diff --git a/README-FR.md b/README-FR.md index 81fdff13047..a67bf204076 100644 --- a/README-FR.md +++ b/README-FR.md @@ -8,12 +8,10 @@ Il est simple d'utilisation et modulaire, vous permettant de n'activez que les f ![ScreenShot](https://www.dolibarr.org/medias/dolibarr_screenshot1_1920x1080.jpg) - ## LICENCE Dolibarr est distribué sous les termes de la licence GNU General Public License v3+ ou supérieure. - ## INSTALLER DOLIBARR ### Configuration simple @@ -54,7 +52,6 @@ Vous pouvez aussi utiliser un serveur Web et une base de données prise en charg - Suivez les instructions de l'installateur - ## METTRE A JOUR DOLIBARR Pour mettre à jour Dolibarr depuis une vieille version vers celle ci: @@ -65,14 +62,12 @@ Pour mettre à jour Dolibarr depuis une vieille version vers celle ci: - Au prochain accès, Dolibarr proposera la page de "mise à jour" des données (si nécessaire). Si un fichier install.lock existe pour verrouiller le processus de mise à jour, il sera demandé de le supprimer manuellement (vous devriez trouver le fichier install.lock dans le répertoire utilisé pour stocker les documents générés ou transférés sur le serveur. Dans la plupart des cas, c'est le répertoire appelé "documents") -*Note: Le processus de migration peut être lancé manuellement et plusieurs fois, sans risque, en appelant la page /install/* - +Note: *Le processus de migration peut être lancé manuellement et plusieurs fois, sans risque, en appelant la page /install/* ## CE QUI EST NOUVEAU See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) file. - ## CE QUE DOLIBARR PEUT FAIRE ### Modules principaux (tous optionnels) @@ -122,7 +117,7 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Peux être multi-société par ajout du module externe multi-société. - Plusieurs thèmes visuels. - Application simple à utiliser. -- Requiert PHP et MariaDb, Mysql ou Postgresql (Voir versions exactes sur https://wiki.dolibarr.org/index.php/Prérequis). +- Requiert PHP et MariaDb, Mysql ou Postgresql (Voir versions exactes sur [https://wiki.dolibarr.org/index.php/Prérequis](https://wiki.dolibarr.org/index.php/Prérequis)). - Compatible avec toutes les offres Cloud du marché respectant les prérequis de base de données et PHP. - APIs. - Génération PDF et ODT des éléments (factures, propositions commerciales, commandes, bons expéditions, etc...) @@ -142,7 +137,6 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) Dolibarr peut aussi être étendu à volonté avec l'ajout de module/applications externes développées par des développeus tiers, disponible sur [DoliStore](https://www.dolistore.com). - ## CE QUE DOLIBARR NE PEUT PAS (ENCORE) FAIRE Voici un liste de fonctionnalités pas encore gérées par Dolibarr: @@ -152,18 +146,15 @@ Voici un liste de fonctionnalités pas encore gérées par Dolibarr: - Dolibarr n'embarque pas de Webmail intégré nativement. - Dolibarr ne fait pas le café (pas encore). - ## DOCUMENTATION La documentation utilisateur, développeur et traducteur est disponible sous forme de ressources de la communauté via le site [Wiki](https://wiki.dolibarr.org). - ## CONTRIBUER Ce projet existe grâce à ses nombreux contributeurs [[Contribuer](https://github.com/Dolibarr/dolibarr/blob/develop/.github/CONTRIBUTING.md)]. - - +[![Dolibarr](https://opencollective.com/dolibarr/contributors.svg?width=890&button=false)](https://github.com/Dolibarr/dolibarr/graphs/contributors) ## CREDITS @@ -171,7 +162,6 @@ Dolibarr est le résultat du travail de nombreux contributeurs depuis des année Voir le fichier [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/COPYRIGHT) - ## ACTUALITES ET RESEAUX SOCIAUX Suivez le projet Dolibarr project sur les réseaux francophones diff --git a/README.md b/README.md index 54fdf1e958b..b0f7a2c3761 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ You can use a web server and a supported database (MariaDB, MySQL or PostgreSQL) On GNU/Linux, first check if your distribution has already packaged Dolibarr. -#### Generic install steps: +#### Generic install steps - Check that your installed PHP version is supported [see PHP support](https://wiki.dolibarr.org/index.php/Releases). @@ -71,86 +71,87 @@ On GNU/Linux, first check if your distribution has already packaged Dolibarr. - Follow the installer instructions - ### Saas/Cloud setup -If you don't have time to install it yourself, you can try some commercial 'ready to use' Cloud offers (See https://saas.dolibarr.org). However, this third solution is not free. - +If you don't have time to install it