Debug v17
This commit is contained in:
Laurent Destailleur
parent
285a5e38f1
commit
97ccdc9207
@ -93,18 +93,18 @@ if (!empty($section)) {
|
||||
}
|
||||
|
||||
// Permissions
|
||||
$permtoadd = 0;
|
||||
$permtoupload = 0;
|
||||
$permissiontoadd = 0;
|
||||
$permissiontoupload = 0;
|
||||
if ($module == 'ecm') {
|
||||
$permtoadd = $user->rights->ecm->setup;
|
||||
$permtoupload = $user->rights->ecm->upload;
|
||||
$permissiontoadd = $user->rights->ecm->setup;
|
||||
$permissiontoupload = $user->rights->ecm->upload;
|
||||
}
|
||||
if ($module == 'medias') {
|
||||
$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
}
|
||||
|
||||
if (!$permtoadd) {
|
||||
if (!$permissiontoadd) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
@ -115,7 +115,7 @@ if (!$permtoadd) {
|
||||
*/
|
||||
|
||||
// Action ajout d'un produit ou service
|
||||
if ($action == 'add' && $permtoadd) {
|
||||
if ($action == 'add' && $permissiontoadd) {
|
||||
if ($cancel) {
|
||||
if (!empty($backtopage)) {
|
||||
header("Location: ".$backtopage);
|
||||
@ -189,7 +189,7 @@ if ($action == 'add' && $permtoadd) {
|
||||
exit;
|
||||
}
|
||||
}
|
||||
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) {
|
||||
} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontoadd) {
|
||||
// Deleting file
|
||||
$result = $ecmdir->delete($user);
|
||||
setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
|
||||
|
||||
@ -90,21 +90,21 @@ if ($module == 'ecm') {
|
||||
}
|
||||
|
||||
// Permissions
|
||||
$permtoread = 0;
|
||||
$permtoadd = 0;
|
||||
$permtoupload = 0;
|
||||
$permissiontoread = 0;
|
||||
$permissiontoadd = 0;
|
||||
$permissiontoupload = 0;
|
||||
if ($module == 'ecm') {
|
||||
$permtoread = $user->rights->ecm->read;
|
||||
$permtoadd = $user->rights->ecm->setup;
|
||||
$permtoupload = $user->rights->ecm->upload;
|
||||
$permissiontoread = $user->rights->ecm->read;
|
||||
$permissiontoadd = $user->rights->ecm->setup;
|
||||
$permissiontoupload = $user->rights->ecm->upload;
|
||||
}
|
||||
if ($module == 'medias') {
|
||||
$permtoread = ($user->rights->mailing->lire || $user->rights->website->read);
|
||||
$permtoadd = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permtoupload = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permissiontoread = ($user->rights->mailing->lire || $user->rights->website->read);
|
||||
$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
|
||||
}
|
||||
|
||||
if (!$permtoread) {
|
||||
if (!$permissiontoread) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
@ -114,7 +114,7 @@ if (!$permtoread) {
|
||||
*/
|
||||
|
||||
// Upload file
|
||||
if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) {
|
||||
if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontoupload) {
|
||||
if (dol_mkdir($upload_dir) >= 0) {
|
||||
$resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']);
|
||||
if (is_numeric($resupload) && $resupload > 0) {
|
||||
@ -139,7 +139,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload
|
||||
}
|
||||
|
||||
// Remove file
|
||||
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
|
||||
if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permissiontoupload) {
|
||||
$langs->load("other");
|
||||
$file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
|
||||
$ret = dol_delete_file($file);
|
||||
@ -153,7 +153,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) {
|
||||
}
|
||||
|
||||
// Remove dir
|
||||
if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
|
||||
if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permissiontoupload) {
|
||||
$backtourl = DOL_URL_ROOT."/ecm/index.php";
|
||||
if ($module == 'medias') {
|
||||
$backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1";
|
||||
@ -189,7 +189,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) {
|
||||
}
|
||||
|
||||
// Update dirname or description
|
||||
if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) {
|
||||
if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permissiontoadd) {
|
||||
$error = 0;
|
||||
|
||||
if ($module == 'ecm') {
|
||||
@ -454,17 +454,17 @@ print dol_get_fiche_end();
|
||||
if ($action != 'edit' && $action != 'delete' && $action != 'deletefile') {
|
||||
print '<div class="tabsAction">';
|
||||
|
||||
if ($permtoadd) {
|
||||
if ($permissiontoadd) {
|
||||
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?action=edit&token='.newToken().($module ? '&module='.$module : '').'§ion='.$section.'">'.$langs->trans('Edit').'</a>';
|
||||
}
|
||||
|
||||
if ($permtoadd) {
|
||||
if ($permissiontoadd) {
|
||||
print '<a class="butAction" href="'.DOL_URL_ROOT.'/ecm/dir_add_card.php?action=create&token='.newToken().($module ? '&module='.$module : '').'&catParent='.$section.'">'.$langs->trans('ECMAddSection').'</a>';
|
||||
} else {
|
||||
print '<a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("NotAllowed").'">'.$langs->trans('ECMAddSection').'</a>';
|
||||
}
|
||||
|
||||
print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'§ion='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permtoadd);
|
||||
print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'§ion='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permissiontoadd);
|
