Fix permissions on module PaymentByBankTransfer
This commit is contained in:
Laurent Destailleur
parent
b3cb56f2ef
commit
b6ec7ae77a
@ -48,7 +48,7 @@ $result = restrictedArea($user, 'paymentbybanktransfer', '', '');
|
||||
* Actions
|
||||
*/
|
||||
|
||||
|
||||
// None
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -33,11 +33,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('banks', 'categories', 'bills', 'companies', 'withdrawals'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Get supervariables
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$id = GETPOST('id', 'int');
|
||||
@ -71,11 +66,11 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
|
||||
|
||||
$hookmanager->initHooks(array('directdebitprevcard', 'globalcard', 'directdebitprevlist'));
|
||||
|
||||
if (!$user->rights->prelevement->bons->lire && $object->type != 'bank-transfer') {
|
||||
accessforbidden();
|
||||
}
|
||||
if (!$user->rights->paymentbybanktransfer->read && $object->type == 'bank-transfer') {
|
||||
accessforbidden();
|
||||
$type = $object->type;
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -39,12 +39,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('banks', 'categories', 'withdrawals', 'companies', 'bills'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
// Get supervariables
|
||||
@ -63,6 +57,16 @@ $offset = $limit * $page;
|
||||
|
||||
$hookmanager->initHooks(array('directdebitcreatecard', 'globalcard'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -141,7 +145,11 @@ if (empty($reshook)) {
|
||||
}
|
||||
}
|
||||
$objectclass = "BonPrelevement";
|
||||
$uploaddir = $conf->prelevement->dir_output;
|
||||
if ($type == 'bank-transfer') {
|
||||
$uploaddir = $conf->paymentbybanktransfer->dir_output;
|
||||
} else {
|
||||
$uploaddir = $conf->prelevement->dir_output;
|
||||
}
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
|
||||
}
|
||||
|
||||
|
||||
@ -37,10 +37,6 @@ $langs->loadLangs(array('banks', 'categories', 'withdrawals', 'companies'));
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
$status = GETPOST('status', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$contextpage = GETPOST('contextpage', 'aZ') ?GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlist'; // To manage different context of search
|
||||
$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
|
||||
@ -73,6 +69,15 @@ $massactionbutton = '';
|
||||
|
||||
$hookmanager->initHooks(array('withdrawalstodolist'));
|
||||
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -34,11 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('banks', 'categories', 'bills', 'companies', 'withdrawals'));
|
||||
|
||||
// Securite acces client
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Get supervariables
|
||||
$id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
@ -70,11 +65,16 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
|
||||
|
||||
$hookmanager->initHooks(array('directdebitprevcard', 'globalcard', 'directdebitprevlist'));
|
||||
|
||||
if (!$user->rights->prelevement->bons->lire && $object->type != 'bank-transfer') {
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
if (!$user->rights->paymentbybanktransfer->read && $object->type == 'bank-transfer') {
|
||||
accessforbidden();
|
||||
|
||||
$type = $object->type;
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -62,11 +62,16 @@ $object = new BonPrelevement($db);
|
||||
// Load object
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
|
||||
|
||||
if (!$user->rights->prelevement->bons->lire && $object->type != 'bank-transfer') {
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
if (!$user->rights->paymentbybanktransfer->read && $object->type == 'bank-transfer') {
|
||||
accessforbidden();
|
||||
|
||||
$type = $object->type;
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -32,11 +32,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array("banks", "categories", 'withdrawals', 'bills'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Get supervariables
|
||||
$prev_id = GETPOST('id', 'int');
|
||||
$ref = GETPOST('ref', 'alpha');
|
||||
@ -61,11 +56,16 @@ $object = new BonPrelevement($db);
|
||||
// Load object
|
||||
include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once // Must be include, not include_once. Include fetch and fetch_thirdparty but not fetch_optionals
|
||||
|
||||
if (!$user->rights->prelevement->bons->lire && $object->type != 'bank-transfer') {
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
if (!$user->rights->paymentbybanktransfer->read && $object->type == 'bank-transfer') {
|
||||
accessforbidden();
|
||||
|
||||
$type = $object->type;