yourself, you can try some commercial 'ready to use' Cloud offers (See [https://saas.dolibarr.org](https://saas.dolibarr.org)). However, this third solution is not free. ## UPGRADING Dolibarr supports upgrading, usually without the need for any (commercial) support (depending on if you use any commercial extensions). It supports upgrading all the way from any version after 2.8 without breakage. This is unique in the ERP ecosystem and a benefit our users highly appreciate! - + - At first make a backup of your Dolibarr files & then [see](https://wiki.dolibarr.org/index.php/Installation_-_Upgrade#Upgrade_Dolibarr) - Check that your installed PHP version is supported by the new version [see PHP support](./doc/phpmatrix.md). - Overwrite all old files from 'dolibarr' directory with files provided into the new version's package. - At first next access, Dolibarr will redirect you to the "install/" page to follow the upgrade process.  If an `install.lock` file exists to lock any other upgrade process, the application will ask you to remove the file manually (you should find the `install.lock` file in the directory used to store generated and uploaded documents, in most cases, it is the directory called "*documents*"). - ## WHAT'S NEW See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) file. - ## FEATURES ### Main application/modules (all optional) -- Third-Parties Management: Customers, Prospects (Leads) and/or Suppliers + Contacts -- Members/Membership/Foundation management +- Third-Parties Management: Customers, Prospects (Leads) and/or Suppliers + Contacts +- Members/Membership/Foundation management - Product Management -- Products and/or Services catalog -- Stock / Warehouse management + Inventory -- Barcodes -- Batches / Lots / Serials -- Product Variants + Product Management + +- Products and/or Services catalog +- Stock / Warehouse management + Inventory +- Barcodes +- Batches / Lots / Serials +- Product Variants - Bill of Materials (BOM) -- Manufacturing Orders +- Manufacturing Orders - Customer/Sales Management -- Customers/Prospects + Contacts management -- Opportunities or Leads management -- Commercial proposals management -- Customer Orders management -- Contracts/Subscription management -- Interventions management -- Ticket System -- Shipping management -- Customer Invoices/Credit notes and payment management -- Point of Sale (POS) + Customer/Sales Management - Supplier/Purchase Management -- Suppliers/Vendors + Contacts -- Supplier (price) requests -- Purchase Orders management -- Delivery/Receiption -- Supplier Invoices/credit notes and payment management -- INCOTERMS +- Customers/Prospects + Contacts management +- Opportunities or Leads management +- Commercial proposals management +- Customer Orders management +- Contracts/Subscription management +- Interventions management +- Ticket System +- Shipping management +- Customer Invoices/Credit notes and payment management +- Point of Sale (POS) - Finance / Accounting -- Invoices / Payments -- Bank accounts management -- Direct debit orders management (European SEPA) -- Accounting management -- Donations management -- Loan management -- Margins -- Reports + Supplier/Purchase Management - Collaboration -- Shared calendar/agenda (with ical and vcal export for third party tools integration) -- Projects & Tasks management -- Ticket System +- Suppliers/Vendors + Contacts +- Supplier (price) requests +- Purchase Orders management +- Delivery/Receiption +- Supplier Invoices/credit notes and payment management +- INCOTERMS + + Finance / Accounting + +- Invoices / Payments +- Bank accounts management +- Direct debit orders management (European SEPA) +- Accounting management +- Donations management +- Loan management +- Margins +- Reports + + Collaboration + +- Shared calendar/agenda (with ical and vcal export for third party tools integration) +- Projects & Tasks management +- Ticket System - Surveys - HR -- Employee's leave requests management -- Expense reports -- Recruitment management -- Timesheets + HR +- Employee's leave requests management +- Expense reports +- Recruitment management +- Timesheets ### Other application/modules @@ -171,7 +172,6 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) (around 100 modules available by default, 1000+ on the addon market place) - ### Other general features - Localization in most major languages @@ -190,27 +190,24 @@ See the [ChangeLog](https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog) - Canadian double taxes (federal/province) and other countries using cumulative VAT - Tunisian tax stamp - Argentina invoice numbering using A,B,C... - - Compatible with [European directives] (https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE) + - Compatible with [European directives](https://europa.eu/legislation_summaries/taxation/l31057_en.htm) (2006/112/CE ... 