lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of https://github.com/Dolibarr/dolibarr into new_element_tag_table

Browse Source
This commit is contained in:
Maxime Kohlhaas 2021-10-31 16:14:18 +01:00
commit 8dd7cb17b7
14 changed files with 210 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README-FR.md
View File

@ -8,12 +8,10 @@ Il est simple d'utilisation et modulaire, vous permettant de n'activez que les f
![ScreenShot](https://www.dolibarr.org/medias/dolibarr_screenshot1_1920x1080.jpg)
## LICENCE
Dolibarr est distribué sous les termes de la licence GNU General Public License v3+ ou supérieure.
## INSTALLER DOLIBARR
### Configuration simple
@ -54,7 +52,6 @@ Vous pouvez aussi utiliser un serveur Web et une base de données prise en charg
- Suivez les instructions de l'installateur
## METTRE A JOUR DOLIBARR
Pour mettre à jour Dolibarr depuis une vieille version vers celle ci:
@ -65,14 +62,12 @@ Pour mettre à jour Dolibarr depuis une vieille version vers celle ci:
- Au prochain accès, Dolibarr proposera la page de "mise à jour" des données (si nécessaire).
Si un fichier install.lock existe pour verrouiller le processus de mise à jour, il sera demandé de le supprimer manuellement (vous devriez trouver le fichier install.lock dans le répertoire utilisé pour stocker les documents générés ou transférés sur le serveur. Dans la plupart des cas, c'est le répertoire appelé "documents")
*Note: Le processus de migration peut être lancé manuellement et plusieurs fois, sans risque, en appelant la page /install/*
Note: *Le processus de migration peut être lancé manuellement et plusieurs fois, sans risque, en appelant la page /install/*
## CE QUI EST NOUVEAU
See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) file.
## CE QUE DOLIBARR PEUT FAIRE
### Modules principaux (tous optionnels)
@ -122,7 +117,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Peux être multi-société par ajout du module externe multi-société.
- Plusieurs thèmes visuels.
- Application simple à utiliser.
- Requiert PHP et MariaDb, Mysql ou Postgresql (Voir versions exactes sur https://wiki.dolibarr.org/index.php/Prérequis).
- Requiert PHP et MariaDb, Mysql ou Postgresql (Voir versions exactes sur [https://wiki.dolibarr.org/index.php/Prérequis](https://wiki.dolibarr.org/index.php/Prérequis)).
- Compatible avec toutes les offres Cloud du marché respectant les prérequis de base de données et PHP.
- APIs.
- Génération PDF et ODT des éléments (factures, propositions commerciales, commandes, bons expéditions, etc...)
@ -142,7 +137,6 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
Dolibarr peut aussi être étendu à volonté avec l'ajout de module/applications externes développées par des développeus tiers, disponible sur [DoliStore](https://www.dolistore.com).
## CE QUE DOLIBARR NE PEUT PAS (ENCORE) FAIRE
Voici un liste de fonctionnalités pas encore gérées par Dolibarr:
@ -152,18 +146,15 @@ Voici un liste de fonctionnalités pas encore gérées par Dolibarr:
- Dolibarr n'embarque pas de Webmail intégré nativement.
- Dolibarr ne fait pas le café (pas encore).
## DOCUMENTATION
La documentation utilisateur, développeur et traducteur est disponible sous forme de ressources de la communauté via le site [Wiki](https://wiki.dolibarr.org).
## CONTRIBUER
Ce projet existe grâce à ses nombreux contributeurs [[Contribuer](https://github.com/Dolibarr/dolibarr/blob/develop/.github/CONTRIBUTING.md)].
<a href="https://github.com/Dolibarr/dolibarr/graphs/contributors"><img src="https://opencollective.com/dolibarr/contributors.svg?width=890&button=false" /></a>
[![Dolibarr](https://opencollective.com/dolibarr/contributors.svg?width=890&button=false)](https://github.com/Dolibarr/dolibarr/graphs/contributors)
## CREDITS
@ -171,7 +162,6 @@ Dolibarr est le résultat du travail de nombreux contributeurs depuis des année
Voir le fichier [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/COPYRIGHT)
## ACTUALITES ET RESEAUX SOCIAUX
Suivez le projet Dolibarr project sur les réseaux francophones

