From b0ec9c1fcf56e7f4df58b1717ad58543638e2ef9 Mon Sep 17 00:00:00 2001 From: "Sekan, Tobias" Date: Tue, 21 Apr 2020 12:45:07 +0200 Subject: [PATCH 1/2] Cleanup user rights on supplier proposal card --- htdocs/supplier_proposal/card.php | 103 ++++++++++++++++-------------- 1 file changed, 56 insertions(+), 47 deletions(-) diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index 5910f77a819..43230d8f9b0 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -96,9 +96,23 @@ if ($id > 0 || !empty($ref)) { dol_print_error('', $object->error); } -$permissionnote = $user->rights->supplier_proposal->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->supplier_proposal->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->supplier_proposal->creer; // Used by the include of actions_lineupdown.inc.php +// Common permissions +$usercanread = $user->rights->supplier_proposal->lire; +$usercancreate = $user->rights->supplier_proposal->creer; +$usercandelete = $user->rights->supplier_proposal->supprimer; + +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))); +$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->supplier_proposal->send_advance); + +// Additional area permissions +$usercanclose = $user->rights->supplier_proposal->cloturer; +$usercancreateorder = $user->rights->fournisseur->commande->creer; + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php /* @@ -152,7 +166,7 @@ if (empty($reshook)) } // Delete askprice - elseif ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->supplier_proposal->supprimer) + elseif ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) { $result = $object->delete($user); if ($result > 0) { @@ -165,7 +179,7 @@ if (empty($reshook)) } // Remove line - elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->supplier_proposal->creer) + elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); // reorder lines @@ -189,10 +203,7 @@ if (empty($reshook)) } // Validation - elseif ($action == 'confirm_validate' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))) - ) + elseif ($action == 'confirm_validate' && $confirm == 'yes' && $usercanvalidate) { $result = $object->valid($user); if ($result >= 0) @@ -223,7 +234,7 @@ if (empty($reshook)) } } - elseif ($action == 'setdate_livraison' && $user->rights->supplier_proposal->creer) + elseif ($action == 'setdate_livraison' && $usercancreate) { $result = $object->set_date_livraison($user, dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year'])); if ($result < 0) @@ -231,7 +242,7 @@ if (empty($reshook)) } // Create supplier proposal - elseif ($action == 'add' && $user->rights->supplier_proposal->creer) + elseif ($action == 'add' && $usercancreate) { $object->socid = $socid; $object->fetch_thirdparty(); @@ -460,7 +471,7 @@ if (empty($reshook)) } // Reopen proposal - elseif ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'confirm_reopen' && $usercanclose && !GETPOST('cancel', 'alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) { $object->reopen($user, SupplierProposal::STATUS_VALIDATED); @@ -468,7 +479,7 @@ if (empty($reshook)) } // Close proposal - elseif ($action == 'close' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'close' && $usercanclose && !GETPOST('cancel', 'alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED) { $object->setStatut(SupplierProposal::STATUS_CLOSE); @@ -476,7 +487,7 @@ if (empty($reshook)) } // Set accepted/refused - elseif ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'setstatut' && $usercanclose && !GETPOST('cancel', 'alpha')) { if (!GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("CloseAs")), null, 'errors'); $action = 'statut'; @@ -499,12 +510,12 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->supplier_proposal->dir_output; - $permissiontoadd = $user->rights->supplier_proposal->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Go back to draft - if ($action == 'modif' && $user->rights->supplier_proposal->creer) + if ($action == 'modif' && $usercancreate) { $object->setDraft($user); @@ -522,7 +533,7 @@ if (empty($reshook)) } } - elseif ($action == "setabsolutediscount" && $user->rights->supplier_proposal->creer) { + elseif ($action == "setabsolutediscount" && $usercancreate) { if ($_POST["remise_id"]) { if ($object->id > 0) { $result = $object->insert_discount($_POST["remise_id"]); @@ -534,7 +545,7 @@ if (empty($reshook)) } // Add a product line - if ($action == 'addline' && $user->rights->supplier_proposal->creer) + if ($action == 'addline' && $usercancreate) { $langs->load('errors'); $error = 0; @@ -845,7 +856,7 @@ if (empty($reshook)) } // Mise a jour d'une ligne dans la demande de prix - elseif ($action == 'updateline' && $user->rights->supplier_proposal->creer && GETPOST('save') == $langs->trans("Save")) { + elseif ($action == 'updateline' && $usercancreate && GETPOST('save') == $langs->trans("Save")) { $vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0); // Define info_bits @@ -1013,46 +1024,46 @@ if (empty($reshook)) } } - elseif ($action == 'updateline' && $user->rights->supplier_proposal->creer && GETPOST('cancel', 'alpha') == $langs->trans('Cancel')) { + elseif ($action == 'updateline' && $usercancreate && GETPOST('cancel', 'alpha') == $langs->trans('Cancel')) { header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } // Set project - elseif ($action == 'classin' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'classin' && $usercancreate) { $object->setProject(GETPOST('projectid'), 'int'); } // Delivery delay - elseif ($action == 'setavailability' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setavailability' && $usercancreate) { $result = $object->availability($_POST['availability_id']); } // Terms of payments - elseif ($action == 'setconditions' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); } - elseif ($action == 'setremisepercent' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setremisepercent' && $usercancreate) { $result = $object->set_remise_percent($user, $_POST['remise_percent']); } - elseif ($action == 'setremiseabsolue' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setremiseabsolue' && $usercancreate) { $result = $object->set_remise_absolue($user, $_POST['remise_absolue']); } // Payment mode - elseif ($action == 'setmode' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx'))); } @@ -1480,8 +1491,8 @@ if ($action == 'create') $morehtmlref = '