2010/45/UE) - Compatible with European GDPR rules - ... - Flexible PDF & ODT generation for invoices, proposals, orders... - ... - ### System Environment / Requirements - PHP -- MariaDB, MySQL or PostgreSQL +- MariaDB, MySQL or PostgreSQL - Compatible with all Cloud solutions that match PHP & MySQL or PostgreSQL prerequisites. See exact requirements on the [Wiki](https://wiki.dolibarr.org/index.php/Prerequisite) - ### Extending Dolibarr can be extended with a lot of other external application or modules from third party developers available at the [DoliStore](https://www.dolistore.com). - ## WHAT DOLIBARR CAN'T DO YET These are features that Dolibarr does **not** yet fully support: @@ -220,21 +217,18 @@ These are features that Dolibarr does **not** yet fully support: - No native embedded Webmail, but you can send email to contacts in Dolibarr with e.g. offers, invoices, etc. - Dolibarr can't do coffee (yet) - ## DOCUMENTATION Administrator, user, developer and translator's documentations are available along with other community resources in the [Wiki](https://wiki.dolibarr.org). - ## CONTRIBUTING -This project exists thanks to all the people who contribute. +This project exists thanks to all the people who contribute. Please read the instructions how to contribute (report a bug/error, a feature request, send code ...) [[Contribute](https://github.com/Dolibarr/dolibarr/blob/develop/.github/CONTRIBUTING.md)] A view on Contributors: - - +[![Dolibarr](https://opencollective.com/dolibarr/contributors.svg?width=890&button=false)](https://github.com/Dolibarr/dolibarr/graphs/contributors) ## CREDITS @@ -242,7 +236,6 @@ Dolibarr is the work of many contributors over the years and uses some fine PHP See [COPYRIGHT](https://github.com/Dolibarr/dolibarr/blob/develop/COPYRIGHT) file. - ## NEWS AND SOCIAL NETWORKS Follow Dolibarr project on: @@ -253,8 +246,6 @@ Follow Dolibarr project on: - [YouTube](https://www.youtube.com/user/DolibarrERPCRM) - [GitHub](https://github.com/Dolibarr/dolibarr) - ### Sponsors Support this project by becoming a sponsor. Your logo will show up here. 🙏 [[Become a sponsor/backer](https://opencollective.com/dolibarr#backer)] - diff --git a/htdocs/core/ajax/row.php b/htdocs/core/ajax/row.php index 52cc23faf8f..0b1106ca20a 100644 --- a/htdocs/core/ajax/row.php +++ b/htdocs/core/ajax/row.php @@ -99,7 +99,7 @@ if (GETPOST('roworder', 'alpha', 3) && GETPOST('table_element_line', 'aZ09', 3) $perm = 1; } elseif ($table_element_line == 'ecm_files' && $fk_element == 'fk_ticket' && !empty($user->rights->ticket->write)) { $perm = 1; - } elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && !empty($user->rights->produit->creer)) { + } elseif ($table_element_line == 'product_association' && $fk_element == 'fk_product' && (!empty($user->rights->produit->creer) || !empty($user->rights->service->creer))) { $perm = 1; } elseif ($table_element_line == 'projet_task' && $fk_element == 'fk_projet' && $user->rights->projet->creer) { $perm = 1; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index 084a4a4f25a..1c533f0e686 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -108,6 +108,10 @@ function getEntity($element, $shared = 1, $currentobject = null) { global $conf, $mc, $hookmanager, $object, $action; + if (! is_object($hookmanager)) { + $hookmanager = new HookManager($db); + } + // fix different element names (France to English) switch ($element) { case 'contrat': @@ -8151,16 +8155,20 @@ function dol_eval($s, $returnvalue = 0, $hideerrors = 1) return 'Bad string syntax to evaluate: '.