123
README.md
View File

@ -43,7 +43,7 @@ You can use a web server and a supported database (MariaDB, MySQL or PostgreSQL)
On GNU/Linux, first check if your distribution has already packaged Dolibarr.
#### Generic install steps:
#### Generic install steps
- Check that your installed PHP version is supported [see PHP support](https://wiki.dolibarr.org/index.php/Releases).
@ -71,86 +71,87 @@ On GNU/Linux, first check if your distribution has already packaged Dolibarr.
- Follow the installer instructions
### Saas/Cloud setup
If you don't have time to install it yourself, you can try some commercial 'ready to use' Cloud offers (See https://saas.dolibarr.org). However, this third solution is not free.
If you don't have time to install it yourself, you can try some commercial 'ready to use' Cloud offers (See [https://saas.dolibarr.org](https://saas.dolibarr.org)). However, this third solution is not free.
## UPGRADING
Dolibarr supports upgrading, usually without the need for any (commercial) support (depending on if you use any commercial extensions). It supports upgrading all the way from any version after 2.8 without breakage. This is unique in the ERP ecosystem and a benefit our users highly appreciate!
- At first make a backup of your Dolibarr files & then [see](https://wiki.dolibarr.org/index.php/Installation_-_Upgrade#Upgrade_Dolibarr)
- Check that your installed PHP version is supported by the new version [see PHP support](./doc/phpmatrix.md).
- Overwrite all old files from 'dolibarr' directory with files provided into the new version's package.
- At first next access, Dolibarr will redirect you to the "install/" page to follow the upgrade process.
 If an `install.lock` file exists to lock any other upgrade process, the application will ask you to remove the file manually (you should find the `install.lock` file in the directory used to store generated and uploaded documents, in most cases, it is the directory called "*documents*").
## WHAT'S NEW
See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) file.
## FEATURES
### Main application/modules (all optional)
- Third-Parties Management: Customers, Prospects (Leads) and/or Suppliers + Contacts
- Members/Membership/Foundation management
- Third-Parties Management: Customers, Prospects (Leads) and/or Suppliers + Contacts
- Members/Membership/Foundation management
Product Management
- Products and/or Services catalog
- Stock / Warehouse management + Inventory
- Barcodes
- Batches / Lots / Serials
- Product Variants
Product Management
- Products and/or Services catalog
- Stock / Warehouse management + Inventory
- Barcodes
- Batches / Lots / Serials
- Product Variants
- Bill of Materials (BOM)
- Manufacturing Orders
- Manufacturing Orders
Customer/Sales Management
- Customers/Prospects + Contacts management
- Opportunities or Leads management
- Commercial proposals management
- Customer Orders management
- Contracts/Subscription management
- Interventions management
- Ticket System
- Shipping management
- Customer Invoices/Credit notes and payment management
- Point of Sale (POS)
Customer/Sales Management
Supplier/Purchase Management
- Suppliers/Vendors + Contacts
- Supplier (price) requests
- Purchase Orders management
- Delivery/Receiption
- Supplier Invoices/credit notes and payment management
- INCOTERMS
- Customers/Prospects + Contacts management
- Opportunities or Leads management
- Commercial proposals management
- Customer Orders management
- Contracts/Subscription management
- Interventions management
- Ticket System
- Shipping management
- Customer Invoices/Credit notes and payment management
- Point of Sale (POS)
Finance / Accounting
- Invoices / Payments
- Bank accounts management
- Direct debit orders management (European SEPA)
- Accounting management
- Donations management
- Loan management
- Margins
- Reports
Supplier/Purchase Management
Collaboration
- Shared calendar/agenda (with ical and vcal export for third party tools integration)
- Projects & Tasks management
- Ticket System
- Suppliers/Vendors + Contacts
- Supplier (price) requests
- Purchase Orders management
- Delivery/Receiption
- Supplier Invoices/credit notes and payment management
- INCOTERMS
Finance / Accounting
- Invoices / Payments
- Bank accounts management
- Direct debit orders management (European SEPA)
- Accounting management
- Donations management
- Loan management
- Margins
- Reports
Collaboration
- Shared calendar/agenda (with ical and vcal export for third party tools integration)
- Projects & Tasks management
- Ticket System
- Surveys
HR
- Employee's leave requests management
- Expense reports
- Recruitment management
- Timesheets
HR
- Employee's leave requests management
- Expense reports
- Recruitment management
- Timesheets
### Other application/modules
@ -171,7 +172,6 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
(around 100 modules available by default, 1000+ on the addon market place)
### Other general features
- Localization in most major languages
@ -190,27 +190,24 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog)
- Canadian double taxes (federal/province) and other countries using cumulative VAT
- Tunisian tax stamp
- Argentina invoice numbering using A,B,C...
- Compatible with [European directives] (https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with [European directives](https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE)
- Compatible with European GDPR rules
- ...
- Flexible PDF & ODT generation for invoices, proposals, orders...
- ...
### System Environment / Requirements
- PHP
- MariaDB, MySQL or PostgreSQL
- MariaDB, MySQL or PostgreSQL
- Compatible with all Cloud solutions that match PHP & MySQL or PostgreSQL prerequisites.
See exact requirements on the [Wiki](https://wiki.dolibarr.org/index.php/Prerequisite)
### Extending
Dolibarr can be extended with a lot of other external application or modules from third party developers available at the [DoliStore](https://www.dolistore.com).
## WHAT DOLIBARR CAN'T DO YET
These are features that Dolibarr does **not** yet fully support:
@ -220,21 +217,18 @@ These are features that Dolibarr does **not** yet fully support:
- No native embedded Webmail, but you can send email to contacts in Dolibarr with e.g. offers, invoices, etc.
- Dolibarr can't do coffee (yet)
## DOCUMENTATION
Administrator, user, developer and translator's documentations are available along with other community resources in the [Wiki](https://wiki.dolibarr.org).
## CONTRIBUTING
This project exists thanks to all the people who contribute.
This project exists thanks to all the people who contribute.
Please read the instructions how to contribute (report a bug/error, a feature request, send code ...) [[Contribute](https://github.com/Dolibarr/dolibarr/blob/develop/.github/CONTRIBUTING.md)]
A view on Contributors:
<a href="https://github.com/Dolibarr/dolibarr/graphs/contributors"><img src="https://opencollective.com/dolibarr/contributors.svg?width=890&button=false" /></a>
[![Dolibarr](https://opencollective.com/dolibarr/contributors.svg?width=890&button=false)](https://github.com/Dolibarr/dolibarr/graphs/contributors)
## CREDITS
@ -242,7 +236,6 @@ Dolibarr is the work of many contributors over the years and uses some fine PHP
See [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/COPYRIGHT) file.
## NEWS AND SOCIAL NETWORKS
Follow Dolibarr project on:
@ -253,8 +246,6 @@ Follow Dolibarr project on:
- [YouTube](https://www.youtube.com/user/DolibarrERPCRM)
- [GitHub](https://github.com/Dolibarr/dolibarr)
### Sponsors
Support this project by becoming a sponsor. Your logo will show up here. 🙏 [[Become a sponsor/backer](https://opencollective.com/dolibarr#backer)]

