From 8626d6279ae4349f66ce355005fa592140a31d0b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 18 Oct 2017 17:21:30 +0200 Subject: [PATCH 1/4] Fix perm to delete files --- htdocs/adherents/card.php | 4 +- htdocs/adherents/subscription/card.php | 4 +- htdocs/comm/action/card.php | 4 +- htdocs/comm/action/document.php | 2 +- htdocs/comm/propal/card.php | 4 +- htdocs/comm/propal/list.php | 2 +- htdocs/commande/card.php | 4 +- htdocs/commande/list.php | 2 +- htdocs/compta/facture/card.php | 6 +-- htdocs/compta/facture/list.php | 2 +- htdocs/contrat/card.php | 10 ++-- htdocs/don/card.php | 4 +- htdocs/expedition/card.php | 2 +- htdocs/expensereport/card.php | 4 +- htdocs/expensereport/list.php | 2 +- htdocs/fichinter/card.php | 4 +- htdocs/fichinter/list.php | 2 +- htdocs/fourn/commande/card.php | 4 +- htdocs/fourn/commande/list.php | 2 +- htdocs/fourn/facture/card.php | 6 +-- htdocs/fourn/facture/list.php | 2 +- htdocs/fourn/paiement/card.php | 20 +++---- htdocs/livraison/card.php | 54 +++++++++---------- .../modulebuilder/template/myobject_card.php | 4 +- .../modulebuilder/template/myobject_list.php | 2 +- htdocs/product/card.php | 4 +- htdocs/product/inventory/card.php | 4 +- htdocs/product/inventory/list.php | 2 +- htdocs/product/stock/productlot_list.php | 2 +- .../canvas/company/tpl/card_view.tpl.php | 4 +- .../canvas/individual/tpl/card_view.tpl.php | 4 +- htdocs/societe/card.php | 4 +- htdocs/societe/rib.php | 4 +- htdocs/supplier_proposal/card.php | 4 +- htdocs/supplier_proposal/list.php | 2 +- htdocs/user/card.php | 4 +- 36 files changed, 97 insertions(+), 97 deletions(-) diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index 78969a8df14..66b1324f39b 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -1730,8 +1730,8 @@ else //$filedir = $conf->adherent->dir_output . '/' . get_exdir($object->id, 2, 0, 0, $object, 'member') . dol_sanitizeFileName($object->ref); $filedir = $conf->adherent->dir_output . '/' . get_exdir(0, 0, 0, 0, $object, 'member'); $urlsource = $_SERVER['PHP_SELF'] . '?id=' . $object->id; - $genallowed = $user->rights->adherent->creer; - $delallowed = $user->rights->adherent->supprimer; + $genallowed = $user->rights->adherent->lire; + $delallowed = $user->rights->adherent->creer; print $formfile->showdocuments('member', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $object->default_lang, '', $object); $somethingshown = $formfile->numoffiles; diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 3c368c05c9a..701a6e74760 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -390,8 +390,8 @@ if ($rowid && $action != 'edit') $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->facture->dir_output . '/' . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER['PHP_SELF'] . '?facid=' . $object->id; - $genallowed = $user->rights->facture->creer; - $delallowed = $user->rights->facture->supprimer; + $genallowed = $user->rights->facture->lire; + $delallowed = $user->rights->facture->creer; print $formfile->showdocuments('facture', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); $somethingshown = $formfile->numoffiles; diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 7b1c81af59c..d97982c3db8 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -1483,8 +1483,8 @@ if ($id > 0) $filedir=$conf->agenda->multidir_output[$conf->entity].'/'.$object->id; $urlsource=$_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed=$user->rights->agenda->myactions->create; - $delallowed=$user->rights->agenda->myactions->delete; + $genallowed=$user->rights->agenda->myactions->read; + $delallowed=$user->rights->agenda->myactions->create; $var=true; diff --git a/htdocs/comm/action/document.php b/htdocs/comm/action/document.php index 1e54db9d449..493236b5ddf 100644 --- a/htdocs/comm/action/document.php +++ b/htdocs/comm/action/document.php @@ -75,7 +75,7 @@ if (! $sortorder) $sortorder="ASC"; if (! $sortfield) $sortfield="name"; $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref); -$modulepart='contract'; +$modulepart='actions'; /* diff --git a/htdocs/comm/propal/card.php b/htdocs/comm/propal/card.php index 7fb13234a94..006f0a439e3 100644 --- a/htdocs/comm/propal/card.php +++ b/htdocs/comm/propal/card.php @@ -2355,8 +2355,8 @@ if ($action == 'create') $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->propal->dir_output . "/" . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->propal->creer; - $delallowed = $user->rights->propal->supprimer; + $genallowed = $user->rights->propal->lire; + $delallowed = $user->rights->propal->creer; $var = true; diff --git a/htdocs/comm/propal/list.php b/htdocs/comm/propal/list.php index 92bb80d9655..480ad7f4fda 100644 --- a/htdocs/comm/propal/list.php +++ b/htdocs/comm/propal/list.php @@ -1031,7 +1031,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->propal->lire; - $delallowed=$user->rights->propal->lire; + $delallowed=$user->rights->propal->creer; print $formfile->showdocuments('massfilesarea_proposals','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,'',''); } diff --git a/htdocs/commande/card.php b/htdocs/commande/card.php index 5daf56eaeca..5c830c7c4e1 100644 --- a/htdocs/commande/card.php +++ b/htdocs/commande/card.php @@ -2576,8 +2576,8 @@ if ($action == 'create' && $user->rights->commande->creer) $relativepath = $comref . '/' . $comref . '.pdf'; $filedir = $conf->commande->dir_output . '/' . $comref; $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->commande->creer; - $delallowed = $user->rights->commande->supprimer; + $genallowed = $user->rights->commande->lire; + $delallowed = $user->rights->commande->creer; print $formfile->showdocuments('commande', $comref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); diff --git a/htdocs/commande/list.php b/htdocs/commande/list.php index 1efd428159a..86a5f463840 100644 --- a/htdocs/commande/list.php +++ b/htdocs/commande/list.php @@ -1452,7 +1452,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->commande->lire; - $delallowed=$user->rights->commande->supprimer; + $delallowed=$user->rights->commande->creer; print $formfile->showdocuments('massfilesarea_orders','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/compta/facture/card.php b/htdocs/compta/facture/card.php index 9c0aff43abf..6276f75e7b6 100644 --- a/htdocs/compta/facture/card.php +++ b/htdocs/compta/facture/card.php @@ -1378,7 +1378,7 @@ if (empty($reshook)) $object->situation_counter = $object->situation_counter + 1; $id = $object->createFromCurrent($user); - if ($id <= 0) + if ($id <= 0) { $mesg = $object->error; } @@ -4291,8 +4291,8 @@ else if ($id > 0 || ! empty($ref)) $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->facture->dir_output . '/' . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER['PHP_SELF'] . '?facid=' . $object->id; - $genallowed = $user->rights->facture->creer; - $delallowed = $user->rights->facture->supprimer; + $genallowed = $user->rights->facture->lire; + $delallowed = $user->rights->facture->creer; print $formfile->showdocuments('facture', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); $somethingshown = $formfile->numoffiles; diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index 67ef9c96973..8563572da7c 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -1332,7 +1332,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->facture->lire; - $delallowed=$user->rights->facture->lire; + $delallowed=$user->rights->facture->creer; print $formfile->showdocuments('massfilesarea_invoices','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index ce3915cf2ee..d618a7c4b1e 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -2112,17 +2112,17 @@ else $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->contrat->dir_output . "/" . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->contrat->creer; - $delallowed = $user->rights->contrat->supprimer; + $genallowed = $user->rights->contrat->lire; + $delallowed = $user->rights->contrat->creer; $var = true; print $formfile->showdocuments('contract', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang); - // Show links to link elements - $linktoelem = $form->showLinkToObjectBlock($object, null, array('contrat')); - $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); + // Show links to link elements + $linktoelem = $form->showLinkToObjectBlock($object, null, array('contrat')); + $somethingshown = $form->showLinkedObjectBlock($object, $linktoelem); print '
'; diff --git a/htdocs/don/card.php b/htdocs/don/card.php index 72ea8e84792..92a6b7eab30 100644 --- a/htdocs/don/card.php +++ b/htdocs/don/card.php @@ -760,8 +760,8 @@ if (! empty($id) && $action != 'edit') $filename = dol_sanitizeFileName($object->id); $filedir = $conf->don->dir_output . "/" . dol_sanitizeFileName($object->id); $urlsource = $_SERVER['PHP_SELF'].'?rowid='.