From a5814ce77907f7a2c7b874b493324596a64796b0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Fri, 9 Feb 2018 11:00:43 +0100 Subject: [PATCH 01/13] Fix: nocheck for "fournisseur", already check with "societe" --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index e84eef83924..f8753193888 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -382,7 +382,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode','stock'); // No test + $nocheck = array('barcode','stock','fournisseur'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name From 67ce71bc487feba279c83c57cfb287a6bea08f52 Mon Sep 17 00:00:00 2001 From: Juanjo Menent Date: Fri, 9 Feb 2018 18:23:11 +0100 Subject: [PATCH 02/13] Fix: Contracts not show price --- htdocs/contrat/tpl/linkedobjectblock.tpl.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/htdocs/contrat/tpl/linkedobjectblock.tpl.php b/htdocs/contrat/tpl/linkedobjectblock.tpl.php index eae46dad772..68d7a8462f2 100644 --- a/htdocs/contrat/tpl/linkedobjectblock.tpl.php +++ b/htdocs/contrat/tpl/linkedobjectblock.tpl.php @@ -1,5 +1,6 @@ + * Copyright (C) 2018 Juanjo Menent * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,7 +51,15 @@ foreach($linkedObjectBlock as $key => $objectlink) getNomUrl(1); ?> date_contrat,'day'); ?> -   + rights->contrat->lire) { + $totalcontrat = 0; + foreach ($objectlink->lines as $linecontrat) { + $totalcontrat = $totalcontrat + $linecontrat->total_ht; + $total = $total + $linecontrat->total_ht; + } + echo price($totalcontrat); + } ?> getLibStatut(7); ?> ">transnoentitiesnoconv("RemoveLink")); ?> From d731857fd0dfaa0ac22ee8db3d8aa1ce29f5d4f5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 12 Feb 2018 03:13:12 +0100 Subject: [PATCH 03/13] Update linkedobjectblock.tpl.php --- htdocs/contrat/tpl/linkedobjectblock.tpl.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/htdocs/contrat/tpl/linkedobjectblock.tpl.php b/htdocs/contrat/tpl/linkedobjectblock.tpl.php index 68d7a8462f2..a44f20679b8 100644 --- a/htdocs/contrat/tpl/linkedobjectblock.tpl.php +++ b/htdocs/contrat/tpl/linkedobjectblock.tpl.php @@ -52,7 +52,11 @@ foreach($linkedObjectBlock as $key => $objectlink) date_contrat,'day'); ?> rights->contrat->lire) { + // Price of contract is not shown by default because a contract is a list of service with + // start and end date that change with time andd that may be different that the period of reference for price. + // So price of a contract does often means nothing. Prices is on the different invoices done on same contract. + if ($user->rights->contrat->lire && empty($conf->global->CONTRACT_SHOW_TOTAL_OF_PRODUCT_AS_PRICE)) + { $totalcontrat = 0; foreach ($objectlink->lines as $linecontrat) { $totalcontrat = $totalcontrat + $linecontrat->total_ht; @@ -65,4 +69,4 @@ foreach($linkedObjectBlock as $key => $objectlink) - \ No newline at end of file + From 448fcae02fc36f196883460814f0df8416d2b0c8 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 12 Feb 2018 09:03:53 +0100 Subject: [PATCH 04/13] Fix: move "fournisseur" in $checksoc --- htdocs/core/lib/security.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 50ce574e271..14ff7bfdf53 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -378,11 +378,11 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'task') $feature='projet_task'; $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) - $checksoc = array('societe'); // Test for societe object + $checksoc = array('societe','fournisseur'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); - $nocheck = array('barcode','stock','fournisseur'); // No test + $nocheck = array('barcode','stock'); // No test $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...). // If dbtablename not defined, we use same name for table than module name From 24cc687724758e474d2e772a41532e252ec884e3 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 12 Feb 2018 09:28:41 +0100 Subject: [PATCH 05/13] Fix: you can't check "fournisseur" with checkUserAccessToObject without object ID --- htdocs/core/lib/security.lib.php | 2 +- htdocs/product/fournisseurs.php | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index 14ff7bfdf53..c204809e9a1 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -378,7 +378,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh if ($feature == 'task') $feature='projet_task'; $check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company) - $checksoc = array('societe','fournisseur'); // Test for societe object + $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object $checktask = array('projet_task'); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 2c49319fc19..9c91b5e11d7 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -51,6 +51,8 @@ $cost_price=GETPOST('cost_price', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); $error=0; +if (!