2
htdocs/core/ajax/row.php
View File

@ -99,7 +99,7 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3)
$perm = 1;
} elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_ticket' && !empty($user->rights->ticket->write)) {
$perm = 1;
} elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && !empty($user->rights->produit->creer)) {
} elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) {
$perm = 1;
} elseif ($table_element_line == 'projet_task' && $fk_element == 'fk_projet' && $user->rights->projet->creer) {
$perm = 1;

20
htdocs/core/lib/functions.lib.php
View File

@ -108,6 +108,10 @@ function getEntity($element, $shared = 1, $currentobject = null)
{
global $conf, $mc, $hookmanager, $object, $action;
if (! is_object($hookmanager)) {
$hookmanager = new HookManager($db);
}
// fix different element names (France to English)
switch ($element) {
case 'contrat':
@ -8151,16 +8155,20 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1)
return 'Bad string syntax to evaluate: '.$s;
}
// We block using of php exec or php file functions
$forbiddenphpstrings = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI(");
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask("));
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('function(', '$$', 'call_user_func('));
// We block use of php exec or php file functions
$forbiddenphpstrings = array('$$');
$forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST'));
$forbiddenphpregex = 'global\s+\$';
$forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI");
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask"));
$forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func"));
$forbiddenphpregex = 'global\s+\$|\b('.implode('|', $forbiddenphpfunctions).')\b';
do {
$oldstringtoclean = $s;
$s = str_ireplace($forbiddenphpstrings, '__forbiddenstring__', $s);
$s = preg_replace('/'.$forbiddenphpregex.'/', '__forbiddenstring__', $s);
$s = preg_replace('/'.$forbiddenphpregex.'/i', '__forbiddenstring__', $s);
//$s = preg_replace('/\$[a-zA-Z0-9_\->\$]+\(/i', '', $s); // Remove $function( call and $mycall->mymethod(
} while ($oldstringtoclean != $s);

174
htdocs/core/modules/modHRM.class.php
View File

@ -1,5 +1,5 @@
<?php
/* Copyright (C) 2015 Alexandre Spangaro <aspangaro@open-dsi.fr>
/* Copyright (C) 2015-2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -13,25 +13,27 @@
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
* or see https://www.gnu.org/
*/
/**
* \file htdocs/core/modules/modHRM.class.php
* \ingroup HRM
* \brief Description and activation file for the module HRM
* \defgroup HRM Module hrm
* \file htdocs/core/modules/modHRM.class.php
* \ingroup HRM
* \brief Description and activation file for the module HRM
*/
include_once DOL_DOCUMENT_ROOT."/core/modules/DolibarrModules.class.php";
/**
* Class to describe and activate the HRM module
* Description and activation class for module HRM
*/
class modHRM extends DolibarrModules
{
/**
* Constructor.
* Define names, constants, directories, boxes, permissions
* Constructor. Define names, constants, directories, boxes, permissions
*
* @param DoliDB $db Database handler
* @param DoliDB $db Database handler
*/
public function __construct($db)
{
@ -39,34 +41,27 @@ class modHRM extends DolibarrModules
$this->db = $db;
// Id for module (must be unique).
// Use here a free id (See in Home -> System information -> Dolibarr for list of used modules id).
$this->numero = 4000;
// Key text used to identify module (for permissions, menus, etc...)
$this->rights_class = 'hrm';
// Family can be 'crm','financial','hr','projects','products','ecm','technic','other'
// It is used to group modules in module setup page
$this->family = "hr";
$this->module_position = '50';
// Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module)
$this->name = preg_replace('/^mod/i', '', get_class($this));
// Module description, used if translation string 'ModulehrmDesc' not found (hrm is name of module).
$this->description = "hrm Description product ";
// Used only if file README.md and README-LL.md not found.
$this->descriptionlong = "hrm Description long";
// Author
$this->editor_name = 'Editor name';
$this->editor_url = 'https://www.example.com';
// Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z'
$this->version = '1.0';
// Url to the file with your last numberversion of this module
//$this->url_last_version = 'http://www.example.com/versionmodule.txt';
// Key used in llx_const table to save module status enabled/disabled (where HRMTEST is value of property name of module in uppercase)
// Module description, used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module)
$this->description = "HRM";
// Possible values for version are: 'development', 'experimental', 'dolibarr' or version
$this->version = 'development';
// Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase)
$this->const_name = 'MAIN_MODULE_'.strtoupper($this->name);
// Name of image file used for this module.
// If file is in theme/yourtheme/img directory under name object_pictovalue.png, use this->picto='pictovalue'
// If file is in module/img directory under name object_pictovalue.png, use this->picto='pictovalue@module'
// To use a supported fa-xxx css style of font awesome, use this->picto='xxx'
$this->picto = 'hrm';
// Define some features supported by module (triggers, login, substitutions, menus, css, etc...)
@ -110,32 +105,20 @@ class modHRM extends DolibarrModules
$this->config_page_url = array("hrm.php");
// Dependencies
// A condition to hide module
$this->hidden = false;
// List of module class names as string that must be enabled if this module is enabled. Example: array('always1'=>'modModuleToEnable1','always2'=>'modModuleToEnable2', 'FR1'=>'modModuleToEnableFR'...)
$this->depends = array();
$this->requiredby = array(); // List of module class names as string to disable if this one is disabled. Example: array('modModuleToDisable1', ...)
$this->conflictwith = array(); // List of module class names as string this module is in conflict with. Example: array('modModuleToDisable1', ...)
// The language file dedicated to your module
$this->hidden = false; // A condition to hide module
$this->depends = array(); // List of module class names as string that must be enabled if this module is enabled
$this->requiredby = array(); // List of module ids to disable if this one is disabled
$this->conflictwith = array(); // List of module class names as string this module is in conflict with
$this->phpmin = array(5, 6); // Minimum version of PHP required by module
$this->need_dolibarr_version = array(11, 0); // Minimum version of Dolibarr required by module
$this->langfiles = array("hrm");
// Prerequisites
$this->phpmin = array(5, 6); // Minimum version of PHP required by module
$this->need_dolibarr_version = array(11, -3); // Minimum version of Dolibarr required by module
// Messages at activation
$this->warnings_activation = array(); // Warning to show when we activate module. array('always'='text') or array('FR'='textfr','ES'='textes'...)
$this->warnings_activation_ext = array(); // Warning to show when we activate an external module. array('always'='text') or array('FR'='textfr','ES'='textes'...)
//$this->automatic_activation = array('FR'=>'HrmTestWasAutomaticallyActivatedBecauseOfYourCountryChoice');
//$this->always_enabled = true; // If true, can't be disabled
// Constants
