lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup user rights on forun commande card

Browse Source
This commit is contained in:
Sekan, Tobias 2020-04-21 12:13:15 +02:00
parent 9e1c0efc5c
commit 7de4f4d0bb
1 changed files with 74 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
htdocs/fourn/commande/card.php
View File

@ -110,10 +110,25 @@ elseif (!empty($socid) && $socid > 0)
if ($ret < 0) dol_print_error($db, $object->error);
}
$permissionnote = $user->rights->fournisseur->commande->creer; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->fournisseur->commande->creer; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $user->rights->fournisseur->commande->creer; // Used by the include of actions_lineupdown.inc.php
$permissiontoadd = $user->rights->fournisseur->commande->creer; // Used by the include of actions_addupdatedelete.inc.php
// Common permissions
$usercanread = $user->rights->fournisseur->commande->lire;
$usercancreate = $user->rights->fournisseur->commande->creer;
$usercandelete = $user->rights->fournisseur->commande->supprimer;
// Advanced permissions
$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate)));
// Additional area permissions
$usercanapprove = $user->rights->fournisseur->commande->approuver;
$usercanapprovesecond = $user->rights->fournisseur->commande->approve2;
$usercanorder = $user->rights->fournisseur->commande->commander;
$usercanreceived = $user->rights->fournisseur->commande->receptionner;
// Permissions for includes
$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php
$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php
/*
@ -142,66 +157,66 @@ if (empty($reshook))
include DOL_DOCUMENT_ROOT.'/core/actions_lineupdown.inc.php'; // Must be include, not include_once
if ($action == 'setref_supplier' && $user->rights->fournisseur->commande->creer)
if ($action == 'setref_supplier' && $usercancreate)
{
$result = $object->setValueFrom('ref_supplier', GETPOST('ref_supplier', 'alpha'), '', null, 'text', '', $user, 'ORDER_SUPPLIER_MODIFY');
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// Set incoterm
if ($action == 'set_incoterms' && $user->rights->fournisseur->commande->creer)
if ($action == 'set_incoterms' && $usercancreate)
{
$result = $object->setIncoterms(GETPOST('incoterm_id', 'int'), GETPOST('location_incoterms', 'alpha'));
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// payment conditions
if ($action == 'setconditions' && $user->rights->fournisseur->commande->creer)
if ($action == 'setconditions' && $usercancreate)
{
$result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int'));
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// payment mode
if ($action == 'setmode' && $user->rights->fournisseur->commande->creer)
if ($action == 'setmode' && $usercancreate)
{
$result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int'));
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// Multicurrency Code
elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->commande->creer) {
elseif ($action == 'setmulticurrencycode' && $usercancreate) {
$result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha'));
}
// Multicurrency rate
elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->commande->creer) {
elseif ($action == 'setmulticurrencyrate' && $usercancreate) {
$result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx')));
}
// bank account
if ($action == 'setbankaccount' && $user->rights->fournisseur->commande->creer)
if ($action == 'setbankaccount' && $usercancreate)
{
$result = $object->setBankAccount(GETPOST('fk_account', 'int'));
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// date of delivery
if ($action == 'setdate_livraison' && $user->rights->fournisseur->commande->creer)
if ($action == 'setdate_livraison' && $usercancreate)
{
$result = $object->set_date_livraison($user, $datelivraison);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// Set project
if ($action == 'classin' && $user->rights->fournisseur->commande->creer)
if ($action == 'classin' && $usercancreate)
{
$result = $object->setProject($projectid);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
}
// Edit Thirdparty
if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $user->rights->fournisseur->commande->creer && $object->statut == CommandeFournisseur::STATUS_DRAFT)
if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $usercancreate && $object->statut == CommandeFournisseur::STATUS_DRAFT)
{
$new_socid = GETPOST('new_socid', 'int');
if (!empty($new_socid) && $new_socid != $object->thirdparty->id) {
@ -263,7 +278,7 @@ if (empty($reshook))
exit;
}
if ($action == 'setremisepercent' && $user->rights->fournisseur->commande->creer)
if ($action == 'setremisepercent' && $usercancreate)
{