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -41,14 +41,14 @@ $socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '');
|
||||
$result = restrictedArea($user, 'prelevement', '', 'bons');
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
*/
|
||||
|
||||
|
||||
// None
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -35,11 +35,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadlangs(array('banks', 'categories', 'bills', 'withdrawals'));
|
||||
|
||||
// Security check
|
||||
if ($user->socid > 0) {
|
||||
accessforbidden();
|
||||
}
|
||||
|
||||
// Get supervariables
|
||||
$action = GETPOST('action', 'aZ09');
|
||||
$id = GETPOST('id', 'int');
|
||||
@ -66,6 +61,13 @@ if ($sortfield == "") {
|
||||
$sortfield = "pl.fk_soc";
|
||||
}
|
||||
|
||||
$type = $object->type;
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -42,13 +42,6 @@ $contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'di
|
||||
$backtopage = GETPOST('backtopage', 'alpha'); // Go back to a dedicated page
|
||||
$optioncss = GETPOST('optioncss', 'aZ'); // Option for the css output (always '' except when 'print')
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
$limit = GETPOST('limit', 'int') ?GETPOST('limit', 'int') : $conf->liste_limit;
|
||||
@ -80,6 +73,17 @@ $company = new Societe($db);
|
||||
|
||||
$hookmanager->initHooks(array('withdrawalsreceiptslineslist'));
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -33,13 +33,6 @@ $langs->loadLangs(array('banks', 'categories', 'withdrawals'));
|
||||
|
||||
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'directdebitcredittransferlist'; // To manage different context of search
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
$limit = GETPOST('limit', 'int') ? GETPOST('limit', 'int') : $conf->liste_limit;
|
||||
@ -72,6 +65,17 @@ if ($type == 'bank-transfer') {
|
||||
$usercancreate = $user->rights->paymentbybanktransfer->create;
|
||||
}
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
@ -137,15 +141,15 @@ if ($result) {
|
||||
|
||||
$newcardbutton = '';
|
||||
if ($usercancreate) {
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewStandingOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/prelevement/create.php');
|
||||
$newcardbutton .= dolGetButtonTitle($langs->trans('NewStandingOrder'), '', 'fa fa-plus-circle', DOL_URL_ROOT.'/compta/prelevement/create.php?type='.urlencode($type));
|
||||
}
|
||||
|
||||
// Lines of title fields
|
||||
print '<form method="POST" id="searchFormList" action="'.$_SERVER["PHP_SELF"].'">';
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
if ($optioncss != '') {
|
||||
print '<input type="hidden" name="optioncss" value="'.$optioncss.'">';
|
||||
}
|
||||
print '<input type="hidden" name="token" value="'.newToken().'">';
|
||||
print '<input type="hidden" name="formfilteraction" id="formfilteraction" value="list">';
|
||||
print '<input type="hidden" name="action" value="list">';
|
||||
print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
|
||||
|
||||
@ -33,13 +33,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('banks', 'categories', 'withdrawals', 'companies'));
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
// Get supervariables
|
||||
@ -54,6 +47,17 @@ $offset = $limit * $page;
|
||||
$pageprev = $page - 1;
|
||||
$pagenext = $page + 1;
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* View
|
||||
|
||||
@ -31,14 +31,18 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
// Load translation files required by the page
|
||||
$langs->loadLangs(array('banks', 'categories', 'withdrawals', 'companies'));
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
|
||||
// Security check
|
||||
$socid = GETPOST('socid', 'int');
|
||||
if ($user->socid) {
|
||||
$socid = $user->socid;
|
||||
}
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
|
||||
$type = GETPOST('type', 'aZ09');
|
||||
if ($type == 'bank-transfer') {
|
||||
$result = restrictedArea($user, 'paymentbybanktransfer', '', '', '');
|
||||
} else {
|
||||
$result = restrictedArea($user, 'prelevement', '', '', 'bons');
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
|
||||
@ -3387,8 +3387,8 @@ table.liste, table.noborder, table.formdoc, div.noborder {
|
||||
<?php
|
||||
if ($userborderontable) { ?>
|
||||
border-left: 1px solid var(--colortopbordertitle1);
|
||||
border-right: 1px solid var(--colortopbordertitle1);
|
||||
<?php } ?>
|
||||
border-right: 1px solid var(--colortopbordertitle1);
|
||||
<?php } ?>
|
||||
/*width: calc(100% - 7px);
|
||||
border-collapse: separate !important;
|
||||
border-spacing: 0px;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user