$s; } - // We block using of php exec or php file functions - $forbiddenphpstrings = array("exec(", "passthru(", "shell_exec(", "system(", "proc_open(", "popen(", "eval(", "dol_eval(", "executeCLI("); - $forbiddenphpstrings = array_merge($forbiddenphpstrings, array("fopen(", "file_put_contents(", "fputs(", "fputscsv(", "fwrite(", "fpassthru(", "unlink(", "mkdir(", "rmdir(", "symlink(", "touch(", "umask(")); - $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('function(', '$$', 'call_user_func(')); + // We block use of php exec or php file functions + $forbiddenphpstrings = array('$$'); $forbiddenphpstrings = array_merge($forbiddenphpstrings, array('_ENV', '_SESSION', '_COOKIE', '_GET', '_POST', '_REQUEST')); - $forbiddenphpregex = 'global\s+\$'; + + $forbiddenphpfunctions = array("exec", "passthru", "shell_exec", "system", "proc_open", "popen", "eval", "dol_eval", "executeCLI"); + $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("fopen", "file_put_contents", "fputs", "fputscsv", "fwrite", "fpassthru", "unlink", "mkdir", "rmdir", "symlink", "touch", "umask")); + $forbiddenphpfunctions = array_merge($forbiddenphpfunctions, array("function", "call_user_func")); + + $forbiddenphpregex = 'global\s+\$|\b('.implode('|', $forbiddenphpfunctions).')\b'; + do { $oldstringtoclean = $s; $s = str_ireplace($forbiddenphpstrings, '__forbiddenstring__', $s); - $s = preg_replace('/'.$forbiddenphpregex.'/', '__forbiddenstring__', $s); + $s = preg_replace('/'.$forbiddenphpregex.'/i', '__forbiddenstring__', $s); //$s = preg_replace('/\$[a-zA-Z0-9_\->\$]+\(/i', '', $s); // Remove $function( call and $mycall->mymethod( } while ($oldstringtoclean != $s); diff --git a/htdocs/core/modules/modHRM.class.php b/htdocs/core/modules/modHRM.class.php index d6870244521..b13e5b6bbba 100644 --- a/htdocs/core/modules/modHRM.class.php +++ b/htdocs/core/modules/modHRM.class.php @@ -1,5 +1,5 @@ +/* Copyright (C) 2015-2021 Alexandre Spangaro * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -13,25 +13,27 @@ * * You should have received a copy of the GNU General Public License * along with this program. If not, see . + * or see https://www.gnu.org/ */ /** - * \file htdocs/core/modules/modHRM.class.php - * \ingroup HRM - * \brief Description and activation file for the module HRM + * \defgroup HRM Module hrm + * \file htdocs/core/modules/modHRM.class.php + * \ingroup HRM + * \brief Description and activation file for the module HRM */ include_once DOL_DOCUMENT_ROOT."/core/modules/DolibarrModules.class.php"; + /** - * Class to describe and activate the HRM module + * Description and activation class for module HRM */ class modHRM extends DolibarrModules { /** - * Constructor. - * Define names, constants, directories, boxes, permissions + * Constructor. Define names, constants, directories, boxes, permissions * - * @param DoliDB $db Database handler + * @param DoliDB $db Database handler */ public function __construct($db) { @@ -39,34 +41,27 @@ class modHRM extends DolibarrModules $this->db = $db; + // Id for module (must be unique). + // Use here a free id (See in Home -> System information -> Dolibarr for list of used modules id). $this->numero = 4000; + // Key text used to identify module (for permissions, menus, etc...) $this->rights_class = 'hrm'; + // Family can be 'crm','financial','hr','projects','products','ecm','technic','other' + // It is used to group modules in module setup page $this->family = "hr"; $this->module_position = '50'; // Module label (no space allowed), used if translation string 'ModuleXXXName' not found (where XXX is value of numeric property 'numero' of module) $this->name = preg_replace('/^mod/i', '', get_class($this)); - // Module description, used if translation string 'ModulehrmDesc' not found (hrm is name of module). - $this->description = "hrm Description product "; - // Used only if file README.md and README-LL.md not found. - $this->descriptionlong = "hrm Description long"; - - // Author - $this->editor_name = 'Editor name'; - $this->editor_url = 'https://www.example.com'; - - // Possible values for version are: 'development', 'experimental', 'dolibarr', 'dolibarr_deprecated' or a version string like 'x.y.z' - $this->version = '1.0'; - // Url to the file with your last numberversion of this module - //$this->url_last_version = 'http://www.example.com/versionmodule.txt'; - - // Key used in llx_const table to save module status enabled/disabled (where HRMTEST is value of property name of module in uppercase) + // Module description, used if translation string 'ModuleXXXDesc' not found (where XXX is value of numeric property 'numero' of module) + $this->description = "HRM"; + // Possible values for version are: 'development', 'experimental', 'dolibarr' or version + $this->version = 'development'; + // Key used in llx_const table to save module status enabled/disabled (where MYMODULE is value of property name of module in uppercase) $this->const_name = 'MAIN_MODULE_'.strtoupper($this->name); - // Name of image file used for this module. // If file is in theme/yourtheme/img directory under name object_pictovalue.png, use this->picto='pictovalue' // If