diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index bc86076644c..20d76b74e00 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -110,10 +110,25 @@ elseif (!empty($socid) && $socid > 0) if ($ret < 0) dol_print_error($db, $object->error); } -$permissionnote = $user->rights->fournisseur->commande->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->fournisseur->commande->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->fournisseur->commande->creer; // Used by the include of actions_lineupdown.inc.php -$permissiontoadd = $user->rights->fournisseur->commande->creer; // Used by the include of actions_addupdatedelete.inc.php +// Common permissions +$usercanread = $user->rights->fournisseur->commande->lire; +$usercancreate = $user->rights->fournisseur->commande->creer; +$usercandelete = $user->rights->fournisseur->commande->supprimer; + +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))); + +// Additional area permissions +$usercanapprove = $user->rights->fournisseur->commande->approuver; +$usercanapprovesecond = $user->rights->fournisseur->commande->approve2; +$usercanorder = $user->rights->fournisseur->commande->commander; +$usercanreceived = $user->rights->fournisseur->commande->receptionner; + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php /* @@ -142,66 +157,66 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_lineupdown.inc.php'; // Must be include, not include_once - if ($action == 'setref_supplier' && $user->rights->fournisseur->commande->creer) + if ($action == 'setref_supplier' && $usercancreate) { $result = $object->setValueFrom('ref_supplier', GETPOST('ref_supplier', 'alpha'), '', null, 'text', '', $user, 'ORDER_SUPPLIER_MODIFY'); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set incoterm - if ($action == 'set_incoterms' && $user->rights->fournisseur->commande->creer) + if ($action == 'set_incoterms' && $usercancreate) { $result = $object->setIncoterms(GETPOST('incoterm_id', 'int'), GETPOST('location_incoterms', 'alpha')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // payment conditions - if ($action == 'setconditions' && $user->rights->fournisseur->commande->creer) + if ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // payment mode - if ($action == 'setmode' && $user->rights->fournisseur->commande->creer) + if ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->commande->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->commande->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx'))); } // bank account - if ($action == 'setbankaccount' && $user->rights->fournisseur->commande->creer) + if ($action == 'setbankaccount' && $usercancreate) { $result = $object->setBankAccount(GETPOST('fk_account', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // date of delivery - if ($action == 'setdate_livraison' && $user->rights->fournisseur->commande->creer) + if ($action == 'setdate_livraison' && $usercancreate) { $result = $object->set_date_livraison($user, $datelivraison); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set project - if ($action == 'classin' && $user->rights->fournisseur->commande->creer) + if ($action == 'classin' && $usercancreate) { $result = $object->setProject($projectid); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Edit Thirdparty - if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $user->rights->fournisseur->commande->creer && $object->statut == CommandeFournisseur::STATUS_DRAFT) + if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $usercancreate && $object->statut == CommandeFournisseur::STATUS_DRAFT) { $new_socid = GETPOST('new_socid', 'int'); if (!empty($new_socid) && $new_socid != $object->thirdparty->id) { @@ -263,7 +278,7 @@ if (empty($reshook)) exit; } - if ($action == 'setremisepercent' && $user->rights->fournisseur->commande->creer) + if ($action == 'setremisepercent' && $usercancreate) { $result = $object->set_remise($user, $_POST['remise_percent']); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); @@ -329,7 +344,7 @@ if (empty($reshook)) /* * Classify supplier order as billed */ - if ($action == 'classifybilled' && $user->rights->fournisseur->commande->creer) + if ($action == 'classifybilled' && $usercancreate) { $ret = $object->classifyBilled($user); if ($ret < 0) { @@ -338,7 +353,7 @@ if (empty($reshook)) } // Add a product line - if ($action == 'addline' && $user->rights->fournisseur->commande->creer) + if ($action == 'addline' && $usercancreate) { $db->begin(); @@ -636,7 +651,7 @@ if (empty($reshook)) /* * Updating a line in the order */ - if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && !GETPOST('cancel', 'alpha')) + if ($action == 'updateline' && $usercancreate && !GETPOST('cancel', 'alpha')) { $vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0); @@ -777,7 +792,7 @@ if (empty($reshook)) } // Remove a product line - if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer) + if ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); if ($result > 0) @@ -810,10 +825,7 @@ if (empty($reshook)) } // Validate - if ($action == 'confirm_valid' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))) - ) + if ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate) { $object->date_commande = dol_now(); $result = $object->valid($user); @@ -843,13 +855,13 @@ if (empty($reshook)) } // If we have