From a325bbf8650567e2fcce5ff9879d1efa57c46ea9 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 19 Mar 2018 20:46:43 +0100
Subject: [PATCH] FIX Input of holiday for subordinates was ko

---
 htdocs/core/class/html.form.class.php |  2 +-
 htdocs/holiday/card.php               | 51 ++++++++++++++-------------
 htdocs/holiday/list.php               | 25 +++++++------
 htdocs/langs/en_US/holiday.lang       |  1 +
 4 files changed, 44 insertions(+), 35 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 2424523ec0a..4daf78ad52e 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -1441,7 +1441,7 @@ class Form
 	/**
 	 *	Return select list of users
 	 *
-	 *  @param	string	$selected       User id or user object of user preselected. If -1, we use id of current user.
+	 *  @param	string	$selected       User id or user object of user preselected. If 0 or < -2, we use id of current user. If -1, keep unselected (if empty is allowed)
 	 *  @param  string	$htmlname       Field name in form
 	 *  @param  int		$show_empty     0=list with no empty value, 1=add also an empty value into list
 	 *  @param  array	$exclude        Array list of users id to exclude
diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php
index 799b0907a92..e788abca30f 100644
--- a/htdocs/holiday/card.php
+++ b/htdocs/holiday/card.php
@@ -50,6 +50,18 @@ $now=dol_now();
 
 $langs->load("holiday");
 
+$childids = $user->getAllChildIds(1);
+
+$cancreate = 0;
+if (! empty($user->rights->holiday->write_all)) $cancreate=1;
+if (! empty($user->rights->holiday->write) && in_array($fuserid, $childids)) $cancreate=1;
+
+$candelete = 0;
+if (! empty($user->rights->holiday->delete)) $candelete=1;
+
+$morefilter = 'AND employee = 1';
+if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
+
 
 /*
  * Actions
@@ -61,8 +73,7 @@ if ($action == 'create')
 	$object = new Holiday($db);
 
     // If no right to create a request
-    $fuserid = GETPOST('fuserid','int');
-    if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && empty($user->rights->holiday->write_all)))
+    if (! $cancreate)
     {
     	$error++;
     	setEventMessages($langs->trans('CantCreateCP'), null, 'errors');
@@ -201,13 +212,11 @@ if ($action == 'update')
     $object = new Holiday($db);
     $object->fetch($id);
 
-	$canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all));
-
 	// If under validation
     if ($object->statut == 1)
     {
         // If this is the requestor or has read/write rights
-        if ($canedit)
+        if ($cancreate)
         {
             $valideur = $_POST['valideur'];
             $description = trim($_POST['description']);
@@ -280,13 +289,11 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
 	$object = new Holiday($db);
 	$object->fetch($id);
 
-	$canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all));
-
     // If this is a rough draft, approved, canceled or refused
 	if ($object->statut == 1 || $object->statut == 4 || $object->statut == 5)
 	{
 		// Si l'utilisateur à le droit de lire cette demande, il peut la supprimer
-		if ($canedit)
+		if ($candelete)
 		{
 			$result=$object->delete($user);
 		}
@@ -314,10 +321,8 @@ if ($action == 'confirm_send')
     $object = new Holiday($db);
     $object->fetch($id);
 
-    $canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all));
-
     // Si brouillon et créateur
-    if($object->statut == 1 && $canedit)
+    if($object->statut == 1 && $cancreate)
     {
         $object->statut = 2;
 
@@ -615,7 +620,7 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
     $object->fetch($id);
 
     // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres
-    if (($object->statut == 2 || $object->statut == 3) && ($user->id == $object->fk_validator || $user->id == $object->fk_user || ! empty($user->rights->holiday->write_all)))
+    if (($object->statut == 2 || $object->statut == 3) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all)))
     {
     	$db->begin();
 
@@ -849,10 +854,10 @@ if (empty($id) || $action == 'add' || $action == 'request' || $action == 'create
         print '<td>';
         if (empty($user->rights->holiday->write_all))
         {
-        	print $form->select_dolusers($fuserid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300');
-        	print '<input type="hidden" name="fuserid" value="'.($fuserid?$fuserid:$user->id).'">';
+        	print $form->select_dolusers(($fuserid?$fuserid:$user->id), 'fuserid', 0, '', 0, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth300');
+        	//print '<input type="hidden" name="fuserid" value="'.($fuserid?$fuserid:$user->id).'">';
         }
-        else print $form->select_dolusers(GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id, 'fuserid', 0, '', 0, '', '', 0, 0, 0, 'AND employee = 1');
+        else print $form->select_dolusers(GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id, 'fuserid', 0, '', 0, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth300');
         print '</td>';
         print '</tr>';
 
@@ -957,8 +962,6 @@ else
         {
             $object->fetch($id);
 
-			$canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all));
-
             $valideur = new User($db);
             $valideur->fetch($object->fk_validator);
 
@@ -1005,7 +1008,7 @@ else
             }
 
             // On vérifie si l'utilisateur à le droit de lire cette demande
-            if ($canedit)
+            if ($cancreate)
             {
                 if ($action == 'delete')
                 {
@@ -1242,7 +1245,7 @@ else
                 if ($action == 'edit' && $object->statut == 1)
                 {
                     print '<div align="center">';
-                    if ($canedit && $object->statut == 1)
+                    if ($cancreate && $object->statut == 1)
                     {
                         print '<input type="submit" value="'.$langs->trans("Save").'" class="button">';
                     }
@@ -1257,11 +1260,11 @@ else
 		            print '<div class="tabsAction">';
 