file is in module/img directory under name object_pictovalue.png, use this->picto='pictovalue@module' - // To use a supported fa-xxx css style of font awesome, use this->picto='xxx' $this->picto = 'hrm'; // Define some features supported by module (triggers, login, substitutions, menus, css, etc...) @@ -110,32 +105,20 @@ class modHRM extends DolibarrModules $this->config_page_url = array("hrm.php"); // Dependencies - // A condition to hide module - $this->hidden = false; - // List of module class names as string that must be enabled if this module is enabled. Example: array('always1'=>'modModuleToEnable1','always2'=>'modModuleToEnable2', 'FR1'=>'modModuleToEnableFR'...) - $this->depends = array(); - $this->requiredby = array(); // List of module class names as string to disable if this one is disabled. Example: array('modModuleToDisable1', ...) - $this->conflictwith = array(); // List of module class names as string this module is in conflict with. Example: array('modModuleToDisable1', ...) - - // The language file dedicated to your module + $this->hidden = false; // A condition to hide module + $this->depends = array(); // List of module class names as string that must be enabled if this module is enabled + $this->requiredby = array(); // List of module ids to disable if this one is disabled + $this->conflictwith = array(); // List of module class names as string this module is in conflict with + $this->phpmin = array(5, 6); // Minimum version of PHP required by module + $this->need_dolibarr_version = array(11, 0); // Minimum version of Dolibarr required by module $this->langfiles = array("hrm"); - // Prerequisites - $this->phpmin = array(5, 6); // Minimum version of PHP required by module - $this->need_dolibarr_version = array(11, -3); // Minimum version of Dolibarr required by module - - // Messages at activation - $this->warnings_activation = array(); // Warning to show when we activate module. array('always'='text') or array('FR'='textfr','ES'='textes'...) - $this->warnings_activation_ext = array(); // Warning to show when we activate an external module. array('always'='text') or array('FR'='textfr','ES'='textes'...) - //$this->automatic_activation = array('FR'=>'HrmTestWasAutomaticallyActivatedBecauseOfYourCountryChoice'); - //$this->always_enabled = true; // If true, can't be disabled - // Constants - // List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 'current' or 'allentities', deleteonunactive) - // Example: $this->const=array(1 => array('HRMTEST_MYNEWCONST1', 'chaine', 'myvalue', 'This is a constant to add', 1), - // 2 => array('HRMTEST_MYNEWCONST2', 'chaine', 'myvalue', 'This is another constant to add', 0, 'current', 1) - // ); - $this->const = array(); + // Example: $this->const=array(0=>array('MYMODULE_MYNEWCONST1','chaine','myvalue','This is a constant to add',0), + // 1=>array('MYMODULE_MYNEWCONST2','chaine','myvalue','This is another constant to add',0) ); + // 2=>array('MAIN_MODULE_MYMODULE_NEEDSMARTY','chaine',1,'Constant to say module need smarty',0) + $this->const = array(); // List of particular constants to add when module is enabled (key, 'chaine', value, desc, visible, 0 or 'allentities') + $r = 0; if (!isset($conf->hrm) || !isset($conf->hrm->enabled)) { @@ -207,67 +190,78 @@ class modHRM extends DolibarrModules // ), ); - // Permissions provided by this module - $this->rights = array(); + + // Permissions + $this->rights = array(); // Permission array used by this module $r = 0; - // Add here entries to declare new permissions - /* BEGIN MODULEBUILDER PERMISSIONS */ // Skill / Job / Position - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('ReadSkillJobPosition'); // Permission label + $this->rights[$r][0] = 4010; // Permission id (must not be already used) + $this->rights[$r][1] = 'Read skill/job/position'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) $this->rights[$r][4] = 'all'; - $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->read) - $r++; - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('CreateUpdateSkillJobPosition'); // Permission label - $this->rights[$r][4] = 'all'; - $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write) - $r++; - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('DeleteSkillJobPosition'); // Permission label - $this->rights[$r][4] = 'all'; - $this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete) + $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->all->read) $r++; - //Eval - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('ReadEval'); // Permission