// List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 'current' or 'allentities', deleteonunactive)
// Example: $this->const=array(1 => array('HRMTEST_MYNEWCONST1', 'chaine', 'myvalue', 'This is a constant to add', 1),
// 2 => array('HRMTEST_MYNEWCONST2', 'chaine', 'myvalue', 'This is another constant to add', 0, 'current', 1)
// );
$this->const = array();
// Example: $this->const=array(0=>array('MYMODULE_MYNEWCONST1','chaine','myvalue','This is a constant to add',0),
// 1=>array('MYMODULE_MYNEWCONST2','chaine','myvalue','This is another constant to add',0) );
// 2=>array('MAIN_MODULE_MYMODULE_NEEDSMARTY','chaine',1,'Constant to say module need smarty',0)
$this->const = array(); // List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 0 or 'allentities')
$r = 0;
if (!isset($conf->hrm) || !isset($conf->hrm->enabled)) {
@ -207,67 +190,78 @@ class modHRM extends DolibarrModules
// ),
);
// Permissions provided by this module
$this->rights = array();
// Permissions
$this->rights = array(); // Permission array used by this module
$r = 0;
// Add here entries to declare new permissions
/* BEGIN MODULEBUILDER PERMISSIONS */
// Skill / Job / Position
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('ReadSkillJobPosition'); // Permission label
$this->rights[$r][0] = 4010; // Permission id (must not be already used)
$this->rights[$r][1] = 'Read skill/job/position'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->read)
$r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('CreateUpdateSkillJobPosition'); // Permission label
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write)
$r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('DeleteSkillJobPosition'); // Permission label
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete)
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->all->read)
$r++;
//Eval
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('ReadEval'); // Permission label
$this->rights[$r][4] = 'evaluation';
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->read)
$this->rights[$r][0] = 4011; // Permission id (must not be already used)
$this->rights[$r][1] = 'Create/modify skill/job/position'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->all->write)
$r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('CreateUpdateEval'); // Permission label
$this->rights[$r][4] = 'evaluation';
$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write)
$this->rights[$r][0] = 4012; // Permission id (must not be already used)
$this->rights[$r][1] = 'Delete skill/job/position'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'all';
$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->all->delete)
$r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('ValidateEval'); // Permission label
// Evaluation
$this->rights[$r][0] = 4020; // Permission id (must not be already used)
$this->rights[$r][1] = 'Read evaluations'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'evaluation';
$this->rights[$r][5] = 'validate'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write)
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->read)
$r++;
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('DeleteEval'); // Permission label
$this->rights[$r][0] = 4021; // Permission id (must not be already used)
$this->rights[$r][1] = 'Create/modify your own evaluation'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'evaluation';
$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete)
$this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->write)
$r++;
$this->rights[$r][0] = 4022; // Permission id (must not be already used)
$this->rights[$r][1] = 'Validate evaluation'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'evaluation_advance';
$this->rights[$r][5] = 'validate'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->validate)
$r++;
$this->rights[$r][0] = 4023; // Permission id (must not be already used)
$this->rights[$r][1] = 'Delete all evaluations'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'evaluation';
$this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->delete)
$r++;
// Comparison
$this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used)
$this->rights[$r][1] = $langs->trans('SeeComparisonMenu'); // Permission label
$this->rights[$r][4] = 'compare';
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete)
$this->rights[$r][0] = 4030; // Permission id (must not be already used)
$this->rights[$r][1] = 'See comparison menu'; // Permission label
$this->rights[$r][3] = 0; // Permission by default for new user (0/1)
$this->rights[$r][4] = 'compare_advance';
$this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->compare_advance->read)
$r++;
}
/**
* Function called when module is enabled.
* The init function add constants, boxes, permissions and menus
* (defined in constructor) into Dolibarr database.
* It also creates data directories
* Function called when module is enabled.
* The init function add constants, boxes, permissions and menus (defined in constructor) into Dolibarr database.
* It also creates data directories
*
* @param string $options Enabling module ('', 'noboxes')
* @return int if OK, 0 if KO
* @param string $options Options when enabling module ('', 'newboxdefonly', 'noboxes')
* @return int 1 if OK, 0 if KO
*/
public function init($options = '')
{