$object->id; - $genallowed = ($object->statut == 2 && ($object->paid == 0 || $user->admin) && $user->rights->don->creer); - $delallowed = $user->rights->don->supprimer; + $genallowed = ($object->statut == 2 && ($object->paid == 0 || $user->admin) && $user->rights->don->lire); + $delallowed = $user->rights->don->creer; print $formfile->showdocuments('donation',$filename,$filedir,$urlsource,$genallowed,$delallowed,$object->modelpdf); diff --git a/htdocs/expedition/card.php b/htdocs/expedition/card.php index 728556b3940..b2715e7d35a 100644 --- a/htdocs/expedition/card.php +++ b/htdocs/expedition/card.php @@ -2122,7 +2122,7 @@ else if ($id || $ref) $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; $genallowed=$user->rights->expedition->lire; - $delallowed=$user->rights->expedition->supprimer; + $delallowed=$user->rights->expedition->creer; print $formfile->showdocuments('expedition',$objectref,$filedir,$urlsource,$genallowed,$delallowed,$object->modelpdf,1,0,0,28,0,'','','',$soc->default_lang); diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php index 78cab9bb733..5e3cb946f10 100644 --- a/htdocs/expensereport/card.php +++ b/htdocs/expensereport/card.php @@ -2395,8 +2395,8 @@ if($user->rights->expensereport->export && $action != 'create' && $action != 'ed $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->expensereport->dir_output . "/" . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = 1; - $delallowed = 1; + $genallowed = $user->rights->expensereport->export; + $delallowed = $user->rights->expensereport->export; $var = true; print $formfile->showdocuments('expensereport',$filename,$filedir,$urlsource,$genallowed,$delallowed); $somethingshown = $formfile->numoffiles; diff --git a/htdocs/expensereport/list.php b/htdocs/expensereport/list.php index 28fcdefcf62..3024c8c55ae 100644 --- a/htdocs/expensereport/list.php +++ b/htdocs/expensereport/list.php @@ -732,7 +732,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->expensereport->lire; - $delallowed=$user->rights->expensereport->lire; + $delallowed=$user->rights->expensereport->creer; print $formfile->showdocuments('massfilesarea_expensereport','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/fichinter/card.php b/htdocs/fichinter/card.php index 96455838a03..2cce9534873 100644 --- a/htdocs/fichinter/card.php +++ b/htdocs/fichinter/card.php @@ -1688,8 +1688,8 @@ else if ($id > 0 || ! empty($ref)) $filename=dol_sanitizeFileName($object->ref); $filedir=$conf->ficheinter->dir_output . "/".$filename; $urlsource=$_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed=$user->rights->ficheinter->creer; - $delallowed=$user->rights->ficheinter->supprimer; + $genallowed=$user->rights->ficheinter->lire; + $delallowed=$user->rights->ficheinter->creer; print $formfile->showdocuments('ficheinter',$filename,$filedir,$urlsource,$genallowed,$delallowed,$object->modelpdf,1,0,0,28,0,'','','',$soc->default_lang); // Show links to link elements diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 866d8cab17c..61f40e238e9 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -633,7 +633,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->ficheinter->lire; - $delallowed=$user->rights->ficheinter->supprimer; + $delallowed=$user->rights->ficheinter->creer; print $formfile->showdocuments('massfilesarea_interventions','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 03a39f2a5e3..edfcfeccc17 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -2748,8 +2748,8 @@ if ($action != 'makeorder') $relativepath = $comfournref.'/'.$comfournref.'.pdf'; $filedir = $conf->fournisseur->dir_output . '/commande/' . $comfournref; $urlsource=$_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed=$user->rights->fournisseur->commande->creer; - $delallowed=$user->rights->fournisseur->commande->supprimer; + $genallowed=$user->rights->fournisseur->commande->lire; + $delallowed=$user->rights->fournisseur->commande->creer; print $formfile->showdocuments('commande_fournisseur',$comfournref,$filedir,$urlsource,$genallowed,$delallowed,$object->modelpdf,1,0,0,0,0,'','','',$object->thirdparty->default_lang); $somethingshown=$formfile->numoffiles; diff --git a/htdocs/fourn/commande/list.php b/htdocs/fourn/commande/list.php index 706e7e22024..4d5f2999943 100644 --- a/htdocs/fourn/commande/list.php +++ b/htdocs/fourn/commande/list.php @@ -1324,7 +1324,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->fournisseur->commande->lire; - $delallowed=$user->rights->fournisseur->commande->lire; + $delallowed=$user->rights->fournisseur->commande->creer; print $formfile->showdocuments('massfilesarea_supplier_order','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 0f18f7f1acc..a4eeb1c5e1b 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -1432,7 +1432,7 @@ if ($action == 'create') $dateinvoice=($datetmp==''?(empty($conf->global->MAIN_AUTOFILL_DATE)?-1:''):$datetmp); $datetmp=dol_mktime(12,0,0,$_POST['echmonth'],$_POST['echday'],$_POST['echyear']); $datedue=($datetmp==''?