label - $this->rights[$r][4] = 'evaluation'; - $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->read) + $this->rights[$r][0] = 4011; // Permission id (must not be already used) + $this->rights[$r][1] = 'Create/modify skill/job/position'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'all'; + $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->all->write) $r++; - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('CreateUpdateEval'); // Permission label - $this->rights[$r][4] = 'evaluation'; - $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write) + + $this->rights[$r][0] = 4012; // Permission id (must not be already used) + $this->rights[$r][1] = 'Delete skill/job/position'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'all'; + $this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->all->delete) $r++; - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('ValidateEval'); // Permission label + + // Evaluation + $this->rights[$r][0] = 4020; // Permission id (must not be already used) + $this->rights[$r][1] = 'Read evaluations'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) $this->rights[$r][4] = 'evaluation'; - $this->rights[$r][5] = 'validate'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->write) + $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->read) $r++; - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('DeleteEval'); // Permission label + + $this->rights[$r][0] = 4021; // Permission id (must not be already used) + $this->rights[$r][1] = 'Create/modify your own evaluation'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) $this->rights[$r][4] = 'evaluation'; - $this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete) + $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->write) + $r++; + + $this->rights[$r][0] = 4022; // Permission id (must not be already used) + $this->rights[$r][1] = 'Validate evaluation'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'evaluation_advance'; + $this->rights[$r][5] = 'validate'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->validate) + $r++; + + $this->rights[$r][0] = 4023; // Permission id (must not be already used) + $this->rights[$r][1] = 'Delete all evaluations'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'evaluation'; + $this->rights[$r][5] = 'delete'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->delete) $r++; // Comparison - $this->rights[$r][0] = $this->numero . sprintf("%02d", $r + 1); // Permission id (must not be already used) - $this->rights[$r][1] = $langs->trans('SeeComparisonMenu'); // Permission label - $this->rights[$r][4] = 'compare'; - $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->poste->delete) + $this->rights[$r][0] = 4030; // Permission id (must not be already used) + $this->rights[$r][1] = 'See comparison menu'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'compare_advance'; + $this->rights[$r][5] = 'read'; // In php code, permission will be checked by test if ($user->rights->hrm->compare_advance->read) $r++; } /** - * Function called when module is enabled. - * The init function add constants, boxes, permissions and menus - * (defined in constructor) into Dolibarr database. - * It also creates data directories + * Function called when module is enabled. + * The init function add constants, boxes, permissions and menus (defined in constructor) into Dolibarr database. + * It also creates data directories * - * @param string $options Enabling module ('', 'noboxes') - * @return int if OK, 0 if KO + * @param string $options Options when enabling module ('', 'newboxdefonly', 'noboxes') + * @return int 1 if OK, 0 if KO */ public function init($options = '') { diff --git a/htdocs/core/tpl/extrafields_view.tpl.php b/htdocs/core/tpl/extrafields_view.tpl.php index 199d9011cf6..b5656c89339 100644 --- a/htdocs/core/tpl/extrafields_view.tpl.php +++ b/htdocs/core/tpl/extrafields_view.tpl.php @@ -219,18 +219,18 @@ if (empty($reshook) && isset($extrafields->attributes[$object->table_element]['l // Convert date into timestamp format if (in_array($extrafields->attributes[$object->table_element]['type'][$tmpkeyextra], array('date'))) { - $datenotinstring = $object->array_options['options_'.$tmpkeyextra]; + $datenotinstring = empty($object->array_options['options_'.$tmpkeyextra]) ? '' : $object->array_options['options_'.$tmpkeyextra]; // print 'X'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.'x'; - if (!is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility + if (!empty($object->array_options['options_'.