$user->rights->fournisseur->lire) accessforbidden(); + // If socid provided by ajax company selector if (! empty($_REQUEST['search_fourn_id'])) { @@ -63,7 +65,7 @@ if (! empty($_REQUEST['search_fourn_id'])) $fieldvalue = (! empty($id) ? $id : (! empty($ref) ? $ref : '')); $fieldtype = (! empty($ref) ? 'ref' : 'rowid'); if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit|service&fournisseur',$fieldvalue,'product&product','','',$fieldtype); +$result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype); $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $sortfield = GETPOST("sortfield",'alpha'); From ef051716410fcb7eef18447f6facc1086924beec Mon Sep 17 00:00:00 2001 From: Maxime Kohlhaas Date: Mon, 12 Feb 2018 13:48:43 +0100 Subject: [PATCH 06/13] Fix : contract service list context was mixing up with service list from product/service module --- htdocs/contrat/services.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php index f21c476fe35..09df597d017 100644 --- a/htdocs/contrat/services.php +++ b/htdocs/contrat/services.php @@ -75,7 +75,7 @@ $opclotureyear=GETPOST('opclotureyear'); $filter_opcloture=GETPOST('filter_opcloture'); // Initialize context for list -$contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'servicelist'.$mode; +$contextpage=GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'contractservicelist'.$mode; // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array($contextpage)); From 1052213c978274c3bacb2188aba0c6b4b91f96c3 Mon Sep 17 00:00:00 2001 From: De Coninck Laurent Date: Mon, 12 Feb 2018 18:12:43 +0100 Subject: [PATCH 07/13] Fix 8183 - adherent welcome e-mail Fix the adherent welcome e-mail. [see: #8183] --- htdocs/adherents/type.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index a0f36c409de..01c8841708f 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -96,7 +96,7 @@ if ($action == 'add' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = (boolean) trim($mail_valid); + $object->mail_valid = $db->escape(trim($mail_valid)); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form @@ -134,7 +134,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = (boolean) trim($mail_valid); + $object->mail_valid = $db->escape(trim($mail_valid)); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form From 144c13998a87fba22acf7bbf20f8b89adc2ad2e0 Mon Sep 17 00:00:00 2001 From: atm-quentin Date: Tue, 13 Feb 2018 09:51:33 +0100 Subject: [PATCH 08/13] NEW_einstein_pdf_modules --- .../modules/commande/doc/pdf_einstein.modules.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php index d8bfff2e528..9fecdc277b5 100644 --- a/htdocs/core/modules/commande/doc/pdf_einstein.modules.php +++ b/htdocs/core/modules/commande/doc/pdf_einstein.modules.php @@ -1311,7 +1311,17 @@ class pdf_einstein extends ModelePDFCommandes if ($showaddress) { // Sender properties - $carac_emetteur = pdf_build_address($outputlangs, $this->emetteur, $object->thirdparty); + $carac_emetteur=''; + // Add internal contact of proposal if defined + $arrayidcontact=$object->getIdContact('internal','SALESREPFOLL'); + if (count($arrayidcontact) > 0) + { + $object->fetch_user($arrayidcontact[0]); + $labelbeforecontactname=($outputlangs->transnoentities("FromContactName")!='FromContactName'?$outputlangs->transnoentities("FromContactName"):$outputlangs->transnoentities("Name")); + $carac_emetteur .= ($carac_emetteur ? "\n" : '' ).$labelbeforecontactname." ".$outputlangs->convToOutputCharset($object->user->getFullName($outputlangs))."\n"; + } + + $carac_emetteur .= pdf_build_address($outputlangs, $this->emetteur, $object->thirdparty); // Show sender $posy=42+$top_shift; From c690dfb25803a2a37b80cecab0b8dbcf19f9eddd Mon Sep 17 00:00:00 2001 From: atm-ph Date: Wed, 14 Feb 2018 10:15:38 +0100 Subject: [PATCH 09/13] Fix apply global progress don't update multicurrency values --- htdocs/compta/facture/class/facture.class.