diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php index 65a39b418e5..35642c0babb 100644 --- a/htdocs/admin/perms.php +++ b/htdocs/admin/perms.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2009 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2010 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -117,6 +117,7 @@ $sql = "SELECT r.id, r.libelle, r.module, r.perms, r.subperms, r.bydefault"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" $sql.= " AND entity = ".$conf->entity; +if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable $sql.= " ORDER BY r.module, r.id"; $result = $db->query($sql); diff --git a/htdocs/admin/security_other.php b/htdocs/admin/security_other.php index 61f286003ec..be98682262c 100644 --- a/htdocs/admin/security_other.php +++ b/htdocs/admin/security_other.php @@ -1,5 +1,6 @@ + * Copyright (C) 2005-2010 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -104,6 +105,19 @@ else if ($_GET["action"] == 'disable_captcha') exit; } +if ($_GET["action"] == 'activate_advancedperms') +{ + dolibarr_set_const($db, "MAIN_USE_ADVANCED_PERMS", '1','chaine',0,'',$conf->entity); + Header("Location: security_other.php"); + exit; +} +else if ($_GET["action"] == 'disable_advancedperms') +{ + dolibarr_del_const($db, "MAIN_USE_ADVANCED_PERMS",$conf->entity); + Header("Location: security_other.php"); + exit; +} + if ($_GET["action"] == 'MAIN_SESSION_TIMEOUT') { dolibarr_set_const($db, "MAIN_SESSION_TIMEOUT", $_POST["MAIN_SESSION_TIMEOUT"],'chaine',0,'',$conf->entity); @@ -218,6 +232,24 @@ print ""; print ""; print ''; +// Enable advanced perms +$var=!$var; +print ""; +print ''.$langs->trans("UseAdvancedPerms").''; +print ''; +if ($conf->global->MAIN_USE_ADVANCED_PERMS == 0) +{ + print ''.img_picto($langs->trans("Disabled"),'off').''; +} +if($conf->global->MAIN_USE_ADVANCED_PERMS == 1) +{ + print ''.img_picto($langs->trans("Enabled"),'on').''; +} +print ""; + +print ""; +print ''; + print ''; diff --git a/htdocs/includes/modules/modUser.class.php b/htdocs/includes/modules/modUser.class.php index 66fb2b93ee2..ed146151eab 100644 --- a/htdocs/includes/modules/modUser.class.php +++ b/htdocs/includes/modules/modUser.class.php @@ -125,7 +125,6 @@ class modUser extends DolibarrModules $this->rights[$r][4] = 'user'; $this->rights[$r][5] = 'supprimer'; - /* Removed useless permission $r++; $this->rights[$r][0] = 256; $this->rights[$r][1] = 'Consulter ses propres permissions'; @@ -133,7 +132,6 @@ class modUser extends DolibarrModules $this->rights[$r][3] = 1; $this->rights[$r][4] = 'self_advance'; $this->rights[$r][5] = 'readperms'; - */ $r++; $this->rights[$r][0] = 257; @@ -151,7 +149,6 @@ class modUser extends DolibarrModules $this->rights[$r][4] = 'self'; $this->rights[$r][5] = 'password'; - /* Removed useless permission $r++; $this->rights[$r][0] = 259; $this->rights[$r][1] = 'Modifier ses propres permissions'; @@ -159,7 +156,6 @@ class modUser extends DolibarrModules $this->rights[$r][3] = 1; $this->rights[$r][4] = 'self_advance'; $this->rights[$r][5] = 'writeperms'; - */ $r++; $this->rights[$r][0] = 351; diff --git a/htdocs/langs/en_US/other.lang b/htdocs/langs/en_US/other.lang index 67e944fb27b..51d6dc469f5 100644 --- a/htdocs/langs/en_US/other.lang +++ b/htdocs/langs/en_US/other.lang @@ -146,6 +146,7 @@ YouReceiveMailBecauseOfNotification=You receive this message because your email YouReceiveMailBecauseOfNotification2=This event is the following: ThisIsListOfModules=This is a list of modules preselected by this demo profile (only most common modules are visible in this demo). Edit this to have a more personalized demo and click on "Start". ClickHere=Click here +UseAdvancedPerms=Use the advanced rights permissions in modules ##### Bookmark ##### Bookmark=Bookmark diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang index c1eadf84fd3..d5401c56c13 100644 --- a/htdocs/langs/fr_FR/admin.lang +++ b/htdocs/langs/fr_FR/admin.lang @@ -519,8 +519,10 @@ Permission252= Consulter les