lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix permission to close a proposal or order was not correctly used

Browse Source 
#13547
This commit is contained in:
Laurent Destailleur 2020-04-10 11:54:14 +02:00
parent a2a89637a2
commit 874cbcefc7
6 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/comm/propal/card.php
View File

@ -112,8 +112,9 @@ $hookmanager->initHooks(array('propalcard', 'globalcard'));
$usercanread = $user->rights->propal->lire;
$usercancreate = $user->rights->propal->creer;
$usercanclose = $user->rights->propal->cloturer;
$usercandelete = $user->rights->propal->supprimer;
$usercanclose = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->propal->propal_advance->close)));
$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->propal->propal_advance->validate)));
$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->propal->propal_advance->send);

3
htdocs/commande/card.php
View File

@ -100,8 +100,9 @@ $hookmanager->initHooks(array('ordercard', 'globalcard'));
$usercanread = $user->rights->commande->lire;
$usercancreate = $user->rights->commande->creer;
$usercanclose = $user->rights->commande->cloturer;
$usercandelete = $user->rights->commande->supprimer;
// Advanced permissions
$usercanclose = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->order_advance->close)));
$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->order_advance->validate)));
$usercancancel = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $usercancreate) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->order_advance->annuler)));
$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->commande->order_advance->send);

6
htdocs/commande/class/commande.class.php
View File

@ -752,8 +752,10 @@ class Commande extends CommonOrder
$error = 0;
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->order_advance->validate)))
$usercanclose = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->commande->order_advance->close)));
if ($usercanclose)
{
$this->db->begin();

19
htdocs/core/modules/modCommande.class.php
View File

@ -118,21 +118,21 @@ class modCommande extends DolibarrModules
$r++;
$this->rights[$r][0] = 81;
$this->rights[$r][1] = 'Lire les commandes clients';
$this->rights[$r][1] = 'Read sales orders';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'lire';
$r++;
$this->rights[$r][0] = 82;
$this->rights[$r][1] = 'Creer/modifier les commandes clients';
$this->rights[$r][1] = 'Creeat/modify sales orders';
$this->rights[$r][2] = 'w';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'creer';
$r++;
$this->rights[$r][0] = 84;
$this->rights[$r][1] = 'Valider les commandes clients';
$this->rights[$r][1] = 'Validate sales orders';
$this->rights[$r][2] = 'd';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'order_advance';
@ -140,7 +140,7 @@ class modCommande extends DolibarrModules
$r++;
$this->rights[$r][0] = 86;
$this->rights[$r][1] = 'Envoyer les commandes clients';
$this->rights[$r][1] = 'Send sale orders by email';
$this->rights[$r][2] = 'd';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'order_advance';
@ -148,14 +148,15 @@ class modCommande extends DolibarrModules
$r++;
$this->rights[$r][0] = 87;
$this->rights[$r][1] = 'Cloturer les commandes clients';
$this->rights[$r][1] = 'Close sale orders';
$this->rights[$r][2] = 'd';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'cloturer';
$this->rights[$r][4] = 'order_advance';
$this->rights[$r][5] = 'close';
$r++;
$this->rights[$r][0] = 88;
$this->rights[$r][1] = 'Annuler les commandes clients';
$this->rights[$r][1] = 'Cancel sale orders';
$this->rights[$r][2] = 'd';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'order_advance';
@ -163,14 +164,14 @@ class modCommande extends DolibarrModules
$r++;
$this->rights[$r][0] = 89;
$this->rights[$r][1] = 'Supprimer les commandes clients';
$this->rights[$r][1] = 'Delete sales orders';
$this->rights[$r][2] = 'd';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'supprimer';
$r++;
$this->rights[$r][0] = 1421;
$this->rights[$r][1] = 'Exporter les commandes clients et attributs';
$this->rights[$r][1] = 'Export sales orders and attributes';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 0;
$this->rights[$r][4] = 'commande';

3
htdocs/install/mysql/migration/11.0.0-12.0.0.sql
View File

@ -65,6 +65,9 @@ ALTER TABLE llx_website ADD COLUMN otherlang varchar(255);
ALTER TABLE llx_website_page ADD COLUMN author_alias varchar(64);
UPDATE llx_rights_def SET perms = 'order_advance', subperms = 'close' WHERE module = 'commande' AND perms = 'cloturer';
UPDATE llx_rights_def SET perms = 'propal_advance', subperms = 'close' WHERE module = 'propale' AND perms = 'cloturer';
ALTER TABLE llx_holiday_users DROP INDEX uk_holiday_users;
ALTER TABLE llx_holiday_users ADD UNIQUE INDEX uk_holiday_users(fk_user, fk_type);

7
htdocs/user/perms.php
View File

@ -187,7 +187,7 @@ foreach($modulesdir as $dir)
$db->commit();
// Lecture des droits utilisateurs
// Read permissions of user
$permsuser = array();
$sql = "SELECT DISTINCT ur.fk_id";
@ -247,7 +247,7 @@ else
/*
* Ecran ajout/suppression permission
* Part to add/remove permissions
*/
$linkback = '';
@ -292,7 +292,7 @@ print '<td>'.$langs->trans("Permissions").'</td>';
print '</tr>'."\n";
//print "xx".$conf->global->MAIN_USE_ADVANCED_PERMS;
$sql = "SELECT r.id, r.libelle as label, r.module, r.module_position";
$sql = "SELECT r.id, r.libelle as label, r.module, r.perms, r.subperms, r.module_position";
$sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
$sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous"
$sql.= " AND r.entity = " . $entity;
@ -368,6 +368,7 @@ if ($result)
print '</tr>'."\n";
}
print '<!-- '.$obj->module.'->'.$obj->perms.($obj->subperms ? '->'.$obj->subperms : '').' -->'."\n";
print '<tr class="oddeven">';
// Picto and label of module