lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: Si on a droit de modifier mot de passe on ne doit pas pour autant avoir droit de modifier autre info

Browse Source
This commit is contained in:
Laurent Destailleur 2006-06-13 22:50:36 +00:00
parent c509647ccb
commit 9f942f06eb
1 changed files with 94 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
htdocs/user/fiche.php
View File

@ -34,18 +34,24 @@ require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/contact.class.php"); require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
// Defini si peux lire/modifier utilisateurs et permisssions // Defini si peux lire/modifier permisssions
$canadduser=($user->admin || $user->rights->user->user->creer);
$canreadperms=($user->admin || $user->rights->user->user->lire); $canreadperms=($user->admin || $user->rights->user->user->lire);
$caneditperms=($user->admin || $user->rights->user->user->creer); $caneditperms=($user->admin || $user->rights->user->user->creer);
$candisableperms=($user->admin || $user->rights->user->user->supprimer); $candisableperms=($user->admin || $user->rights->user->user->supprimer);
$caneditselfperms=($user->rights->user->self->supprimer); // Defini si peux lire/modifier fiche ou mot de passe
if ($_GET["id"])
if ($user->id <> $_GET["id"])
{ {
if (! $canreadperms) $caneditfield=( (($user->id == $_GET["id"]) && $user->rights->user->self->creer)
{ || (($user->id != $_GET["id"]) && $user->rights->user->user->creer) );
accessforbidden();
} $caneditpassword=( (($user->id == $_GET["id"]) && $user->rights->user->self->password)
|| (($user->id != $_GET["id"]) && $user->rights->user->user->password) );
}
if ($user->id <> $_GET["id"] && ! $canreadperms)
{
accessforbidden();
} }
$langs->load("users"); $langs->load("users");
@ -97,7 +103,7 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
} }
// Action ajout user // Action ajout user
if ($_POST["action"] == 'add' && $caneditperms) if ($_POST["action"] == 'add' && $canadduser)
{ {
$message=""; $message="";
if (! $_POST["nom"]) { if (! $_POST["nom"]) {
@ -111,7 +117,7 @@ if ($_POST["action"] == 'add' && $caneditperms)
if (! $message) if (! $message)
{ {
$edituser = new User($db,0); $edituser = new User($db);
$edituser->nom = trim($_POST["nom"]); $edituser->nom = trim($_POST["nom"]);
$edituser->prenom = trim($_POST["prenom"]); $edituser->prenom = trim($_POST["prenom"]);
@ -154,7 +160,7 @@ if ($_POST["action"] == 'add' && $caneditperms)
} }
// Action ajout groupe utilisateur // Action ajout groupe utilisateur
if ($_POST["action"] == 'addgroup' && $caneditperms) if ($_POST["action"] == 'addgroup' && $caneditfield)
{ {
if ($_POST["group"]) if ($_POST["group"])
{ {
@ -166,7 +172,7 @@ if ($_POST["action"] == 'addgroup' && $caneditperms)
} }
} }
if ($_GET["action"] == 'removegroup' && $caneditperms) if ($_GET["action"] == 'removegroup' && $caneditfield)
{ {
if ($_GET["group"]) if ($_GET["group"])
{ {
@ -178,7 +184,7 @@ if ($_GET["action"] == 'removegroup' && $caneditperms)
} }
} }
if ($_POST["action"] == 'update' && ($caneditperms || $caneditselfperms)) if ($_POST["action"] == 'update' && $caneditfield)
{ {
$message=""; $message="";
@ -187,17 +193,17 @@ if ($_POST["action"] == 'update' && ($caneditperms || $caneditselfperms))
$edituser = new User($db, $_GET["id"]); $edituser = new User($db, $_GET["id"]);
$edituser->fetch(); $edituser->fetch();
$edituser->nom = $_POST["nom"]; $edituser->nom = trim($_POST["nom"]);
$edituser->prenom = $_POST["prenom"]; $edituser->prenom = trim($_POST["prenom"]);
$edituser->login = $_POST["login"]; $edituser->login = trim($_POST["login"]);
$edituser->pass = $_POST["pass"]; $edituser->pass = trim($_POST["pass"]);
$edituser->admin = $_POST["admin"]; $edituser->admin = trim($_POST["admin"]);
$edituser->office_phone = $_POST["office_phone"]; $edituser->office_phone = trim($_POST["office_phone"]);
$edituser->office_fax = $_POST["office_fax"]; $edituser->office_fax = trim($_POST["office_fax"]);
$edituser->user_mobile = $_POST["user_mobile"]; $edituser->user_mobile = trim($_POST["user_mobile"]);
$edituser->email = $_POST["email"]; $edituser->email = trim($_POST["email"]);
$edituser->note = $_POST["note"]; $edituser->note = trim($_POST["note"]);
