diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 4c4f83baf38..0a288644d7e 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -109,10 +109,25 @@ if ($id > 0 || !empty($ref)) if ($ret < 0) dol_print_error($db, $object->error); } -$permissionnote = $user->rights->fournisseur->commande->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->fournisseur->commande->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->fournisseur->commande->creer; // Used by the include of actions_lineupdown.inc.php -$permissiontoadd = $user->rights->fournisseur->commande->creer; // Used by the include of actions_addupdatedelete.inc.php +// Common permissions +$usercanread = $user->rights->fournisseur->commande->lire; +$usercancreate = $user->rights->fournisseur->commande->creer; +$usercandelete = $user->rights->fournisseur->commande->supprimer; + +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))); + +// Additional area permissions +$usercanapprove = $user->rights->fournisseur->commande->approuver; +$usercanapprovesecond = $user->rights->fournisseur->commande->approve2; +$usercanorder = $user->rights->fournisseur->commande->commander; +$usercanreceived = $user->rights->fournisseur->commande->receptionner; + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php /* @@ -141,66 +156,66 @@ if (empty($reshook)) include DOL_DOCUMENT_ROOT.'/core/actions_lineupdown.inc.php'; // Must be include, not include_once - if ($action == 'setref_supplier' && $user->rights->fournisseur->commande->creer) + if ($action == 'setref_supplier' && $usercancreate) { $result = $object->setValueFrom('ref_supplier', GETPOST('ref_supplier', 'alpha'), '', null, 'text', '', $user, 'ORDER_SUPPLIER_MODIFY'); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set incoterm - if ($action == 'set_incoterms' && $user->rights->fournisseur->commande->creer) + if ($action == 'set_incoterms' && $usercancreate) { $result = $object->setIncoterms(GETPOST('incoterm_id', 'int'), GETPOST('location_incoterms', 'alpha')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // payment conditions - if ($action == 'setconditions' && $user->rights->fournisseur->commande->creer) + if ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // payment mode - if ($action == 'setmode' && $user->rights->fournisseur->commande->creer) + if ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->commande->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->commande->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx'))); } // bank account - if ($action == 'setbankaccount' && $user->rights->fournisseur->commande->creer) + if ($action == 'setbankaccount' && $usercancreate) { $result = $object->setBankAccount(GETPOST('fk_account', 'int')); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // date of delivery - if ($action == 'setdate_livraison' && $user->rights->fournisseur->commande->creer) + if ($action == 'setdate_livraison' && $usercancreate) { $result = $object->set_date_livraison($user, $datelivraison); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Set project - if ($action == 'classin' && $user->rights->fournisseur->commande->creer) + if ($action == 'classin' && $usercancreate) { $result = $object->setProject($projectid); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); } // Edit Thirdparty - if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $user->rights->fournisseur->commande->creer && $object->statut == CommandeFournisseur::STATUS_DRAFT) + if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && $action == 'set_thirdparty' && $usercancreate && $object->statut == CommandeFournisseur::STATUS_DRAFT) { $new_socid = GETPOST('new_socid', 'int'); if (!empty($new_socid) && $new_socid != $object->thirdparty->id) { @@ -260,7 +275,7 @@ if (empty($reshook)) exit; } - if ($action == 'setremisepercent' && $user->rights->fournisseur->commande->creer) + if ($action == 'setremisepercent' && $usercancreate) { $result = $object->set_remise($user, $_POST['remise_percent']); if ($result < 0) setEventMessages($object->error, $object->errors, 'errors'); @@ -323,7 +338,7 @@ if (empty($reshook)) /* * Classify supplier order as billed */ - if ($action == 'classifybilled' && $user->rights->fournisseur->commande->creer) + if ($action == 'classifybilled' && $usercancreate) { $ret = $object->classifyBilled($user); if ($ret < 0) { @@ -332,7 +347,7 @@ if (empty($reshook)) } // Add a product line - if ($action == 'addline' && $user->rights->fournisseur->commande->creer) + if ($action == 'addline' && $usercancreate) { $db->begin(); @@ -620,7 +635,7 @@ if (empty($reshook)) /* * Updating a line in the order */ - if ($action == 'updateline' && $user->rights->fournisseur->commande->creer && !GETPOST('cancel', 'alpha')) + if ($action == 'updateline' && $usercancreate && !GETPOST('cancel', 'alpha')) { $vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0); @@ -757,7 +772,7 @@ if (empty($reshook)) } // Remove a product line - if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer) + if ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); if ($result > 0) @@ -788,10 +803,7 @@ if (empty($reshook)) } // Validate - if ($action == 'confirm_valid' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))) - ) + if ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate) { $object->date_commande = dol_now(); $result = $object->valid($user); @@ -819,13 +831,13 @@ if (empty($reshook)) } // If we have permission, and if we don't need to provide the idwarehouse, we go directly on approved step - if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $user->rights->fournisseur->commande->approuver && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1))) + if (empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE) && $usercanapprove && !