lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX Delete of website page need permission. Conflict with mass action.

Browse Source 
Conflicts:
	htdocs/core/actions_massactions.inc.php
	htdocs/website/index.php
This commit is contained in:
Laurent Destailleur 2020-06-03 00:46:09 +02:00
parent 71cb17b58b
commit a37a4031e9
4 changed files with 116 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
htdocs/core/actions_massactions.inc.php
View File

@ -913,9 +913,10 @@ if (!$error && $massaction == 'cancelorders')
setEventMessages($langs->trans("ErrorObjectMustHaveStatusValidToBeCanceled", $cmd->ref), null, 'errors');
$error++;
break;
}
else
} else {
// TODO We do not provide warehouse so no stock change here for the moment.
$result = $cmd->cancel();
}
if ($result < 0)
{

28
htdocs/core/class/html.form.class.php
View File

@ -4194,18 +4194,18 @@ class Form
* print '});'."\n";
* print '</script>'."\n";
*
* @param string $page Url of page to call if confirmation is OK. Can contains parameters (param 'action' and 'confirm' will be reformated)
* @param string $title Title
* @param string $question Question
* @param string $action Action
* @param array $formquestion An array with complementary inputs to add into forms: array(array('label'=> ,'type'=> , ))
* type can be 'hidden', 'text', 'password', 'checkbox', 'radio', 'date', 'morecss', ...
* @param string $selectedchoice '' or 'no', or 'yes' or '1' or '0'
* @param int|string $useajax 0=No, 1=Yes, 2=Yes but submit page with &confirm=no if choice is No, 'xxx'=Yes and preoutput confirm box with div id=dialog-confirm-xxx
* @param int $height Force height of box (0 = auto)
* @param int $width Force width of box ('999' or '90%'). Ignored and forced to 90% on smartphones.
* @param int $disableformtag 1=Disable form tag. Can be used if we are already inside a <form> section.
* @return string HTML ajax code if a confirm ajax popup is required, Pure HTML code if it's an html form
* @param string $page Url of page to call if confirmation is OK. Can contains parameters (param 'action' and 'confirm' will be reformated)
* @param string $title Title
* @param string $question Question
* @param string $action Action
* @param array|string $formquestion An array with complementary inputs to add into forms: array(array('label'=> ,'type'=> , ))
* type can be 'hidden', 'text', 'password', 'checkbox', 'radio', 'date', 'morecss', ...
* @param string $selectedchoice '' or 'no', or 'yes' or '1' or '0'
* @param int|string $useajax 0=No, 1=Yes, 2=Yes but submit page with &confirm=no if choice is No, 'xxx'=Yes and preoutput confirm box with div id=dialog-confirm-xxx
* @param int $height Force height of box (0 = auto)
* @param int $width Force width of box ('999' or '90%'). Ignored and forced to 90% on smartphones.
* @param int $disableformtag 1=Disable form tag. Can be used if we are already inside a <form> section.
* @return string HTML ajax code if a confirm ajax popup is required, Pure HTML code if it's an html form
*/
public function formconfirm($page, $title, $question, $action, $formquestion = '', $selectedchoice = '', $useajax = 0, $height = 0, $width = 500, $disableformtag = 0)
{
@ -4359,7 +4359,7 @@ class Form
}
// Show JQuery confirm box.
$formconfirm .= '<div id="'.$dialogconfirm.'" title="'.dol_escape_htmltag($title).'" style="display: none;">';
if (!empty($formquestion['text'])) {
if (is_array($formquestion) && !empty($formquestion['text'])) {
$formconfirm .= '<div class="confirmtext">'.$formquestion['text'].'</div>'."\n";
}
if (!empty($more)) {
@ -4456,7 +4456,7 @@ class Form
$formconfirm .= '<tr class="validtitre"><td class="validtitre" colspan="3">'.img_picto('', 'recent').' '.$title.'</td></tr>'."\n";
// Line text
if (!empty($formquestion['text'])) {
if (is_array($formquestion) && !empty($formquestion['text'])) {
$formconfirm .= '<tr class="valid"><td class="valid" colspan="3">'.$formquestion['text'].'</td></tr>'."\n";
}