$result = $object->set_remise($user, $_POST['remise_percent']);
if ($result < 0) setEventMessages($object->error, $object->errors, 'errors');
@ -329,7 +344,7 @@ if (empty($reshook))
/*
* Classify supplier order as billed
*/
if ($action == 'classifybilled' && $user->rights->fournisseur->commande->creer)
if ($action == 'classifybilled' && $usercancreate)
{
$ret = $object->classifyBilled($user);
if ($ret < 0) {
@ -338,7 +353,7 @@ if (empty($reshook))
}
// Add a product line
if ($action == 'addline' && $user->rights->fournisseur->commande->creer)
if ($action == 'addline' && $usercancreate)
{
$db->begin();
@ -636,7 +651,7 @@ if (empty($reshook))
/*
* Updating a line in the order
*/
if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && !GETPOST('cancel', 'alpha'))
if ($action == 'updateline' && $usercancreate && !GETPOST('cancel', 'alpha'))
{
$vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0);
@ -777,7 +792,7 @@ if (empty($reshook))
}
// Remove a product line
if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer)
if ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate)
{
$result = $object->deleteline($lineid);
if ($result > 0)
@ -810,10 +825,7 @@ if (empty($reshook))
}
// Validate
if ($action == 'confirm_valid' && $confirm == 'yes' &&
((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate)))
)
if ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate)
{
$object->date_commande = dol_now();
$result = $object->valid($user);
@ -843,13 +855,13 @@ if (empty($reshook))
}
// If we have permission, and if we don't need to provide the idwarehouse, we go directly on approved step
if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $user->rights->fournisseur->commande->approuver && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1)))
if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $usercanapprove && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1)))
{
$action = 'confirm_approve'; // can make standard or first level approval also if permission is set
}
}
if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver)
if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $usercanapprove)
{
$idwarehouse = GETPOST('idwarehouse', 'int');
@ -900,7 +912,7 @@ if (empty($reshook))
}
}
if ($action == 'confirm_refuse' && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver)
if ($action == 'confirm_refuse' && $confirm == 'yes' && $usercanapprove)
{
$result = $object->refuse($user);
if ($result > 0)
@ -924,7 +936,7 @@ if (empty($reshook))
}
}
if ($action == 'confirm_commande' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander)
if ($action == 'confirm_commande' && $confirm == 'yes' && $usercanorder)
{
$result = $object->commande($user, GETPOST("datecommande"), GETPOST("methode", 'int'), GETPOST('comment', 'alphanohtml'));
if ($result > 0)
@ -952,7 +964,7 @@ if (empty($reshook))
}
if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisseur->commande->supprimer)
if ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete)
{
$result = $object->delete($user);
if ($result > 0)
@ -967,7 +979,7 @@ if (empty($reshook))
}
// Action clone object
if ($action == 'confirm_clone' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer)
if ($action == 'confirm_clone' && $confirm == 'yes' && $usercancreate)
{
if (1 == 0 && !GETPOST('clone_content') && !GETPOST('clone_receivers'))
{
@ -996,7 +1008,7 @@ if (empty($reshook))
}
// Set status of reception (complete, partial, ...)
if ($action == 'livraison' && $user->rights->fournisseur->commande->receptionner)
if ($action == 'livraison' && $usercanreceived)
{
if (GETPOST("type") != '')
{
@ -1024,7 +1036,7 @@ if (empty($reshook))
}
}
if ($action == 'confirm_cancel' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander)
if ($action == 'confirm_cancel' && $confirm == 'yes' && $usercanorder)
{
$result = $object->cancel($user);
if ($result > 0)
@ -1049,7 +1061,7 @@ if (empty($reshook))
// Actions to build doc
$upload_dir = $conf->fournisseur->commande->dir_output;
$permissiontoadd = $user->rights->fournisseur->commande->creer;
$permissiontoadd = $usercancreate;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
@ -1082,7 +1094,7 @@ if (empty($reshook))
/*
* Create an order
*/
if ($action == 'add' && $user->rights->fournisseur->commande->creer)
if ($action == 'add' && $usercancreate)
{
$error = 0;
$selectedLines = GETPOST('toselect', 'array');
@ -1395,7 +1407,7 @@ if (empty($reshook))
}
}
if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->commande->creer)
if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate)
{
if ($action == 'addcontact')
{
@ -1922,11 +1934,11 @@ elseif (!empty($object->id))
$morehtmlref = '<div class="refidno">';
// Ref supplier
$morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', null, null, '', 1);
$morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty');
if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($user->rights->fournisseur->commande->creer) && $action == 'edit_thirdparty') {
if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($usercancreate) && $action == 'edit_thirdparty') {
$morehtmlref .= ' : ';
$morehtmlref .= '<form method="post" action="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'">';
$morehtmlref .= '<input type="hidden" name="action" value="set_thirdparty">';
@ -1947,7 +1959,7 @@ elseif (!empty($object->id))
if (!empty($conf->projet->enabled)) {
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->fournisseur->commande->creer) {
if ($usercancreate) {
if ($action != 'classify')
$morehtmlref .= '<a class="editfielda" href="'.$_SERVER['PHP_SELF'].'?action=classify&amp;id='.$object->id.'">'.img_edit($langs->transnoentitiesnoconv('SetProject')).'</a> : ';
if ($action == 'classify') {
@ -2128,7 +2140,7 @@ elseif (!empty($object->id))
print '<table class="nobordernopadding centpercent"><tr><td class="nowrap">';
print $langs->trans('BankAccount');
print '<td>';
if ($action != 'editbankaccount' && $user->rights->fournisseur->commande->creer)
if ($action != 'editbankaccount' && $usercancreate)
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editbankaccount&amp;id='.$object->id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'</a></td>';
print '</tr></table>';
print '</td><td>';
@ -2184,7 +2196,7 @@ elseif (!empty($object->id))
print '<table class="nobordernopadding centpercent"><tr><td>';
print $langs->trans('IncotermLabel');
print '<td><td class="right">';
if ($user->rights->fournisseur->commande->creer) print '<a class="editfielda" href="'.DOL_URL_ROOT.'/fourn/commande/card.php?id='.$object->id.'&action=editincoterm">'.img_edit().'</a>';
if ($usercancreate) print '<a class="editfielda" href="'.DOL_URL_ROOT.'/fourn/commande/card.php?id='.$object->id.'&action=editincoterm">'.img_edit().'</a>';
else print '&nbsp;';
print '</td></tr></table>';
print '</td>';
@ -2324,7 +2336,7 @@ elseif (!empty($object->id))
$num = count($object->lines);
// Form to add new line
if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $user->rights->fournisseur->commande->creer)
if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $usercancreate)
{
if ($action != 'editline')
{
@ -2359,11 +2371,10 @@ elseif (!empty($object->id))
// Validate
if ($object->statut == 0 && $num > 0)
{
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate)))
if ($usercanvalidate)
{
$tmpbuttonlabel = $langs->trans('Validate');
if ($user->rights->fournisseur->commande->approuver && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove");
if ($usercanapprove && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove");
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid">';
print $tmpbuttonlabel;
@ -2379,7 +2390,7 @@ elseif (!empty($object->id))
// Modify
if ($object->statut == CommandeFournisseur::STATUS_VALIDATED)
{
if ($user->rights->fournisseur->commande->commander)
if ($usercanorder)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans("Modify").'</a>';
}
@ -2388,7 +2399,7 @@ elseif (!empty($object->id))
// Approve
if ($object->statut == CommandeFournisseur::STATUS_VALIDATED)
{
if ($user->rights->fournisseur->commande->approuver)
if ($usercanapprove)
{
if (!empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED) && $conf->global->MAIN_FEATURES_LEVEL > 0 && $object->total_ht >= $conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED && !empty($object->user_approve_id))
{
@ -2410,7 +2421,7 @@ elseif (!empty($object->id))
{
if ($object->statut == CommandeFournisseur::STATUS_VALIDATED)
{
if ($user->rights->fournisseur->commande->approve2)
if ($usercanapprovesecond)
{
if (!empty($object->user_approve_id2))
{
@ -2431,7 +2442,7 @@ elseif (!empty($object->id))
// Refuse
if ($object->statut == CommandeFournisseur::STATUS_VALIDATED)
{
if ($user->rights->fournisseur->commande->approuver || $user->rights->fournisseur->commande->approve2)
if ($usercanapprove || $usercanapprovesecond)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=refuse">'.$langs->trans("RefuseOrder").'</a>';
}
@ -2445,7 +2456,7 @@ elseif (!empty($object->id))
if (empty($user->socid)) {
if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED, 3, 4, 5)) || !empty($conf->global->SUPPLIER_ORDER_SENDBYEMAIL_FOR_ALL_STATUS))
{
if ($user->rights->fournisseur->commande->commander)
if ($usercanorder)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a>';
}
@ -2456,7 +2467,7 @@ elseif (!empty($object->id))
if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED)))
{
$buttonshown = 0;
if (!$buttonshown && $user->rights->fournisseur->commande->approuver)