(!empty($conf->global->STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER) && $object->hasProductsOrServices(1))) { $action = 'confirm_approve'; // can make standard or first level approval also if permission is set } } - if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver) + if (($action == 'confirm_approve' || $action == 'confirm_approve2') && $confirm == 'yes' && $usercanapprove) { $idwarehouse = GETPOST('idwarehouse', 'int'); @@ -872,7 +884,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_refuse' && $confirm == 'yes' && $user->rights->fournisseur->commande->approuver) + if ($action == 'confirm_refuse' && $confirm == 'yes' && $usercanapprove) { $result = $object->refuse($user); if ($result > 0) @@ -894,7 +906,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_commande' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander) + if ($action == 'confirm_commande' && $confirm == 'yes' && $usercanorder) { $result = $object->commande($user, GETPOST("datecommande"), GETPOST("methode", 'int'), GETPOST('comment', 'alphanohtml')); if ($result > 0) @@ -920,7 +932,7 @@ if (empty($reshook)) } - if ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->fournisseur->commande->supprimer) + if ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) { $result = $object->delete($user); if ($result > 0) @@ -933,7 +945,7 @@ if (empty($reshook)) } // Action clone object - if ($action == 'confirm_clone' && $confirm == 'yes' && $user->rights->fournisseur->commande->creer) + if ($action == 'confirm_clone' && $confirm == 'yes' && $usercancreate) { if (1 == 0 && !GETPOST('clone_content') && !GETPOST('clone_receivers')) { @@ -958,7 +970,7 @@ if (empty($reshook)) } // Set status of reception (complete, partial, ...) - if ($action == 'livraison' && $user->rights->fournisseur->commande->receptionner) + if ($action == 'livraison' && $usercanreceived) { if (GETPOST("type") != '') { @@ -981,7 +993,7 @@ if (empty($reshook)) } } - if ($action == 'confirm_cancel' && $confirm == 'yes' && $user->rights->fournisseur->commande->commander) + if ($action == 'confirm_cancel' && $confirm == 'yes' && $usercanorder) { $result = $object->cancel($user); if ($result > 0) @@ -1004,7 +1016,7 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->fournisseur->commande->dir_output; - $permissiontoadd = $user->rights->fournisseur->commande->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; @@ -1037,7 +1049,7 @@ if (empty($reshook)) /* * Create an order */ - if ($action == 'add' && $user->rights->fournisseur->commande->creer) + if ($action == 'add' && $usercancreate) { $error = 0; $selectedLines = GETPOST('toselect', 'array'); @@ -1338,7 +1350,7 @@ if (empty($reshook)) } } - if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->commande->creer) + if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate) { if ($action == 'addcontact') { @@ -1847,11 +1859,11 @@ if ($action == 'create') $morehtmlref = '
'; // Ref supplier - $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', null, null, '', 1); + $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= '
'.$langs->trans('ThirdParty'); - if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($user->rights->fournisseur->commande->creer) && $action == 'edit_thirdparty') { + if (!empty($conf->global->MAIN_CAN_EDIT_SUPPLIER_ON_SUPPLIER_ORDER) && !empty($usercancreate) && $action == 'edit_thirdparty') { $morehtmlref .= ' : '; $morehtmlref .= '
'; $morehtmlref .= ''; @@ -1872,7 +1884,7 @@ if ($action == 'create') if (!empty($conf->projet->enabled)) { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->fournisseur->commande->creer) { + if ($usercancreate) { if ($action != 'classify') $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; if ($action == 'classify') { @@ -2046,7 +2058,7 @@ if ($action == 'create') print ''; print '
'; print $langs->trans('BankAccount'); print ''; - if ($action != 'editbankaccount' && $user->rights->fournisseur->commande->creer) + if ($action != 'editbankaccount' && $usercancreate) print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -2100,7 +2112,7 @@ if ($action == 'create') print '
'; print $langs->trans('IncotermLabel'); print ''; - if ($user->rights->fournisseur->commande->creer) print ''.img_edit().''; + if ($usercancreate) print ''.img_edit().''; else print ' '; print '
