diff --git a/htdocs/ecm/dir_add_card.php b/htdocs/ecm/dir_add_card.php index 3f20188db56..acdc6c2990a 100644 --- a/htdocs/ecm/dir_add_card.php +++ b/htdocs/ecm/dir_add_card.php @@ -93,18 +93,18 @@ if (!empty($section)) { } // Permissions -$permtoadd = 0; -$permtoupload = 0; +$permissiontoadd = 0; +$permissiontoupload = 0; if ($module == 'ecm') { - $permtoadd = $user->rights->ecm->setup; - $permtoupload = $user->rights->ecm->upload; + $permissiontoadd = $user->rights->ecm->setup; + $permissiontoupload = $user->rights->ecm->upload; } if ($module == 'medias') { - $permtoadd = ($user->rights->mailing->creer || $user->rights->website->write); - $permtoupload = ($user->rights->mailing->creer || $user->rights->website->write); + $permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write); + $permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write); } -if (!$permtoadd) { +if (!$permissiontoadd) { accessforbidden(); } @@ -115,7 +115,7 @@ if (!$permtoadd) { */ // Action ajout d'un produit ou service -if ($action == 'add' && $permtoadd) { +if ($action == 'add' && $permissiontoadd) { if ($cancel) { if (!empty($backtopage)) { header("Location: ".$backtopage); @@ -189,7 +189,7 @@ if ($action == 'add' && $permtoadd) { exit; } } -} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permtoadd) { +} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontoadd) { // Deleting file $result = $ecmdir->delete($user); setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs'); diff --git a/htdocs/ecm/dir_card.php b/htdocs/ecm/dir_card.php index adfd405790f..8be2511a0d7 100644 --- a/htdocs/ecm/dir_card.php +++ b/htdocs/ecm/dir_card.php @@ -90,21 +90,21 @@ if ($module == 'ecm') { } // Permissions -$permtoread = 0; -$permtoadd = 0; -$permtoupload = 0; +$permissiontoread = 0; +$permissiontoadd = 0; +$permissiontoupload = 0; if ($module == 'ecm') { - $permtoread = $user->rights->ecm->read; - $permtoadd = $user->rights->ecm->setup; - $permtoupload = $user->rights->ecm->upload; + $permissiontoread = $user->rights->ecm->read; + $permissiontoadd = $user->rights->ecm->setup; + $permissiontoupload = $user->rights->ecm->upload; } if ($module == 'medias') { - $permtoread = ($user->rights->mailing->lire || $user->rights->website->read); - $permtoadd = ($user->rights->mailing->creer || $user->rights->website->write); - $permtoupload = ($user->rights->mailing->creer || $user->rights->website->write); + $permissiontoread = ($user->rights->mailing->lire || $user->rights->website->read); + $permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write); + $permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write); } -if (!$permtoread) { +if (!$permissiontoread) { accessforbidden(); } @@ -114,7 +114,7 @@ if (!$permtoread) { */ // Upload file -if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload) { +if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontoupload) { if (dol_mkdir($upload_dir) >= 0) { $resupload = dol_move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir."/".dol_unescapefile($_FILES['userfile']['name']), 0, 0, $_FILES['userfile']['error']); if (is_numeric($resupload) && $resupload > 0) { @@ -139,7 +139,7 @@ if (GETPOST("sendit") && !empty($conf->global->MAIN_UPLOAD_DOC) && $permtoupload } // Remove file -if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) { +if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permissiontoupload) { $langs->load("other"); $file = $upload_dir."/".GETPOST('urlfile'); // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP). $ret = dol_delete_file($file); @@ -153,7 +153,7 @@ if ($action == 'confirm_deletefile' && $confirm == 'yes' && $permtoupload) { } // Remove dir -if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) { +if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permissiontoupload) { $backtourl = DOL_URL_ROOT."