$edituser->webcal_login = $_POST["webcal_login"]; $edituser->webcal_login = trim($_POST["webcal_login"]);
$ret=$edituser->update(); $ret=$edituser->update();
if ($ret < 0) if ($ret < 0)
@ -250,7 +256,11 @@ if ($_POST["action"] == 'update' && ($caneditperms || $caneditselfperms))
// Action modif mot de passe // Action modif mot de passe
if ((($_POST["action"] == 'confirm_password' && $_POST["confirm"] == 'yes') if ((($_POST["action"] == 'confirm_password' && $_POST["confirm"] == 'yes')
<<<<<<< fiche.php
|| $_GET["action"] == 'confirm_passwordsend') && $caneditpassword)
=======
|| $_GET["action"] == 'confirm_passwordsend') && ($caneditperms || $caneditpassword)) || $_GET["action"] == 'confirm_passwordsend') && ($caneditperms || $caneditpassword))
>>>>>>> 1.91
{ {
$edituser = new User($db, $_GET["id"]); $edituser = new User($db, $_GET["id"]);
$edituser->fetch(); $edituser->fetch();
@ -373,12 +383,9 @@ else
if ($_GET["id"]) if ($_GET["id"])
{ {
$fuser = new User($db, $_GET["id"]); $fuser = new User($db, $_GET["id"]);
$fuser->fetch(); $fuser->fetch();
$fuser->getrights();
$caneditpassword=( (($user->id == $fuser->id) && $user->rights->user->self->password)
|| (($user->id != $fuser->id) && $user->rights->user->user->password) );
/* /*
* Affichage onglets * Affichage onglets
@ -577,15 +584,21 @@ else
if ($message) { print $message; } if ($message) { print $message; }
/* /*
* Barre d'actions * Barre d'actions
*/ */
print '<div class="tabsAction">'; print '<div class="tabsAction">';
if ($caneditperms || (($user->id == $fuser->id) && $caneditselfperms)) if ($caneditfield)
{ {
print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=edit">'.$langs->trans("Edit").'</a>'; print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=edit">'.$langs->trans("Edit").'</a>';
} }
elseif ($caneditpassword)
{
print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=edit">'.$langs->trans("EditPassword").'</a>';
}
// Si on a un gestionnaire de generation de mot de passe actif // Si on a un gestionnaire de generation de mot de passe actif
if ($conf->global->USER_PASSWORD_GENERATED != 'none') if ($conf->global->USER_PASSWORD_GENERATED != 'none')
@ -663,6 +676,8 @@ else
print '<input type="submit" class="button" value="'.$langs->trans("Add").'">'; print '<input type="submit" class="button" value="'.$langs->trans("Add").'">';
print '</td></tr>'."\n"; print '</td></tr>'."\n";
print '</table></form>'."\n"; print '</table></form>'."\n";
print '<br>';
} }
/* /*
@ -681,8 +696,6 @@ else
$num = $db->num_rows($result); $num = $db->num_rows($result);
$i = 0; $i = 0;
print '<br>';
print '<table class="noborder" width="100%">'; print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
print '<td width="25%">'.$langs->trans("Group").'</td>'; print '<td width="25%">'.$langs->trans("Group").'</td>';
@ -703,7 +716,6 @@ else
if ($caneditperms) if ($caneditperms)
{ {
print '<a href="fiche.php?id='.$_GET["id"].'&amp;action=removegroup&amp;group='.$obj->rowid.'">'; print '<a href="fiche.php?id='.$_GET["id"].'&amp;action=removegroup&amp;group='.$obj->rowid.'">';
print img_delete($langs->trans("RemoveFromGroup")); print img_delete($langs->trans("RemoveFromGroup"));
} }
@ -742,7 +754,10 @@ else
$rowspan=12; $rowspan=12;
print '<tr><td width="25%" valign="top">'.$langs->trans("Lastname").'</td>'; print '<tr><td width="25%" valign="top">'.$langs->trans("Lastname").'</td>';
print '<td width="50%" class="valeur"><input class="flat" size="30" type="text" name="nom" value="'.$fuser->nom.'"></td>'; print '<td width="50%" class="valeur">';
if ($caneditfield) print '<input class="flat" size="30" type="text" name="nom" value="'.$fuser->nom.'">';
else print $fuser->nom;
print '</td>';
print '<td align="center" valign="middle" width="25%" rowspan="'.$rowspan.'">'; print '<td align="center" valign="middle" width="25%" rowspan="'.$rowspan.'">';
if (file_exists($conf->users->dir_output."/".$fuser->id.".jpg")) if (file_exists($conf->users->dir_output."/".$fuser->id.".jpg"))
{ {
@ -752,11 +767,20 @@ else
{ {
print '<img src="'.DOL_URL_ROOT.'/theme/nophoto.jpg">'; print '<img src="'.DOL_URL_ROOT.'/theme/nophoto.jpg">';
} }