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index 3c35a03f218..f7901a364c8 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -2919,6 +2919,9 @@ class Facture extends CommonInvoice $line->total_ttc = $tabprice[2]; $line->total_localtax1 = $tabprice[9]; $line->total_localtax2 = $tabprice[10]; + $line->multicurrency_total_ht = $tabprice[16]; + $line->multicurrency_total_tva = $tabprice[17]; + $line->multicurrency_total_ttc = $tabprice[18]; $line->update($user); $this->update_price(1); $this->db->commit(); From fa2fddcdc13e77e7f098db4e79cd5574d6e06c74 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 14 Feb 2018 14:30:39 +0100 Subject: [PATCH 10/13] Fix: Update entity field in llx_user_rights and llx_usergroup_rights --- ChangeLog | 4 +- htdocs/install/upgrade2.php | 181 ++++++++++++++++++++++++++++++-- htdocs/langs/en_US/install.lang | 2 + 3 files changed, 178 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index e6d061a58ac..849d8b38855 100644 --- a/ChangeLog +++ b/ChangeLog @@ -287,7 +287,9 @@ Following changes may create regression for some external modules, but were nece exists, but if an external module need action on it, it must provides itself its trigger file. * Use $conf->global->MULTICOMPANY_TRANSVERSE_MODE instead $conf->multicompany->transverse_mode. So, if you set var $multicompany_transverse_mode to 1 into your conf file, you must remove this line and a new key into - the Home - setup - other admin page. + the Home - setup - other admin page. +* If you use Multicompany transverse mode, it will be necessary to check the activation of the modules in the children + entities and to review completely the rights of the groups and the users. * Use getEntity('xxx') instead getEntity('xxx', 1) and use getEntity('xxx', 0) instead getEntity('xxx') * Some other change were done in the way we read permission of a user when module multicompany is enabled. You can retreive the old behavior by adding constant MULTICOMPANY_BACKWARD_COMPATIBILITY to 1. diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php index 7bf283f828d..8a8547a926a 100644 --- a/htdocs/install/upgrade2.php +++ b/htdocs/install/upgrade2.php @@ -366,14 +366,27 @@ if (! GETPOST('action','aZ09') || preg_match('/upgrade/i',GETPOST('action','aZ09 migrate_remise_except_entity($db,$langs,$conf); } - // Scripts for last version - $afterversionarray=explode('.','5.0.9'); - $beforeversionarray=explode('.','6.0.9'); - if (versioncompare($versiontoarray,$afterversionarray) >= 0 && versioncompare($versiontoarray,$beforeversionarray) <= 0) - { - // No particular code - } - } + // Scripts for last version + $afterversionarray=explode('.','5.0.9'); + $beforeversionarray=explode('.','6.0.9'); + if (versioncompare($versiontoarray,$afterversionarray) >= 0 && versioncompare($versiontoarray,$beforeversionarray) <= 0) + { + if (! empty($conf->multicompany->enabled)) + { + global $multicompany_transverse_mode; + + // Only if the transverse mode is not used + if (empty($multicompany_transverse_mode)) + { + // Migrate to add entity value into llx_user_rights + migrate_user_rights_entity($db, $langs, $conf); + + // Migrate to add entity value into llx_usergroup_rights + migrate_usergroup_rights_entity($db, $langs, $conf); + } + } + } + } // Code executed only if migrate is LAST ONE. Must always be done. if (versioncompare($versiontoarray,$versionranarray) >= 0 || versioncompare($versiontoarray,$versionranarray) <= -3) @@ -3967,6 +3980,158 @@ function migrate_remise_except_entity($db,$langs,$conf) print ''; } +/** + * Migrate to add entity value into llx_user_rights + * + * @param DoliDB $db Database handler + * @param Translate $langs Object langs + * @param Conf $conf Object conf + * @return void + */ +function migrate_user_rights_entity($db,$langs,$conf) +{ + print ''; + + print ''.$langs->trans('MigrationUserRightsEntity')."
\n"; + + $error = 0; + + dolibarr_install_syslog("upgrade2::migrate_user_rights_entity"); + + $db->begin(); + + $sqlSelect = "SELECT u.rowid, u.entity"; + $sqlSelect.= " FROM ".MAIN_DB_PREFIX."user as u"; + $sqlSelect.= " WHERE u.entity > 1"; + //print $sqlSelect; + + $resql = $db->query($sqlSelect); + if ($resql) + { + $i = 0; + $num = $db->num_rows($resql); + + if ($num) + { + while ($i < $num) + { + $obj = $db->fetch_object($resql); + + $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."user_rights SET"; + $sqlUpdate.= " entity = " . $obj->entity; + $sqlUpdate.= " WHERE fk_user = " . $obj->rowid; + + $result=$db->query($sqlUpdate); + if (! $result) + { + $error++; + dol_print_error($db); + } + + print ". "; + $i++; + } + } + else + { + print $langs->trans('AlreadyDone')."
\n"; + } + + if (! $error) + { + $db->commit(); + } + else + { + $db->rollback(); + } + } + else + { + dol_print_error($db); + $db->rollback(); + } + + + print ''; +} + +/** + * Migrate to add entity value into llx_usergroup_rights + * + * @param DoliDB $db Database handler + * @param Translate $langs Object langs + * @param Conf $conf Object conf + * @return void + */ +function migrate_usergroup_rights_entity($db,$langs,$conf) +{ + print ''; + + print ''.$langs->trans('MigrationUserGroupRightsEntity')."