'; // Ref supplier - //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1); - //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', null, null, '', 1); + //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', 0, 1); + //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref .= ' ('.$langs->trans("OtherProposals").')'; @@ -1490,7 +1501,7 @@ if ($action == 'create') { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->supplier_proposal->creer) + if ($usercancreate) { if ($action != 'classify') { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; @@ -1680,7 +1691,7 @@ if ($action == 'create') print ''; - if ($action != 'editbankaccount' && $user->rights->supplier_proposal->creer) + if ($action != 'editbankaccount' && $usercancreate) print ''; print '
'; print $langs->trans('BankAccount'); print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -1809,7 +1820,7 @@ if ($action == 'create') $ret = $object->printObjectLines($action, $soc, $mysoc, $lineid, $dateSelector); // Form to add new line - if ($object->statut == SupplierProposal::STATUS_DRAFT && $user->rights->supplier_proposal->creer) + if ($object->statut == SupplierProposal::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -1870,22 +1881,20 @@ if ($action == 'create') if ($action != 'statut' && $action != 'editline') { // Validate - if ($object->statut == SupplierProposal::STATUS_DRAFT && $object->total_ttc >= 0 && count($object->lines) > 0 && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))) - ) { + if ($object->statut == SupplierProposal::STATUS_DRAFT && $object->total_ttc >= 0 && count($object->lines) > 0 && $usercanvalidate) + { if (count($object->lines) > 0) print '
'.$langs->trans('Validate').'
'; // else print ''.$langs->trans('Validate').''; } // Edit - if ($object->statut == SupplierProposal::STATUS_VALIDATED && $user->rights->supplier_proposal->creer) { + if ($object->statut == SupplierProposal::STATUS_VALIDATED && $usercancreate) { print '
'.$langs->trans('Modify').'
'; } // ReOpen - if (($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) && $user->rights->supplier_proposal->cloturer) { + if (($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#reopen').'"'; print '>'.$langs->trans('ReOpen').'
'; } @@ -1893,7 +1902,7 @@ if ($action == 'create') // Send if (empty($user->socid)) { if ($object->statut == SupplierProposal::STATUS_VALIDATED || $object->statut == SupplierProposal::STATUS_SIGNED) { - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->supplier_proposal->send_advance) { + if ($usercansend) { print '
'.$langs->trans('SendMail').'
'; } else print '
'.$langs->trans('SendMail').'
'; @@ -1902,30 +1911,30 @@ if ($action == 'create') // Create an order if (!empty($conf->fournisseur->enabled) && $object->statut == SupplierProposal::STATUS_SIGNED) { - if ($user->rights->fournisseur->commande->creer) { + if ($usercancreateorder) { print '
'.$langs->trans("AddOrder").'
'; } } // Set accepted/refused - if ($object->statut == SupplierProposal::STATUS_VALIDATED && $user->rights->supplier_proposal->cloturer) { + if ($object->statut == SupplierProposal::STATUS_VALIDATED && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#acceptedrefused').'"'; print '>'.$langs->trans('SetAcceptedRefused').'
'; } // Close - if ($object->statut == SupplierProposal::STATUS_SIGNED && $user->rights->supplier_proposal->cloturer) { + if ($object->statut == SupplierProposal::STATUS_SIGNED && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#close').'"'; print '>'.$langs->trans('Close').'
'; } // Clone - if ($user->rights->supplier_proposal->creer) { + if ($usercancreate) { print '
'.$langs->trans("ToClone").'
'; } // Delete - if (($object->statut == SupplierProposal::STATUS_DRAFT && $user->rights->supplier_proposal->creer) || $user->rights->supplier_proposal->supprimer) { + if (($object->statut == SupplierProposal::STATUS_DRAFT && $usercancreate) || $usercandelete) { print '
'.$langs->trans('Delete').'
'; } @@ -1945,8 +1954,8 @@ if ($action == 'create') $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->supplier_proposal->dir_output."/".dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->rights->supplier_proposal->lire; - $delallowed = $user->rights->supplier_proposal->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; print $formfile->showdocuments('supplier_proposal', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang); From ce79989a9cfc118f56dcb324c363e6e791b82566 Mon Sep 17 00:00:00 2001 From: stickler-ci Date: Mon, 25 May 2020 22:33:02 +0000 Subject: [PATCH 2/2] Fixing style errors. --- htdocs/supplier_proposal/card.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index bd228baa4d1..9e776f94371 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1012,9 +1012,9 @@ if (empty($reshook)) elseif ($action == 'setavailability' && $usercancreate) { $result = $object->availability($_POST['availability_id']); } - - // Terms of payments - elseif ($action == 'setconditions' && $usercancreate) { + + // Terms of payments + elseif ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); } elseif ($action == 'setremisepercent' && $usercancreate) { $result = $object->set_remise_percent($user, GETPOST('remise_percent', 'alpha'));