-1:$datetmp); - + // Replicate extrafields $objectsrc->fetch_optionals($originid); $object->array_options = $objectsrc->array_options; @@ -2801,8 +2801,8 @@ else $subdir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref; $filedir = $conf->fournisseur->facture->dir_output.'/'.$subdir; $urlsource=$_SERVER['PHP_SELF'].'?id='.$object->id; - $genallowed=$user->rights->fournisseur->facture->creer; - $delallowed=$user->rights->fournisseur->facture->supprimer; + $genallowed=$user->rights->fournisseur->facture->lire; + $delallowed=$user->rights->fournisseur->facture->creer; $modelpdf=(! empty($object->modelpdf)?$object->modelpdf:(empty($conf->global->INVOICE_SUPPLIER_ADDON_PDF)?'':$conf->global->INVOICE_SUPPLIER_ADDON_PDF)); print $formfile->showdocuments('facture_fournisseur',$subdir,$filedir,$urlsource,$genallowed,$delallowed,$modelpdf,1,0,0,40,0,'','','',$societe->default_lang); diff --git a/htdocs/fourn/facture/list.php b/htdocs/fourn/facture/list.php index 6d388540053..a602badfb05 100644 --- a/htdocs/fourn/facture/list.php +++ b/htdocs/fourn/facture/list.php @@ -1251,7 +1251,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->facture->lire; - $delallowed=$user->rights->facture->lire; + $delallowed=$user->rights->facture->creer; print $formfile->showdocuments('massfilesarea_invoices','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/fourn/paiement/card.php b/htdocs/fourn/paiement/card.php index 91586c86449..46052b74c1c 100644 --- a/htdocs/fourn/paiement/card.php +++ b/htdocs/fourn/paiement/card.php @@ -182,13 +182,13 @@ if ($result > 0) } $linkback = '' . $langs->trans("BackToList") . ''; - - + + dol_banner_tab($object,'id',$linkback,1,'rowid','ref'); - + print '
'; print '
'; - + print ''; /*print ''; @@ -258,7 +258,7 @@ if ($result > 0) print '
'; print '
'; - + print '
'; /** @@ -295,7 +295,7 @@ if ($result > 0) while ($i < $num) { $objp = $db->fetch_object($resql); - + print ''; // Ref print ''.img_object($langs->trans('ShowBill'),'bill').' '; @@ -321,7 +321,7 @@ if ($result > 0) $i++; } } - + print "\n"; $db->free($resql); @@ -366,7 +366,7 @@ if ($result > 0) } } print '
'; - + print '
'; /* @@ -375,8 +375,8 @@ if ($result > 0) $ref=dol_sanitizeFileName($object->ref); $filedir = $conf->fournisseur->payment->dir_output.'/'.dol_sanitizeFileName($object->ref); $urlsource=$_SERVER['PHP_SELF'].'?id='.$object->id; - $genallowed=$user->rights->fournisseur->facture->creer; - $delallowed=$user->rights->fournisseur->facture->supprimer; + $genallowed=$user->rights->fournisseur->facture->lire; + $delallowed=$user->rights->fournisseur->facture->creer; $modelpdf=(! empty($object->modelpdf)?$object->modelpdf:(empty($conf->global->SUPPLIER_PAYMENT_ADDON_PDF)?'':$conf->global->SUPPLIER_PAYMENT_ADDON_PDF)); print $formfile->showdocuments('supplier_payment',$ref,$filedir,$urlsource,$genallowed,$delallowed,$modelpdf,1,0,0,40,0,'','','',$societe->default_lang); diff --git a/htdocs/livraison/card.php b/htdocs/livraison/card.php index e6d39ec7019..092fcc94795 100644 --- a/htdocs/livraison/card.php +++ b/htdocs/livraison/card.php @@ -44,7 +44,7 @@ if (! empty($conf->projet->enabled)) { require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formprojet.class.php'; } - + $langs->load("sendings"); $langs->load("bills"); @@ -223,7 +223,7 @@ if ($action == 'update_extras_line') { $array_options=array(); $num=count($object->lines); - + for ($i = 0; $i < $num; $i++) { // Extrafields @@ -236,7 +236,7 @@ if ($action == 'update_extras_line') unset($_POST["options_" . $key]); } } - + $ret = $object->update_line($object->lines[$i]->id,$array_options[$i]); // extrafields update if ($ret < 0) { @@ -305,7 +305,7 @@ $formfile = new FormFile($db); if ($action == 'create') // Seems to no be used { - + } else /* *************************************************************************** */ @@ -333,16 +333,16 @@ else $head=delivery_prepare_head($object); - + print '
'; print ''; print ''; print ''; print ''; print ''; - + dol_fiche_head($head, 'delivery', $langs->trans("Shipment"), 0, 'sending'); - + /* * Confirmation de la suppression * @@ -367,7 +367,7 @@ else /* * Livraison */ - + if ($typeobject == 'commande' && $expedition->origin_id > 0 && ! empty($conf->commande->enabled)) { $objectsrc=new Commande($db); @@ -381,7 +381,7 @@ else // Shipment card $linkback = ''.$langs->trans("BackToList").''; - + $morehtmlref='
'; // Ref customer shipment $morehtmlref.=$form->editfieldkey("RefCustomer", '', $expedition->ref_customer, $expedition, $user->rights->expedition->creer, 'string', '', 0, 1); @@ -422,17 +422,17 @@ else } } $morehtmlref.='
'; - + $morehtmlright = $langs->trans("StatusReceipt").' : '.$object->getLibStatut(6).'
