lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '9.0' of git@github.com:Dolibarr/dolibarr.git into 10.0

Browse Source 
Conflicts:
	htdocs/expensereport/card.php
This commit is contained in:
Laurent Destailleur 2019-06-23 18:12:30 +02:00
commit a6fc75fed2
2 changed files with 32 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
htdocs/expensereport/card.php
View File

@ -64,6 +64,8 @@ $comments=GETPOST('comments', 'none');
$fk_c_type_fees=GETPOST('fk_c_type_fees', 'int');
$socid = GETPOST('socid', 'int')?GETPOST('socid', 'int'):GETPOST('socid_id', 'int');
$childids = $user->getAllChildIds(1);
// Security check
$id=GETPOST("id", 'int');
if ($user->societe_id) $socid=$user->societe_id;
@ -111,6 +113,18 @@ $permissionedit = $user->rights->expensereport->creer; // Used by the include
$upload_dir = $conf->expensereport->dir_output.'/'.dol_sanitizeFileName($object->ref);
if ($object->id > 0)
{
// Check current user can read this expense report
$canread = 0;
if (! empty($user->rights->expensereport->readall)) $canread=1;
if (! empty($user->rights->expensereport->lire) && in_array($object->fk_user_author, $childids)) $canread=1;
if (! $canread)
{
accessforbidden();
}
}
/*
* Actions

27
htdocs/holiday/card.php
View File

@ -67,6 +67,22 @@ if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = '';
$error = 0;
$object = new Holiday($db);
if ($id > 0)
{
$object->fetch($id);
// Check current user can read this leave request
$canread = 0;
if (! empty($user->rights->holiday->read_all)) $canread=1;
if (! empty($user->rights->holiday->read) && in_array($object->fk_user, $childids)) $canread=1;
if (! $canread)
{
accessforbidden();
}
}
/*
* Actions
*/
@ -79,7 +95,6 @@ if (GETPOST('cancel', 'alpha'))
// If create a request
if ($action == 'create')
{
$object = new Holiday($db);
// If no right to create a request
if (! $cancreate)
@ -91,6 +106,8 @@ if ($action == 'create')
if (! $error)
{
$object = new Holiday($db);
$db->begin();
$date_debut = dol_mktime(0, 0, 0, GETPOST('date_debut_month'), GETPOST('date_debut_day'), GETPOST('date_debut_year'));
@ -200,7 +217,6 @@ if ($action == 'create')
if ($action == 'update' && GETPOSTISSET('savevalidator') && ! empty($user->rights->holiday->approve))
{
$object = new Holiday($db);
$object->fetch($id);
$object->oldcopy = dol_clone($object);
@ -246,7 +262,6 @@ if ($action == 'update' && ! GETPOSTISSET('savevalidator'))
exit;
}
$object = new Holiday($db);
$object->fetch($id);
// If under validation
@ -330,7 +345,6 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
$db->begin();
$object = new Holiday($db);
$object->fetch($id);
// If this is a rough draft, approved, canceled or refused
@ -364,7 +378,6 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights-
// Action validate (+ send email for approval)
if ($action == 'confirm_send')
{
$object = new Holiday($db);
$object->fetch($id);
// Si brouillon et créateur
@ -469,7 +482,6 @@ if ($action == 'confirm_send')
// Approve leave request
if ($action == 'confirm_valid')
{
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = utilisateur
@ -583,7 +595,6 @@ if ($action == 'confirm_refuse' && GETPOST('confirm', 'alpha') == 'yes')
{
if (! empty($_POST['detail_refuse']))
{
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = utilisateur
@ -683,7 +694,6 @@ if ($action == 'confirm_draft' && GETPOST('confirm') == 'yes')
{
$error = 0;
$object = new Holiday($db);
$object->fetch($id);
$oldstatus = $object->statut;
@ -714,7 +724,6 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes')
{
$error = 0;
$object = new Holiday($db);
$object->fetch($id);
// Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres