From ed42696a791dd143756fd8d3ddc01952009338dd Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 10:29:33 +0100 Subject: [PATCH 01/10] add message warning & error in library lang --- htdocs/langs/en_US/errors.lang | 2 ++ htdocs/langs/en_US/modulebuilder.lang | 5 +++++ htdocs/langs/fr_FR/errors.lang | 2 ++ htdocs/langs/fr_FR/modulebuilder.lang | 5 +++++ 4 files changed, 14 insertions(+) diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index 50d5c0e90d7..54a4b4fb470 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -304,6 +304,7 @@ ErrorValueCantBeNull=Value for %s can't be null ErrorDateOfMovementLowerThanDateOfFileTransmission=The date of the bank transaction can't be lower than the date of the file transmission ErrorTooMuchFileInForm=Too much files in form, the maximum number is %s file(s) ErrorSessionInvalidatedAfterPasswordChange=The session was been invalidated following a change of password, status or dates of validity. Please relogin. +ErrorExistingPermission = Permission %s for object %s already exists # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Your PHP parameter upload_max_filesize (%s) is higher than PHP parameter post_max_size (%s). This is not a consistent setup. @@ -342,6 +343,7 @@ WarningPaypalPaymentNotCompatibleWithStrict=The value 'Strict' makes the online WarningThemeForcedTo=Warning, theme has been forced to %s by hidden constant MAIN_FORCETHEME WarningPagesWillBeDeleted=Warning, this will also delete all existing pages/containers of the website. You should export your website before, so you have a backup to re-import it later. WarningAutoValNotPossibleWhenStockIsDecreasedOnInvoiceVal=Automatic validation is disabled when option to decrease stock is set on "Invoice validation". +WarningModuleNeedRefrech = Module %s has been disabled. Don't forget to enable it # Validate RequireValidValue = Value not valid diff --git a/htdocs/langs/en_US/modulebuilder.lang b/htdocs/langs/en_US/modulebuilder.lang index cefdfaa1b41..600dfba7227 100644 --- a/htdocs/langs/en_US/modulebuilder.lang +++ b/htdocs/langs/en_US/modulebuilder.lang @@ -165,3 +165,8 @@ BadValueForType=Bad value for type %s DefinePropertiesFromExistingTable=Define properties from an existing table DefinePropertiesFromExistingTableDesc=If a table in the database (for the object to create) already exists, you can use it to define the properties of the object. DefinePropertiesFromExistingTableDesc2=Keep empty if the table does not exist yet. The code generator will use different kinds of fields to build an example of table that you can edit later. +GeneratePermissions=I want to add the rights for this object +GeneratePermissionsHelp=generate default rights for this object +PermissionDeletedSuccesfuly=Permission has been successfully removed +PermissionUpdatedSuccesfuly=Permission has been successfully updated +PermissionAddedSuccesfuly=Permission has been successfully added \ No newline at end of file diff --git a/htdocs/langs/fr_FR/errors.lang b/htdocs/langs/fr_FR/errors.lang index 558f9ce9ce1..88750bafae6 100644 --- a/htdocs/langs/fr_FR/errors.lang +++ b/htdocs/langs/fr_FR/errors.lang @@ -303,6 +303,7 @@ ErrorValueForTooLow=La valeur pour %s est trop faible ErrorValueCantBeNull=La valeur pour %s ne peut pas être nulle ErrorDateOfMovementLowerThanDateOfFileTransmission=La date de l'opération bancaire ne peut être inférieure à la date de transmission du fichier ErrorTooMuchFileInForm=Trop de fichiers dans le formulaire, le nombre maximum est de %s fichier(s) +ErrorExistingPermission = La permission %s pour l'objet %s est dejà existante # Warnings WarningParamUploadMaxFileSizeHigherThanPostMaxSize=Votre paramètre PHP upload_max_filesize (%s) est supérieur au paramètre PHP post_max_size (%s). Ceci n'est pas une configuration cohérente. @@ -340,6 +341,7 @@ WarningPaypalPaymentNotCompatibleWithStrict=La valeur 'Strict' fait que les fonc WarningThemeForcedTo=Attention, le choix du thème a été forcé à %s par la constante cachée MAIN_FORCETHEME WarningPagesWillBeDeleted=Attention, cela supprimera également toutes les pages/conteneurs existants du site. Vous devriez exporter votre site Web avant, afin d'avoir une sauvegarde pour le réimporter plus tard. WarningAutoValNotPossibleWhenStockIsDecreasedOnInvoiceVal=La validation automatique est désactivée lorsque l'option de diminution du stock est définie sur "Validation de la facture". +WarningModuleNeedRefrech = Module %s desactivé. N'oublier pas de