lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix #yogosha13774

Browse Source
This commit is contained in:
Laurent Destailleur 2022-12-05 03:08:57 +01:00
parent 44627f0caa
commit 7deccc97b1
14 changed files with 102 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
htdocs/core/lib/security.lib.php
View File

@ -318,27 +318,32 @@ function dolGetLdapPasswordHash($password, $type = 'md5')
* If GETPOST('action','aZ09') defined, we also check write and delete permission.
* This method check permission on module then call checkUserAccessToObject() for permission on object (according to entity and socid of user).
*
* @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->...
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
* This is used to check permission $user->rights->features->feature2...
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @param int $mode Mode (0=default, 1=return without dieing)
* @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @param User $user User to check
* @param string $features Features to check (it must be module $object->element. Can be a 'or' check with 'levela|levelb'.
* Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* This is used to check permission $user->rights->features->...
* @param int|string|object $object Object or Object ID or list of Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany module. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be a 'or' check with 'sublevela|sublevelb'.
* This is used to check permission $user->rights->features->feature2...
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional). Can use '' if NA.
* @param string $dbt_select Field name for select if not "rowid". Not used if objectid is null (optional)
* @param int $isdraft 1=The object with id=$objectid is a draft
* @param int $mode Mode (0=default, 1=return without dieing)
* @return int If mode = 0 (default): Always 1, die process if not allowed. If mode = 1: Return 0 if access not allowed.
* @see dol_check_secure_access_document(), checkUserAccessToObject()
*/
function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
function restrictedArea(User $user, $features, $object = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $isdraft = 0, $mode = 0)
{
global $db, $conf;
global $hookmanager;
$objectid = ((int) $objectid); // For the case value is coming from a non sanitized user input
if (is_object($object)) {
$objectid = $object->id;
} else {
$objectid = $object; // $objectid can be X or 'X,Y,Z'
}
$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
@ -391,11 +396,6 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
return 1;
}
// To avoid access forbidden with numeric ref
if ($dbt_select != 'rowid' && $dbt_select != 'id') {
$objectid = "'".$objectid."'";
}
// Features/modules to check
$featuresarray = array($features);
if (preg_match('/&/', $features)) {
@ -426,7 +426,7 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
}
if ($feature == 'societe') {
if (!$user->hasRight('societe', 'lire') && empty($user->rights->fournisseur->lire)) {
if (!$user->hasRight('societe', 'lire') && !$user->hasRight('fournisseur', 'lire')) {
$readok = 0;
$nbko++;
}
@ -436,12 +436,12 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
$nbko++;
}
} elseif ($feature == 'produit|service') {
if (!$user->rights->produit->lire && !$user->rights->service->lire) {
if (empty($user->rights->produit->lire) && empty($user->rights->service->lire)) {
$readok = 0;
$nbko++;
}
} elseif ($feature == 'prelevement') {
if (!$user->rights->prelevement->bons->lire) {
if (empty($user->rights->prelevement->bons->lire)) {
$readok = 0;
$nbko++;
}
@ -451,12 +451,12 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
$nbko++;
}
} elseif ($feature == 'projet') {
if (!$user->rights->projet->lire && empty($user->rights->projet->all->lire)) {
if (empty($user->rights->projet->lire) && empty($user->rights->projet->all->lire)) {
$readok = 0;
$nbko++;
}
