diff --git a/htdocs/core/modules/modHoliday.class.php b/htdocs/core/modules/modHoliday.class.php index 63c76e24548..53f69dfefaf 100644 --- a/htdocs/core/modules/modHoliday.class.php +++ b/htdocs/core/modules/modHoliday.class.php @@ -199,7 +199,7 @@ class modHoliday extends DolibarrModules $this->rights[$r][0] = 20005; // Permission id (must not be already used) $this->rights[$r][1] = 'Create/modify leave requests for everybody'; // Permission label $this->rights[$r][3] = 0; // Permission by default for new user (0/1) - $this->rights[$r][4] = 'writeall_advance'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) + $this->rights[$r][4] = 'writeall'; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $this->rights[$r][5] = ''; // In php code, permission will be checked by test if ($user->rights->permkey->level1->level2) $r++; diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 1b82eb777b0..307294d5422 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -134,6 +134,14 @@ if ($object->id > 0) { } } +$candelete = 0; +if (!empty($user->rights->expensereport->supprimer)) { + $candelete = 1; +} +if ($object->statut == ExpenseReport::STATUS_DRAFT && $user->rights->expensereport->write && in_array($object->fk_user_author, $childids)) { + $candelete = 1; +} + // Security check if ($user->socid) { $socid = $user->socid; @@ -226,7 +234,7 @@ if (empty($reshook)) { } } - if ($action == 'confirm_delete' && GETPOST("confirm", 'alpha') == "yes" && $id > 0 && $user->rights->expensereport->supprimer) { + if ($action == 'confirm_delete' && GETPOST("confirm", 'alpha') == "yes" && $id > 0 && $candelete) { $object = new ExpenseReport($db); $result = $object->fetch($id); $result = $object->delete($user); @@ -2737,7 +2745,7 @@ if ($action != 'create' && $action != 'edit' && $action != 'editline') { if ($user->rights->expensereport->creer && $user->id == $object->fk_user_author && $object->status < ExpenseReport::STATUS_APPROVED) { // Delete print '
id.'">'.$langs->trans('Delete').'
'; - } elseif ($user->rights->expensereport->supprimer && $object->status != ExpenseReport::STATUS_CLOSED) { + } elseif ($candelete && $object->status != ExpenseReport::STATUS_CLOSED) { // Delete print '
id.'">'.$langs->trans('Delete').'
'; } diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index e84fb79c7e3..4df9b32278b 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -90,13 +90,14 @@ if (($id > 0) || $ref) { $hookmanager->initHooks(array('holidaycard', 'globalcard')); $cancreate = 0; - -if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)) { - $cancreate = 1; -} +$cancreateall = 0; if (!empty($user->rights->holiday->write) && in_array($fuserid, $childids)) { $cancreate = 1; } +if (!empty($user->rights->holiday->writeall)) { + $cancreate = 1; + $cancreateall = 1; +} $candelete = 0; if (!empty($user->rights->holiday->delete)) { @@ -181,23 +182,25 @@ if (empty($reshook)) { $description = trim(GETPOST('description', 'restricthtml')); // Check that leave is for a user inside the hierarchy or advanced permission for all is set - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { - if (empty($user->rights->holiday->write)) { - $error++; - setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); - } elseif (!in_array($fuserid, $childids)) { - $error++; - setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors'); - $action = 'create'; - } - } else { - if (empty($user->rights->holiday->write) && empty($user->rights->holiday->writeall_advance)) { - $error++; - setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); - } elseif (empty($user->rights->holiday->writeall_advance) && !in_array($fuserid, $childids)) { - $error++; - setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors'); - $action = 'create'; + if (!$cancreateall) { + if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) { + if (empty($user->rights->holiday->write)) { + $error++; + setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); + } elseif (!in_array($fuserid, $childids)) { + $error++; + setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors'); + $action = 'create'; + } + } else { + if (empty($user->rights->holiday->write) && empty($user->rights->holiday->writeall_advance)) { + $error++; + setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); + } elseif (empty($user->rights->holiday->writeall_advance) && !in_array($fuserid, $childids)) { + $error++; + setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors'); + $action = 'create'; + } } } @@ -279,7 +282,7 @@ if (empty($reshook)) { } } - // If update and we are an approver, we can update with another approver + // If this is an update and we are an approver, we can update to change the approver if ($action == 'update' && GETPOSTISSET('savevalidator') && !empty($user->rights->holiday->approve)) { $object->fetch($id); @@ -319,10 +322,18 @@ if (empty($reshook)) { } // If no right to modify a request - if (!