/ecm/index.php"; if ($module == 'medias') { $backtourl = DOL_URL_ROOT."/website/index.php?file_manager=1"; @@ -189,7 +189,7 @@ if ($action == 'confirm_deletedir' && $confirm == 'yes' && $permtoupload) { } // Update dirname or description -if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permtoadd) { +if ($action == 'update' && !GETPOST('cancel', 'alpha') && $permissiontoadd) { $error = 0; if ($module == 'ecm') { @@ -454,17 +454,17 @@ print dol_get_fiche_end(); if ($action != 'edit' && $action != 'delete' && $action != 'deletefile') { print '
'; - if ($permtoadd) { + if ($permissiontoadd) { print ''.$langs->trans('Edit').''; } - if ($permtoadd) { + if ($permissiontoadd) { print ''.$langs->trans('ECMAddSection').''; } else { print ''.$langs->trans('ECMAddSection').''; } - print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'§ion='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permtoadd); + print dolGetButtonAction($langs->trans('Delete'), '', 'delete', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete&token='.newToken().($module ? '&module='.urlencode($module) : '').'§ion='.urlencode($section).($backtopage ? '&backtopage='.urlencode($backtopage) : ''), '', $permissiontoadd); print '
'; } diff --git a/htdocs/ecm/file_card.php b/htdocs/ecm/file_card.php index 8202335fbc3..e1443974bf7 100644 --- a/htdocs/ecm/file_card.php +++ b/htdocs/ecm/file_card.php @@ -103,11 +103,11 @@ if ($result < 0) { } // Permissions -$permtoread = $user->rights->ecm->read; -$permtoadd = $user->rights->ecm->setup; -$permtoupload = $user->rights->ecm->upload; +$permissiontoread = $user->rights->ecm->read; +$permissiontoadd = $user->rights->ecm->setup; +$permissiontoupload = $user->rights->ecm->upload; -if (!$permtoread) { +if (!$permissiontoread) { accessforbidden(); } @@ -128,7 +128,7 @@ if ($cancel) { } // Rename file -if ($action == 'update' && $permtoadd) { +if ($action == 'update' && $permissiontoadd) { $error = 0; $oldlabel = GETPOST('urlfile', 'alpha'); diff --git a/htdocs/ecm/file_note.php b/htdocs/ecm/file_note.php index 07534dc5ae8..6804714757c 100644 --- a/htdocs/ecm/file_note.php +++ b/htdocs/ecm/file_note.php @@ -108,9 +108,9 @@ if ($result < 0) { $permissionnote = $user->rights->ecm->setup; // Used by the include of actions_setnotes.inc.php -$permtoread = $user->rights->ecm->read; +$permissiontoread = $user->rights->ecm->read; -if (!$permtoread) { +if (!$permissiontoread) { accessforbidden(); } diff --git a/htdocs/ecm/index_medias.php b/htdocs/ecm/index_medias.php index f5ad347bccf..99a0ac4bc09 100644 --- a/htdocs/ecm/index_medias.php +++ b/htdocs/ecm/index_medias.php @@ -90,7 +90,7 @@ if ($user->socid) { } $result = restrictedArea($user, 'ecm', 0); -$permtouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write')); +$permissiontouploadfile = ($user->hasRight('ecm', 'setup') || $user->hasRight('mailing', 'creer') || $user->hasRight('website', 'write')); $diroutput = $conf->medias->multidir_output[$conf->entity]; $relativepath = $section_dir; @@ -98,7 +98,7 @@ $upload_dir = preg_replace('/\/$/', '', $diroutput).'/'.preg_replace('/^\//', '' $websitekey = ''; -$permissiontoadd = $permtouploadfile; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles +$permissiontoadd = $permissiontouploadfile; // Used by the include of actions_addupdatedelete.inc.php and actions_linkedfiles /* @@ -123,7 +123,7 @@ if ($action == 'renamefile') { // Must be after include DOL_DOCUMENT_ROOT.'