diff --git a/htdocs/core/modules/modHRM.class.php b/htdocs/core/modules/modHRM.class.php index 7df3bcc6dcf..b35c8736fd8 100644 --- a/htdocs/core/modules/modHRM.class.php +++ b/htdocs/core/modules/modHRM.class.php @@ -265,6 +265,14 @@ class modHRM extends DolibarrModules $this->rights[$r][4] = 'write_personal_information'; $this->rights[$r][5] = 'write'; // In php code, permission will be checked by test if ($user->rights->hrm->write_personal_information->write) $r++; + + // Evaluation + $this->rights[$r][0] = 4033; // Permission id (must not be already used) + $this->rights[$r][1] = 'Read all evaluations'; // Permission label + $this->rights[$r][3] = 0; // Permission by default for new user (0/1) + $this->rights[$r][4] = 'evaluation'; + $this->rights[$r][5] = 'readall'; // In php code, permission will be checked by test if ($user->rights->hrm->evaluation->read) + $r++; } /** diff --git a/htdocs/hrm/class/evaluation.class.php b/htdocs/hrm/class/evaluation.class.php index 77403631725..5dfab9b9b10 100644 --- a/htdocs/hrm/class/evaluation.class.php +++ b/htdocs/hrm/class/evaluation.class.php @@ -118,7 +118,7 @@ class Evaluation extends CommonObject 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'enabled'=>'1', 'position'=>1000, 'notnull'=>-1, 'visible'=>-2,), 'status' => array('type'=>'smallint', 'label'=>'Status', 'enabled'=>'1', 'position'=>1000, 'notnull'=>1, 'default'=>0, 'visible'=>5, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Validated', '6' => 'Closed'),), 'date_eval' => array('type'=>'date', 'label'=>'DateEval', 'enabled'=>'1', 'position'=>502, 'notnull'=>1, 'visible'=>1,), - 'fk_user' => array('type'=>'integer:User:user/class/user.class.php', 'label'=>'User', 'enabled'=>'1', 'position'=>504, 'notnull'=>1, 'visible'=>1,), + 'fk_user' => array('type'=>'integer:User:user/class/user.class.php:0', 'label'=>'User', 'enabled'=>'1', 'position'=>504, 'notnull'=>1, 'visible'=>1,), 'fk_job' => array('type'=>'integer:Job:/hrm/class/job.class.php', 'label'=>'Job', 'enabled'=>'1', 'position'=>505, 'notnull'=>1, 'visible'=>1,), ); public $rowid; @@ -182,7 +182,7 @@ class Evaluation extends CommonObject */ public function __construct(DoliDB $db) { - global $conf, $langs; + global $conf, $langs, $user; $this->db = $db; @@ -193,6 +193,8 @@ class Evaluation extends CommonObject $this->fields['entity']['enabled'] = 0; } + if(empty($user->rights->hrm->evaluation->readall)) $this->fields['fk_user']['type'].= ':rowid IN('.implode(", ", $user->getAllChildIds(1)).')'; + $this->date_eval = dol_now(); // Unset fields that are disabled diff --git a/htdocs/hrm/evaluation_card.php b/htdocs/hrm/evaluation_card.php index 9c73d8c99b6..80110a3e8a0 100644 --- a/htdocs/hrm/evaluation_card.php +++ b/htdocs/hrm/evaluation_card.php @@ -82,7 +82,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ $permissiontoread = $user->rights->hrm->evaluation->read; $permissiontoadd = $user->rights->hrm->evaluation->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php -$permissiontovalidate = $user->rights->hrm->evaluation_advance->validate; +$permissiontovalidate = (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $user->rights->hrm->evaluation_advance->validate) || (empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $permissiontoadd); $permissiontoClose = $user->rights->hrm->evaluation->write; $permissiontodelete = $user->rights->hrm->evaluation->delete/* || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT)*/; $permissiondellink = $user->rights->hrm->evaluation->write; // Used by the include of actions_dellink.inc.php diff --git a/htdocs/hrm/evaluation_list.php b/htdocs/hrm/evaluation_list.php index cc584b2e8d4..fb940b9dbb9 100644 --- a/htdocs/hrm/evaluation_list.php +++ b/htdocs/hrm/evaluation_list.php @@ -131,6 +131,7 @@ $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); $permissiontoread = $user->rights->hrm->evaluation->read; +$permissiontoreadall = $user->rights->hrm->evaluation->readall; $permissiontoadd = $user->rights->hrm->evaluation->write; $permissiontodelete = $user->rights->hrm->evaluation->delete; @@ -146,7 +147,7 @@ if ($user->socid > 0) accessforbidden(); //$isdraft = (($object->status == $object::STATUS_DRAFT) ? 