'; print ''; @@ -2238,7 +2250,7 @@ if ($action == 'create') $num = count($object->lines); // Form to add new line - if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $user->rights->fournisseur->commande->creer) + if ($object->statut == CommandeFournisseur::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -2273,11 +2285,10 @@ if ($action == 'create') // Validate if ($object->statut == 0 && $num > 0) { - if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_order_advance->validate))) + if ($usercanvalidate) { $tmpbuttonlabel = $langs->trans('Validate'); - if ($user->rights->fournisseur->commande->approuver && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove"); + if ($usercanapprove && empty($conf->global->SUPPLIER_ORDER_NO_DIRECT_APPROVE)) $tmpbuttonlabel = $langs->trans("ValidateAndApprove"); print ''; print $tmpbuttonlabel; @@ -2293,7 +2304,7 @@ if ($action == 'create') // Modify if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("Modify").''; } @@ -2302,7 +2313,7 @@ if ($action == 'create') // Approve if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approuver) + if ($usercanapprove) { if (!empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED) && $conf->global->MAIN_FEATURES_LEVEL > 0 && $object->total_ht >= $conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED && !empty($object->user_approve_id)) { @@ -2320,7 +2331,7 @@ if ($action == 'create') { if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approve2) + if ($usercanapprovesecond) { if (!empty($object->user_approve_id2)) { @@ -2337,7 +2348,7 @@ if ($action == 'create') // Refuse if ($object->statut == CommandeFournisseur::STATUS_VALIDATED) { - if ($user->rights->fournisseur->commande->approuver || $user->rights->fournisseur->commande->approve2) + if ($usercanapprove || $usercanapprovesecond) { print ''.$langs->trans("RefuseOrder").''; } else { @@ -2349,7 +2360,7 @@ if ($action == 'create') if (empty($user->socid)) { if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED, 3, 4, 5)) || !empty($conf->global->SUPPLIER_ORDER_SENDBYEMAIL_FOR_ALL_STATUS)) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans('SendMail').''; } @@ -2360,7 +2371,7 @@ if ($action == 'create') if (in_array($object->statut, array(CommandeFournisseur::STATUS_ACCEPTED))) { $buttonshown = 0; - if (!$buttonshown && $user->rights->fournisseur->commande->approuver) + if (!$buttonshown && $usercanapprove) { if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY) || (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER_ONLY) && $user->id == $object->user_approve_id)) @@ -2369,7 +2380,7 @@ if ($action == 'create') $buttonshown++; } } - if (!$buttonshown && $user->rights->fournisseur->commande->approve2 && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) + if (!$buttonshown && $usercanapprovesecond && !empty($conf->global->SUPPLIER_ORDER_3_STEPS_TO_BE_APPROVED)) { if (empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY) || (!empty($conf->global->SUPPLIER_ORDER_REOPEN_BY_APPROVER2_ONLY) && $user->id == $object->user_approve_id2)) @@ -2380,7 +2391,7 @@ if ($action == 'create') } if (in_array($object->statut, array(3, 4, 5, 6, 7, 9))) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("ReOpen").''; } @@ -2394,7 +2405,7 @@ if ($action == 'create') if ($conf->reception->enabled) $labelofbutton = $langs->trans("CreateReception"); if (in_array($object->statut, array(3, 4, 5))) { - if ($conf->fournisseur->enabled && $user->rights->fournisseur->commande->receptionner) { + if ($conf->fournisseur->enabled && $usercanreceived) { print '
'.$labelofbutton.'
'; } else { print '
'.$labelofbutton.'
'; @@ -2404,7 +2415,7 @@ if ($action == 'create') if ($object->statut == CommandeFournisseur::STATUS_ACCEPTED) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print '
'.$langs->trans("MakeOrder").'
'; } else { @@ -2415,7 +2426,7 @@ if ($action == 'create') // Classify received (this does not record reception) if ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY) { - if ($user->rights->fournisseur->commande->receptionner) + if ($usercanreceived) { print '
'.$langs->trans("ClassifyReception").'
'; } @@ -2434,7 +2445,7 @@ if ($action == 'create') //} // Classify billed manually (need one invoice if module invoice is on, no condition on invoice if not) - if ($user->rights->fournisseur->commande->creer && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved + if ($usercancreate && $object->statut >= 2 && $object->statut != 7 && $object->billed != 1) // statut 2 means approved { if (empty($conf->facture->enabled)) { @@ -2459,7 +2470,7 @@ if ($action == 'create') } // Clone - if ($user->rights->fournisseur->commande->creer) + if ($usercancreate) { print ''.$langs->trans("ToClone").''; } @@ -2467,14 +2478,14 @@ if ($action == 'create') // Cancel if ($object->statut == 2) { - if ($user->rights->fournisseur->commande->commander) + if ($usercanorder) { print ''.$langs->trans("CancelOrder").''; } } // Delete - if (!empty($user->rights->fournisseur->commande->supprimer) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($user->rights->fournisseur->commande->creer))) + if (!empty($usercandelete) || ($object->statut == CommandeFournisseur::STATUS_DRAFT && !empty($usercancreate))) { print ''.$langs->trans("Delete").''; } @@ -2484,7 +2495,7 @@ if ($action == 'create') - if ($user->rights->fournisseur->commande->commander && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder') + if ($usercanorder && $object->statut == CommandeFournisseur::STATUS_ACCEPTED && $action == 'makeorder') { // Set status to ordered (action=commande) print ''."\n"; @@ -2528,8 +2539,8 @@ if ($action == 'create') $relativepath = $objref.'/'.$objref.'.pdf'; $filedir = $conf->fournisseur->dir_output.'/commande/'.