} elseif ($feature == 'payment') {
if (!$user->rights->facture->lire) {
if (empty($user->rights->facture->lire)) {
$readok = 0;
$nbko++;
}
@ -716,7 +716,7 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
// If we have a particular object to check permissions on, we check if $user has permission
// for this given object (link to company, is contact for project, ...)
if (!empty($objectid) && $objectid > 0) {
$ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
$ok = checkUserAccessToObject($user, $featuresarray, $object, $tableandshare, $feature2, $dbt_keyfield, $dbt_select, $parentfortableentity);
$params = array('objectid' => $objectid, 'features' => join(',', $featuresarray), 'features2' => $feature2);
//print 'checkUserAccessToObject ok='.$ok;
if ($mode) {
@ -737,9 +737,9 @@ function restrictedArea(User $user, $features, $objectid = 0, $tableandshare = '
* @param array $featuresarray Features/modules to check. Example: ('user','service','member','project','task',...)
* @param int|string|Object $object Full object or object ID or list of object id. For example if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param array|string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional). Can use '' if NA.
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional).
* @param string $parenttableforentity Parent table for entity. Example 'fk_website@website'
* @return bool True if user has access, False otherwise
* @see restrictedArea()
@ -753,9 +753,10 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
} else {
$objectid = $object; // $objectid can be X or 'X,Y,Z'
}
$objectid = preg_replace('/[^0-9\.\,]/', '', $objectid); // For the case value is coming from a non sanitized user input
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename, $feature2, $dbt_socfield, $dbt_select, $isdraft");
//print "user_id=".$user->id.", features=".join(',', $featuresarray).", feature2=".$feature2.", objectid=".$objectid;
//print "user_id=".$user->id.", features=".join(',', $featuresarray).", objectid=".$objectid;
//print ", tableandshare=".$tableandshare.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select."<br>";
// More parameters
@ -783,12 +784,13 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
// Array to define rules of checks to do
$check = array('adherent', 'banque', 'bom', 'don', 'mrp', 'user', 'usergroup', 'payment', 'payment_supplier', 'product', 'produit', 'service', 'produit|service', 'categorie', 'resource', 'expensereport', 'holiday', 'salaries', 'website', 'recruitment'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checksoc = array('societe'); // Test for object Societe
$checkother = array('contact', 'agenda'); // Test on entity + link to third party on field $dbt_keyfield. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet', 'project'); // Test for project object
$checktask = array('projet_task'); // Test for task object
$checkhierarchy = array('expensereport', 'holiday');
$checkhierarchy = array('expensereport', 'holiday'); // check permission among the hierarchy of user
$nocheck = array('barcode', 'stock'); // No test
//$checkdefault = 'all other not already defined'; // Test on entity + link to third party on field $dbt_keyfield. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtablename not defined, we use same name for table than module name
@ -797,6 +799,11 @@ function checkUserAccessToObject($user, array $featuresarray, $object = 0, $tabl
$sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename); // We change dbtablename, so we set sharedelement too.
}
// To avoid an access forbidden with a numeric ref
if ($dbt_select != 'rowid' && $dbt_select != 'id') {
$objectid = "'".$objectid."'"; // Note: $objectid was already cast into int at begin of this method.
}
// Check permission for objectid on entity only
if (in_array($feature, $check) && $objectid > 0) { // For $objectid = 0, no check
$sql = "SELECT COUNT(dbt.".$dbt_select.") as nb";

