From 7813ef32ea1c28728196ec53d4037a6271849c7c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sun, 30 May 2010 21:07:47 +0000
Subject: [PATCH] Fix: A lot of bugs in project permission

---
 htdocs/includes/menus/barre_left/eldy.lib.php |  4 ++--
 htdocs/includes/menus/init_menu_auguria.sql   |  4 ++--
 htdocs/lib/project.lib.php                    |  2 +-
 htdocs/projet/tasks/contact.php               |  3 ++-
 htdocs/projet/tasks/document.php              |  3 ++-
 htdocs/projet/tasks/index.php                 |  3 +--
 htdocs/projet/tasks/note.php                  |  5 +++--
 htdocs/projet/tasks/task.php                  |  3 ++-
 htdocs/projet/tasks/time.php                  | 10 +++++-----
 9 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/htdocs/includes/menus/barre_left/eldy.lib.php b/htdocs/includes/menus/barre_left/eldy.lib.php
index 5b066fc71a6..f7c294139e5 100644
--- a/htdocs/includes/menus/barre_left/eldy.lib.php
+++ b/htdocs/includes/menus/barre_left/eldy.lib.php
@@ -724,13 +724,13 @@ function print_left_eldy_menu($db,$menu_array)
 
 				// Project affected to user
 				$newmenu->add(DOL_URL_ROOT."/projet/activity/index.php?mode=mine", $langs->trans("MyActivities"), 0, $user->rights->projet->lire);
-				$newmenu->add(DOL_URL_ROOT."/projet/tasks/fiche.php?action=create&mode=mine", $langs->trans("NewTask"), 1, $user->rights->projet->creer);
+				$newmenu->add(DOL_URL_ROOT."/projet/tasks.php?action=create&mode=mine", $langs->trans("NewTask"), 1, $user->rights->projet->creer);
 				$newmenu->add(DOL_URL_ROOT."/projet/tasks/index.php?mode=mine", $langs->trans("List"), 1, $user->rights->projet->lire);
 				$newmenu->add(DOL_URL_ROOT."/projet/activity/list.php?mode=mine", $langs->trans("NewTimeSpent"), 1, $user->rights->projet->creer);
 
 				// All project i have permission on
 				$newmenu->add(DOL_URL_ROOT."/projet/activity/index.php", $langs->trans("Activities"), 0, $user->rights->projet->lire && $user->rights->projet->lire);
-				$newmenu->add(DOL_URL_ROOT."/projet/tasks/fiche.php?action=create", $langs->trans("NewTask"), 1, $user->rights->projet->creer && $user->rights->projet->creer);
+				$newmenu->add(DOL_URL_ROOT."/projet/tasks.php?action=create", $langs->trans("NewTask"), 1, $user->rights->projet->creer && $user->rights->projet->creer);
 				$newmenu->add(DOL_URL_ROOT."/projet/tasks/index.php", $langs->trans("List"), 1, $user->rights->projet->lire && $user->rights->projet->lire);
 				$newmenu->add(DOL_URL_ROOT."/projet/activity/list.php", $langs->trans("NewTimeSpent"), 1, $user->rights->projet->creer && $user->rights->projet->creer);
 			}
diff --git a/htdocs/includes/menus/init_menu_auguria.sql b/htdocs/includes/menus/init_menu_auguria.sql
index 216a10744d2..4a9b961de8d 100644
--- a/htdocs/includes/menus/init_menu_auguria.sql
+++ b/htdocs/includes/menus/init_menu_auguria.sql
@@ -237,12 +237,12 @@ insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3612__+MAX_llx_menu__, 'project', '', 3610__+MAX_llx_menu__, '/projet/liste.php?leftmenu=projects&mode=mine', 'List', 1, 'projects', '$user->rights->projet->lire', '', 2, 2, __ENTITY__);
 
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3700__+MAX_llx_menu__, 'project', '', 7__+MAX_llx_menu__, '/projet/activity/index.php?leftmenu=projects', 'Activities', 0, 'projects', '$user->rights->projet->lire', '', 2, 0, __ENTITY__);
-insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3701__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks/fiche.php?leftmenu=projects&action=create', 'NewTask', 1, 'projects', '$user->rights->projet->creer', '', 2, 1, __ENTITY__);
+insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3701__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks.php?leftmenu=projects&action=create', 'NewTask', 1, 'projects', '$user->rights->projet->creer', '', 2, 1, __ENTITY__);
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3702__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/tasks/index.php?leftmenu=projects', 'List', 1, 'projects', '$user->rights->projet->lire', '', 2, 2, __ENTITY__);
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3703__+MAX_llx_menu__, 'project', '', 3700__+MAX_llx_menu__, '/projet/activity/list.php?leftmenu=projects', 'NewTimeSpent', 1, 'projects', '$user->rights->projet->lire', '', 2, 3, __ENTITY__);
 
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3800__+MAX_llx_menu__, 'project', '', 7__+MAX_llx_menu__, '/projet/activity/index.php?leftmenu=projects&mode=mine', 'MyActivities', 0, 'projects', '$user->rights->projet->lire', '', 2, 0, __ENTITY__);
-insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3801__+MAX_llx_menu__, 'project', '', 3800__+MAX_llx_menu__, '/projet/tasks/fiche.php?leftmenu=projects&action=create&mode=mine', 'NewTask', 1, 'projects', '$user->rights->projet->creer', '', 2, 1, __ENTITY__);
+insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3801__+MAX_llx_menu__, 'project', '', 3800__+MAX_llx_menu__, '/projet/tasks.php?leftmenu=projects&action=create&mode=mine', 'NewTask', 1, 'projects', '$user->rights->projet->creer', '', 2, 1, __ENTITY__);
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3802__+MAX_llx_menu__, 'project', '', 3800__+MAX_llx_menu__, '/projet/tasks/index.php?leftmenu=projects&mode=mine', 'List', 1, 'projects', '$user->rights->projet->lire', '', 2, 2, __ENTITY__);
 insert into llx_menu (enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('$conf->projet->enabled', 'auguria', 'left', 3803__+MAX_llx_menu__, 'project', '', 3800__+MAX_llx_menu__, '/projet/activity/list.php?leftmenu=projects&mode=mine', 'NewTimeSpent', 1, 'projects', '$user->rights->projet->lire', '', 2, 3, __ENTITY__);
 
diff --git a/htdocs/lib/project.lib.php b/htdocs/lib/project.lib.php
index fabb11eaf21..d570d1274f6 100644
--- a/htdocs/lib/project.lib.php
+++ b/htdocs/lib/project.lib.php
@@ -86,7 +86,7 @@ function project_prepare_head($object)
 	$h++;
 
 	/* Now this is a filter in the Task tab.
-	$head[$h][0] = DOL_URL_ROOT.'/projet/tasks/fiche.php?id='.$object->id.'&mode=mine';
+	$head[$h][0] = DOL_URL_ROOT.'/projet/tasks.php?id='.$object->id.'&mode=mine';
 	$head[$h][1] = $langs->trans("MyTasks");
     $head[$h][2] = 'mytasks';
 	$h++;
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index 887e969b878..914aa634ebd 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -181,7 +181,8 @@ if ($id > 0 || ! empty($ref))
 		if (! empty($project->socid)) $project->societe->fetch($project->socid);
 
 		// To verify role of users
-		$userAccess = $project->restrictedProjectArea($user);
+		//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
+		//$arrayofuseridoftask=$task->getListContactId('internal');
 
 		$head = task_prepare_head($task);
 		dol_fiche_head($head, 'contact', $langs->trans("Task"), 0, 'projecttask');
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index 9c986038f00..509300df740 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -136,7 +136,8 @@ llxHeader('',$langs->trans('Project'));
 if ($id > 0 || ! empty($ref))
 {
 	// To verify role of users
-	$userAccess = $projectstatic->restrictedProjectArea($user);
+	//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
+	//$arrayofuseridoftask=$task->getListContactId('internal');
 