1 : 0); //restrictedArea($user, $object->element, $object->id, $object->table_element, '', 'fk_soc', 'rowid', $isdraft); //if (empty($conf->hrm->enabled)) accessforbidden(); -//if (!$permissiontoread) accessforbidden(); +if (!$permissiontoread) accessforbidden(); @@ -273,6 +274,11 @@ foreach ($search as $key => $val) { if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); } + +if(empty($permissiontoreadall)) { + $sql.= " AND t.fk_user IN(".implode(", ", $user->getAllChildIds(1)).") "; +} + //$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear); // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 7dd27ff29ab..f53323759d8 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -969,13 +969,14 @@ Permission3301=Generate new modules Permission4001=Read skill/job/position Permission4002=Create/modify skill/job/position Permission4003=Delete skill/job/position -Permission4020=Read evaluations -Permission4021=Create/modify your evaluation -Permission4022=Validate evaluation -Permission4023=Delete evaluation -Permission4030=See comparison menu +Permission4021=Read evaluations (yours and your subordinates) +Permission4022=Create/modify evaluations +Permission4023=Validate evaluation +Permission4025=Delete evaluation +Permission4028=See comparison menu Permission4031=Read personal information Permission4032=Write personal information +Permission4033=Read all evaluations (even those of user not subordinates) Permission10001=Read website content Permission10002=Create/modify website content (html and javascript content) Permission10003=Create/modify website content (dynamic php code). Dangerous, must be reserved to restricted developers. @@ -2280,4 +2281,4 @@ INVOICE_ADD_SWISS_QR_CODE=Show the swiss QR-Bill code on invoices UrlSocialNetworksDesc=Url link of social network. Use {socialid} for the variable part that contains the social network ID. IfThisCategoryIsChildOfAnother=If this category is a child of another one NoName=No name -CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: \ No newline at end of file +CIDLookupURL=The module brings an URL that can be used by an external tool to get the name of a thirdparty or contact from its phone number. URL to use is: diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index ed427b72ff1..91b925bd4f7 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -971,13 +971,14 @@ Permission3301=Générer de nouveaux modules Permission4001=Lire compétence/emploi/poste Permission4002=Créer/modifier une compétence/un emploi/un poste Permission4003=Supprimer compétence/emploi/poste -Permission4020=Lire les évaluations -Permission4021=Créer/modifier votre évaluation -Permission4022=Valider l'évaluation -Permission4023=Supprimer l'évaluation -Permission4030=Voir menu de comparaison +Permission4021=Lire les évaluations (les vôtres et celles de vos subordonnés) +Permission4022=Créer/modifier les évaluations +Permission4023=Valider l'évaluation +Permission4025=Supprimer l'évaluation +Permission4028=Voir menu de comparaison Permission4031=Lire les informations personnelles Permission4032=Ecrire les informations personnelles +Permission4033=Lire toutes les évaluations (même celles des utilisateurs non subordonnés) Permission10001=Lire le contenu du site Permission10002=Créer/modifier le contenu du site Web (contenu HTML et JavaScript) Permission10003=Créer/modifier le contenu du site Web (code php dynamique). Dangereux, doit être réservé à un nombre restreint de développeurs.