8
htdocs/core/tpl/extrafields_view.tpl.php
View File

@ -219,18 +219,18 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l
// Convert date into timestamp format
if (in_array($extrafields->attributes[$object->table_element]['type'][$tmpkeyextra], array('date'))) {
$datenotinstring = $object->array_options['options_'.$tmpkeyextra];
$datenotinstring = empty($object->array_options['options_'.$tmpkeyextra]) ? '' : $object->array_options['options_'.$tmpkeyextra];
// print 'X'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.'x';
if (!is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility
if (!empty($object->array_options['options_'.$tmpkeyextra]) && !is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility
$datenotinstring = $db->jdate($datenotinstring);
}
//print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour');
$value = GETPOSTISSET("options_".$tmpkeyextra) ? dol_mktime(12, 0, 0, GETPOST("options_".$tmpkeyextra."month", 'int'), GETPOST("options_".$tmpkeyextra."day", 'int'), GETPOST("options_".$tmpkeyextra."year", 'int')) : $datenotinstring;
}
if (in_array($extrafields->attributes[$object->table_element]['type'][$tmpkeyextra], array('datetime'))) {
$datenotinstring = $object->array_options['options_'.$tmpkeyextra];
$datenotinstring = empty($object->array_options['options_'.$tmpkeyextra]) ? '' : $object->array_options['options_'.$tmpkeyextra];
// print 'X'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.'x';
if (!is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility
if (!empty($object->array_options['options_'.$tmpkeyextra]) && !is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility
$datenotinstring = $db->jdate($datenotinstring);
}
//print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour');