permission, and if we don't need to provide the idwarehouse, we go directly on approved step - if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $user->rights->fournisseur->commande->approuver && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1))) + if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $usercanapprove && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1))) { $action = 'confirm_approve'; // can make standard or first level approval also if permission is set } } - if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver) + if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $usercanapprove) { $idwarehouse = GETPOST('idwarehouse', 'int'); @@ -900,7 +912,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_refuse' && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver) + if ($action == 'confirm_refuse' && $confirm == 'yes' && $usercanapprove) { $result = $object->refuse($user); if ($result > 0) @@ -924,7 +936,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_commande' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander) + if ($action == 'confirm_commande' && $confirm == 'yes' && $usercanorder) { $result = $object->commande($user, GETPOST("datecommande"), GETPOST("methode", 'int'), GETPOST('comment', 'alphanohtml')); if ($result > 0) @@ -952,7 +964,7 @@ if (empty($reshook)) } - if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisseur->commande->supprimer) + if ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) { $result = $object->delete($user); if ($result > 0) @@ -967,7 +979,7 @@ if (empty($reshook)) } // Action clone object - if ($action == 'confirm_clone' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer) + if ($action == 'confirm_clone' && $confirm == 'yes' && $usercancreate) { if (1 == 0 && !GETPOST('clone_content') && !GETPOST('clone_receivers')) { @@ -996,7 +1008,7 @@ if (empty($reshook)) } // Set status of reception (complete, partial, ...) - if ($action == 'livraison' && $user->rights->fournisseur->commande->receptionner) + if ($action == 'livraison' && $usercanreceived) { if (GETPOST("type") != '') { @@ -1024,7 +1036,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_cancel' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander) + if ($action == 'confirm_cancel' && $confirm == 'yes' && $usercanorder) { $result = $object->cancel($user); if ($result > 0) @@ -1049,7 +1061,7 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->fournisseur->commande->dir_output; - $permissiontoadd = $user->rights->fournisseur->commande->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; @@ -1082,7 +1094,7 @@ if (empty($reshook)) /* * Create an order */ - if ($action == 'add' && $user->rights->fournisseur->commande->creer) + if ($action == 'add' && $usercancreate) { $error = 0; $selectedLines = GETPOST('toselect', 'array'); @@ -1395,7 +1407,7 @@ if (empty($reshook)) } } - if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->commande->creer) + if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate) { if ($action == 'addcontact') { @@ -1922,11 +1934,11 @@ elseif (!empty($object->id)) $morehtmlref = '
'; // Ref supplier - $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', null, null, '', 1); + $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= '
'.$langs->trans('ThirdParty'); - if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($user->rights->fournisseur->commande->creer) && $action == 'edit_thirdparty') { + if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($usercancreate) && $action == 'edit_thirdparty') { $morehtmlref .= ' : '; $morehtmlref .= '
'; $morehtmlref .= ''; @@ -1947,7 +1959,7 @@ elseif (!empty($object->id)) if (!empty($conf->projet->enabled)) { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->fournisseur->commande->creer) { + if ($usercancreate) { if ($action != 'classify') $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; if ($action == 'classify') { @@ -2128,7 +2140,7 @@ elseif (!empty($object->id)) print ''; print '
'; print $langs->trans('BankAccount'); print ''; - if ($action != 'editbankaccount' && $user->rights->fournisseur->commande->creer) + if ($action != 'editbankaccount' && $usercancreate) print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -2184,7 +2196,7 @@ elseif (!empty($object->id)) print '
'; print $langs->trans('IncotermLabel'); print ''; - if ($user->rights->fournisseur->commande->creer) print ''.img_edit().''; + if ($usercancreate) print ''.img_edit().''; else print ' '; print '
'; print ''; @@ -2324,7 +2336,7 @@ elseif (!empty($object->id)) $num = count($object->lines); // Form to add new line - if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $user->rights->fournisseur->commande->creer) + if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -2359,11 +2371,10 @@ elseif (!empty($object->id)) // Validate if ($object->statut == 0 && $num > 0) { - if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))) + if ($usercanvalidate) { $tmpbuttonlabel = $langs->trans('Validate'); - if ($user->rights->fournisseur->commande->approuver && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove"); + if ($usercanapprove && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove"); print ''; print $tmpbuttonlabel; @@ -2379,7 +2390,7 @@ elseif (!empty($object->id)) // Modify