permissions des autres utilisateurs Permission253= Créer/modifier les autres utilisateurs et leurs permissions Permission254= Modifier le mot de passe des autres utilisateurs Permission255= Supprimer ou désactiver les autres utilisateurs +Permission256= Consulter ses propres permissions Permission257= Créer/modifier ses propres infos utilisateur Permission258= Modifier son propre mot de passe +Permission259= Modifier ses propres permissions Permission262= Étendre l'accès à tous les tiers (Pas seulement ceux liés à l'utilisateur). Non effectif pour utilisateurs externes (toujours limité à eux-même). Permission271= Consulter le CA Permission272= Consulter les factures diff --git a/htdocs/langs/fr_FR/other.lang b/htdocs/langs/fr_FR/other.lang index ca26a8ee760..c8d739ff471 100644 --- a/htdocs/langs/fr_FR/other.lang +++ b/htdocs/langs/fr_FR/other.lang @@ -146,6 +146,7 @@ YouReceiveMailBecauseOfNotification=Vous recevez ce message car votre email a é YouReceiveMailBecauseOfNotification2=L'événement en question est le suivant: ThisIsListOfModules=Voici une liste de modules présélectionnés par ce profil de démo (seuls les plus courants sont accessibles dans cette demo). Affinez encore vos préférences et cliquez sur "Démarrer". ClickHere=Cliquez ici +UseAdvancedPerms=Utiliser les droits avancés dans les permissions des modules ##### Bookmark ##### Bookmark=Marque-page diff --git a/htdocs/lib/usergroups.lib.php b/htdocs/lib/usergroups.lib.php index bb0d4d51a8c..3e882f81535 100644 --- a/htdocs/lib/usergroups.lib.php +++ b/htdocs/lib/usergroups.lib.php @@ -30,7 +30,11 @@ function user_prepare_head($object) $langs->load("users"); - $canreadperms=($user->admin || ($user->id != $object->id && $user->rights->user->user->readperms) || ($user->id == $object->id)); + $canreadperms=true; + if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) + { + $canreadperms=($user->admin || ($user->id != $object->id && $user->rights->user->user_advance->readperms) || ($user->id == $object->id && $user->rights->user->self_advance->readperms)); + } $h = 0; $head = array(); @@ -108,7 +112,11 @@ function group_prepare_head($object) { global $langs, $conf, $user; - $canreadperms=($user->admin || $user->rights->user->group->readperms); + $canreadperms=true; + if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) + { + $canreadperms=($user->admin || $user->rights->user->group_advance->readperms); + } $h = 0; $head = array(); diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php index 7fb36981aa0..f4673baf117 100644 --- a/htdocs/user/fiche.php +++ b/htdocs/user/fiche.php @@ -41,8 +41,13 @@ $canadduser=($user->admin || $user->rights->user->user->creer); $canreaduser=($user->admin || $user->rights->user->user->lire); $canedituser=($user->admin || $user->rights->user->user->creer); $candisableuser=($user->admin || $user->rights->user->user->supprimer); -$canreadgroup=($user->admin || $user->rights->user->group->read); -$caneditgroup=($user->admin || $user->rights->user->group->write); +$canreadgroup=true; +$caneditgroup=true; +if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) +{ + $canreadgroup=($user->admin || $user->rights->user->group_advance->read); + $caneditgroup=($user->admin || $user->rights->user->group_advance->write); +} // Define value to know what current user can do on properties of edited user if ($_GET["id"]) { diff --git a/htdocs/user/group/fiche.php b/htdocs/user/group/fiche.php index 45e59890e5b..65f48ee89ea 100644 --- a/htdocs/user/group/fiche.php +++ b/htdocs/user/group/fiche.php @@ -32,6 +32,13 @@ require_once(DOL_DOCUMENT_ROOT."/lib/usergroups.lib.php"); $canreadperms=($user->admin || $user->rights->user->user->lire); $caneditperms=($user->admin || $user->rights->user->user->creer); $candisableperms=($user->admin || $user->rights->user->user->supprimer); +// Advanced permissions +if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) +{ + $canreadperms=($user->admin || $user->rights->user->group_advance->read); + $caneditperms=($user->admin || $user->rights->user->group_advance->write); + $candisableperms=($user->admin || $user->rights->user->group_advance->delete); +} $langs->load("users"); $langs->load("other"); @@ -39,13 +46,14 @@ $langs->load("other"); // Security check $result = restrictedArea($user, 'user', $_GET["id"], 'usergroup', 'user'); -$action=isset($_GET["action"])?