le réactivé # Validate RequireValidValue = Valeur non valide diff --git a/htdocs/langs/fr_FR/modulebuilder.lang b/htdocs/langs/fr_FR/modulebuilder.lang index 9cd5fe23a00..3c4161941e8 100644 --- a/htdocs/langs/fr_FR/modulebuilder.lang +++ b/htdocs/langs/fr_FR/modulebuilder.lang @@ -165,3 +165,8 @@ BadValueForType=Mauvaise valeur pour le type %s DefinePropertiesFromExistingTable=Définir des propriétés à partir d'une table existante DefinePropertiesFromExistingTableDesc=Si une table dans la base de données (pour l'objet à créer) existe déjà, vous pouvez l'utiliser pour définir les propriétés de l'objet. DefinePropertiesFromExistingTableDesc2=Laisser vide si la table n'existe pas encore. Le générateur de code utilisera différents types de champs pour créer un exemple de table que vous pourrez modifier ultérieurement. +GeneratePermissions=Je souhaite ajouter les droits pour cet objet +GeneratePermissionsHelp=générer les droits par défault pour cet objet +PermissionDeletedSuccesfuly=La permission a été supprimée avec succès +PermissionUpdatedSuccesfuly=La permission a été mise à jour avec succès +PermissionAddedSuccesfuly= La permission a été ajoutée avec succès \ No newline at end of file From 64ce1705f79277e8272187c2ba9b2cffe4785474 Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 11:01:06 +0100 Subject: [PATCH 02/10] add checkbox when itit object for generate permission by default --- htdocs/modulebuilder/index.php | 48 ++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 0d2137928ac..2807a8bea6d 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1218,6 +1218,53 @@ if ($dirins && $action == 'initobject' && $module && $objectname) { 'core/modules/mymodule/doc/pdf_standard_myobject.modules.php'=>'core/modules/'.strtolower($module).'/doc/pdf_standard_'.strtolower($objectname).'.modules.php' ); } + if (GETPOST('generatepermissions', 'aZ09')) { + $pathtofile = $listofmodules[strtolower($module)]['moduledescriptorrelpath']; + dol_include_once($pathtofile); + $class = 'mod'.$module; + if (class_exists($class)) { + try { + $moduleobj = new $class($db); + } catch (Exception $e) { + $error++; + dol_print_error($db, $e->getMessage()); + } + } + if (empty($firstobjectname)) { + $rightToadd = preg_replace('/myobject/', $objectname, $rightToadd); + } + if ($objectname != $firstobjectname) { + $rightToadd = " + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Read objects of ".$module."'; + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'read'; + \$r++; + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Create/Update objects of ".$module."'; + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'write'; + \$r++; + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Delete objects of ".$module."'; + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'delete'; + \$r++; + "; + $rights = $moduleobj->rights; + $rightAdd = explode("\$r++", $rightToadd); + + for ($i=0; $itrans('PermissionAlreadyExist'), null, 'errors'); + } + } + } + dolReplaceInFile($moduledescriptorfile, array('/* END MODULEBUILDER PERMISSIONS */' => '/*'.strtoupper($objectname).'*/'.$rightToadd."/*END ".strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER PERMISSIONS */')); + } + } if (!$error) { @@ -2760,6 +2807,7 @@ if ($module == 'initmodule') { print '
'; print '
'; print '
'; + print '
'; print '
'; print ''; print '
'; From 05a15587780d9215224f92e9b6806fcd2155a890 Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 11:05:14 +0100 Subject: [PATCH 03/10] add checkbox when itit object for generate permission by default --- htdocs/modulebuilder/index.php | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 2807a8bea6d..236e3f2c3f8 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1251,17 +1251,6 @@ if ($dirins && $action == 'initobject' && $module && $objectname) { \$this->rights[\$r][5] = 'delete'; \$r++; "; - $rights = $moduleobj->rights; - $rightAdd = explode("\$r++", $rightToadd); - - for ($i=0; $itrans('PermissionAlreadyExist'), null, 'errors'); - } - } - } dolReplaceInFile($moduledescriptorfile, array('/* END MODULEBUILDER PERMISSIONS */' => '/*'.strtoupper($objectname).'*/'.$rightToadd."/*END ".strtoupper($objectname).'*/'."\n\t\t".'/* END MODULEBUILDER PERMISSIONS */')); } } From f84f94f0bef21caa117786ed3e1ef42045f4ee68 Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 11:09:59 +0100 Subject: [PATCH 04/10] delete rights if exists when delete object --- htdocs/modulebuilder/index.