if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("Modify").''; } @@ -2388,7 +2399,7 @@ elseif (!empty($object->id)) // Approve if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approuver) + if ($usercanapprove) { if (!empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED) && $conf->global->MAIN_FEATURES_LEVEL > 0 && $object->total_ht >= $conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED && !empty($object->user_approve_id)) { @@ -2410,7 +2421,7 @@ elseif (!empty($object->id)) { if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approve2) + if ($usercanapprovesecond) { if (!empty($object->user_approve_id2)) { @@ -2431,7 +2442,7 @@ elseif (!empty($object->id)) // Refuse if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approuver || $user->rights->fournisseur->commande->approve2) + if ($usercanapprove || $usercanapprovesecond) { print ''.$langs->trans("RefuseOrder").''; } @@ -2445,7 +2456,7 @@ elseif (!empty($object->id)) if (empty($user->socid)) { if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED, 3, 4, 5)) || !empty($conf->global->SUPPLIER_ORDER_SENDBYEMAIL_FOR_ALL_STATUS)) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans('SendMail').''; } @@ -2456,7 +2467,7 @@ elseif (!empty($object->id)) if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED))) { $buttonshown = 0; - if (!$buttonshown && $user->rights->fournisseur->commande->approuver) + if (!$buttonshown && $usercanapprove) { if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY) || (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY) && $user->id == $object->user_approve_id)) @@ -2465,7 +2476,7 @@ elseif (!empty($object->id)) $buttonshown++; } } - if (!$buttonshown && $user->rights->fournisseur->commande->approve2 && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) + if (!$buttonshown && $usercanapprovesecond && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) { if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY) || (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY) && $user->id == $object->user_approve_id2)) @@ -2476,7 +2487,7 @@ elseif (!empty($object->id)) } if (in_array($object->statut, array(3, 4, 5, 6, 7, 9))) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("ReOpen").''; } @@ -2490,7 +2501,7 @@ elseif (!empty($object->id)) if ($conf->reception->enabled) $labelofbutton = $langs->trans("CreateReception"); if (in_array($object->statut, array(3, 4, 5))) { - if ($conf->fournisseur->enabled && $user->rights->fournisseur->commande->receptionner) { + if ($conf->fournisseur->enabled && $usercanreceived) { print '
'.$labelofbutton.'
'; } else { print '
'.$labelofbutton.'
'; @@ -2500,7 +2511,7 @@ elseif (!empty($object->id)) if ($object->statut == CommandeFournisseur::STATUS_ACCEPTED) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print '
'.$langs->trans("MakeOrder").'
'; } @@ -2513,7 +2524,7 @@ elseif (!empty($object->id)) // Classify received (this does not record reception) if ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY) { - if ($user->rights->fournisseur->commande->receptionner) + if ($usercanreceived) { print '
'.$langs->trans("ClassifyReception").'
'; } @@ -2532,7 +2543,7 @@ elseif (!empty($object->id)) //} // Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not) - if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved + if ($usercancreate && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved { if (empty($conf->facture->enabled)) { @@ -2561,7 +2572,7 @@ elseif (!empty($object->id)) } // Clone - if ($user->rights->fournisseur->commande->creer) + if ($usercancreate) { print ''.$langs->trans("ToClone").''; } @@ -2569,14 +2580,14 @@ elseif (!empty($object->id)) // Cancel if ($object->statut == 2) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("CancelOrder").''; } } // Delete - if (!empty($user->rights->fournisseur->commande->supprimer) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($user->rights->fournisseur->commande->creer))) + if (!empty($usercandelete) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($usercancreate))) { print ''.$langs->trans("Delete").''; } @@ -2586,7 +2597,7 @@ elseif (!empty($object->id)) - if ($user->rights->fournisseur->commande->commander && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder') + if ($usercanorder && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder') { // Set status to ordered (action=commande) print ''."\n"; @@ -2630,8 +2641,8 @@ elseif (!empty($object->id)) $relativepath = $comfournref.'/'.$comfournref.'.pdf'; $filedir = $conf->fournisseur->dir_output.'/commande/'.$comfournref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->rights->fournisseur->commande->lire; - $delallowed = $user->rights->fournisseur->commande->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; print $formfile->showdocuments('commande_fournisseur', $comfournref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 0, 0, '', '', '', $object->thirdparty->default_lang); $somethingshown = $formfile->numoffiles; @@ -2644,7 +2655,7 @@ elseif (!empty($object->id)) if ($action == 'classifyreception') { - if ($user->rights->fournisseur->commande->receptionner && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)) + if ($usercanreceived && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)) { // Set status to received (action=livraison) print ''."\n";