday->read_all)) $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')';
if (empty($user->rights->holiday->readall)) $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')';
if ($id > 0) $sql .= " AND cp.fk_user IN (".$id.")";
// Add where from extra fields
@ -469,7 +469,7 @@ if ($resql)
$include = '';
if (empty($user->rights->holiday->read_all)) $include = 'hierarchyme'; // Can see only its hierarchyl
if (empty($user->rights->holiday->readall)) $include = 'hierarchyme'; // Can see only its hierarchyl
print '<div class="div-table-responsive">';
print '<table class="tagtable liste'.($moreforfilter ? " listwithfilterbefore" : "").'">'."\n";
@ -507,7 +507,7 @@ if ($resql)
// Approver
if (!empty($arrayfields['cp.fk_validator']['checked']))
{
if ($user->rights->holiday->read_all)
if ($user->rights->holiday->readall)
{
print '<td class="liste_titre maxwidthonsmartphone left">';
$validator = new UserGroup($db);
@ -631,7 +631,7 @@ if ($resql)
// If we ask a dedicated card and not allow to see it, we force on user.
if ($id && empty($user->rights->holiday->read_all) && !in_array($id, $childids)) {
if ($id && empty($user->rights->holiday->readall) && !in_array($id, $childids)) {
$langs->load("errors");
print '<tr class="oddeven opacitymediuem"><td colspan="10">'.$langs->trans("NotEnoughPermissions").'</td></tr>';
$result = 0;

2
htdocs/holiday/view_log.php
View File

@ -69,7 +69,7 @@ if (!$sortfield) $sortfield = "cpl.rowid";
if (!$sortorder) $sortorder = "DESC";
// Si l'utilisateur n'a pas le droit de lire cette page
if (!$user->rights->holiday->read_all) accessforbidden();
if (!$user->rights->holiday->readall) accessforbidden();
// Load translation files required by the page
$langs->load('users');

2
htdocs/hrm/index.php
View File

@ -180,7 +180,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read)
$sql .= " FROM ".MAIN_DB_PREFIX."holiday as x, ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.rowid = x.fk_user";
$sql .= " AND x.entity = ".$conf->entity;
if (empty($user->rights->holiday->read_all)) $sql .= ' AND x.fk_user IN ('.join(',', $childids).')';
if (empty($user->rights->holiday->readall)) $sql .= ' AND x.fk_user IN ('.join(',', $childids).')';
//if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
//if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid;
$sql .= $db->order("x.tms", "DESC");

1
htdocs/install/mysql/migration/12.0.0-13.0.0.sql
View File

@ -410,6 +410,7 @@ ALTER TABLE llx_projet_task_time MODIFY COLUMN datec datetime;
DELETE FROM llx_user_rights WHERE fk_id IN (SELECT id FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous');
DELETE FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous';
UPDATE llx_rights_def set perms = 'readall' WHERE perms = 'read_all' and module = 'holiday';
CREATE TABLE llx_c_product_nature (
rowid integer AUTO_INCREMENT PRIMARY KEY,

5
htdocs/langs/en_US/admin.lang
View File

@ -836,10 +836,11 @@ Permission402=Create/modify discounts
Permission403=Validate discounts
Permission404=Delete discounts
Permission430=Use Debug Bar
Permission511=Read payments of salaries
Permission511=Read payments of salaries (yours and subordinates)
Permission512=Create/modify payments of salaries
Permission514=Delete payments of salaries
Permission517=Export salaries
Permission517=Read payments of salaries of everybody
Permission519=Export salaries
Permission520=Read Loans
Permission522=Create/modify loans
Permission524=Delete loans

13
htdocs/salaries/list.php
View File

@ -31,11 +31,6 @@ if (!empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT.'/account
// Load translation files required by the page
$langs->loadLangs(array("compta", "salaries", "bills", "hrm"));
// Security check
$socid = GETPOST("socid", "int");
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'salaries', '', '', '');
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
$search_ref = GETPOST('search_ref', 'int');
$search_user = GETPOST('search_user', 'alpha');
@ -71,6 +66,13 @@ if (!GETPOST('typeid', 'int'))
$typeid = GETPOST('typeid', 'int');
}
$childids = $user->getAllChildIds(1);
// Security check
$socid = GETPOST("socid", "int");
if ($user->socid) $socid = $user->socid;
$result = restrictedArea($user, 'salaries', '', '', '');
/*
@ -112,6 +114,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.ro
$sql .= " ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.rowid = s.fk_user";
$sql .= " AND s.entity = ".$conf->entity;
if (empty($user->rights->salaries->readall)) $sql .= " AND s.fk_user IN (".join(',', $childids).")";
// Search criteria
if ($search_ref) $sql .= " AND s.rowid=".$search_ref;

4
htdocs/user/bank.php
View File

@ -388,7 +388,7 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco
* Last holidays
*/
if (!empty($conf->holiday->enabled) &&
($user->rights->holiday->read_all || ($user->rights->holiday->read && $object->id == $user->id))
($user->rights->holiday->readall || ($user->rights->holiday->read && $object->id == $user->id))
)
{
$holiday = new Holiday($db);
@ -396,7 +396,7 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco
$sql = "SELECT h.rowid, h.statut as status, h.fk_type, h.date_debut, h.date_fin, h.halfday";
$sql .= " FROM ".MAIN_DB_PREFIX."holiday as h";
$sql .= " WHERE h.fk_user = ".$object->id;
$sql .= " AND h.entity = ".$conf->entity;
$sql .= " AND h.entity IN (".getEntity('holiday').")";
$sql .= " ORDER BY h.date_debut DESC";
$resql = $db->query($sql);