print '<br><br><table class="noborder"><tr><td>'.$langs->trans("PhotoFile").'</td></tr><tr><td><input type="file" class="flat" name="photo"></td></tr></table>'; if ($caneditfield)
{
print '<br><br><table class="noborder"><tr><td>'.$langs->trans("PhotoFile").'</td></tr>';
print '<tr><td>';
print '<input type="file" class="flat" name="photo">';
print '</td></tr></table>';
}
print '</td></tr>'; print '</td></tr>';
print "<tr>".'<td valign="top">'.$langs->trans("Firstname").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("Firstname").'</td>';
print '<td><input size="30" type="text" class="flat" name="prenom" value="'.$fuser->prenom.'"></td></tr>'; print '<td>';
if ($caneditfield) print '<input size="30" type="text" class="flat" name="prenom" value="'.$fuser->prenom.'">';
else print $fuser->prenom;
print '</td></tr>';
// Login // Login
print "<tr>".'<td valign="top">'.$langs->trans("Login").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("Login").'</td>';
@ -837,29 +861,52 @@ else
// Tel, fax, portable // Tel, fax, portable
print "<tr>".'<td valign="top">'.$langs->trans("Phone").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("Phone").'</td>';
print '<td><input size="20" type="text" name="office_phone" class="flat" value="'.$fuser->office_phone.'"></td></tr>'; print '<td>';
if ($caneditfield) print '<input size="20" type="text" name="office_phone" class="flat" value="'.$fuser->office_phone.'">';
else print $fuser->office_phone;
print '</td></tr>';
print "<tr>".'<td valign="top">'.$langs->trans("Fax").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("Fax").'</td>';
print '<td><input size="20" type="text" name="office_fax" class="flat" value="'.$fuser->office_fax.'"></td></tr>'; print '<td>';
if ($caneditfield) print '<input size="20" type="text" name="office_fax" class="flat" value="'.$fuser->office_fax.'">';
else print $fuser->office_fax;
print '</td></tr>';
print "<tr>".'<td valign="top">'.$langs->trans("Mobile").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("Mobile").'</td>';
print '<td><input size="20" type="text" name="user_mobile" class="flat" value="'.$fuser->user_mobile.'"></td></tr>'; print '<td>';
if ($caneditfield) print '<input size="20" type="text" name="user_mobile" class="flat" value="'.$fuser->user_mobile.'">';
else print $fuser->user_mobile;
print '</td></tr>';
print "<tr>".'<td valign="top">'.$langs->trans("EMail").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("EMail").'</td>';
print '<td><input size="40" type="text" name="email" class="flat" value="'.$fuser->email.'"></td></tr>'; print '<td>';
if ($caneditfield) print '<input size="40" type="text" name="email" class="flat" value="'.$fuser->email.'">';
else print $fuser->email;
print '</td></tr>';
print "<tr>".'<td valign="top">'.$langs->trans("Note").'</td><td>'; print "<tr>".'<td valign="top">'.$langs->trans("Note").'</td><td>';
print '<textarea class="flat" name="note" rows="'.ROWS_3.'" cols="70">'; if ($caneditfield)
print $fuser->note; {
print "</textarea></td></tr>"; print '<textarea class="flat" name="note" rows="'.ROWS_3.'" cols="70">';
print $fuser->note;
print '</textarea>';
}
else
{
print nl2br($fuser->note);
}
print '</td></tr>';
// Autres caractéristiques issus des autres modules // Autres caractéristiques issus des autres modules
if ($conf->webcal->enabled) if ($conf->webcal->enabled)
{ {
$langs->load("other"); $langs->load("other");
print "<tr>".'<td valign="top">'.$langs->trans("LoginWebcal").'</td>'; print "<tr>".'<td valign="top">'.$langs->trans("LoginWebcal").'</td>';
print '<td class="valeur" colspan="2"><input size="30" type="text" class="flat" name="webcal_login" value="'.$fuser->webcal_login.'"></td></tr>'; print '<td class="valeur" colspan="2">';
} if ($caneditfield) print '<input size="30" type="text" class="flat" name="webcal_login" value="'.$fuser->webcal_login.'">';
else print $fuser->webcal_login;
print '</td></tr>';
}
print '<tr><td align="center" colspan="3"><input value="'.$langs->trans("Save").'" class="button" type="submit"></td></tr>'; print '<tr><td align="center" colspan="3"><input value="'.$langs->trans("Save").'" class="button" type="submit"></td></tr>';
print '</table>'; print '</table>';