From 86aea55e61f84a6832d5ea4bf6988c4c7cc74cd0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 29 Apr 2009 09:05:57 +0000 Subject: [PATCH] Todo: mettre au clair les droits du user dans les modules commercial, agenda et tiers --- htdocs/admin/menus/pre.inc.php | 2 +- htdocs/comm/action/fiche.php | 3 +- htdocs/docs/pre.inc.php | 2 +- htdocs/document.php | 48 +++++++++---------- .../menus/barre_top/eldy_backoffice.php | 4 +- .../includes/modules/modCommercial.class.php | 2 +- htdocs/lib/functions.lib.php | 5 +- htdocs/pre.inc.php | 2 +- 8 files changed, 36 insertions(+), 32 deletions(-) diff --git a/htdocs/admin/menus/pre.inc.php b/htdocs/admin/menus/pre.inc.php index 7487696566e..4d5cd0cb35c 100644 --- a/htdocs/admin/menus/pre.inc.php +++ b/htdocs/admin/menus/pre.inc.php @@ -50,7 +50,7 @@ function llxHeader($head = "") $menu->add_submenu(DOL_URL_ROOT."/contact/index.php",$langs->trans("Contacts")); } - if ($conf->commercial->enabled && $user->rights->commercial->lire) + if ($conf->commercial->enabled && $user->rights->commercial->main->lire) { $langs->load("commercial"); $menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial")); diff --git a/htdocs/comm/action/fiche.php b/htdocs/comm/action/fiche.php index 4e1a1c0ffcb..70a19fc2954 100644 --- a/htdocs/comm/action/fiche.php +++ b/htdocs/comm/action/fiche.php @@ -44,7 +44,8 @@ $langs->load("agenda"); $socid=isset($_GET['socid'])?$_GET['socid']:$_POST['socid']; $id = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'societe', $id, 'actioncomm', '', '', 'id'); +// TODO: revoir les droits car pas clair +//$result = restrictedArea($user, 'commercial', $id, 'actioncomm', 'actions', '', 'id'); if (isset($_GET["error"])) $error=$_GET["error"]; diff --git a/htdocs/docs/pre.inc.php b/htdocs/docs/pre.inc.php index 147f4c5602e..b85f5fb34aa 100644 --- a/htdocs/docs/pre.inc.php +++ b/htdocs/docs/pre.inc.php @@ -49,7 +49,7 @@ function llxHeader($head = "", $title="", $help_url='') $menu->add_submenu(DOL_URL_ROOT."/contact/index.php",$langs->trans("Contacts")); } - if ($conf->commercial->enabled && $user->rights->commercial->lire) + if ($conf->commercial->enabled && $user->rights->commercial->main->lire) { $langs->load("commercial"); $menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial")); diff --git a/htdocs/document.php b/htdocs/document.php index 0c5f5127f97..c09bc974686 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -271,49 +271,49 @@ if ($modulepart) // Wrapping pour les actions if ($modulepart == 'actions') { - $user->getrights('commercial'); - //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // Ce droit n'existe pas encore - //{ + $user->getrights('commercial'); + //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // TODO: revoir les droits car pas clair + //{ $accessallowed=1; - //} - $original_file=$conf->commercial->dir_actions.'/'.$original_file; + //} + $original_file=$conf->commercial->dir_actions.'/'.$original_file; //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; } // Wrapping pour les actions if ($modulepart == 'actionsreport') { - $user->getrights('commercial'); - //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // Ce droit n'existe pas encore - //{ + $user->getrights('commercial'); + //if ($user->rights->commercial->actions->lire || eregi('^specimen',$original_file)) // TODO: revoir les droits car pas clair + //{ $accessallowed=1; - //} - $original_file = $conf->commercial->dir_actions_temp."/".$original_file; + //} + $original_file = $conf->commercial->dir_actions_temp."/".