/core // Add directory -if ($action == 'add' && $permtouploadfile) { +if ($action == 'add' && $permissiontouploadfile) { $ecmdir->ref = 'NOTUSEDYET'; $ecmdir->label = GETPOST("label"); $ecmdir->description = GETPOST("desc"); diff --git a/htdocs/ecm/search.php b/htdocs/ecm/search.php index 4c45ec06403..e37a1ce88f3 100644 --- a/htdocs/ecm/search.php +++ b/htdocs/ecm/search.php @@ -85,9 +85,9 @@ if (!empty($section)) { } } -$permtoread = $user->rights->ecm->read; +$permissiontoread = $user->rights->ecm->read; -if (!$permtoread) { +if (!$permissiontoread) { accessforbidden(); } diff --git a/htdocs/eventorganization/core/actions_massactions_mail.inc.php b/htdocs/eventorganization/core/actions_massactions_mail.inc.php index a446c04ca9a..5398291e69f 100644 --- a/htdocs/eventorganization/core/actions_massactions_mail.inc.php +++ b/htdocs/eventorganization/core/actions_massactions_mail.inc.php @@ -42,18 +42,6 @@ if (empty($objectclass) || empty($uploaddir)) { exit; } -// For backward compatibility -if (!empty($permtoread) && empty($permissiontoread)) { - $permissiontoread = $permtoread; -} -if (!empty($permtocreate) && empty($permissiontoadd)) { - $permissiontoadd = $permtocreate; -} -if (!empty($permtodelete) && empty($permissiontodelete)) { - $permissiontodelete = $permtodelete; -} - - // Mass actions. Controls on number of lines checked. $maxformassaction = (empty($conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS) ? 1000 : $conf->global->MAIN_LIMIT_FOR_MASS_ACTIONS); if (!empty($massaction) && is_array($toselect) && count($toselect) < 1) { diff --git a/htdocs/intracommreport/list.php b/htdocs/intracommreport/list.php index 721ad15a2ce..7f0e896a447 100644 --- a/htdocs/intracommreport/list.php +++ b/htdocs/intracommreport/list.php @@ -144,19 +144,30 @@ $arrayfields = dol_sort_array($arrayfields, 'position'); // Security check if ($search_type == '0') { $result = restrictedArea($user, 'produit', '', '', '', '', '', 0); + + $permissiontoread = $user->rights->produit->lire; + $permissiontodelete = $user->rights->produit->supprimer; } elseif ($search_type == '1') { $result = restrictedArea($user, 'service', '', '', '', '', '', 0); + + $permissiontoread = $user->rights->service->lire; + $permissiontodelete = $user->rights->service->supprimer; } else { $result = restrictedArea($user, 'produit|service', '', '', '', '', '', 0); + + $permissiontoread = $user->rights->produit->lire; + $permissiontodelete = $user->rights->produit->supprimer; } + /* * Actions */ if (GETPOST('cancel', 'alpha')) { - $action = 'list'; $massaction = ''; + $action = 'list'; + $massaction = ''; } if (!GETPOST('confirmmassaction', 'alpha') && $massaction != 'presend' && $massaction != 'confirm_presend') { $massaction = ''; @@ -192,8 +203,6 @@ if (empty($reshook)) { $objectlabel = 'Products'; } - $permtoread = $user->rights->produit->lire; - $permtodelete = $user->rights->produit->supprimer; $uploaddir = $conf->product->dir_output; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; } diff --git a/htdocs/multicurrency/multicurrency_rate.php b/htdocs/multicurrency/multicurrency_rate.php index 7e9000909f1..03e5e09334a 100644 --- a/htdocs/multicurrency/multicurrency_rate.php +++ b/htdocs/multicurrency/multicurrency_rate.php @@ -235,8 +235,8 @@ if (empty($reshook)) { // Mass actions $objectclass = "CurrencyRate"; $uploaddir = $conf->multicurrency->multidir_output; // define only because core/actions_massactions.inc.php want it - $permtoread = $user->admin; - $permtodelete = $user->admin; + $permissiontoread = $user->admin; + $permissiontodelete = $user->admin; include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php'; }