$tmpkeyextra]) && !is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility $datenotinstring = $db->jdate($datenotinstring); } //print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour'); $value = GETPOSTISSET("options_".$tmpkeyextra) ? dol_mktime(12, 0, 0, GETPOST("options_".$tmpkeyextra."month", 'int'), GETPOST("options_".$tmpkeyextra."day", 'int'), GETPOST("options_".$tmpkeyextra."year", 'int')) : $datenotinstring; } if (in_array($extrafields->attributes[$object->table_element]['type'][$tmpkeyextra], array('datetime'))) { - $datenotinstring = $object->array_options['options_'.$tmpkeyextra]; + $datenotinstring = empty($object->array_options['options_'.$tmpkeyextra]) ? '' : $object->array_options['options_'.$tmpkeyextra]; // print 'X'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.'x'; - if (!is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility + if (!empty($object->array_options['options_'.$tmpkeyextra]) && !is_numeric($object->array_options['options_'.$tmpkeyextra])) { // For backward compatibility $datenotinstring = $db->jdate($datenotinstring); } //print 'x'.$object->array_options['options_' . $tmpkeyextra].'-'.$datenotinstring.' - '.dol_print_date($datenotinstring, 'dayhour'); diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index b4bb54f3b1b..e84fb79c7e3 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -882,7 +882,7 @@ $object = new Holiday($db); $listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->trans("Afternoon")); -$title = $langs->trans('CPTitreMenu'); +$title = $langs->trans('Leave'); $help_url = 'EN:Module_Holiday'; llxHeader('', $title, $help_url); @@ -1088,7 +1088,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { print ''; print ''.$langs->trans("DescCP").''; print ''; - $doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('description', GETPOST('description', 'restricthtml'), '', 80, 'dolibarr_notes', 'In', 0, false, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, ROWS_3, '90%'); print $doleditor->Create(1); print ''; @@ -1158,7 +1158,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { setEventMessages($errors, null, 'errors'); } - // On vérifie si l'utilisateur à le droit de lire cette demande + // check if the user has the right to read this request if ($canread) { $head = holiday_prepare_head($object); @@ -1289,7 +1289,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { print ''; print ''.$langs->trans('DescCP').''; print ''; - $doleditor = new DolEditor('description', $object->description, '', 80, 'dolibarr_notes', 'In', 0, false, true, ROWS_3, '90%'); + $doleditor = new DolEditor('description', $object->description, '', 80, 'dolibarr_notes', 'In', 0, false, empty($conf->fckeditor->enabled) ? false : $conf->fckeditor->enabled, ROWS_3, '90%'); print $doleditor->Create(1); print ''; } @@ -1433,11 +1433,9 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { if (($action == 'edit' && $object->statut == Holiday::STATUS_DRAFT) || ($action == 'editvalidator')) { if ($action == 'edit' && $object->statut == Holiday::STATUS_DRAFT) { - print '
'; if ($cancreate && $object->statut == Holiday::STATUS_DRAFT) { - print ''; + print $form->buttonsSaveCancel(); } - print '
'; } print ''; @@ -1521,7 +1519,7 @@ if ((empty($id) && empty($ref)) || $action == 'create' || $action == 'add') { $action = 'presend'; } - if ($action != 'presend') { + if ($action != 'presend' && $action != 'edit') { print '
'; print ''; // ancre diff --git a/htdocs/holiday/document.php b/htdocs/holiday/document.php index 7dc086a113f..6986d75d630 100644 --- a/htdocs/holiday/document.php +++ b/htdocs/holiday/document.php @@ -137,8 +137,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php'; $form = new Form($db); $listhalfday = array('morning'=>$langs->trans("Morning"), "afternoon"=>$langs->trans("Afternoon")); - -$title = $langs->trans('InterventionCard'); +$title = $langs->trans("Leave").' - '.$langs->trans("Files"); llxHeader('', $title); @@ -347,12 +346,12 @@ if ($object->id) { print dol_get_fiche_end(); - - - $modulepart = 'holiday'; $permissiontoadd = $user->rights->holiday->write; $permtoedit = $user->rights->holiday->write; $param = '&id='.$object->id; + $relativepathwithnofile = $modulepart.'/'.dol_sanitizeFileName($object->ref).'/'; + $savingdocmask = dol_sanitizeFileName($object->ref).'-__file__'; + include DOL_DOCUMENT_ROOT.'