$user->rights->holiday->write) { - setEventMessages($langs->trans("CantUpdate"), null, 'errors'); - header('Location: '.$_SERVER["PHP_SELF"].'?action=create'); - exit; + if (!$cancreateall) { + if ($cancreate) { + if (!in_array($fuserid, $childids)) { + setEventMessages($langs->trans("UserNotInHierachy"), null, 'errors'); + header('Location: '.$_SERVER["PHP_SELF"].'?action=create'); + exit; + } + } else { + setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors'); + header('Location: '.$_SERVER["PHP_SELF"].'?action=create'); + exit; + } } $object->fetch($id); @@ -337,13 +348,13 @@ if (empty($reshook)) { $description = trim(GETPOST('description', 'restricthtml')); // If no start date - if (empty($_POST['date_debut_'])) { + if (!GETPOST('date_debut_')) { header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken().'&error=nodatedebut'); exit; } // If no end date - if (empty($_POST['date_fin_'])) { + if (!GETPOST('date_fin_')) { header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit&token='.newToken().'&error=nodatefin'); exit; } @@ -394,7 +405,7 @@ if (empty($reshook)) { } // If delete of request - if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights->holiday->delete) { + if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $candelete) { $error = 0; $db->begin(); @@ -403,14 +414,11 @@ if (empty($reshook)) { // If this is a rough draft, approved, canceled or refused if ($object->statut == Holiday::STATUS_DRAFT || $object->statut == Holiday::STATUS_CANCELED || $object->statut == Holiday::STATUS_REFUSED) { - // Si l'utilisateur à le droit de lire cette demande, il peut la supprimer - if ($candelete) { - $result = $object->delete($user); - } else { - $error++; - setEventMessages($langs->trans('ErrorCantDeleteCP'), null, 'errors'); - $action = ''; - } + $result = $object->delete($user); + } else { + $error++; + setEventMessages($langs->trans('BadStatusOfObject'), null, 'errors'); + $action = ''; } if (!$error) { @@ -765,7 +773,7 @@ if (empty($reshook)) { // If status pending validation and validator = validator or user, or rights to do for others if (($object->statut == Holiday::STATUS_VALIDATED || $object->statut == Holiday::STATUS_APPROVED) && - (!empty($user->admin) || $user->id == $object->fk_validator || in_array($object->fk_user, $childids) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))) { + (!empty($user->admin) || $user->id == $object->fk_validator || in_array($object->fk_user, $childids) || $cancreateall)) { $db->begin(); $oldstatus = $object->statut; @@ -996,12 +1004,11 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { print ''; print ''.$langs->trans("User").''; print ''; - - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->holiday->writeall_advance)) { + if ($cancreate && !$cancreateall) { print img_picto('', 'user').$form->select_dolusers(($fuserid ? $fuserid : $user->id), 'fuserid', 0, '', 0, 'hierarchyme', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'minwidth200 maxwidth500'); //print ''; } else { - print img_picto('', 'user').$form->select_dolusers(GETPOST('fuserid', 'int') ? GETPOST('fuserid', 'int') : $user->id, 'fuserid', 0, '', 0, '', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'minwidth200 maxwidth500'); + print img_picto('', 'user').$form->select_dolusers($fuserid ? $fuserid : $user->id, 'fuserid', 0, '', 0, '', '', '0,'.$conf->entity, 0, 0, $morefilter, 0, '', 'minwidth200 maxwidth500'); } print ''; print ''; @@ -1474,9 +1481,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { } } if ($object->statut == Holiday::STATUS_APPROVED) { // If validated or approved - if ($user->id == $object->fk_validator - || in_array($object->fk_user, $childids) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance))) { + if ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || $cancreateall) { if (($object->date_debut > dol_now()) || !empty($user->admin)) { print ''.$langs->trans("ActionCancelCP").''; } else { diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index b11b795723c..1e9c5602704 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -93,23 +93,6 @@ if (($id > 0) || $ref) { } } -/*$cancreate = 0; - -if (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)) { - $cancreate = 1; -} -if (!empty($user->rights->holiday->write) && in_array($fuserid, $childids)) { - $cancreate = 1; -} - -$candelete = 0; -if (!empty($user->rights->holiday->delete)) { - $candelete = 1; -} -if ($object->statut == Holiday::STATUS_DRAFT && $user->rights->holiday->write && in_array($object->fk_user, $childids)) { - $candelete = 1; -} -*/ $upload_dir = $conf->holiday->dir_output.'/'.get_exdir(0, 0, 0, 1, $object, ''); $modulepart = 'holiday'; diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 207c7c31707..b4985100e44 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -488,9 +488,15 @@ if ($resql) { print '