||||
|
||||
print '</div>';
|
||||
}
|
||||
|
||||
@ -103,11 +103,11 @@ if ($result < 0) {
|
||||
}
|
||||
|
||||
// Permissions
|
||||
$permtoread = $user->rights->ecm->read;
|
||||
$permtoadd = $user->rights->ecm->setup;
|
||||
$permtoupload = $user->rights->ecm->upload;
|
||||
$permissiontoread = $user->rights->ecm->read;
|
||||
$permissiontoadd = $user->rights->ecm->setup;
|
||||
$permissiontoupload = $user->rights->ecm->upload;
|
||||
|
||||
if (!$permtoread) {
|
||||
if (!$permissiontoread) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
@ -128,7 +128,7 @@ if ($cancel) {
|
||||
}
|
||||
|
||||
// Rename file
|
||||
if ($action == 'update' && $permtoadd) {
|
||||
if ($action == 'update' && $permissiontoadd) {
|
||||
$error = 0;
|
||||
|
||||
$oldlabel = GETPOST('urlfile', 'alpha');
|
||||
|
||||
@ -108,9 +108,9 @@ if ($result < 0) {
|
||||
|
||||
$permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php
|
||||
|
||||
$permtoread = $user->rights->ecm->read;
|
||||
$permissiontoread = $user->rights->ecm->read;
|
||||
|
||||
if (!$permtoread) {
|
||||
if (!$permissiontoread) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ if ($user->socid) {
|
||||
}
|
||||
$result = restrictedArea($user, 'ecm', 0);
|
||||
|
||||
$permtouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write'));
|
||||
$permissiontouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write'));
|
||||
$diroutput = $conf->medias->multidir_output[$conf->entity];
|
||||
|
||||
$relativepath = $section_dir;
|
||||
@ -98,7 +98,7 @@ $upload_dir = preg_replace('/\/$/', '', $diroutput).'/'.preg_replace('/^\//', ''
|
||||
|
||||
$websitekey = '';
|
||||
|
||||
$permissiontoadd = $permtouploadfile; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
|
||||
$permissiontoadd = $permissiontouploadfile; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles
|
||||
|
||||
|
||||
/*
|
||||
@ -123,7 +123,7 @@ if ($action == 'renamefile') { // Must be after include DOL_DOCUMENT_ROOT.'/core
|
||||
|
||||
|
||||
// Add directory
|
||||
if ($action == 'add' && $permtouploadfile) {
|
||||
if ($action == 'add' && $permissiontouploadfile) {
|
||||
$ecmdir->ref = 'NOTUSEDYET';
|
||||
$ecmdir->label = GETPOST("label");
|
||||
$ecmdir->description = GETPOST("desc");
|
||||
|
||||
@ -85,9 +85,9 @@ if (!empty($section)) {
|
||||
}
|
||||
}
|
||||
|
||||
$permtoread = $user->rights->ecm->read;
|
||||
$permissiontoread = $user->rights->ecm->read;
|
||||
|
||||
if (!$permtoread) {
|
||||
if (!$permissiontoread) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
|
||||
@ -42,18 +42,6 @@ if (empty($objectclass) || empty($uploaddir)) {
|
||||
exit;
|
||||
}
|
||||
|
||||
// For backward compatibility
|
||||
if (!empty($permtoread) && empty($permissiontoread)) {
|
||||
$permissiontoread = $permtoread;
|
||||
}
|
||||
if (!empty($permtocreate) && empty($permissiontoadd)) {
|
||||
$permissiontoadd = $permtocreate;
|
||||
}
|
||||
if (!empty($permtodelete) && empty($permissiontodelete)) {
|
||||
$permissiontodelete = $permtodelete;
|
||||
}
|
||||
|
||||
|
||||
// Mass actions. Controls on number of lines checked.
|
||||
$maxformassaction = (empty($conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS) ? 1000 : $conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS);
|
||||
if (!empty($massaction) && is_array($toselect) && count($toselect) < 1) {
|
||||
|
||||
@ -144,19 +144,30 @@ $arrayfields = dol_sort_array($arrayfields, 'position');
|
||||
// Security check
|
||||
if ($search_type == '0') {
|
||||
$result = restrictedArea($user, 'produit', '', '', '', '', '', 0);
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire;
|
||||
$permissiontodelete = $user->rights->produit->supprimer;
|
||||
} elseif ($search_type == '1') {
|
||||
$result = restrictedArea($user, 'service', '', '', '', '', '', 0);
|
||||
|
||||
$permissiontoread = $user->rights->service->lire;
|
||||
$permissiontodelete = $user->rights->service->supprimer;
|
||||
} else {
|
||||
$result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0);
|
||||
|
||||
$permissiontoread = $user->rights->produit->lire;
|
||||
$permissiontodelete = $user->rights->produit->supprimer;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
if (GETPOST('cancel', 'alpha')) {
|
||||
$action = 'list'; $massaction = '';
|
||||
$action = 'list';
|
||||
$massaction = '';
|
||||
}
|
||||
if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') {
|
||||
$massaction = '';
|
||||
@ -192,8 +203,6 @@ if (empty($reshook)) {
|
||||
$objectlabel = 'Products';
|
||||
}
|
||||
|
||||
$permtoread = $user->rights->produit->lire;
|
||||
$permtodelete = $user->rights->produit->supprimer;
|
||||
$uploaddir = $conf->product->dir_output;
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
|
||||
}
|
||||
|
||||
@ -235,8 +235,8 @@ if (empty($reshook)) {
|
||||
// Mass actions
|
||||
$objectclass = "CurrencyRate";
|
||||
$uploaddir = $conf->multicurrency->multidir_output; // define only because core/actions_massactions.inc.php want it
|
||||
$permtoread = $user->admin;
|
||||
$permtodelete = $user->admin;
|
||||
$permissiontoread = $user->admin;
|
||||
$permissiontodelete = $user->admin;
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user