 	$head = task_prepare_head($task);
 	dol_fiche_head($head, 'document', $langs->trans("Task"), 0, 'projecttask');
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index 58662d8c83f..93065e1fc8e 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -58,7 +58,6 @@ if ($mine) $title=$langs->trans("MyActivities");
 llxHeader("",$title,"Projet");
 
 $form=new Form($db);
-
 $projectstatic = new Project($db);
 $taskstatic = new Task($db);
 
@@ -108,7 +107,7 @@ print '</div>';
 if ($user->rights->projet->creer)
 {
 	print '<div class="tabsAction">';
-	print '<a class="butAction" href="'.DOL_URL_ROOT.'/projet/tasks/fiche.php?action=create">'.$langs->trans('AddTask').'</a>';
+	print '<a class="butAction" href="'.DOL_URL_ROOT.'/projet/tasks.php?action=create">'.$langs->trans('AddTask').'</a>';
 	print '</div>';
 }
 
diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php
index 621a0039656..dc766903818 100644
--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -110,7 +110,8 @@ if ($id > 0 || ! empty($ref))
 		if (! empty($projectstatic->socid)) $projectstatic->societe->fetch($projectstatic->socid);
 
 		// To verify role of users
-		$userAccess = $projectstatic->restrictedProjectArea($user);
+		//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
+		//$arrayofuseridoftask=$task->getListContactId('internal');
 
 		$head = task_prepare_head($task);
 		dol_fiche_head($head, 'note', $langs->trans('Task'), 0, 'projecttask');
@@ -188,7 +189,7 @@ if ($id > 0 || ! empty($ref))
 		 */
 		print '<div class="tabsAction">';
 
-		if ((($user->rights->projet->creer && $userAccess) || $user->rights->projet->all->creer) && $_GET['action'] <> 'edit')
+		if (($user->rights->projet->creer || $user->rights->projet->all->creer) && $_GET['action'] <> 'edit')
 		{
 			print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$task->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>';
 		}
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index 816f5e6a319..e53bd795e2b 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -128,7 +128,8 @@ if ($taskid)
 		if (! empty($projectstatic->socid)) $projectstatic->societe->fetch($projectstatic->socid);
 
 		// To verify role of users
-		$userAccess = $projectstatic->restrictedProjectArea($user);
+		//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
+		//$arrayofuseridoftask=$task->getListContactId('internal');
 
 		if ($mesg) print $mesg;
 
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index ab9563d0b3c..bf80c36e7ed 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -152,7 +152,6 @@ if ($_GET["id"] > 0)
 {
 	/*
 	 * Fiche projet en mode visu
-	 *
 	 */
 	$task = new Task($db);
 	$projectstatic = new Project($db);
@@ -163,8 +162,9 @@ if ($_GET["id"] > 0)
 		$result=$projectstatic->fetch($task->fk_project);
 		if (! empty($projectstatic->socid)) $projectstatic->societe->fetch($projectstatic->socid);
 
-		// To verify role of users
-		$userAccess = $projectstatic->restrictedProjectArea($user);
+		// To get role of users
+		//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
+		//$arrayofuseridoftask=$task->getListContactId('internal');
 
 		$head=task_prepare_head($task);
 
@@ -210,7 +210,7 @@ if ($_GET["id"] > 0)
 		/*
 		 * Add time spent
 		 */
-		if ($user->rights->projet->creer && $userAccess)
+		if ($user->rights->projet->creer)
 		{
 			print '<br>';
 
@@ -374,7 +374,7 @@ if ($_GET["id"] > 0)
   		    	print '<br>';
   		    	print '<input type="submit" class="button" name="cancel" value="'.$langs->trans('Cancel').'">';
   		    }
-  		    else if ($user->rights->projet->creer && $userAccess)
+  		    else if ($user->rights->projet->creer)
 			{
 				print '&nbsp;';
 				print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$task->id.'&amp;action=editline&amp;lineid='.$task_time->rowid.'">';