'; - + dol_banner_tab($expedition, 'ref', $linkback, 1, 'ref', 'ref', $morehtmlref, '', 0, '', $morehtmlright); - - + + print '
'; print '
'; - + print ''; - + // Shipment /* if (($object->origin == 'shipment' || $object->origin == 'expedition') && $object->origin_id > 0) @@ -459,7 +459,7 @@ else print ''; print ""; */ - + // Document origine if ($typeobject == 'commande' && $expedition->origin_id && ! empty($conf->commande->enabled)) { @@ -535,7 +535,7 @@ else print ''; } - /* A delivery note should be just more properties of a shipment, so notes are on shipment + /* A delivery note should be just more properties of a shipment, so notes are on shipment // Note Public print ''; print ''; print ''; } - + // Other attributes if ($action = 'create_delivery') { // copy from expedition @@ -579,7 +579,7 @@ else print "
'.$soc->getNomUrl(1).'
'.$langs->trans("NotePublic").''; @@ -563,7 +563,7 @@ else print ''.$entrepot->libelle.'

\n"; print '
'; - + /* * Lignes produits */ @@ -602,7 +602,7 @@ else $var=true; while ($i < $num_prod) { - + print ''; if ($object->lines[$i]->fk_product > 0) @@ -666,7 +666,7 @@ else print ''.$object->lines[$i]->qty_shipped.''; print ""; - + //Display lines extrafields if (is_array($extralabelslines) && count($extralabelslines)>0) { $colspan=2; @@ -689,14 +689,14 @@ else } print "\n"; - + dol_fiche_end(); //if ($object->statut == 0) // only if draft // print '
'; - + print '
'; - + /* * Boutons actions @@ -706,7 +706,7 @@ else { print '
'; - if ($object->statut == 0 && $num_prod > 0) + if ($object->statut == 0 && $num_prod > 0) { if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ! empty($user->rights->expedition->livraison->creer)) || (! empty($conf->global->MAIN_USE_ADVANCED_PERMS) && ! empty($user->rights->expedition->livraison_advance->validate))) @@ -741,8 +741,8 @@ else $filedir = $conf->expedition->dir_output . "/receipt/" . $objectref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed=$user->rights->expedition->livraison->creer; - $delallowed=$user->rights->expedition->livraison->supprimer; + $genallowed=$user->rights->expedition->livraison->lire; + $delallowed=$user->rights->expedition->livraison->creer; print $formfile->showdocuments('livraison',$objectref,$filedir,$urlsource,$genallowed,$delallowed,$object->modelpdf,1,0,0,28,0,'','','',$soc->default_lang); diff --git a/htdocs/modulebuilder/template/myobject_card.php b/htdocs/modulebuilder/template/myobject_card.php index e8cc7e33735..310d53f08b0 100644 --- a/htdocs/modulebuilder/template/myobject_card.php +++ b/htdocs/modulebuilder/template/myobject_card.php @@ -471,8 +471,8 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $relativepath = $comref . '/' . $comref . '.pdf'; $filedir = $conf->mymodule->dir_output . '/' . $comref; $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->mymodule->creer; - $delallowed = $user->rights->mymodule->supprimer; + $genallowed = $user->rights->mymodule->read; // If you can read, you can build the PDF to read content + $delallowed = $user->rights->mymodule->create; // If you can create/edit, you can remove a file on card print $formfile->showdocuments('mymodule', $comref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index c4e7875e89a..9ba043774e6 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -640,7 +640,7 @@ if ($nbtotalofrecords === '' || $nbtotalofrecords) $filedir=$diroutputmassaction; $genallowed=$user->rights->mymodule->read; - $delallowed=$user->rights->mymodule->read; + $delallowed=$user->rights->mymodule->create; print $formfile->showdocuments('massfilesarea_mymodule','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/product/card.php b/htdocs/product/card.php index 0a6c9052b91..2b4c8d205f8 100644 --- a/htdocs/product/card.php +++ b/htdocs/product/card.php @@ -2030,8 +2030,8 @@ if ($action != 'create' && $action != 'edit' && $action != 'delete') $relativepath = $comref . '/' . $objectref . '.pdf'; $filedir = $conf->produit->dir_output . '/' . $objectref; $urlsource=$_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed=$user->rights->produit->creer; - $delallowed=$user->rights->produit->supprimer; + $genallowed=$user->rights->produit->lire; + $delallowed=$user->rights->produit->creer; $var=true; diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index 5506bad0fbb..8d3acdecbc1 