$_GET["action"]:$_POST["action"]; +$action=GETPOST("action"); +$confirm=GETPOST("confirm"); /** * Action remove group */ -if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes") +if ($action == 'confirm_delete' && $confirm == "yes") { if ($caneditperms) { diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php index 6b1224f4b21..36aab9bef62 100644 --- a/htdocs/user/group/index.php +++ b/htdocs/user/group/index.php @@ -27,8 +27,10 @@ require("../../main.inc.php"); - -if (! $user->rights->user->group->lire && ! $user->admin) accessforbidden(); +if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) +{ + if (! $user->rights->user->group_advance->read && ! $user->admin) accessforbidden(); +} $langs->load("users"); diff --git a/htdocs/user/group/perms.php b/htdocs/user/group/perms.php index 454ebcf2c62..a3faae416cb 100644 --- a/htdocs/user/group/perms.php +++ b/htdocs/user/group/perms.php @@ -35,13 +35,20 @@ $langs->load("users"); $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"]; // Defini si peux lire les permissions -$canreadperms=($user->admin || ($user->rights->user->group->read && $user->rights->user->group->readperms)); +$canreadperms=($user->admin || $user->rights->user->user->lire); +// Defini si peux modifier les permissions +$caneditperms=($user->admin || $user->rights->user->user->creer); +// Advanced permissions +$advancedpermsactive=false; +if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) +{ + $advancedpermsactive=true; + $canreadperms=($user->admin || ($user->rights->user->group_advance->read && $user->rights->user->group_advance->readperms)); + $caneditperms=($user->admin || $user->rights->user->group_advance->write); +} if (! $canreadperms) accessforbidden(); -// Defini si peux modifier les permissions -$caneditperms=($user->admin || $user->rights->user->group->write); - /** * Actions @@ -194,6 +201,7 @@ if ($_GET["id"]) $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" $sql.= " AND r.entity = ".$conf->entity; + if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable $sql.= " ORDER BY r.module, r.id"; $result=$db->query($sql); diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index 66c5433c441..d6cbf72995f 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -37,13 +37,16 @@ $module=isset($_GET["module"])?$_GET["module"]:$_POST["module"]; if (! isset($_GET["id"]) || empty($_GET["id"])) accessforbidden(); // Defini si peux lire les permissions -$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user->readperms)); - +$canreaduser=($user->admin || $user->rights->user->user->lire); // Defini si peux modifier les autres utilisateurs et leurs permisssions $caneditperms=($user->admin || $user->rights->user->user->creer); - -// Defini si peux modifier ses propres permissions -//$caneditselfperms=($user->admin || ($user->id == $_GET["id"])); +// Advanced permissions +if (! empty($conf->global->MAIN_USE_ADVANCED_PERMS)) +{ + $canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms)); + $caneditselfperms=($user->id == $_GET["id"] && $user->rights->user->self_advance->writeperms); + $caneditperms = '('.$caneditperms.' || '.$caneditselfperms.')'; +} // Security check $socid=0; @@ -247,6 +250,7 @@ $sql = "SELECT r.id, r.libelle, r.module"; $sql.= " FROM ".MAIN_DB_PREFIX."rights_def as r"; $sql.= " WHERE r.libelle NOT LIKE 'tou%'"; // On ignore droits "tous" $sql.= " AND r.entity = ".$conf->entity; +if (empty($conf->global->MAIN_USE_ADVANCED_PERMS)) $sql.= " AND r.perms NOT LIKE '%_advance'"; // Hide advanced perms if option is disable $sql.= " ORDER BY r.module, r.id"; $result=$db->query($sql);