3
htdocs/knowledgemanagement/knowledgerecord_agenda.php
View File

@ -87,7 +87,8 @@ if ($id > 0 || !empty($ref)) {
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php

4
htdocs/knowledgemanagement/knowledgerecord_card.php
View File

@ -85,8 +85,8 @@ $upload_dir = $conf->knowledgemanagement->multidir_output[isset($object->entity)
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
//if (empty($conf->knowledgemanagement->enabled)) accessforbidden();
//if (empty($permissiontoread)) accessforbidden();

16
htdocs/knowledgemanagement/knowledgerecord_contact.php
View File

@ -53,12 +53,14 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permission = $user->rights->knowledgemanagement->knowledgerecord->write;
/*
* Add a new contact
* Actions
*/
if ($action == 'addcontact' && $permission) {
@ -108,16 +110,10 @@ $contactstatic = new Contact($db);
$userstatic = new User($db);
/* *************************************************************************** */
/* */
/* View and edit mode */
/* */
/* *************************************************************************** */
// View and edit mode
if ($object->id) {
/*
* Show tabs
*/
// Show tabs
$head = knowledgerecordPrepareHead($object);
print dol_get_fiche_head($head, 'contact', $langs->trans("KnowledgeRecord"), -1, $object->picto);

3
htdocs/knowledgemanagement/knowledgerecord_document.php
View File

@ -78,7 +78,8 @@ if ($id > 0 || !empty($ref)) {
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'knowledgemanagement', $object->id);
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles.inc.php

2
htdocs/knowledgemanagement/knowledgerecord_list.php
View File

@ -153,7 +153,7 @@ if ($user->socid > 0) { // Protection if external user
//$socid = $user->socid;
accessforbidden();
}
//$result = restrictedArea($user, 'knowledgemanagement');
$result = restrictedArea($user, 'knowledgemanagement', 0, '', 'knowledgerecord');
//if (!$permissiontoread) accessforbidden();

10
htdocs/knowledgemanagement/knowledgerecord_note.php
View File

@ -46,11 +46,6 @@ $hookmanager->initHooks(array('knowledgerecordnote', 'globalcard')); // Note tha
// Fetch optionals attributes and labels
$extrafields->fetch_name_optionals_label($object->table_element);
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$result = restrictedArea($user, 'knowledgemanagement', $id);
// Load object
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
if ($id > 0 || !empty($ref)) {
@ -60,6 +55,11 @@ if ($id > 0 || !empty($ref)) {
$permissionnote = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_setnotes.inc.php
$permissiontoadd = $user->rights->knowledgemanagement->knowledgerecord->write; // Used by the include of actions_addupdatedelete.inc.php
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, '', 'rowid', $isdraft);
/*

2
htdocs/modulebuilder/template/myobject_agenda.php
View File

@ -145,7 +145,7 @@ if ($enablepermissioncheck) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden();
}

2
htdocs/modulebuilder/template/myobject_card.php
View File

@ -145,7 +145,7 @@ $upload_dir = $conf->mymodule->multidir_output[isset($object->entity) ? $object-
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (isset($object->status) && ($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden();
}

2
htdocs/modulebuilder/template/myobject_contact.php
View File

@ -93,7 +93,7 @@ if ($enablepermissioncheck) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden();
}

2
htdocs/modulebuilder/template/myobject_document.php
View File

@ -137,7 +137,7 @@ if ($enablepermissioncheck) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden();
}

2
htdocs/modulebuilder/template/myobject_list.php
View File

@ -196,7 +196,7 @@ if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) accessforbidden();
//$socid = 0; if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, 0, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, 0, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden('Module mymodule not enabled');
}

2
htdocs/modulebuilder/template/myobject_note.php
View File

@ -117,7 +117,7 @@ if ($enablepermissioncheck) {
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
//$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0);
//restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft);
//restrictedArea($user, $object->module, $object->id, $object->table_element, $object->element, 'fk_soc', 'rowid', $isdraft);
if (!isModEnabled("mymodule")) {
accessforbidden();
}