4
htdocs/core/lib/website2.lib.php
View File

@ -205,6 +205,8 @@ function dolSavePageContent($filetpl, Website $object, WebsitePage $objectpage)
$tplcontent .= '<?php if ($website->use_manifest) { print \'<link rel="manifest" href="/manifest.json.php" />\'."\n"; } ?>'."\n";
$tplcontent .= '<!-- Include link to CSS file -->'."\n";
$tplcontent .= '<link rel="stylesheet" href="/styles.css.php?website=<?php echo $websitekey; ?>" type="text/css" />'."\n";
$tplcontent .= '<!-- Include link to JS file -->'."\n";
$tplcontent .= '<script src="/javascript.js.php"></script>'."\n";
$tplcontent .= '<!-- Include HTML header from common file -->'."\n";
$tplcontent .= '<?php print preg_replace(\'/<\/?html>/ims\', \'\', file_get_contents(DOL_DATA_ROOT."/website/".$websitekey."/htmlheader.html")); ?>'."\n";
$tplcontent .= '<!-- Include HTML header from page header block -->'."\n";
@ -330,7 +332,7 @@ function dolSaveCssFile($filecss, $csscontent)
}
/**
* Save content of a page on disk
* Save content of a page on disk. For example into documents/website/mywebsite/javascript.js.php file.
*
* @param string $filejs Full path of filename to generate
* @param string $jscontent Content of file

123
htdocs/website/index.php
View File

@ -285,6 +285,8 @@ if ($action == 'replacesiteconfirm') {
$listofpages = getPagesFromSearchCriterias('', $algo, $searchkey, 1000, $sortfield, $sortorder);
}
$usercanedit = $user->rights->website->write;
$permissiontodelete = $user->rights->website->delete;
/*
@ -367,9 +369,10 @@ if ($action == 'unsetshowsubcontainers')
exit;
}
if (($action == 'replacesite' || $action == 'replacesiteconfirm') && !$searchkey)
if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha') && !$searchkey)
{
$action = 'replacesite';
$massaction = '';
}
// Replacement of string into pages
@ -1105,9 +1108,8 @@ if ($action == 'confirm_deletesite' && $confirm == 'yes')
}
}
// Delete page
if ($action == 'delete')
{
// Delete page (from website page menu)
if (GETPOSTISSET('pageid') && $action == 'delete' && $permissiontodelete) {
$error = 0;
$db->begin();
@ -1141,6 +1143,62 @@ if ($action == 'delete')
dol_print_error($db);
}
}
// Delete page (from menu search)
if (! GETPOSTISSET('pageid')) {
$objectclass = 'WebsitePage';
// Add part of code from actions_massactions.inc.php
// Delete record from mass action (massaction = 'delete' for direct delete, action/confirm='delete'/'yes' with a confirmation step before)
if (!$error && ($massaction == 'delete' || ($action == 'delete' && $confirm == 'yes')) && $permissiontodelete)
{
$db->begin();
$objecttmp = new $objectclass($db);
$nbok = 0;
foreach ($toselect as $toselectid)
{
$result = $objecttmp->fetch($toselectid);
if ($result > 0)
{
$result = $objecttmp->delete($user);
if ($result <= 0)
{
setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
$error++;
break;
} else $nbok++;
} else {
setEventMessages($objecttmp->error, $objecttmp->errors, 'errors');
$error++;
break;
}
}
if (!$error)
{
if ($nbok > 1) setEventMessages($langs->trans("RecordsDeleted", $nbok), null, 'mesgs');
else setEventMessages($langs->trans("RecordDeleted", $nbok), null, 'mesgs');
$db->commit();
} else {
$db->rollback();
}
//var_dump($listofobjectthirdparties);exit;
}
if ($action == 'delete') {
$action = 'replacesiteconfirm';
$containertype = GETPOST('optioncontainertype', 'aZ09') != '-1' ? GETPOST('optioncontainertype', 'aZ09') : '';
$langcode = GETPOST('optionlanguage', 'aZ09');
$otherfilters = array();
if (GETPOST('optioncategory', 'int') > 0) {
$otherfilters['category'] = GETPOST('optioncategory', 'int');
}
$listofpages = getPagesFromSearchCriterias($containertype, $algo, $searchkey, 1000, $sortfield, $sortorder, $langcode, $otherfilters);
}
}
// Update css Update site properties
if ($action == 'updatecss')
@ -2361,7 +2419,7 @@ if (!GETPOST('hide_websitemenu'))
// Toolbar for pages
if ($websitekey && $websitekey != '-1' && !in_array($action, array('editcss', 'editmenu', 'importsite')))
if ($websitekey && $websitekey != '-1' && !in_array($action, array('editcss', 'editmenu', 'importsite', 'file_manager', 'replacesite', 'replacesiteconfirm')))
{
print '</div>'; // Close current websitebar to open a new one
@ -2915,7 +2973,10 @@ if ($action == 'editcss')
// JS file
print '<tr><td class="tdtop">';
print $langs->trans('WEBSITE_JS_INLINE');
$textwithhelp = $langs->trans('WEBSITE_JS_INLINE');
$htmlhelp2 = $langs->trans("LinkAndScriptsHereAreNotLoadedInEditor").'<br>';
print $form->textwithpicto($textwithhelp, $htmlhelp2, 1, 'warning', '', 0, 2, 'htmljstooltip2');
print '</td><td>';
$doleditor = new DolEditor('WEBSITE_JS_INLINE', $jscontent, '', '220', 'ace', 'In', true, false, 'ace', 0, '100%', '');
@ -3210,6 +3271,7 @@ if ($action == 'editmeta' || $action == 'createcontainer')
$pageauthorid = $objectpage->fk_user_creat;
$pageusermodifid = $objectpage->fk_user_modif;
$pageauthoralias = $objectpage->author_alias;
$pagestatus = $objectpage->status;
}
else
{
@ -3218,6 +3280,7 @@ if ($action == 'editmeta' || $action == 'createcontainer')
$pageauthorid = $user->id;
$pageusermodifid = 0;
$pageauthoralias = '';
$pagestatus = 1;
}
if (GETPOST('WEBSITE_TITLE', 'alpha')) $pagetitle = GETPOST('WEBSITE_TITLE', 'alpha');
if (GETPOST('WEBSITE_PAGENAME', 'alpha')) $pageurl = GETPOST('WEBSITE_PAGENAME', 'alpha');
@ -3228,20 +3291,6 @@ if ($action == 'editmeta' || $action == 'createcontainer')
if (GETPOST('WEBSITE_LANG', 'aZ09')) $pagelang = GETPOST('WEBSITE_LANG', 'aZ09');
if (GETPOST('htmlheader', 'none')) $pagehtmlheader = GETPOST('htmlheader', 'none');
// Title
print '<tr><td class="fieldrequired">';