$original_file; //$sqlprotectagainstexternals = "SELECT fk_soc as fk_soc FROM ".MAIN_DB_PREFIX."fichinter WHERE ref='$refname'"; - } + } // Wrapping pour les produits et services if ($modulepart == 'produit') { - $user->getrights('produit'); - //if ($user->rights->commercial->lire || eregi('^specimen',$original_file)) // Ce droit n'existe pas encore - //{ + $user->getrights('produit'); + if ($user->rights->produit->lire || eregi('^specimen',$original_file)) + { $accessallowed=1; - //} - $original_file=$conf->produit->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = ''; + } + $original_file=$conf->produit->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les produits et services if ($modulepart == 'contract') { - $user->getrights('contrat'); - if ($user->rights->contrat->lire || eregi('^specimen',$original_file)) // Ce droit n'existe pas encore - { - $accessallowed=1; - } - $original_file=$conf->contrat->dir_output.'/'.$original_file; - $sqlprotectagainstexternals = ''; + $user->getrights('contrat'); + if ($user->rights->contrat->lire || eregi('^specimen',$original_file)) + { + $accessallowed=1; + } + $original_file=$conf->contrat->dir_output.'/'.$original_file; + $sqlprotectagainstexternals = ''; } // Wrapping pour les documents generaux diff --git a/htdocs/includes/menus/barre_top/eldy_backoffice.php b/htdocs/includes/menus/barre_top/eldy_backoffice.php index 96c0541494e..fc4af571dc6 100644 --- a/htdocs/includes/menus/barre_top/eldy_backoffice.php +++ b/htdocs/includes/menus/barre_top/eldy_backoffice.php @@ -148,7 +148,7 @@ class MenuTop { if ($conf->ficheinter->enabled) $showcommercial=1; if ($showcommercial)*/ if ($conf->commercial->enabled) - { + { $langs->load("commercial"); $class=""; @@ -162,7 +162,7 @@ class MenuTop { } $idsel='id="commercial" '; - if($user->rights->societe->lire) + if($user->rights->societe->lire) { print 'atarget?" target=$this->atarget":"").'>'.$langs->trans("Commercial").''; } diff --git a/htdocs/includes/modules/modCommercial.class.php b/htdocs/includes/modules/modCommercial.class.php index e2784266d39..a88afea79c2 100644 --- a/htdocs/includes/modules/modCommercial.class.php +++ b/htdocs/includes/modules/modCommercial.class.php @@ -102,7 +102,7 @@ class modCommercial extends DolibarrModules $this->rights[$r][3] = 1; $this->rights[$r][4] = 'main'; $this->rights[$r][5] = 'lire'; - $r++; + } /** diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 014d9b3a0f4..672de58e24d 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1332,7 +1332,9 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', if ($dbt_select != 'rowid') $objectid = "'".$objectid."'"; - //print "$user->id, $feature, $objectid, $dbtablename, ".$user->rights->societe->contact->lire; + //print "user_id=".$user->id.", feature=".$feature.", feature2=".$feature2.", object_id=".$objectid; + //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_socfield.", dbt_select=".$dbt_select; + //print ", user_societe_contact_lire=".$user->rights->societe->contact->lire."
"; // Check read permission from module // TODO Replace "feature" param by permission for reading @@ -1371,6 +1373,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', if (empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) $readok=0; } + //print "Read access is down"; if (! $readok) accessforbidden(); //print "Read access is ok"; diff --git a/htdocs/pre.inc.php b/htdocs/pre.inc.php index 00c0f2ccbcb..7e88665c075 100644 --- a/htdocs/pre.inc.php +++ b/htdocs/pre.inc.php @@ -55,7 +55,7 @@ function llxHeader($head = '', $title='', $help_url='') $menu->add(DOL_URL_ROOT."/categories/index.php?type=0", $langs->trans("Categories")); } - if (! empty($conf->commercial->enabled) && isset($user->rights->commercial->lire) && $user->rights->commercial->lire) + if (! empty($conf->commercial->enabled) && isset($user->rights->commercial->main->lire) && $user->rights->commercial->main->lire) { $langs->load("commercial"); $menu->add(DOL_URL_ROOT."/comm/index.php",$langs->trans("Commercial"));