14
htdocs/holiday/card.php
View File

@ -882,7 +882,7 @@ $object = new Holiday($db);
$listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->trans("Afternoon"));
$title = $langs->trans('CPTitreMenu');
$title = $langs->trans('Leave');
$help_url = 'EN:Module_Holiday';
llxHeader('', $title, $help_url);
@ -1088,7 +1088,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
print '<tr>';
print '<td>'.$langs->trans("DescCP").'</td>';
print '<td class="tdtop">';
$doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td></tr>';
@ -1158,7 +1158,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
setEventMessages($errors, null, 'errors');
}
// On vérifie si l'utilisateur à le droit de lire cette demande
// check if the user has the right to read this request
if ($canread) {
$head = holiday_prepare_head($object);
@ -1289,7 +1289,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
print '<tr>';
print '<td>'.$langs->trans('DescCP').'</td>';
print '<td class="tdtop">';
$doleditor = new DolEditor('description', $object->description, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%');
$doleditor = new DolEditor('description', $object->description, '', 80, 'dolibarr_notes', 'In', 0, false, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, ROWS_3, '90%');
print $doleditor->Create(1);
print '</td></tr>';
}
@ -1433,11 +1433,9 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
if (($action == 'edit' && $object->statut == Holiday::STATUS_DRAFT) || ($action == 'editvalidator')) {
if ($action == 'edit' && $object->statut == Holiday::STATUS_DRAFT) {
print '<div class="center">';
if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) {
print '<input type="submit" value="'.$langs->trans("Save").'" class="button button-save">';
print $form->buttonsSaveCancel();
}
print '</div>';
}
print '</form>';
@ -1521,7 +1519,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') {
$action = 'presend';
}
if ($action != 'presend') {
if ($action != 'presend' && $action != 'edit') {
print '<div class="fichecenter"><div class="fichehalfleft">';
print '<a name="builddoc"></a>'; // ancre

9
htdocs/holiday/document.php
View File

@ -137,8 +137,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
$form = new Form($db);
$listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->trans("Afternoon"));
$title = $langs->trans('InterventionCard');
$title = $langs->trans("Leave").' - '.$langs->trans("Files");
llxHeader('', $title);
@ -347,12 +346,12 @@ if ($object->id) {
print dol_get_fiche_end();
$modulepart = 'holiday';
$permissiontoadd = $user->rights->holiday->write;
$permtoedit = $user->rights->holiday->write;
$param = '&id='.$object->id;
$relativepathwithnofile = $modulepart.'/'.dol_sanitizeFileName($object->ref).'/';
$savingdocmask = dol_sanitizeFileName($object->ref).'-__file__';
include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php';
} else {
print $langs->trans("ErrorUnknown");

2
htdocs/holiday/info.php
View File

@ -78,7 +78,7 @@ $result = restrictedArea($user, 'holiday', $object->id, 'holiday');
$form = new Form($db);
$title = $langs->trans("Holiday")." - ".$langs->trans("Info");
$title = $langs->trans("Leave")." - ".$langs->trans("Info");
$helpurl = "";
llxHeader("", $title, $helpurl);

8
htdocs/langs/en_US/admin.lang
View File

@ -961,6 +961,14 @@ Permission4001=See employees
Permission4002=Create employees
Permission4003=Delete employees
Permission4004=Export employees
Permission4010=Read skill/job/position
Permission4011=Create/modify skill/job/position
Permission4012=Delete skill/job/position
Permission4020=Read evaluation
Permission4021=Create/modify evaluation
Permission4022=Validate evaluation
Permission4023=Delete evaluation
Permission4030=See comparison menu
Permission10001=Read website content
Permission10002=Create/modify website content (html and javascript content)
Permission10003=Create/modify website content (dynamic php code). Dangerous, must be reserved to restricted developers.