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 236e3f2c3f8..782a1623678 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1814,6 +1814,27 @@ if ($dirins && $action == 'confirm_deleteobject' && $objectname) { dolReplaceInFile($moduledescriptorfile, array('/*'.strtoupper($objectname).'*/' => '')); } + // regenerate permissions and delete them + $rightToadd = " + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) + \$this->rights[\$r][1] = 'Read objects of ".$module."'; // Permission label + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'read'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->read) + \$r++; + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) + \$this->rights[\$r][1] = 'Create/Update objects of ".$module."'; // Permission label + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'write'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->write) + \$r++; + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) + \$this->rights[\$r][1] = 'Delete objects of ".$module."'; // Permission label + \$this->rights[\$r][4] = '".strtolower($objectname)."'; + \$this->rights[\$r][5] = 'delete'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->delete) + \$r++; + "; + + $deleteright = dolReplaceInFile($moduledescriptorfile, array($rightToadd => '', '/*'.strtoupper($objectname).'*/' => '', "/*END ".strtoupper($objectname).'*/'."\n\t\t" => ''."\n\t\t")); + $resultko = 0; foreach ($filetodelete as $tmpfiletodelete) { $resulttmp = dol_delete_file($dir.'/'.$tmpfiletodelete, 0, 0, 1); From 6df5eefa1ab2a80e3f9a627ec9e982a7efcef0fd Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 13:55:17 +0100 Subject: [PATCH 05/10] fix error in delete permission when we delete object --- htdocs/modulebuilder/index.php | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index 782a1623678..be9d42317ab 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -1815,26 +1815,35 @@ if ($dirins && $action == 'confirm_deleteobject' && $objectname) { } // regenerate permissions and delete them - $rightToadd = " - \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) - \$this->rights[\$r][1] = 'Read objects of ".$module."'; // Permission label + $rights = " + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Read objects of ".$module."'; \$this->rights[\$r][4] = '".strtolower($objectname)."'; - \$this->rights[\$r][5] = 'read'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->read) + \$this->rights[\$r][5] = 'read'; \$r++; - \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) - \$this->rights[\$r][1] = 'Create/Update objects of ".$module."'; // Permission label + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Create/Update objects of ".$module."'; \$this->rights[\$r][4] = '".strtolower($objectname)."'; - \$this->rights[\$r][5] = 'write'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->write) + \$this->rights[\$r][5] = 'write'; \$r++; - \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); // Permission id (must not be already used) - \$this->rights[\$r][1] = 'Delete objects of ".$module."'; // Permission label + \$this->rights[\$r][0] = \$this->numero . sprintf('%02d', \$r + 1); + \$this->rights[\$r][1] = 'Delete objects of ".$module."'; \$this->rights[\$r][4] = '".strtolower($objectname)."'; - \$this->rights[\$r][5] = 'delete'; // In php code, permission will be checked by test if (\$user->rights->toto->myobject->delete) + \$this->rights[\$r][5] = 'delete'; \$r++; "; - $deleteright = dolReplaceInFile($moduledescriptorfile, array($rightToadd => '', '/*'.strtoupper($objectname).'*/' => '', "/*END ".strtoupper($objectname).'*/'."\n\t\t" => ''."\n\t\t")); - + $deleteright = dolReplaceInFile($moduledescriptorfile, array('/*'.strtoupper($objectname).'*/' => '', $rights => '', "/*END ".strtoupper($objectname).'*/'."\n\t\t" => ''."\n\t\t")); + if ($deleteright > 0) { + if (isModEnabled(strtolower($module))) { + $result = unActivateModule(strtolower($module)); + if ($result) { + setEventMessages($result, null, 'errors'); + } + setEventMessages($langs->trans("WarningModuleNeedRefrech", $langs->transnoentities($module)), null, 'warnings'); + header("Location: ".DOL_URL_ROOT.'/modulebuilder/index.php?index.php?tab=description&module='.$module); + } + } $resultko = 0; foreach ($filetodelete as $tmpfiletodelete) { $resulttmp = dol_delete_file($dir.'/'.