\n"; + + $error = 0; + + dolibarr_install_syslog("upgrade2::migrate_usergroup_rights_entity"); + + $db->begin(); + + $sqlSelect = "SELECT u.rowid, u.entity"; + $sqlSelect.= " FROM ".MAIN_DB_PREFIX."usergroup as u"; + $sqlSelect.= " WHERE u.entity > 1"; + //print $sqlSelect; + + $resql = $db->query($sqlSelect); + if ($resql) + { + $i = 0; + $num = $db->num_rows($resql); + + if ($num) + { + while ($i < $num) + { + $obj = $db->fetch_object($resql); + + $sqlUpdate = "UPDATE ".MAIN_DB_PREFIX."usergroup_rights SET"; + $sqlUpdate.= " entity = " . $obj->entity; + $sqlUpdate.= " WHERE fk_usergroup = " . $obj->rowid; + + $result=$db->query($sqlUpdate); + if (! $result) + { + $error++; + dol_print_error($db); + } + + print ". "; + $i++; + } + } + else + { + print $langs->trans('AlreadyDone')."
\n"; + } + + if (! $error) + { + $db->commit(); + } + else + { + $db->rollback(); + } + } + else + { + dol_print_error($db); + $db->rollback(); + } + + + print ''; +} + /** * Migration directory * diff --git a/htdocs/langs/en_US/install.lang b/htdocs/langs/en_US/install.lang index 4bd1bba3e9a..ed5cdab1b99 100644 --- a/htdocs/langs/en_US/install.lang +++ b/htdocs/langs/en_US/install.lang @@ -193,6 +193,8 @@ MigrationCategorieAssociation=Migration of categories MigrationEvents=Migration of events to add event owner into assignement table MigrationRemiseEntity=Update entity field value of llx_societe_remise MigrationRemiseExceptEntity=Update entity field value of llx_societe_remise_except +MigrationUserRightsEntity=Update entity field value of llx_user_rights +MigrationUserGroupRightsEntity=Update entity field value of llx_usergroup_rights MigrationReloadModule=Reload module %s ShowNotAvailableOptions=Show not available options HideNotAvailableOptions=Hide not available options From 23ee6748f7244b199cdaeaff5ffe32602d6f1f05 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:36:13 +0100 Subject: [PATCH 11/13] Update fournisseurs.php --- htdocs/product/fournisseurs.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 9c91b5e11d7..68f0d673ca4 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -51,8 +51,6 @@ $cost_price=GETPOST('cost_price', 'alpha'); $backtopage=GETPOST('backtopage','alpha'); $error=0; -if (!$user->rights->fournisseur->lire) accessforbidden(); - // If socid provided by ajax company selector if (! empty($_REQUEST['search_fourn_id'])) { @@ -67,6 +65,8 @@ $fieldtype = (! empty($ref) ? 'ref' : 'rowid'); if ($user->societe_id) $socid=$user->societe_id; $result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','','',$fieldtype); +if (empty($user->rights->fournisseur->lire)) accessforbidden(); + $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $sortfield = GETPOST("sortfield",'alpha'); $sortorder = GETPOST("sortorder",'alpha'); From 0d00c51c2aaf0a614eed10ebc912bd903d7aa02a Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:51:05 +0100 Subject: [PATCH 12/13] Update type.php --- htdocs/adherents/type.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 01c8841708f..2d36f1d7fc5 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -96,7 +96,7 @@ if ($action == 'add' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = $db->escape(trim($mail_valid)); + $object->mail_valid = trim($mail_valid); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form From d0fdf700d77a474ac03fae4cf0868ead674265a5 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 14 Feb 2018 20:51:33 +0100 Subject: [PATCH 13/13] Update type.php --- htdocs/adherents/type.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/adherents/type.php b/htdocs/adherents/type.php index 2d36f1d7fc5..a66108dec21 100644 --- a/htdocs/adherents/type.php +++ b/htdocs/adherents/type.php @@ -134,7 +134,7 @@ if ($action == 'update' && $user->rights->adherent->configurer) $object->label = trim($label); $object->subscription = (int) trim($subscription); $object->note = trim($comment); - $object->mail_valid = $db->escape(trim($mail_valid)); + $object->mail_valid = trim($mail_valid); $object->vote = (boolean) trim($vote); // Fill array 'array_options' with data from add form