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -472,8 +472,8 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea $relativepath = $comref . '/' . $comref . '.pdf'; $filedir = $conf->inventory->dir_output . '/' . $comref; $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->inventory->creer; - $delallowed = $user->rights->inventory->supprimer; + $genallowed = $user->rights->inventory->read; + $delallowed = $user->rights->inventory->create; print $formfile->showdocuments('inventory', $comref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', '', '', $soc->default_lang); diff --git a/htdocs/product/inventory/list.php b/htdocs/product/inventory/list.php index 162567878d1..0fea44f0f83 100644 --- a/htdocs/product/inventory/list.php +++ b/htdocs/product/inventory/list.php @@ -625,7 +625,7 @@ if ($nbtotalofrecords === '' || $nbtotalofrecords) $filedir=$diroutputmassaction; $genallowed=$user->rights->inventory->read; - $delallowed=$user->rights->inventory->read; + $delallowed=$user->rights->inventory->create; print $formfile->showdocuments('massfilesarea_inventory','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/product/stock/productlot_list.php b/htdocs/product/stock/productlot_list.php index 3cf1e022e7f..325ddd5f796 100644 --- a/htdocs/product/stock/productlot_list.php +++ b/htdocs/product/stock/productlot_list.php @@ -604,7 +604,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->facture->lire; - $delallowed=$user->rights->facture->lire; + $delallowed=$user->rights->facture->creer; print $formfile->showdocuments('massfilesarea_orders','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,$title,''); } diff --git a/htdocs/societe/canvas/company/tpl/card_view.tpl.php b/htdocs/societe/canvas/company/tpl/card_view.tpl.php index c6e80e87a91..21645f14d00 100644 --- a/htdocs/societe/canvas/company/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/company/tpl/card_view.tpl.php @@ -257,8 +257,8 @@ for ($i=1; $i<=4; $i++) { */ $filedir=$conf->societe->multidir_output[$this->control->tpl['entity']].'/'.$socid; $urlsource=$_SERVER["PHP_SELF"]."?socid=".$socid; -$genallowed=$user->rights->societe->creer; -$delallowed=$user->rights->societe->supprimer; +$genallowed=$user->rights->societe->lire; +$delallowed=$user->rights->societe->creer; print $formfile->showdocuments('company',$socid,$filedir,$urlsource,$genallowed,$delallowed,'',0,0,0,28,0,'',0,'',$objcanvas->control->object->default_lang); ?> diff --git a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php index 21f0cafcbb1..10136048ae6 100644 --- a/htdocs/societe/canvas/individual/tpl/card_view.tpl.php +++ b/htdocs/societe/canvas/individual/tpl/card_view.tpl.php @@ -201,8 +201,8 @@ dol_fiche_head($head, 'card', $langs->trans("ThirdParty"),0,'company'); */ $filedir=$conf->societe->multidir_output[$this->control->tpl['entity']].'/'.$socid; $urlsource=$_SERVER["PHP_SELF"]."?socid=".$socid; -$genallowed=$user->rights->societe->creer; -$delallowed=$user->rights->societe->supprimer; +$genallowed=$user->rights->societe->lire; +$delallowed=$user->rights->societe->creer; print $formfile->showdocuments('company',$socid,$filedir,$urlsource,$genallowed,$delallowed,'',0,0,0,28,0,'',0,'',$objcanvas->control->object->default_lang); ?> diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php index 53c5a1add14..876300aef28 100644 --- a/htdocs/societe/card.php +++ b/htdocs/societe/card.php @@ -2574,8 +2574,8 @@ else */ $filedir=$conf->societe->multidir_output[$object->entity].'/'.$object->id; $urlsource=$_SERVER["PHP_SELF"]."?socid=".$object->id; - $genallowed=$user->rights->societe->creer; - $delallowed=$user->rights->societe->supprimer; + $genallowed=$user->rights->societe->lire; + $delallowed=$user->rights->societe->creer; $var=true; diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php index 615fba52659..2be3e096517 100644 --- a/htdocs/societe/rib.php +++ b/htdocs/societe/rib.php @@ -655,8 +655,8 @@ if ($socid && $action != 'edit' && $action != "create") */ $filedir=$conf->societe->multidir_output[$object->entity].'/'.$object->id; $urlsource=$_SERVER["PHP_SELF"]."?socid=".$object->id; - $genallowed=$user->rights->societe->creer; - $delallowed=$user->rights->societe->supprimer; + $genallowed=$user->rights->societe->lire; + $delallowed=$user->rights->societe->creer; $var=true; diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index cfb8ca52234..c39f7e1e0ea 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -1789,8 +1789,8 @@ if ($action == 'create') $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->supplier_proposal->dir_output . "/" . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->supplier_proposal->creer; - $delallowed = $user->rights->supplier_proposal->supprimer; + $genallowed = $user->rights->supplier_proposal->lire; + $delallowed = $user->rights->supplier_proposal->creer; print $formfile->showdocuments('supplier_proposal', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang); diff --git a/htdocs/supplier_proposal/list.php b/htdocs/supplier_proposal/list.php index f92c0e6305d..4240ca72a08 100644 --- a/htdocs/supplier_proposal/list.php +++ b/htdocs/supplier_proposal/list.php @@ -1027,7 +1027,7 @@ if ($resql) $filedir=$diroutputmassaction; $genallowed=$user->rights->supplier_proposal->lire; - $delallowed=$user->rights->supplier_proposal->lire; + $delallowed=$user->rights->supplier_proposal->creer; print $formfile->showdocuments('massfilesarea_supplier_proposal','',$filedir,$urlsource,0,$delallowed,'',1,1,0,48,1,$param,'',''); } diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 4902e0b6de0..846c9dffc9a 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -2482,8 +2482,8 @@ else $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->user->dir_output . "/" . dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"] . "?id=" . $object->id; - $genallowed = $user->rights->user->user->creer; - $delallowed = $user->rights->user->user->supprimer; + $genallowed = $user->rights->user->user->lire; + $delallowed = $user->rights->user->user->creer; print $formfile->showdocuments('user', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang); $somethingshown = $formfile->numoffiles; From 74b401b70d23faf234de2372bca4b0aa23ecafa3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 18 Oct 2017 17:40:47 +0200 Subject: [PATCH 2/4] Fix bad perm to delete file --- htdocs/comm/action/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index d97982c3db8..03d73635c17 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -579,7 +579,7 @@ if ($action == 'mupdate') // Actions to delete doc $upload_dir = $conf->agenda->dir_output.'/'.dol_sanitizeFileName($object->ref); -$permissioncreate = ($user->rights->agenda->allactions->delete || (($object->authorid == $user->id || $object->userownerid == $user->id) && $user->rights->agenda->myactions->delete)); +$permissioncreate = ($user->rights->agenda->allactions->create || (($object->authorid == $user->id || $object->userownerid == $user->id) && $user->rights->agenda->myactions->read)); include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; From 3e43e164aea2292606dcb3efe46f015fc59be403 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 18 Oct 2017 19:13:44 +0200 Subject: [PATCH 3/4] FIX Bad ressource list in popup in gantt view --- htdocs/projet/ganttchart.inc.php | 6 +++--- htdocs/projet/ganttview.php | 28 ++++++++++++++++++++-------- htdocs/theme/eldy/style.css.php | 4 ++++ 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/htdocs/projet/ganttchart.inc.php b/htdocs/projet/ganttchart.inc.php index 2600fbd02fc..47ad04d1dc7 100644 --- a/htdocs/projet/ganttchart.inc.php +++ b/htdocs/projet/ganttchart.inc.php @@ -131,7 +131,7 @@ else /** * Add a gant chart line * - * @param string $tarr tarr + * @param array $tarr Array of all tasks * @param array $task Array with properties of one task * @param Project $project_dependencies Project object * @param int $level Level @@ -206,7 +206,7 @@ function constructGanttLine($tarr,$task,$project_dependencies,$level=0,$project_ $s = "\n// Add taks id=".$task["task_id"]." level = ".$level."\n"; // $s.= "g.AddTaskItem(new JSGantt.TaskItem(".$task['task_id'].",'".dol_escape_js($name)."','".$start_date."', '".$end_date."', '".$task['task_color']."', '".$link."', ".$task['task_milestone'].", '".$resources."', ".($percent >= 0 ? $percent : 0).", ".($task["task_is_group"]>0?1:0).", '".$parent."', 1, '".($depend?$depend:"")."', '".$note."'));"; // For JSGanttImproved - $s.= "g.AddTaskItem(new JSGantt.TaskItem(".$task['task_id'].",'".dol_escape_js(trim($name))."','".$start_date."', '".$end_date."', '".$task['task_css']."', '".$link."', ".$task['task_milestone'].", '".$resources."', ".($percent >= 0 ? $percent : 0).", ".