$objref; $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->rights->fournisseur->commande->lire; - $delallowed = $user->rights->fournisseur->commande->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; print $formfile->showdocuments('commande_fournisseur', $objref, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 0, 0, '', '', '', $object->thirdparty->default_lang); $somethingshown = $formfile->numoffiles; @@ -2542,7 +2553,7 @@ if ($action == 'create') if ($action == 'classifyreception') { - if ($user->rights->fournisseur->commande->receptionner && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)) + if ($usercanreceived && ($object->statut == CommandeFournisseur::STATUS_ORDERSENT || $object->statut == CommandeFournisseur::STATUS_RECEIVED_PARTIALLY)) { // Set status to received (action=livraison) print ''."\n"; diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 0cde9145a51..1e0e64fb695 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -99,12 +99,20 @@ if (!empty($user->socid)) $socid = $user->socid; $isdraft = (($object->statut == FactureFournisseur::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture', 'fk_soc', 'rowid', $isdraft); -$usercancreate = $user->rights->fournisseur->facture->creer; +// Common permissions +$usercanread = $user->rights->fournisseur->facture->lire; +$usercancreate = $user->rights->fournisseur->facture->creer; +$usercandelete = $user->rights->fournisseur->facture->supprimer; -$permissionnote = $user->rights->fournisseur->facture->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->fournisseur->facture->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->fournisseur->facture->creer; // Used by the include of actions_lineupdown.inc.php -$permissiontoadd = $user->rights->fournisseur->facture->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))); +$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send); + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php /* @@ -159,11 +167,7 @@ if (empty($reshook)) setEventMessages($objectutil->error, $objectutil->errors, 'errors'); $action = ''; } - } elseif ($action == 'confirm_valid' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))) - ) - { + } elseif ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate) { $idwarehouse = GETPOST('idwarehouse'); $object->fetch($id); @@ -222,8 +226,7 @@ if (empty($reshook)) $isErasable = $object->is_erasable(); - if (($user->rights->fournisseur->facture->supprimer && $isErasable > 0) - || ($user->rights->fournisseur->facture->creer && $isErasable == 1)) + if (($usercandelete && $isErasable > 0) || ($usercancreate && $isErasable == 1)) { $result = $object->delete($user); if ($result > 0) @@ -237,7 +240,7 @@ if (empty($reshook)) } // Remove a product line - elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); if ($result > 0) @@ -268,13 +271,12 @@ if (empty($reshook)) } // Delete link of credit note to invoice - elseif ($action == 'unlinkdiscount' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'unlinkdiscount' && $usercancreate) { $discount = new DiscountAbsolute($db); $result = $discount->fetch(GETPOST("discountid")); $discount->unlink_invoice(); - } elseif ($action == 'confirm_paid' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'confirm_paid' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); $result = $object->set_paid($user); if ($result < 0) @@ -284,7 +286,7 @@ if (empty($reshook)) } // Set supplier ref - if ($action == 'setref_supplier' && $user->rights->fournisseur->facture->creer) + if ($action == 'setref_supplier' && $usercancreate) { $object->ref_supplier = GETPOST('ref_supplier', 'alpha'); @@ -312,7 +314,7 @@ if (empty($reshook)) } // payments conditions - if ($action == 'setconditions' && $user->rights->fournisseur->facture->creer) + if ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); } @@ -324,35 +326,34 @@ if (empty($reshook)) } // payment mode - elseif ($action == 'setmode' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx', 'alpha'))); } // bank account - elseif ($action == 'setbankaccount' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setbankaccount' && $usercancreate) { $result = $object->setBankAccount(GETPOST('fk_account', 'int')); } // Set label - elseif ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'setlabel' && $usercancreate) { $object->fetch($id); $object->label = GETPOST('label'); $result = $object->update($user); if ($result < 0) dol_print_error($db); - } elseif ($action == 'setdatef' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'setdatef' && $usercancreate) { $newdate = dol_mktime(0, 0, 0, $_POST['datefmonth'], $_POST['datefday'], $_POST['datefyear']); if ($newdate > (dol_now() + (empty($conf->global->INVOICE_MAX_OFFSET_IN_FUTURE) ? 0 : $conf->global->INVOICE_MAX_OFFSET_IN_FUTURE))) { @@ -375,8 +376,7 @@ if (empty($reshook)) $result = $object->update($user); if ($result < 0) dol_print_error($db, $object->error); - } elseif ($action == 'setdate_lim_reglement' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'setdate_lim_reglement' && $usercancreate) { $object->fetch($id); $object->date_echeance = dol_mktime(12, 0, 0, $_POST['date_lim_reglementmonth'], $_POST['date_lim_reglementday'], $_POST['date_lim_reglementyear']); if (!empty($object->date_echeance) && $object->date_echeance < $object->date) @@ -591,7 +591,7 @@ if (empty($reshook)) // Delete payment - elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $object->paye == 0) @@ -1033,7 +1033,7 @@ if (empty($reshook)) } // Edit line - elseif ($action == 'updateline' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'updateline' && $usercancreate) { $db->begin(); @@ -1122,8 +1122,7 @@ if (empty($reshook)) $db->rollback(); setEventMessages($object->error, $object->errors, 'errors'); } - } elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'addline' && $usercancreate) { $db->begin(); $ret = $object->fetch($id); @@ -1411,15 +1410,14 @@ if (empty($reshook)) } $action = ''; - } elseif ($action == 'classin' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'classin' && $usercancreate) { $object->fetch($id); $result = $object->setProject($projectid); } // Set invoice to draft status - elseif ($action == 'confirm_edit' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_edit' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); @@ -1484,7 +1482,7 @@ if (empty($reshook)) } // Set invoice to validated/unpaid status - elseif ($action == 'reopen' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'reopen' && $usercancreate) { $result = $object->fetch($id); if ($object->statut == FactureFournisseur::STATUS_CLOSED @@ -1513,7 +1511,7 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->fournisseur->facture->dir_output; - $permissiontoadd = $user->rights->fournisseur->facture->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Make calculation according to calculationrule @@ -1555,7 +1553,7 @@ if (empty($reshook)) $action = 'edit_extras'; } - if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->facture->creer) + if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate) { if ($action == 'addcontact') { @@ -2372,8 +2370,8 @@ if ($action == 'create') $morehtmlref = '
'; // Ref supplier - $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', null, null, '', 1); + $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref .= ' ('.$langs->trans("OtherBills").')'; @@ -2382,7 +2380,7 @@ if ($action == 'create') { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->fournisseur->facture->creer) + if ($usercancreate) { if ($action != 'classify') { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; @@ -2482,11 +2480,11 @@ if ($action == 'create') // Label print ''; - print ''.$form->editfieldkey("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).''; - print ''.$form->editfieldval("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).''; + print ''.$form->editfieldkey("Label", 'label', $object->label, $object, ($usercancreate)).''; + print ''.$form->editfieldval("Label", 'label', $object->label, $object, ($usercancreate)).''; print ''; - $form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $user->rights->fournisseur->facture->creer && ($object->getSommePaiement() <= 0); + $form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $usercancreate && ($object->getSommePaiement() <= 0); // Date print ''.$form->editfieldkey("DateInvoice", 'datef', $object->datep, $object, $form_permission, 'datepicker').''; @@ -2507,7 +2505,7 @@ if ($action == 'create') print ''; } print '
'; print $langs->trans('PaymentConditions'); print ''; - if ($action != 'editconditions' && $user->rights->fournisseur->facture->creer) { + if ($action != 'editconditions' && $usercancreate) { print 'id.'">'.img_edit($langs->trans('SetConditions'), 1).'
'; @@ -2527,7 +2525,7 @@ if ($action == 'create') print ''; - if ($action != 'editmode' && $user->rights->fournisseur->facture->creer) { + if ($action != 'editmode' && $usercancreate) { print ''; } print '
'; print $langs->trans('PaymentMode'); print 'id.'">'.img_edit($langs->trans('SetMode'), 1).'
'; @@ -2594,7 +2592,7 @@ if ($action == 'create') print ''; print '
'; print $langs->trans('BankAccount'); print ''; - if ($action != 'editbankaccount' && $user->rights->fournisseur->facture->creer) + if ($action != 'editbankaccount' && $usercancreate) print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -2613,7 +2611,7 @@ if ($action == 'create') print '
'; print $langs->trans('IncotermLabel'); print ''; - if ($user->rights->fournisseur->facture->creer) print ''.img_edit().''; + if ($usercancreate) print ''.img_edit().''; else print ' '; print '
'; print ''; @@ -2996,7 +2994,7 @@ if ($action == 'create') $num = count($object->lines); // Form to add new line - if ($object->statut == FactureFournisseur::STATUS_DRAFT && $user->rights->fournisseur->facture->creer) + if ($object->statut == FactureFournisseur::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -3029,7 +3027,7 @@ if ($action == 'create') if (empty($reshook)) { // Modify a validated invoice with no payments - if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $user->rights->fournisseur->facture->creer) + if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $usercancreate) { // We check if lines of invoice are not already transfered into accountancy $ventilExportCompta = $object->getVentilExportCompta(); // Should be 0 since the sum of payments are zero. But we keep the protection. @@ -3050,11 +3048,11 @@ if ($action == 'create') || ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && empty($discount->id))) && ($object->statut == FactureFournisseur::STATUS_CLOSED || $object->statut == FactureFournisseur::STATUS_ABANDONED)) // A paid invoice (partially or completely) { - if (!$facidnext && $object->close_code != 'replaced' && $user->rights->fournisseur->facture->creer) // Not replaced by another invoice + if (!$facidnext && $object->close_code != 'replaced' && $usercancreate) // Not replaced by another invoice { print '
'.$langs->trans('ReOpen').'
