diff --git a/htdocs/core/lib/usergroups.lib.php b/htdocs/core/lib/usergroups.lib.php index c464d36c5c1..9277ebbd81b 100644 --- a/htdocs/core/lib/usergroups.lib.php +++ b/htdocs/core/lib/usergroups.lib.php @@ -137,7 +137,7 @@ function user_prepare_head($object) if ((!empty($conf->salaries->enabled) && !empty($user->rights->salaries->read)) || (!empty($conf->hrm->enabled) && !empty($user->rights->hrm->employee->read)) || (!empty($conf->expensereport->enabled) && !empty($user->rights->expensereport->lire) && ($user->id == $object->id || $user->rights->expensereport->readall)) - || (!empty($conf->holiday->enabled) && !empty($user->rights->holiday->read) && ($user->id == $object->id || $user->rights->holiday->read_all)) + || (!empty($conf->holiday->enabled) && !empty($user->rights->holiday->read) && ($user->id == $object->id || $user->rights->holiday->readall)) ) { // Bank $head[$h][0] = DOL_URL_ROOT.'/user/bank.php?id='.$object->id; diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 8f7501e3fce..ab6c072b1be 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1800,7 +1800,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM $newmenu->add("/holiday/list.php?search_statut=5&mainmenu=hrm&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read); } $newmenu->add("/holiday/define_holiday.php?mainmenu=hrm&action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read); - $newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->read_all); + $newmenu->add("/holiday/month_report.php?mainmenu=hrm&leftmenu=holiday", $langs->trans("MenuReportMonth"), 1, $user->rights->holiday->readall); $newmenu->add("/holiday/view_log.php?mainmenu=hrm&leftmenu=holiday&action=request", $langs->trans("MenuLogCP"), 1, $user->rights->holiday->define_holiday); } diff --git a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php index d82e711e7e6..8323400d16c 100644 --- a/htdocs/core/modules/facture/doc/pdf_crabe.modules.php +++ b/htdocs/core/modules/facture/doc/pdf_crabe.modules.php @@ -322,7 +322,7 @@ class pdf_crabe extends ModelePDFFactures $pdf->SetAutoPageBreak(1, 0); $heightforinfotot = 50 + (4 * $nbpayments); // Height reserved to output the info and total part and payment part - if($heightforinfotot > 220) $heightforinfotot = 220; + if ($heightforinfotot > 220) $heightforinfotot = 220; $heightforfreetext = (isset($conf->global->MAIN_PDF_FREETEXT_HEIGHT) ? $conf->global->MAIN_PDF_FREETEXT_HEIGHT : 5); // Height reserved to output the free text on last page $heightforfooter = $this->marge_basse + 8; // Height reserved to output the footer (value include bottom margin) if (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_SHOW_FOOT_DETAILS)) $heightforfooter += 6; diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php index a146a855ccb..6c6eaba69e0 100644 --- a/htdocs/core/modules/modHoliday.class.php +++ b/htdocs/core/modules/modHoliday.class.php @@ -140,14 +140,14 @@ class modHoliday extends DolibarrModules $r = 0; $this->rights[$r][0] = 20001; // Permission id (must not be already used) - $this->rights[$r][1] = 'Read your own leave requests'; // Permission label + $this->rights[$r][1] = 'Read leave requests (yours and your subordinates)'; // Permission label $this->rights[$r][3] = 0; // Permission by default for new user (0/1) $this->rights[$r][4] = 'read'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $r++; $this->rights[$r][0] = 20002; // Permission id (must not be already used) - $this->rights[$r][1] = 'Create/modify your own leave requests'; // Permission label + $this->rights[$r][1] = 'Create/modify leave requests'; // Permission label $this->rights[$r][3] = 0; // Permission by default for new user (0/1) $this->rights[$r][4] = 