if (!$buttonshown && $usercanapprove)
{
if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY)
|| (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY) && $user->id == $object->user_approve_id))
@ -2465,7 +2476,7 @@ elseif (!empty($object->id))
$buttonshown++;
}
}
if (!$buttonshown && $user->rights->fournisseur->commande->approve2 && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED))
if (!$buttonshown && $usercanapprovesecond && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED))
{
if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY)
|| (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY) && $user->id == $object->user_approve_id2))
@ -2476,7 +2487,7 @@ elseif (!empty($object->id))
}
if (in_array($object->statut, array(3, 4, 5, 6, 7, 9)))
{
if ($user->rights->fournisseur->commande->commander)
if ($usercanorder)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans("ReOpen").'</a>';
}
@ -2490,7 +2501,7 @@ elseif (!empty($object->id))
if ($conf->reception->enabled) $labelofbutton = $langs->trans("CreateReception");
if (in_array($object->statut, array(3, 4, 5))) {
if ($conf->fournisseur->enabled && $user->rights->fournisseur->commande->receptionner) {
if ($conf->fournisseur->enabled && $usercanreceived) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.DOL_URL_ROOT.'/fourn/commande/dispatch.php?id='.$object->id.'">'.$labelofbutton.'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NotAllowed")).'">'.$labelofbutton.'</a></div>';
@ -2500,7 +2511,7 @@ elseif (!empty($object->id))
if ($object->statut == CommandeFournisseur::STATUS_ACCEPTED)
{
if ($user->rights->fournisseur->commande->commander)
if ($usercanorder)
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=makeorder#makeorder">'.$langs->trans("MakeOrder").'</a></div>';
}
@ -2513,7 +2524,7 @@ elseif (!empty($object->id))
// Classify received (this does not record reception)
if ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)
{
if ($user->rights->fournisseur->commande->receptionner)
if ($usercanreceived)
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=classifyreception#classifyreception">'.$langs->trans("ClassifyReception").'</a></div>';
}
@ -2532,7 +2543,7 @@ elseif (!empty($object->id))
//}
// Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not)
if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved
if ($usercancreate && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved
{
if (empty($conf->facture->enabled))
{
@ -2561,7 +2572,7 @@ elseif (!empty($object->id))
}
// Clone
if ($user->rights->fournisseur->commande->creer)
if ($usercancreate)
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;socid='.$object->socid.'&amp;action=clone&amp;object=order">'.$langs->trans("ToClone").'</a>';
}
@ -2569,14 +2580,14 @@ elseif (!empty($object->id))
// Cancel
if ($object->statut == 2)
{
if ($user->rights->fournisseur->commande->commander)
if ($usercanorder)
{
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=cancel">'.$langs->trans("CancelOrder").'</a>';
}
}
// Delete
if (!empty($user->rights->fournisseur->commande->supprimer) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($user->rights->fournisseur->commande->creer)))
if (!empty($usercandelete) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($usercancreate)))
{
print '<a class="butActionDelete" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=delete">'.$langs->trans("Delete").'</a>';
}
@ -2586,7 +2597,7 @@ elseif (!empty($object->id))
if ($user->rights->fournisseur->commande->commander && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder')
if ($usercanorder && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder')
{
// Set status to ordered (action=commande)
print '<!-- form to record supplier order -->'."\n";
@ -2630,8 +2641,8 @@ elseif (!empty($object->id))
$relativepath = $comfournref.'/'.$comfournref.'.pdf';
$filedir = $conf->fournisseur->dir_output.'/commande/'.$comfournref;
$urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id;
$genallowed = $user->rights->fournisseur->commande->lire;
$delallowed = $user->rights->fournisseur->commande->creer;
$genallowed = $usercanread;
$delallowed = $usercancreate;
print $formfile->showdocuments('commande_fournisseur', $comfournref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 0, 0, '', '', '', $object->thirdparty->default_lang);
$somethingshown = $formfile->numoffiles;
@ -2644,7 +2655,7 @@ elseif (!empty($object->id))
if ($action == 'classifyreception')
{
if ($user->rights->fournisseur->commande->receptionner && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY))
if ($usercanreceived && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY))
{
// Set status to received (action=livraison)
print '<!-- form to record purchase order received -->'."\n";