'; } else { - if ($user->rights->fournisseur->facture->creer) { + if ($usercancreate) { print '
'.$langs->trans('ReOpen').'
'; } elseif (empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED)) { print '
'.$langs->trans('ReOpen').'
'; @@ -3066,7 +3064,7 @@ if ($action == 'create') if (empty($user->socid)) { if (($object->statut == FactureFournisseur::STATUS_VALIDATED || $object->statut == FactureFournisseur::STATUS_CLOSED)) { - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send) + if ($usercansend) { print '
'.$langs->trans('SendMail').'
'; } else print '
'.$langs->trans('SendMail').'
'; @@ -3102,18 +3100,18 @@ if ($action == 'create') } // For standard invoice with excess paid - if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $user->rights->fournisseur->facture->creer && empty($discount->id)) + if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $usercancreate && empty($discount->id)) { print '
'.$langs->trans('ConvertExcessPaidToReduc').'
'; } // For credit note - if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $user->rights->fournisseur->facture->creer + if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $usercancreate && (!empty($conf->global->SUPPLIER_INVOICE_ALLOW_REUSE_OF_CREDIT_WHEN_PARTIALLY_REFUNDED) || $object->getSommePaiement() == 0) ) { print '
'.$langs->trans('ConvertToReduc').'
'; } // For deposit invoice - if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $user->rights->fournisseur->facture->creer && empty($discount->id)) + if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $usercancreate && empty($discount->id)) { print '
'.$langs->trans('ConvertToReduc').'
'; } @@ -3124,8 +3122,7 @@ if ($action == 'create') { if (count($object->lines)) { - if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))) + if ($usercanvalidate) { print '
'.$langs->trans('Validate').'
'; @@ -3143,13 +3140,13 @@ if ($action == 'create') }*/ // Clone - if ($action != 'edit' && $user->rights->fournisseur->facture->creer) + if ($action != 'edit' && $usercancreate) { print '
socid.'">'.$langs->trans('ToClone').'
'; } // Create a credit note - if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $user->rights->fournisseur->facture->creer) + if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $usercancreate) { if (!$objectidnext) { @@ -3159,7 +3156,7 @@ if ($action == 'create') // Delete $isErasable = $object->is_erasable(); - if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($user->rights->fournisseur->facture->creer && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions) + if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($usercancreate && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions) { //var_dump($isErasable); if ($isErasable == -4) { @@ -3190,8 +3187,8 @@ if ($action == 'create') $subdir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref; $filedir = $conf->fournisseur->facture->dir_output.'/'.$subdir; $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; - $genallowed = $user->rights->fournisseur->facture->lire; - $delallowed = $user->rights->fournisseur->facture->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; $modelpdf = (!empty($object->modelpdf) ? $object->modelpdf : (empty($conf->global->INVOICE_SUPPLIER_ADDON_PDF) ? '' : $conf->global->INVOICE_SUPPLIER_ADDON_PDF)); print $formfile->showdocuments('facture_fournisseur', $subdir, $filedir, $urlsource, $genallowed, $delallowed, $modelpdf, 1, 0, 0, 40, 0, '', '', '', $societe->default_lang); diff --git a/htdocs/supplier_proposal/card.php b/htdocs/supplier_proposal/card.php index dc696dcea90..9e776f94371 100644 --- a/htdocs/supplier_proposal/card.php +++ b/htdocs/supplier_proposal/card.php @@ -96,9 +96,23 @@ if ($id > 0 || !empty($ref)) { dol_print_error('', $object->error); } -$permissionnote = $user->rights->supplier_proposal->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->supplier_proposal->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->supplier_proposal->creer; // Used by the include of actions_lineupdown.inc.php +// Common permissions +$usercanread = $user->rights->supplier_proposal->lire; +$usercancreate = $user->rights->supplier_proposal->creer; +$usercandelete = $user->rights->supplier_proposal->supprimer; + +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))); +$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->supplier_proposal->send_advance); + +// Additional area permissions +$usercanclose = $user->rights->supplier_proposal->cloturer; +$usercancreateorder = $user->rights->fournisseur->commande->creer; + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php /* @@ -148,7 +162,7 @@ if (empty($reshook)) } // Delete askprice - elseif ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->supplier_proposal->supprimer) + elseif ($action == 'confirm_delete' && $confirm == 'yes' && $usercandelete) { $result = $object->delete($user); if ($result > 0) { @@ -161,7 +175,7 @@ if (empty($reshook)) } // Remove line - elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->supplier_proposal->creer) + elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); // reorder lines @@ -185,10 +199,7 @@ if (empty($reshook)) } // Validation - elseif ($action == 'confirm_validate' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))) - ) + elseif ($action == 'confirm_validate' && $confirm == 'yes' && $usercanvalidate) { $result = $object->valid($user); if ($result >= 0) @@ -217,15 +228,14 @@ if (empty($reshook)) if (count($object->errors) > 0) setEventMessages($object->error, $object->errors, 'errors'); else setEventMessages($langs->trans($object->error), null, 'errors'); } - } elseif ($action == 'setdate_livraison' && $user->rights->supplier_proposal->creer) - { + } elseif ($action == 'setdate_livraison' && $usercancreate) { $result = $object->set_date_livraison($user, dol_mktime(12, 0, 0, $_POST['liv_month'], $_POST['liv_day'], $_POST['liv_year'])); if ($result < 0) dol_print_error($db, $object->error); } // Create supplier proposal - elseif ($action == 'add' && $user->rights->supplier_proposal->creer) + elseif ($action == 'add' && $usercancreate) { $object->socid = $socid; $object->fetch_thirdparty(); @@ -449,7 +459,7 @@ if (empty($reshook)) } // Reopen proposal - elseif ($action == 'confirm_reopen' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'confirm_reopen' && $usercanclose && !GETPOST('cancel', 'alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) { $object->reopen($user, SupplierProposal::STATUS_VALIDATED); @@ -457,7 +467,7 @@ if (empty($reshook)) } // Close proposal - elseif ($action == 'close' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'close' && $usercanclose && !GETPOST('cancel', 'alpha')) { // prevent browser refresh from reopening proposal several times if ($object->statut == SupplierProposal::STATUS_SIGNED) { $object->setStatut(SupplierProposal::STATUS_CLOSE); @@ -465,7 +475,7 @@ if (empty($reshook)) } // Set accepted/refused - elseif ($action == 'setstatut' && $user->rights->supplier_proposal->cloturer && !GETPOST('cancel', 'alpha')) { + elseif ($action == 'setstatut' && $usercanclose && !GETPOST('cancel', 'alpha')) { if (!GETPOST('statut')) { setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentities("CloseAs")), null, 'errors'); $action = 'statut'; @@ -488,12 +498,12 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->supplier_proposal->dir_output; - $permissiontoadd = $user->rights->supplier_proposal->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Go back to draft - if ($action == 'modif' && $user->rights->supplier_proposal->creer) + if ($action == 'modif' && $usercancreate) { $object->setDraft($user); @@ -509,7 +519,7 @@ if (empty($reshook)) $ret = $object->fetch($id); // Reload to get new records $object->generateDocument($object->modelpdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } - } elseif ($action == "setabsolutediscount" && $user->rights->supplier_proposal->creer) { + } elseif ($action == "setabsolutediscount" && $usercancreate) { if ($_POST["remise_id"]) { if ($object->id > 0) { $result = $object->insert_discount($_POST["remise_id"]); @@ -521,7 +531,7 @@ if (empty($reshook)) } // Add a product line - if ($action == 'addline' && $user->rights->supplier_proposal->creer) + if ($action == 'addline' && $usercancreate) { $langs->load('errors'); $error = 0; @@ -822,7 +832,7 @@ if (empty($reshook)) } // Mise a jour d'une ligne dans la demande de prix - elseif ($action == 'updateline' && $user->rights->supplier_proposal->creer && GETPOST('save') == $langs->trans("Save")) { + elseif ($action == 'updateline' && $usercancreate && GETPOST('save') == $langs->trans("Save")) { $vat_rate = (GETPOST('tva_tx') ?GETPOST('tva_tx') : 0); // Define info_bits @@ -988,42 +998,42 @@ if (empty($reshook)) setEventMessages($object->error, $object->errors, 'errors'); } } - } elseif ($action == 'updateline' && $user->rights->supplier_proposal->creer && GETPOST('cancel', 'alpha') == $langs->trans('Cancel')) { + } elseif ($action == 'updateline' && $usercancreate && GETPOST('cancel', 'alpha') == $langs->trans('Cancel')) { header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition exit(); } // Set project - elseif ($action == 'classin' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'classin' && $usercancreate) { $object->setProject(GETPOST('projectid'), 'int'); } // Delivery delay - elseif ($action == 'setavailability' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setavailability' && $usercancreate) { $result = $object->availability($_POST['availability_id']); } // Terms of payments - elseif ($action == 'setconditions' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); - } elseif ($action == 'setremisepercent' && $user->rights->supplier_proposal->creer) { - $result = $object->set_remise_percent($user, $_POST['remise_percent']); - } elseif ($action == 'setremiseabsolue' && $user->rights->supplier_proposal->creer) { - $result = $object->set_remise_absolue($user, $_POST['remise_absolue']); + } elseif ($action == 'setremisepercent' && $usercancreate) { + $result = $object->set_remise_percent($user, GETPOST('remise_percent', 'alpha')); + } elseif ($action == 'setremiseabsolue' && $usercancreate) { + $result = $object->set_remise_absolue($user, GETPOST('remise_absolue', 'alpha')); } // Payment mode - elseif ($action == 'setmode' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->supplier_proposal->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx'))); } elseif ($action == 'update_extras') { $object->oldcopy = dol_clone($object); @@ -1447,8 +1457,8 @@ if ($action == 'create') $morehtmlref = '