'write'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) @@ -170,7 +170,7 @@ class modHoliday extends DolibarrModules $this->rights[$r][0] = 20004; // Permission id (must not be already used) $this->rights[$r][1] = 'Read leave requests for everybody'; // Permission label $this->rights[$r][3] = 0; // Permission by default for new user (0/1) - $this->rights[$r][4] = 'read_all'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + $this->rights[$r][4] = 'readall'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $r++; @@ -201,7 +201,7 @@ class modHoliday extends DolibarrModules $this->export_code[$r] = 'leaverequest_'.$r; $this->export_label[$r] = 'ListeCP'; $this->export_icon[$r] = 'holiday'; - $this->export_permission[$r] = array(array("holiday", "read_all")); + $this->export_permission[$r] = array(array("holiday", "readall")); $this->export_fields_array[$r] = array( 'd.rowid'=>"LeaveId", 'd.fk_type'=>'TypeOfLeaveId', 't.code'=>'TypeOfLeaveCode', 't.label'=>'TypeOfLeaveLabel', 'd.fk_user'=>'UserID', 'u.lastname'=>'Lastname', 'u.firstname'=>'Firstname', 'u.login'=>"Login", 'd.date_debut'=>'DateStart', 'd.date_fin'=>'DateEnd', 'd.halfday'=>'HalfDay', 'none.num_open_days'=>'NbUseDaysCP', diff --git a/htdocs/core/modules/modSalaries.class.php b/htdocs/core/modules/modSalaries.class.php index 7159ca634d5..23c892333d8 100644 --- a/htdocs/core/modules/modSalaries.class.php +++ b/htdocs/core/modules/modSalaries.class.php @@ -101,7 +101,7 @@ class modSalaries extends DolibarrModules $r++; $this->rights[$r][0] = 511; - $this->rights[$r][1] = 'Read payments of employee salaries'; + $this->rights[$r][1] = 'Read payments of employee salaries (yours and your subordinates)'; $this->rights[$r][2] = 'r'; $this->rights[$r][3] = 0; $this->rights[$r][4] = 'read'; @@ -125,6 +125,13 @@ class modSalaries extends DolibarrModules $r++; $this->rights[$r][0] = 517; + $this->rights[$r][1] = 'Read payments of salariests of every employee'; + $this->rights[$r][2] = 'r'; + $this->rights[$r][3] = 0; + $this->rights[$r][4] = 'readall'; + + $r++; + $this->rights[$r][0] = 519; $this->rights[$r][1] = 'Export payments of employee salaries'; $this->rights[$r][2] = 'r'; $this->rights[$r][3] = 0; @@ -132,6 +139,7 @@ class modSalaries extends DolibarrModules $this->rights[$r][5] = ''; + // Menus //------- $this->menu = 1; // This module add menu entries. They are coded into menu manager. diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 2f2c9145beb..53a22f83eee 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -73,7 +73,7 @@ if (($id > 0) || $ref) // Check current user can read this leave request $canread = 0; - if (!empty($user->rights->holiday->read_all)) $canread = 1; + if (!empty($user->rights->holiday->readall)) $canread = 1; if (!empty($user->rights->holiday->read) && in_array($object->fk_user, $childids)) $canread = 1; if (!$canread) { diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 262185df4c5..0677cd2f601 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -2116,7 +2116,7 @@ class Holiday extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."holiday as h"; $sql .= " WHERE h.statut > 1"; $sql .= " AND h.entity IN (".getEntity('holiday').")"; - if (empty($user->rights->expensereport->read_all)) + if (empty($user->rights->expensereport->readall)) { $userchildids = $user->getAllChildIds(1); $sql .= " AND (h.fk_user IN (".join(',', $userchildids).")"; diff --git a/htdocs/holiday/define_holiday.php b/htdocs/holiday/define_holiday.php index 47f6eeda550..585c80e3e6d 100644 --- a/htdocs/holiday/define_holiday.php +++ b/htdocs/holiday/define_holiday.php @@ -206,7 +206,7 @@ $filters = ''; // Filter on array of ids of all childs $userchilds = array(); -if (empty($user->rights->holiday->read_all)) +if (empty($user->rights->holiday->readall)) { $userchilds = $user->getAllChildIds(1); $filters .= ' AND u.rowid IN ('.join(', ', $userchilds).')'; @@ -293,7 +293,7 @@ if (count($typeleaves) == 0) foreach ($listUsers as $users) { // If user has not permission to edit/read all, we must see only subordinates - if (empty($user->rights->holiday->read_all)) + if (empty($user->rights->holiday->readall)) { if (($users['rowid'] != $user->id) && (!in_array($users['rowid'], $userchilds))) continue; // This user is not into hierarchy of current user, we hide it. } diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 615ab6cfa44..bfdef939be3 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -70,7 +70,7 @@ if ($id > 0) { $canread = 0; if ($id == $user->id) $canread = 1; - if (!empty($user->rights->holiday->read_all)) $canread = 1; + if (!empty($user->rights->holiday->readall)) $canread = 1; if (!empty($user->rights->holiday->read) && in_array($id, $childids)) $canread = 1; if (!$canread) { @@ -318,7 +318,7 @@ if (!empty($search_status) && $search_status != -1) { $sql .= " AND cp.statut = '".$db->escape($search_status)."'\n"; } -if (empty($user->rights->holiday->read_all)) $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')'; +if (empty($user->rights->holiday->readall)) $sql .= ' AND cp.fk_user IN ('.join(',', $childids).')'; if ($id > 0) $sql .= " AND cp.fk_user IN (".$id.")"; // Add where from extra fields @@ -469,7 +469,7 @@ if ($resql) $include = ''; - if (empty($user->rights->holiday->read_all)) $include = 'hierarchyme'; // Can see only its hierarchyl + if (empty($user->rights->holiday->readall)) $include = 'hierarchyme'; // Can see only its hierarchyl print '
'; print ''."\n"; @@ -507,7 +507,7 @@ if ($resql) // Approver if (!empty($arrayfields['cp.fk_validator']['checked'])) { - if ($user->rights->holiday->read_all) + if ($user->rights->holiday->readall) { print ''; $result = 0; diff --git a/htdocs/holiday/view_log.php b/htdocs/holiday/view_log.php index 669bb9aa32f..54049a201ea 100644 --- a/htdocs/holiday/view_log.php +++ b/htdocs/holiday/view_log.php @@ -69,7 +69,7 @@ if (!$sortfield) $sortfield = "cpl.rowid"; if (!$sortorder) $sortorder = "DESC"; // Si l'utilisateur n'a pas le droit de lire cette page -if (!$user->rights->holiday->read_all) accessforbidden(); +if (!$user->rights->holiday->readall) accessforbidden(); // Load translation files required by the page $langs->load('users'); diff --git a/htdocs/hrm/index.php b/htdocs/hrm/index.php index a713ec86100..3ec2a3b898f 100644 --- a/htdocs/hrm/index.php +++ b/htdocs/hrm/index.php @@ -180,7 +180,7 @@ if (!empty($conf->holiday->enabled) && $user->rights->holiday->read) $sql .= " FROM ".MAIN_DB_PREFIX."holiday as x, ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.rowid = x.fk_user"; $sql .= " AND x.entity = ".$conf->entity; - if (empty($user->rights->holiday->read_all)) $sql .= ' AND x.fk_user IN ('.join(',', $childids).')'; + if (empty($user->rights->holiday->readall)) $sql .= ' AND x.fk_user IN ('.join(',', $childids).')'; //if (!$user->rights->societe->client->voir && !$user->socid) $sql.= " AND x.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; //if (!empty($socid)) $sql.= " AND x.fk_soc = ".$socid; $sql .