6
htdocs/langs/en_US/companies.lang
View File

@ -271,6 +271,12 @@ ProfId3RU=Prof Id 3 (KPP)
ProfId4RU=Prof Id 4 (OKPO)
ProfId5RU=-
ProfId6RU=-
ProfId1UA=Prof Id 1 (EDRPOU)
ProfId2UA=Prof Id 2 (DRFO)
ProfId3UA=Prof Id 3 (INN)
ProfId4UA=Prof Id 4 (Certificate)
ProfId5UA=Prof Id 5 (RNOKPP)
ProfId6UA=Prof Id 6 (TRDPAU)
ProfId1DZ=RC
ProfId2DZ=Art.
ProfId3DZ=NIF

13
htdocs/langs/en_US/hrm.lang
View File

@ -19,12 +19,9 @@ Employees=Employees
Employee=Employee
NewEmployee=New employee
ListOfEmployees=List of employees
HrmSetup = Hrm setup
HrmSetupPage = Hrm setup page
HrmSetup=HRM module setup
HRM_MAXRANK=Maximum rank for a skill
HRM_DEFAULT_SKILL_DESCRIPTION=Default description of ranks when skill is created
HrmAbout = About Hrm
traduction_note=Translate
deplacement=Shift
DateEval=Evaluation date
JobCard=Job card
@ -82,11 +79,3 @@ NoEval=No evaluation done for this employee
HowManyUserWithThisMaxNote=Number of users with this rank
HighestRank=Highest rank
SkillComparison=Skill comparison
ReadSkillJobPosition=Read skills / jobs / positions
CreateUpdateSkillJobPosition=Create / update skills / jobs / positions
DeleteSkillJobPosition=Delete skills / jobs / positions
ReadEval=Read evaluations
CreateUpdateEval=Create / update evaluations
ValidateEval=Validate evaluations
DeleteEval=Delete evaluations
SeeComparisonMenu=Access skills comparison menu

24
htdocs/takepos/index.php
View File

@ -1121,14 +1121,24 @@ if ($resql) {
}
$hookmanager->initHooks(array('takeposfrontend'));
$reshook = $hookmanager->executeHooks('ActionButtons');
if (!empty($reshook)) {
if (is_array($reshook) && !isset($reshook['title'])) {
foreach ($reshook as $reshook) {
$menus[$r++] = $reshook;
$parameters = array('menus'=>$menus);
$reshook = $hookmanager->executeHooks('ActionButtons', $parameters);
if ($reshook == 0) { //add buttons
if (is_array($hookmanager->resArray) ) {
foreach ($hookmanager->resArray as $resArray) {
foreach ($resArray as $butmenu) {
$menus[$r++] = $butmenu;
}
}
} elseif ($reshook == 1) {
$r = 0; //replace buttons
if (is_array($hookmanager->resArray) ) {
foreach ($hookmanager->resArray as $resArray) {
foreach ($resArray as $butmenu) {
$menus[$r++] = $butmenu;
}
}
}
} else {
$menus[$r++] = $reshook;
}
}

4
test/phpunit/SecurityTest.php
View File

@ -874,6 +874,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase
print "result = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a=exec ("ls")', 1, 1);
print "result = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);
$result=dol_eval('$a="test"; $$a;', 1, 0);
print "result = ".$result."\n";
$this->assertContains('Bad string syntax to evaluate', $result);