Fix: add advanced perms option

2010-11-08 11:40:52 +00:00 · 2010-11-08 11:40:52 +00:00 · b48bf580d0
commit b48bf580d0
parent f6f3034e45
12 changed files with 90 additions and 22 deletions
--- a/htdocs/admin/perms.php
+++ b/htdocs/admin/perms.php
@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2003      Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (C) 2004-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -117,6 +117,7 @@ $sql = "SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault";
 $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
 $sql.= " WHERE r.libelle NOT LIKE 'tou%'";    // On ignore droits "tous"
 $sql.= " AND entity = ".$conf->entity;
+if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'";  // Hide advanced perms if option is disable
 $sql.= " ORDER BY r.module, r.id";

 $result = $db->query($sql);
--- a/htdocs/admin/security_other.php
+++ b/htdocs/admin/security_other.php
@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -104,6 +105,19 @@ else if ($_GET["action"] == 'disable_captcha')
 	exit;
 }

+if ($_GET["action"] == 'activate_advancedperms')
+{
+	dolibarr_set_const($db, "MAIN_USE_ADVANCED_PERMS", '1','chaine',0,'',$conf->entity);
+	Header("Location: security_other.php");
+	exit;
+}
+else if ($_GET["action"] == 'disable_advancedperms')
+{
+	dolibarr_del_const($db, "MAIN_USE_ADVANCED_PERMS",$conf->entity);
+	Header("Location: security_other.php");
+	exit;
+}
+
 if ($_GET["action"] == 'MAIN_SESSION_TIMEOUT')
 {
 	dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity);
@ -218,6 +232,24 @@ print "</td>";
 print "</td>";
 print '</tr>';

+// Enable advanced perms
+$var=!$var;
+print "<tr ".$bc[$var].">";
+print '<td colspan="3">'.$langs->trans("UseAdvancedPerms").'</td>';
+print '<td align="center">';
+if ($conf->global->MAIN_USE_ADVANCED_PERMS == 0)
+{
+	print '<a href="security_other.php?action=activate_advancedperms">'.img_picto($langs->trans("Disabled"),'off').'</a>';
+}
+if($conf->global->MAIN_USE_ADVANCED_PERMS == 1)
+{
+	print '<a href="security_other.php?action=disable_advancedperms">'.img_picto($langs->trans("Enabled"),'on').'</a>';
+}
+print "</td>";
+
+print "</td>";
+print '</tr>';
+
 print '</table>';


--- a/htdocs/includes/modules/modUser.class.php
+++ b/htdocs/includes/modules/modUser.class.php
@ -125,7 +125,6 @@ class modUser extends DolibarrModules
 		$this->rights[$r][4] = 'user';
 		$this->rights[$r][5] = 'supprimer';

-		/* Removed useless permission
 		$r++;
 		$this->rights[$r][0] = 256;
 		$this->rights[$r][1] = 'Consulter ses propres permissions';
@ -133,7 +132,6 @@ class modUser extends DolibarrModules
 		$this->rights[$r][3] = 1;
 		$this->rights[$r][4] = 'self_advance';
 		$this->rights[$r][5] = 'readperms';
-		*/

 		$r++;
 		$this->rights[$r][0] = 257;
@ -151,7 +149,6 @@ class modUser extends DolibarrModules
 		$this->rights[$r][4] = 'self';
 		$this->rights[$r][5] = 'password';

-		/* Removed useless permission
 		$r++;
 		$this->rights[$r][0] = 259;
 		$this->rights[$r][1] = 'Modifier ses propres permissions';
@ -159,7 +156,6 @@ class modUser extends DolibarrModules
 		$this->rights[$r][3] = 1;
 		$this->rights[$r][4] = 'self_advance';
 		$this->rights[$r][5] = 'writeperms';
-		*/

 		$r++;
 		$this->rights[$r][0] = 351;
--- a/htdocs/langs/en_US/other.lang
+++ b/htdocs/langs/en_US/other.lang
@ -146,6 +146,7 @@ YouReceiveMailBecauseOfNotification=You receive this message because your email
 YouReceiveMailBecauseOfNotification2=This event is the following:
 ThisIsListOfModules=This is a list of modules preselected by this demo profile (only most common modules are visible in this demo). Edit this to have a more personalized demo and click on "Start".
 ClickHere=Click here
+UseAdvancedPerms=Use the advanced rights permissions in modules

 ##### Bookmark #####
 Bookmark=Bookmark
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@ -519,8 +519,10 @@ Permission252= Consulter les permissions des autres utilisateurs
 Permission253= Créer/modifier les autres utilisateurs et leurs permissions
 Permission254= Modifier le mot de passe des autres utilisateurs
 Permission255= Supprimer ou désactiver les autres utilisateurs
+Permission256= Consulter ses propres permissions
 Permission257= Créer/modifier ses propres infos utilisateur
 Permission258= Modifier son propre mot de passe
+Permission259= Modifier ses propres permissions
 Permission262= Étendre l'accès à tous les tiers (Pas seulement ceux liés à l'utilisateur). Non effectif pour utilisateurs externes (toujours limité à eux-même). 
 Permission271= Consulter le CA
 Permission272= Consulter les factures
--- a/htdocs/langs/fr_FR/other.lang
+++ b/htdocs/langs/fr_FR/other.lang
@ -146,6 +146,7 @@ YouReceiveMailBecauseOfNotification=Vous recevez ce message car votre email a é
 YouReceiveMailBecauseOfNotification2=L'événement en question est le suivant:
 ThisIsListOfModules=Voici une liste de modules présélectionnés par ce profil de démo (seuls les plus courants sont accessibles dans cette demo). Affinez encore vos préférences et cliquez sur "Démarrer".
 ClickHere=Cliquez ici
+UseAdvancedPerms=Utiliser les droits avancés dans les permissions des modules