'; - $canedit = (($user->id == $user_id && $user->rights->holiday->write) || ($user->id != $user_id && (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->holiday->writeall_advance)))); + $cancreate = 0; + if (!empty($user->rights->holiday->writeall)) { + $cancreate = 1; + } + if (!empty($user->rights->holiday->write) && in_array($user_id, $childids)) { + $cancreate = 1; + } - if ($canedit) { + if ($cancreate) { print ''.$langs->trans("AddCP").''; } diff --git a/htdocs/install/mysql/migration/14.0.0-15.0.0.sql b/htdocs/install/mysql/migration/14.0.0-15.0.0.sql index c062b57c482..e60208cf56d 100644 --- a/htdocs/install/mysql/migration/14.0.0-15.0.0.sql +++ b/htdocs/install/mysql/migration/14.0.0-15.0.0.sql @@ -482,3 +482,5 @@ ALTER TABLE llx_inventorydet ADD COLUMN fk_movement integer NULL; ALTER TABLE llx_stock_mouvement MODIFY COLUMN origintype varchar(64); ALTER TABLE llx_intracommreport CHANGE COLUMN period periods varchar(32); + +UPDATE llx_rights_def SET perms = 'writeall' WHERE perms = 'writeall_advance' AND module = 'holiday'; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 94e21f076e3..02a88e8a453 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -893,12 +893,11 @@ Permission701=Read donations Permission702=Create/modify donations Permission703=Delete donations Permission771=Read expense reports (yours and your subordinates) -Permission772=Create/modify expense reports +Permission772=Create/modify expense reports (for you and your subordinates) Permission773=Delete expense reports -Permission774=Read all expense reports (even for user not subordinates) Permission775=Approve expense reports Permission776=Pay expense reports -Permission777=Read expense reports of everybody +Permission777=Read all expense reports (even those of user not subordinates) Permission778=Create/modify expense reports of everybody Permission779=Export expense reports Permission1001=Read stocks @@ -977,9 +976,9 @@ Permission10005=Delete website content Permission20001=Read leave requests (your leave and those of your subordinates) Permission20002=Create/modify your leave requests (your leave and those of your subordinates) Permission20003=Delete leave requests -Permission20004=Read all leave requests (even of user not subordinates) -Permission20005=Create/modify leave requests for everybody (even of user not subordinates) -Permission20006=Admin leave requests (setup and update balance) +Permission20004=Read all leave requests (even those of user not subordinates) +Permission20005=Create/modify leave requests for everybody (even those of user not subordinates) +Permission20006=Administer leave requests (setup and update balance) Permission20007=Approve leave requests Permission23001=Read Scheduled job Permission23002=Create/update Scheduled job diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index d9d8f5dd6da..f4c7a7352ea 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -1080,11 +1080,12 @@ class User extends CommonObject $sql .= " ".MAIN_DB_PREFIX."rights_def as r"; $sql .= " WHERE r.id = ur.fk_id"; if (!empty($conf->global->MULTICOMPANY_BACKWARD_COMPATIBILITY)) { - // on old version, we use entity defined into table r + // on old version, we use entity defined into table r only $sql .= " AND r.entity IN (0,".(!empty($conf->multicompany->enabled) && !empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE) ? "1," : "").$conf->entity.")"; } else { - // we must now use entity into table ur - $sql .= " AND ur.entity = ".((int) $conf->entity); + // On table r=rights_def, the unique key is (id, entity) because id is hard coded into module descriptor and insert during module activation. + // So we must include the filter on entity on both table r. and ur. + $sql .= " AND r.entity = ".((int) $conf->entity)." AND ur.entity = ".((int) $conf->entity); } $sql .= " AND ur.fk_user= ".((int) $this->id); $sql .= " AND r.perms IS NOT NULL";