$tmpfiletodelete, 0, 0, 1); From 6c0a923b677930efec84b884ad46f2a35742e3bb Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 14:33:33 +0100 Subject: [PATCH 06/10] add forms for add and edit permission --- htdocs/modulebuilder/index.php | 155 +++++++++++++++++++++++++++++---- 1 file changed, 137 insertions(+), 18 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index be9d42317ab..d6efbcb9404 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -3887,6 +3887,36 @@ if ($module == 'initmodule') { $perms = $moduleobj->rights; + // Scan for object class files + $dir = $dirread.'/'.$modulelowercase.'/class'; + $listofobject = dol_dir_list($dir, 'files', 0, '\.class\.php$'); + $objects = array('myobject'); + $reg =array(); + foreach ($listofobject as $fileobj) { + $tmpcontent = file_get_contents($fileobj['fullname']); + if (preg_match('/class\s+([^\s]*)\s+extends\s+CommonObject/ims', $tmpcontent, $reg)) { + $objects[] = $reg[1]; + } + } + // declared select list for actions and labels permissions + $crud = array('Read','Write','Delete'); + $labels = array("Read objects of $module","Create/Update objects of $module","Delete objects of $module"); + + $action = GETPOST('action', 'alpha'); + + if ($action == 'deleteright') { + $formconfirm = $form->formconfirm( + $_SERVER["PHP_SELF"].'?permskey='.urlencode(GETPOST('permskey', 'int')).'&tab='.urlencode($tab).'&module='.urlencode($module).'&tabobj='.urlencode($tabobj), + $langs->trans('Delete'), + $langs->trans('Confirm Delete Right', GETPOST('permskey', 'alpha')), + 'confirm_deleteright', + '', + 0, + 1 + ); + print $formconfirm; + } + if ($action != 'editfile' || empty($file)) { print ''; $htmlhelp = $langs->trans("PermissionsDefDescTooltip", '{s1}'); @@ -3913,33 +3943,122 @@ if ($module == 'initmodule') { print ''; print ''; - print_liste_field_titre("ID", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("Label", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("Permission", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder); - print_liste_field_titre("", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder); + print_liste_field_titre("ID", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder, "center"); + print_liste_field_titre("Label", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder, "center"); + print_liste_field_titre("Permission", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder, "center"); + print_liste_field_titre("CRUD", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder, "center"); + print_liste_field_titre("", $_SERVER["PHP_SELF"], '', "", $param, '', $sortfield, $sortorder, "center"); print "\n"; + //form for add new right + print ''; + print ''; + print ''; + + print ''; + + print ''; + + print ''; + print ''; + if (count($perms)) { + $i = 0; foreach ($perms as $perm) { - print ''; + $i++; + // section for editing right + if ($action == 'edit_right' && $perm[0] == (int) GETPOST('permskey', 'int')) { + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; + print ''; - print ''; - print ''; + print ''; - print ''; + print ''; - print ''; + print ''; - print ''; + print ''; + + print ''; + + print ''; + + print ''; + print ''; + } else { + print ''; + + print ''; + + print ''; + + print ''; + + print ''; + + print ''; + + print ''; + } } } else { print ''; From d990d55139c0fa1dd327c04110ac91ef7d2dbee8 Mon Sep 17 00:00:00 2001 From: Lamrani Abdel Date: Fri, 3 Feb 2023 14:35:44 +0100 Subject: [PATCH 07/10] add forms for add and edit permission --- htdocs/modulebuilder/index.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/modulebuilder/index.php b/htdocs/modulebuilder/index.php index d6efbcb9404..93550e2c928 100644 --- a/htdocs/modulebuilder/index.php +++ b/htdocs/modulebuilder/index.php @@ -3956,7 +3956,7 @@ if ($module == 'initmodule') { print ''; @@ -3972,7 +3972,7 @@ if ($module == 'initmodule') { print ''; @@ -4015,7 +4015,7 @@ if ($module == 'initmodule') { print ''; print ''; + print ''; print '
'; + print ''; + print ''; + print '
'; - print $perm[0]; - print ''; - print $langs->trans($perm[1]); - print ''; - print $perm[4]; - print ''; + print ''; + print ''; - print $perm[5]; - print ''; + print ''; + print '
'; + print ''; + print ''; + print ''; + print '
'; + print ''; + print '
'; + print $perm[0]; + print ''; + print $langs->trans($perm[1]); + print ''; + print $perm[4]; + print ''; + print $perm[5]; + print ''; + if ($perm[4] != 'myobject') { + print ''.img_edit().''; + print ''.img_delete().''; + } + print '
'.$langs->trans("None").'
'; print ''; print ''; - print ''; - print '