 ##### Bookmark #####
 Bookmark=Marque-page
--- a/htdocs/lib/usergroups.lib.php
+++ b/htdocs/lib/usergroups.lib.php
@ -30,7 +30,11 @@ function user_prepare_head($object)

 	$langs->load("users");

-	$canreadperms=($user->admin || ($user->id != $object->id && $user->rights->user->user->readperms) || ($user->id == $object->id));
+	$canreadperms=true;
+	if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+	{
+		$canreadperms=($user->admin || ($user->id != $object->id && $user->rights->user->user_advance->readperms) || ($user->id == $object->id && $user->rights->user->self_advance->readperms));
+	}

 	$h = 0;
 	$head = array();
@ -108,7 +112,11 @@ function group_prepare_head($object)
 {
 	global $langs, $conf, $user;

-	$canreadperms=($user->admin || $user->rights->user->group->readperms);
+	$canreadperms=true;
+	if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+	{
+		$canreadperms=($user->admin || $user->rights->user->group_advance->readperms);
+	}

 	$h = 0;
 	$head = array();
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@ -41,8 +41,13 @@ $canadduser=($user->admin || $user->rights->user->user->creer);
 $canreaduser=($user->admin || $user->rights->user->user->lire);
 $canedituser=($user->admin || $user->rights->user->user->creer);
 $candisableuser=($user->admin || $user->rights->user->user->supprimer);
-$canreadgroup=($user->admin || $user->rights->user->group->read);
-$caneditgroup=($user->admin || $user->rights->user->group->write);
+$canreadgroup=true;
+$caneditgroup=true;
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$canreadgroup=($user->admin || $user->rights->user->group_advance->read);
+	$caneditgroup=($user->admin || $user->rights->user->group_advance->write);
+}
 // Define value to know what current user can do on properties of edited user
 if ($_GET["id"])
 {
--- a/htdocs/user/group/fiche.php
+++ b/htdocs/user/group/fiche.php
@ -32,6 +32,13 @@ require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php");
 $canreadperms=($user->admin || $user->rights->user->user->lire);
 $caneditperms=($user->admin || $user->rights->user->user->creer);
 $candisableperms=($user->admin || $user->rights->user->user->supprimer);
+// Advanced permissions
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$canreadperms=($user->admin || $user->rights->user->group_advance->read);
+	$caneditperms=($user->admin || $user->rights->user->group_advance->write);
+	$candisableperms=($user->admin || $user->rights->user->group_advance->delete);
+}

 $langs->load("users");
 $langs->load("other");
@ -39,13 +46,14 @@ $langs->load("other");
 // Security check
 $result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user');

-$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"];
+$action=GETPOST("action");
+$confirm=GETPOST("confirm");


 /**
 *  Action remove group
 */
-if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes")
+if ($action == 'confirm_delete' && $confirm == "yes")
 {
 	if ($caneditperms)
 	{
--- a/htdocs/user/group/index.php
+++ b/htdocs/user/group/index.php
@ -27,8 +27,10 @@

 require("../../main.inc.php");

-
-if (! $user->rights->user->group->lire && ! $user->admin) accessforbidden();
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	if (! $user->rights->user->group_advance->read && ! $user->admin) accessforbidden();
+}

 $langs->load("users");

--- a/htdocs/user/group/perms.php
+++ b/htdocs/user/group/perms.php
@ -35,13 +35,20 @@ $langs->load("users");
 $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"];

 // Defini si peux lire les permissions
-$canreadperms=($user->admin || ($user->rights->user->group->read && $user->rights->user->group->readperms));
+$canreadperms=($user->admin || $user->rights->user->user->lire);
+// Defini si peux modifier les permissions
+$caneditperms=($user->admin || $user->rights->user->user->creer);
+// Advanced permissions
+$advancedpermsactive=false;
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$advancedpermsactive=true;
+	$canreadperms=($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms));
+	$caneditperms=($user->admin || $user->rights->user->group_advance->write);
+}

 if (! $canreadperms) accessforbidden();

-// Defini si peux modifier les permissions
-$caneditperms=($user->admin || $user->rights->user->group->write);
-

 /**
 * Actions
@ -194,6 +201,7 @@ if ($_GET["id"])
    $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
    $sql.= " WHERE r.libelle NOT LIKE 'tou%'";    // On ignore droits "tous"
    $sql.= " AND r.entity = ".$conf->entity;
+    if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'";  // Hide advanced perms if option is disable
    $sql.= " ORDER BY r.module, r.id";

    $result=$db->query($sql);
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@ -37,13 +37,16 @@ $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"];
 if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden();

 // Defini si peux lire les permissions
-$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user->readperms));
-
+$canreaduser=($user->admin || $user->rights->user->user->lire);
 // Defini si peux modifier les autres utilisateurs et leurs permisssions
 $caneditperms=($user->admin || $user->rights->user->user->creer);
-
-// Defini si peux modifier ses propres permissions
-//$caneditselfperms=($user->admin || ($user->id == $_GET["id"]));
+// Advanced permissions
+if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS))
+{
+	$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms));
+	$caneditselfperms=($user->id == $_GET["id"] && $user->rights->user->self_advance->writeperms);
+	$caneditperms = '('.$caneditperms.' || '.$caneditselfperms.')';
+}

 // Security check
 $socid=0;
@ -247,6 +250,7 @@ $sql = "SELECT r.id, r.libelle, r.module";
 $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r";
 $sql.= " WHERE r.libelle NOT LIKE 'tou%'";    // On ignore droits "tous"
 $sql.= " AND r.entity = ".$conf->entity;
+if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'";  // Hide advanced perms if option is disable
 $sql.= " ORDER BY r.module, r.id";

 $result=$db->query($sql);