($task["task_is_group"]).", '".$parent."', 1, '".($depend?$depend:$parent."SS")."', '".($percent >= 0 ? $percent.'%' : '0%')."','".dol_escape_js($task['note'])."'));"; + $s.= "g.AddTaskItem(new JSGantt.TaskItem(".$task['task_id'].",'".dol_escape_js(trim($name))."','".$start_date."', '".$end_date."', '".$task['task_css']."', '".$link."', ".$task['task_milestone'].", '".dol_escape_js($resources)."', ".($percent >= 0 ? $percent : 0).", ".($task["task_is_group"]).", '".$parent."', 1, '".($depend?$depend:$parent."SS")."', '".($percent >= 0 ? $percent.'%' : '0%')."','".dol_escape_js($task['note'])."'));"; echo $s; @@ -215,7 +215,7 @@ function constructGanttLine($tarr,$task,$project_dependencies,$level=0,$project_ /** * Find child Gantt line * - * @param string $tarr tarr + * @param array $tarr tarr * @param int $parent Parent * @param Project $project_dependencies Project object * @param int $level Level diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php index 16f719a3a8f..eb24c58a211 100644 --- a/htdocs/projet/ganttview.php +++ b/htdocs/projet/ganttview.php @@ -28,6 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; require_once DOL_DOCUMENT_ROOT.'/projet/class/task.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/project.lib.php'; require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'; +require_once DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'; +require_once DOL_DOCUMENT_ROOT.'/contact/class/contact.class.php'; require_once DOL_DOCUMENT_ROOT.'/core/class/html.formother.class.php'; $id=GETPOST('id','int'); @@ -65,6 +67,7 @@ $form=new Form($db); $formother=new FormOther($db); $userstatic=new User($db); $companystatic=new Societe($db); +$contactstatic=new Contact($db); $task = new Task($db); $arrayofcss=array('/includes/jsgantt/jsgantt.css'); @@ -239,6 +242,7 @@ if (count($tasksarray)>0) foreach($tasksarray as $key => $val) { $task->fetch($val->id); + $tasks[$taskcursor]['task_id']=$val->id; $tasks[$taskcursor]['task_parent']=$val->fk_parent; $tasks[$taskcursor]['task_is_group'] = 0; @@ -261,7 +265,7 @@ if (count($tasksarray)>0) $tasks[$taskcursor]['task_end_date']=$val->date_end; $tasks[$taskcursor]['task_color']='b4d1ea'; $idofusers=$task->getListContactId('internal'); - $idofthirdparty=$task->getListContactId('external'); + $idofcontacts=$task->getListContactId('external'); $s=''; if (count($idofusers)>0) { @@ -275,18 +279,26 @@ if (count($tasksarray)>0) $i++; } } - //if (count($idofusers)>0 && (count($idofthirdparty)>0)) $s.=' - '; - if (count($idofthirdparty)>0) + //if (count($idofusers)>0 && (count($idofcontacts)>0)) $s.=' - '; + if (count($idofcontacts)>0) { if ($s) $s.=' - '; $s.=$langs->trans("Externals").': '; $i=0; - foreach($idofthirdparty as $valid) + $contactidfound=array(); + foreach($idofcontacts as $valid) { - $companystatic->fetch($valid); - if ($i) $s.=','; - $s.=$companystatic->name; - $i++; + if (empty($contactidfound[$valid])) + { + $res = $contactstatic->fetch($valid); + if ($res > 0) + { + if ($i) $s.=', '; + $s.=$contactstatic->getFullName($langs); + $contactidfound[$valid]=1; + $i++; + } + } } } //if ($s) $tasks[$taskcursor]['task_resources']=''.$langs->trans("List").''; diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php index 96c7c91de2b..4529896746c 100644 --- a/htdocs/theme/eldy/style.css.php +++ b/htdocs/theme/eldy/style.css.php @@ -3453,6 +3453,10 @@ table.cal_event td.cal_event_right { padding: 4px 4px !important; } /* Gantt /* ============================================================================== */ +div.gTaskInfo { + background: #f0f0f0 !important; +} + td.gtaskname { overflow: hidden; text-overflow: ellipsis; From 7ee64fc0d4622fa7e02d7715478f50e1772d9b7d Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 18 Oct 2017 19:39:22 +0200 Subject: [PATCH 4/4] Fix css --- htdocs/theme/eldy/style.css.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/htdocs/theme/eldy/style.css.php b/htdocs/theme/eldy/style.css.php index 4529896746c..515015b5b5a 100644 --- a/htdocs/theme/eldy/style.css.php +++ b/htdocs/theme/eldy/style.css.php @@ -3456,7 +3456,9 @@ table.cal_event td.cal_event_right { padding: 4px 4px !important; } div.gTaskInfo { background: #f0f0f0 !important; } - +.gtaskblue { + background: rgb(108,152,185) !important; +} td.gtaskname { overflow: hidden; text-overflow: ellipsis;