                     // Boutons d'actions
-                    if ($canedit && $object->statut == 1)
+                    if ($cancreate && $object->statut == 1)
                     {
                         print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=edit" class="butAction">'.$langs->trans("EditCP").'</a>';
                     }
-                    if ($canedit && $object->statut == 1)
+                    if ($cancreate && $object->statut == 1)		// If draft
                     {
                         print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=sendToValidate" class="butAction">'.$langs->trans("Validate").'</a>';
                     }
@@ -1270,7 +1273,7 @@ else
                     	print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=delete" class="butActionDelete">'.$langs->trans("DeleteCP").'</a>';
                     }
 
-                    if ($object->statut == 2)
+                    if ($object->statut == 2)	// If validated
                     {
                         if ($user->id == $object->fk_validator)
                         {
@@ -1284,13 +1287,13 @@ else
                         }
                     }
 
-                    if (($user->id == $object->fk_validator || $user->id == $object->fk_user || ! empty($user->rights->holiday->write_all)) && ($object->statut == 2 || $object->statut == 3))	// Status validated or approved
+                    if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all)) && ($object->statut == 2 || $object->statut == 3))	// Status validated or approved
                     {
                     	if (($object->date_debut > dol_now()) || $user->admin) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=cancel" class="butAction">'.$langs->trans("ActionCancelCP").'</a>';
                     	else print '<a href="#" class="butActionRefused" title="'.$langs->trans("HolidayStarted").'">'.$langs->trans("ActionCancelCP").'</a>';
                     }
 
-                    if ($canedit && $object->statut == 4)
+                    if ($cancreate && $object->statut == 4)
                     {
                         print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&action=backtodraft" class="butAction">'.$langs->trans("SetToDraft").'</a>';
                     }
diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php
index e0894ecb355..8769046b03a 100644
--- a/htdocs/holiday/list.php
+++ b/htdocs/holiday/list.php
@@ -96,6 +96,7 @@ $fieldstosearchall = array(
     'uu.firstname'=>'EmployeeFirstname'
 );
 
+$childids = $user->getAllChildIds(1);
 
 
 /*
@@ -160,9 +161,6 @@ $holiday = new Holiday($db);
 $holidaystatic=new Holiday($db);
 $fuser = new User($db);
 
-$childids = $user->getAllChildIds();
-$childids[]=$user->id;
-
 // Update sold
 $result = $holiday->updateBalance();
 
@@ -302,7 +300,7 @@ if ($search_year_create)         $param.='&search_year_create='.urlencode($searc
 if ($search_search_day_start)    $param.='&search_day_start='.urlencode($search_day_start);
 if ($search_month_start)         $param.='&search_month_start='.urlencode($search_month_start);
 if ($search_year_start)          $param.='&search_year_start='.urlencode($search_year_start);
-if ($day_end)             $param.='&day_end='.urlencode($day_end);
+if ($search_day_end)             $param.='&search_day_end='.urlencode($search_day_end);
 if ($search_month_end)           $param.='&search_month_end='.urlencode($search_month_end);
 if ($search_year_end)            $param.='&search_year_end='.urlencode($search_year_end);
 if ($search_employee > 0) $param.='&search_employee='.urlencode($search_employee);
@@ -401,18 +399,25 @@ print '<input class="flat" type="text" size="1" maxlength="2" name="search_month
 $formother->select_year($search_year_create,'search_year_create',1, $min_year, 0);
 print '</td>';
 
+
+$morefilter = 'AND employee = 1';
+if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
+
 // User
-if ($user->rights->holiday->write_all)
+if (! empty($user->rights->holiday->write_all))
 {
-    print '<td class="liste_titre maxwidthonsmartphone" align="left">';
-    print $form->select_dolusers($search_employee,"search_employee",1,"",0,'','',0,0,0,'',0,'','maxwidth200');
+	$defaultuserid = -1;
+	if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int');
+	print '<td class="liste_titre maxwidthonsmartphone" align="left">';
+    print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
     print '</td>';
 }
 else
 {
-    //print '<td class="liste_titre">&nbsp;</td>';
+	$defaultuserid = $user->id;
+	if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int');
     print '<td class="liste_titre maxwidthonsmartphone" align="left">';
-    print $form->select_dolusers($user->id,"search_employee",1,"",1,'','',0,0,0,'',0,'','maxwidth200');
+    print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
     print '</td>';
 }
 
@@ -426,7 +431,7 @@ if($user->rights->holiday->write_all)
     $valideurobjects = $validator->listUsersForGroup($excludefilter);
     $valideurarray = array();
     foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id;
-    print $form->select_dolusers($search_valideur,"search_valideur",1,"",0,$valideurarray,'', 0, 0, 0, '', 0, '', 'maxwidth200');
+    print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200');
     print '</td>';
 }
 else
diff --git a/htdocs/langs/en_US/holiday.lang b/htdocs/langs/en_US/holiday.lang
index 621cc02c758..bb0d1e6ab41 100644
--- a/htdocs/langs/en_US/holiday.lang
+++ b/htdocs/langs/en_US/holiday.lang
@@ -59,6 +59,7 @@ DateRefusCP=Date of refusal
 DateCancelCP=Date of cancellation
 DefineEventUserCP=Assign an exceptional leave for a user
 addEventToUserCP=Assign leave
+NotTheAssignedApprover=You are not the assigned approver
 MotifCP=Reason
 UserCP=User
 ErrorAddEventToUserCP=An error occurred while adding the exceptional leave.