/core/tpl/document_actions_post_headers.tpl.php'; } else { print $langs->trans("ErrorUnknown"); diff --git a/htdocs/holiday/info.php b/htdocs/holiday/info.php index 3ec95e61a52..5df3a5069de 100644 --- a/htdocs/holiday/info.php +++ b/htdocs/holiday/info.php @@ -78,7 +78,7 @@ $result = restrictedArea($user, 'holiday', $object->id, 'holiday'); $form = new Form($db); -$title = $langs->trans("Holiday")." - ".$langs->trans("Info"); +$title = $langs->trans("Leave")." - ".$langs->trans("Info"); $helpurl = ""; llxHeader("", $title, $helpurl); diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index d9099f567fa..508d56a46c5 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -961,6 +961,14 @@ Permission4001=See employees Permission4002=Create employees Permission4003=Delete employees Permission4004=Export employees +Permission4010=Read skill/job/position +Permission4011=Create/modify skill/job/position +Permission4012=Delete skill/job/position +Permission4020=Read evaluation +Permission4021=Create/modify evaluation +Permission4022=Validate evaluation +Permission4023=Delete evaluation +Permission4030=See comparison menu Permission10001=Read website content Permission10002=Create/modify website content (html and javascript content) Permission10003=Create/modify website content (dynamic php code). Dangerous, must be reserved to restricted developers. diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang index 7deee6a9d55..616619adb92 100644 --- a/htdocs/langs/en_US/companies.lang +++ b/htdocs/langs/en_US/companies.lang @@ -271,6 +271,12 @@ ProfId3RU=Prof Id 3 (KPP) ProfId4RU=Prof Id 4 (OKPO) ProfId5RU=- ProfId6RU=- +ProfId1UA=Prof Id 1 (EDRPOU) +ProfId2UA=Prof Id 2 (DRFO) +ProfId3UA=Prof Id 3 (INN) +ProfId4UA=Prof Id 4 (Certificate) +ProfId5UA=Prof Id 5 (RNOKPP) +ProfId6UA=Prof Id 6 (TRDPAU) ProfId1DZ=RC ProfId2DZ=Art. ProfId3DZ=NIF diff --git a/htdocs/langs/en_US/hrm.lang b/htdocs/langs/en_US/hrm.lang index 430124cecba..8724bb805a6 100644 --- a/htdocs/langs/en_US/hrm.lang +++ b/htdocs/langs/en_US/hrm.lang @@ -19,12 +19,9 @@ Employees=Employees Employee=Employee NewEmployee=New employee ListOfEmployees=List of employees -HrmSetup = Hrm setup -HrmSetupPage = Hrm setup page +HrmSetup=HRM module setup HRM_MAXRANK=Maximum rank for a skill HRM_DEFAULT_SKILL_DESCRIPTION=Default description of ranks when skill is created -HrmAbout = About Hrm -traduction_note=Translate deplacement=Shift DateEval=Evaluation date JobCard=Job card @@ -82,11 +79,3 @@ NoEval=No evaluation done for this employee HowManyUserWithThisMaxNote=Number of users with this rank HighestRank=Highest rank SkillComparison=Skill comparison -ReadSkillJobPosition=Read skills / jobs / positions -CreateUpdateSkillJobPosition=Create / update skills / jobs / positions -DeleteSkillJobPosition=Delete skills / jobs / positions -ReadEval=Read evaluations -CreateUpdateEval=Create / update evaluations -ValidateEval=Validate evaluations -DeleteEval=Delete evaluations -SeeComparisonMenu=Access skills comparison menu diff --git a/htdocs/takepos/index.php b/htdocs/takepos/index.php index 2c4da0515f1..8271103cfb6 100644 --- a/htdocs/takepos/index.php +++ b/htdocs/takepos/index.php @@ -1121,14 +1121,24 @@ if ($resql) { } $hookmanager->initHooks(array('takeposfrontend')); -$reshook = $hookmanager->executeHooks('ActionButtons'); -if (!empty($reshook)) { - if (is_array($reshook) && !isset($reshook['title'])) { - foreach ($reshook as $reshook) { - $menus[$r++] = $reshook; +$parameters = array('menus'=>$menus); +$reshook = $hookmanager->executeHooks('ActionButtons', $parameters); +if ($reshook == 0) { //add buttons + if (is_array($hookmanager->resArray) ) { + foreach ($hookmanager->resArray as $resArray) { + foreach ($resArray as $butmenu) { + $menus[$r++] = $butmenu; + } + } + } elseif ($reshook == 1) { + $r = 0; //replace buttons + if (is_array($hookmanager->resArray) ) { + foreach ($hookmanager->resArray as $resArray) { + foreach ($resArray as $butmenu) { + $menus[$r++] = $butmenu; + } + } } - } else { - $menus[$r++] = $reshook; } } diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 81eff830b49..fe091b0fe47 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -874,6 +874,10 @@ class SecurityTest extends PHPUnit\Framework\TestCase print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result); + $result=dol_eval('$a=exec ("ls")', 1, 1); + print "result = ".$result."\n"; + $this->assertContains('Bad string syntax to evaluate', $result); + $result=dol_eval('$a="test"; $$a;', 1, 0); print "result = ".$result."\n"; $this->assertContains('Bad string syntax to evaluate', $result);