= $db->order("x.tms", "DESC"); diff --git a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql index f308db3525c..33b8ea01f8b 100644 --- a/htdocs/install/mysql/migration/12.0.0-13.0.0.sql +++ b/htdocs/install/mysql/migration/12.0.0-13.0.0.sql @@ -410,6 +410,7 @@ ALTER TABLE llx_projet_task_time MODIFY COLUMN datec datetime; DELETE FROM llx_user_rights WHERE fk_id IN (SELECT id FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous'); DELETE FROM llx_rights_def where module = 'holiday' and perms = 'lire_tous'; +UPDATE llx_rights_def set perms = 'readall' WHERE perms = 'read_all' and module = 'holiday'; CREATE TABLE llx_c_product_nature ( rowid integer AUTO_INCREMENT PRIMARY KEY, diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 3da5c3aff62..9e715bd08d2 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -836,10 +836,11 @@ Permission402=Create/modify discounts Permission403=Validate discounts Permission404=Delete discounts Permission430=Use Debug Bar -Permission511=Read payments of salaries +Permission511=Read payments of salaries (yours and subordinates) Permission512=Create/modify payments of salaries Permission514=Delete payments of salaries -Permission517=Export salaries +Permission517=Read payments of salaries of everybody +Permission519=Export salaries Permission520=Read Loans Permission522=Create/modify loans Permission524=Delete loans diff --git a/htdocs/salaries/list.php b/htdocs/salaries/list.php index 8f6f636c4b2..3ef6531e6fd 100644 --- a/htdocs/salaries/list.php +++ b/htdocs/salaries/list.php @@ -31,11 +31,6 @@ if (!empty($conf->accounting->enabled)) require_once DOL_DOCUMENT_ROOT.'/account // Load translation files required by the page $langs->loadLangs(array("compta", "salaries", "bills", "hrm")); -// Security check -$socid = GETPOST("socid", "int"); -if ($user->socid) $socid = $user->socid; -$result = restrictedArea($user, 'salaries', '', '', ''); - $limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit; $search_ref = GETPOST('search_ref', 'int'); $search_user = GETPOST('search_user', 'alpha'); @@ -71,6 +66,13 @@ if (!GETPOST('typeid', 'int')) $typeid = GETPOST('typeid', 'int'); } +$childids = $user->getAllChildIds(1); + +// Security check +$socid = GETPOST("socid", "int"); +if ($user->socid) $socid = $user->socid; +$result = restrictedArea($user, 'salaries', '', '', ''); + /* @@ -112,6 +114,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.ro $sql .= " ".MAIN_DB_PREFIX."user as u"; $sql .= " WHERE u.rowid = s.fk_user"; $sql .= " AND s.entity = ".$conf->entity; +if (empty($user->rights->salaries->readall)) $sql .= " AND s.fk_user IN (".join(',', $childids).")"; // Search criteria if ($search_ref) $sql .= " AND s.rowid=".$search_ref; diff --git a/htdocs/user/bank.php b/htdocs/user/bank.php index b1f0b7d4785..8b177518d25 100644 --- a/htdocs/user/bank.php +++ b/htdocs/user/bank.php @@ -388,7 +388,7 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco * Last holidays */ if (!empty($conf->holiday->enabled) && - ($user->rights->holiday->read_all || ($user->rights->holiday->read && $object->id == $user->id)) + ($user->rights->holiday->readall || ($user->rights->holiday->read && $object->id == $user->id)) ) { $holiday = new Holiday($db); @@ -396,7 +396,7 @@ if ($action != 'edit' && $action != 'create') // If not bank account yet, $acco $sql = "SELECT h.rowid, h.statut as status, h.fk_type, h.date_debut, h.date_fin, h.halfday"; $sql .= " FROM ".MAIN_DB_PREFIX."holiday as h"; $sql .= " WHERE h.fk_user = ".$object->id; - $sql .= " AND h.entity = ".$conf->entity; + $sql .= " AND h.entity IN (".getEntity('holiday').")"; $sql .= " ORDER BY h.date_debut DESC"; $resql = $db->query($sql);
'; $validator = new UserGroup($db); @@ -631,7 +631,7 @@ if ($resql) // If we ask a dedicated card and not allow to see it, we force on user. - if ($id && empty($user->rights->holiday->read_all) && !in_array($id, $childids)) { + if ($id && empty($user->rights->holiday->readall) && !in_array($id, $childids)) { $langs->load("errors"); print '
'.$langs->trans("NotEnoughPermissions").'