print $langs->trans('WEBSITE_TITLE');
print '</td><td>';
print '<input type="text" class="flat quatrevingtpercent" name="WEBSITE_TITLE" id="WEBSITE_TITLE" value="'.dol_escape_htmltag($pagetitle).'" autofocus>';
print '</td></tr>';
// Alias
print '<tr><td class="titlefieldcreate fieldrequired">';
print $langs->trans('WEBSITE_PAGENAME');
print '</td><td>';
print '<input type="text" class="flat minwidth300" name="WEBSITE_PAGENAME" id="WEBSITE_PAGENAME" value="'.dol_escape_htmltag($pageurl).'">';
print '</td></tr>';
// Type of container
print '<tr><td class="titlefield fieldrequired">';
print $langs->trans('WEBSITE_TYPE_CONTAINER');
@ -3258,6 +3307,20 @@ if ($action == 'editmeta' || $action == 'createcontainer')
print '</td></tr>';
}
// Title
print '<tr><td class="fieldrequired">';
print $langs->trans('WEBSITE_TITLE');
print '</td><td>';
print '<input type="text" class="flat quatrevingtpercent" name="WEBSITE_TITLE" id="WEBSITE_TITLE" value="'.dol_escape_htmltag($pagetitle).'" autofocus>';
print '</td></tr>';
// Alias
print '<tr><td class="titlefieldcreate fieldrequired">';
print $langs->trans('WEBSITE_PAGENAME');
print '</td><td>';
print '<input type="text" class="flat minwidth300" name="WEBSITE_PAGENAME" id="WEBSITE_PAGENAME" value="'.dol_escape_htmltag($pageurl).'">';
print '</td></tr>';
print '<tr><td>';
print $langs->trans('WEBSITE_DESCRIPTION');
print '</td><td>';
@ -3548,7 +3611,7 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
print '<input type="hidden" name="website" value="'.$website->ref.'">';
print '<!-- Replace string -->'."\n";
print '<!-- Search page and replace string -->'."\n";
print '<div class="fiche"><br>';
print load_fiche_titre($langs->trans("ReplaceWebsiteContent"), '', 'search');
@ -3556,7 +3619,7 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
print '<div class="tagtable">';
print '<div class="tagtr">';
print '<div class="tagtd paddingrightonly">';
print '<div class="tagtd paddingrightonly opacitymedium">';
print $langs->trans("SearchReplaceInto");
print '</div>';
print '<div class="tagtd">';
@ -3593,15 +3656,15 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
$param = '';
$nbtotalofrecords = count($listofpages['list']);
$num = $limit;
$permissiontodelete = 0;
$permissiontodelete = $user->rights->website->delete;
// List of mass actions available
$arrayofmassactions = array();
if ($user->rights->website->writephp) $arrayofmassactions['replace'] = $langs->trans("Replace");
if ($permissiontodelete) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
if ($user->rights->website->writephp && $searchkey) $arrayofmassactions['replace'] = $langs->trans("Replace");
//if ($permissiontodelete) $arrayofmassactions['predelete'] = '<span class="fa fa-trash paddingrightonly"></span>'.$langs->trans("Delete");
if (GETPOST('nomassaction', 'int') || in_array($massaction, array('presend', 'predelete'))) $arrayofmassactions = array();
$massactionbutton = $form->selectMassAction('', $arrayofmassactions);
$massactionbutton .= '<div class="massactionother hidden">';
$massactionbutton .= '<div class="massactionother massactionreplace hidden">';
$massactionbutton .= $langs->trans("ReplaceString");
$massactionbutton .= '<input type="text" name="replacestring" value="'.dol_escape_htmltag(GETPOST('replacestring', 'none')).'">';
$massactionbutton .= '</div>';
@ -3610,11 +3673,17 @@ if ($action == 'replacesite' || $action == 'replacesiteconfirm' || $massaction =
//$selectedfields = $form->multiSelectArrayWithCheckbox('selectedfields', $arrayfields, $varpage); // This also change content of $arrayfields
$selectedfields .= $form->showCheckAddButtons('checkforselect', 1);
print_barre_liste('', $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'title_companies', 0, '', '', $limit, 1, 1, 1);
print_barre_liste('', $page, $_SERVER["PHP_SELF"], $param, $sortfield, $sortorder, $massactionbutton, $num, $nbtotalofrecords, 'generic', 0, '', '', $limit, 1, 1, 1);
print '<!-- List of search result -->'."\n";
print '<div class="rowsearchresult">';
$topicmail = "WebsitePageRef";
$modelmail = "websitepage_send";
$objecttmp = new WebsitePage($db);
$trackid = 'wsp'.$object->id;
include DOL_DOCUMENT_ROOT.'/core/tpl/massactions_pre.tpl.php';
$param = 'action=replacesiteconfirm&website='.urlencode($website->ref);
$param .= '&searchstring='.urlencode($searchkey);
if (GETPOST('optioncontent')) $param .= '&optioncontent=content';