52
htdocs/user/perms.php
View File

@ -307,6 +307,9 @@ if ($reshook < 0) {
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
$listofexpandedmodules = array();
print "\n";
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
@ -316,9 +319,9 @@ print '<td>'.$langs->trans("Module").'</td>';
if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->admin)) {
if ($caneditperms) {
print '<td class="center nowrap">';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("All")."</a>";
print '<a class="reposition commonlink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("All")."</a>";
print ' / ';
print '<a class="reposition commonlink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("None")."</a>";
print '<a class="reposition commonlink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module=allmodules&confirm=yes">'.$langs->trans("None")."</a>";
print '</td>';
} else {
print '<td>&nbsp;</td>';
@ -329,7 +332,7 @@ if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->ad
print '<td>&nbsp;</td>';
}
print '<td>'.$langs->trans("Permissions").'</td>';
print '<td></td>';
print '<td class="right nowrap">';
print '<a class="showallperms" title="'.dol_escape_htmltag($langs->trans("ShowAllPerms")).'" alt="'.dol_escape_htmltag($langs->trans("ShowAllPerms")).'" href="#">'.img_picto('', 'folder-open', 'class="paddingright"').'<span class="hideonsmartphone">'.$langs->trans("ExpandAll").'</span></a>';
print ' | ';
@ -494,10 +497,10 @@ if ($result) {
print '</td>';
if (($caneditperms && empty($objMod->rights_admin_allowed)) || empty($object->admin)) {
if ($caneditperms) {
print '<td class="center nowrap permtohide_'.$obj->module.'"'.(!$isexpanded ? ' style="display:none"' : '').'>';
print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
print '<td class="center wraponsmartphone permtohide_'.$obj->module.'"'.(!$isexpanded ? ' style="display:none"' : '').'>';
print '<a class="reposition alink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
print ' / ';
print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("None")."</a>";
print '<a class="reposition alink addexpandedmodulesinparamlist" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("None")."</a>";
print '</td>';
print '<td class="permtoshow_'.$obj->module.' trforbreakperms" data-hide-perms="'.$obj->module.'"'.($isexpanded ? ' style="display:none"' : '').'>&nbsp;</td>';
} else {
@ -507,9 +510,10 @@ if ($result) {
} else {
if ($caneditperms) {
print '<td class="center wraponsmartphone permtohide_'.$obj->module.'"'.(!$isexpanded ? ' style="display:none"' : '').'>';
print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
/*print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("All")).'" alt="'.dol_escape_htmltag($langs->trans("All")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("All")."</a>";
print ' / ';
print '<a class="reposition alink" title="'.dol_escape_htmltag($langs->trans("None")).'" alt="'.dol_escape_htmltag($langs->trans("None")).'" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&module='.$obj->module.'&confirm=yes&updatedmodulename='.$obj->module.'">'.$langs->trans("None")."</a>";
*/
print '</td>';
print '<td class="permtoshow_'.$obj->module.' trforbreakperms" data-hide-perms="'.$obj->module.'"'.($isexpanded ? ' style="display:none"' : '').'>&nbsp;</td>';
} else {
@ -550,7 +554,8 @@ if ($result) {
print '</td>';
} elseif (in_array($obj->id, $permsuser)) { // Permission granted by user
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&updatedmodulename='.$obj->module.'">';
print '<td class="center">';
print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delrights&token='.newToken().'&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&updatedmodulename='.$obj->module.'">';
//print img_edit_remove($langs->trans("Remove"));
print img_picto($langs->trans("Remove"), 'switch_on');
print '</a></td>';
@ -575,7 +580,8 @@ if ($result) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
print '<td class="center">';
print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
@ -587,7 +593,8 @@ if ($result) {
} else {
// Do not own permission
if ($caneditperms) {
print '<td class="center"><a class="reposition" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
print '<td class="center">';
print '<a class="reposition addexpandedmodulesinparamlist" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=addrights&entity='.$entity.'&rights='.$obj->id.'&confirm=yes&token='.newToken().'&updatedmodulename='.$obj->module.'">';
//print img_edit_add($langs->trans("Add"));
print img_picto($langs->trans("Add"), 'switch_off');
print '</a></td>';
@ -655,7 +662,26 @@ print '$(".trforbreakperms:not(.alink)").on("click", function(){
$(this).data("hidden-perms", 1);
$("#idforbreakperms_"+moduletohide).val("1");
}
})';
});';
print "\n";
// addexpandedmodulesinparamlist
print '$(".addexpandedmodulesinparamlist").on("click", function(){
console.log("Click on a link with addexpandedmodulesinparamlist");
//event.preventDefault();
var oldUrl = $(this).attr("href"); // Get current url of clicked link
oldUrl = oldUrl.replace(/expandedmodulesinparamlist=[\d,]+$/, "");
oldurl = oldUrl.replace(/&&+/, "&");
// Build list of expanded modules
var newUrl = oldUrl+"&expandedmodulesinparamlist=";
$(this).attr("href", newUrl); // Set herf value
console.log(newUrl);
event.preventDefault();
});';
print "\n";
// Button expand / collapse all
@ -668,7 +694,7 @@ print '$(".showallperms").on("click", function(){
$(this).trigger("click");
}
})
})
});
$(".hideallperms").on("click", function(){
console.log("Click on hideallperms");
@ -679,7 +705,7 @@ $(".hideallperms").on("click", function(){
$(this).trigger("click");
}
})
})';
});';
print "\n";
print '</script>';