'; // Ref supplier - //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', 0, 1); - //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->commande->creer, 'string', '', null, null, '', 1); + //$morehtmlref.=$form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', 0, 1); + //$morehtmlref.=$form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreateorder, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= $langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref .= ' ('.$langs->trans("OtherProposals").')'; @@ -1457,7 +1467,7 @@ if ($action == 'create') { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->supplier_proposal->creer) + if ($usercancreate) { if ($action != 'classify') { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; @@ -1647,7 +1657,7 @@ if ($action == 'create') print ''; - if ($action != 'editbankaccount' && $user->rights->supplier_proposal->creer) + if ($action != 'editbankaccount' && $usercancreate) print ''; print '
'; print $langs->trans('BankAccount'); print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -1776,7 +1786,7 @@ if ($action == 'create') $ret = $object->printObjectLines($action, $soc, $mysoc, $lineid, $dateSelector); // Form to add new line - if ($object->statut == SupplierProposal::STATUS_DRAFT && $user->rights->supplier_proposal->creer) + if ($object->statut == SupplierProposal::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -1837,22 +1847,20 @@ if ($action == 'create') if ($action != 'statut' && $action != 'editline') { // Validate - if ($object->statut == SupplierProposal::STATUS_DRAFT && $object->total_ttc >= 0 && count($object->lines) > 0 && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->supplier_proposal->validate_advance))) - ) { + if ($object->statut == SupplierProposal::STATUS_DRAFT && $object->total_ttc >= 0 && count($object->lines) > 0 && $usercanvalidate) + { if (count($object->lines) > 0) print '
'.$langs->trans('Validate').'
'; // else print ''.$langs->trans('Validate').''; } // Edit - if ($object->statut == SupplierProposal::STATUS_VALIDATED && $user->rights->supplier_proposal->creer) { + if ($object->statut == SupplierProposal::STATUS_VALIDATED && $usercancreate) { print '
'.$langs->trans('Modify').'
'; } // ReOpen - if (($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) && $user->rights->supplier_proposal->cloturer) { + if (($object->statut == SupplierProposal::STATUS_SIGNED || $object->statut == SupplierProposal::STATUS_NOTSIGNED || $object->statut == SupplierProposal::STATUS_CLOSE) && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#reopen').'"'; print '>'.$langs->trans('ReOpen').'
'; } @@ -1860,7 +1868,7 @@ if ($action == 'create') // Send if (empty($user->socid)) { if ($object->statut == SupplierProposal::STATUS_VALIDATED || $object->statut == SupplierProposal::STATUS_SIGNED) { - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->supplier_proposal->send_advance) { + if ($usercansend) { print '
'.$langs->trans('SendMail').'
'; } else print '
'.$langs->trans('SendMail').'
'; } @@ -1868,30 +1876,30 @@ if ($action == 'create') // Create an order if (!empty($conf->fournisseur->enabled) && $object->statut == SupplierProposal::STATUS_SIGNED) { - if ($user->rights->fournisseur->commande->creer) { + if ($usercancreateorder) { print '
'.$langs->trans("AddOrder").'
'; } } // Set accepted/refused - if ($object->statut == SupplierProposal::STATUS_VALIDATED && $user->rights->supplier_proposal->cloturer) { + if ($object->statut == SupplierProposal::STATUS_VALIDATED && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#acceptedrefused').'"'; print '>'.$langs->trans('SetAcceptedRefused').'
'; } // Close - if ($object->statut == SupplierProposal::STATUS_SIGNED && $user->rights->supplier_proposal->cloturer) { + if ($object->statut == SupplierProposal::STATUS_SIGNED && $usercanclose) { print '
global->MAIN_JUMP_TAG) ? '' : '#close').'"'; print '>'.$langs->trans('Close').'
'; } // Clone - if ($user->rights->supplier_proposal->creer) { + if ($usercancreate) { print '
'.$langs->trans("ToClone").'
'; } // Delete - if (($object->statut == SupplierProposal::STATUS_DRAFT && $user->rights->supplier_proposal->creer) || $user->rights->supplier_proposal->supprimer) { + if (($object->statut == SupplierProposal::STATUS_DRAFT && $usercancreate) || $usercandelete) { print '
'.$langs->trans('Delete').'
'; } @@ -1911,8 +1919,8 @@ if ($action == 'create') $filename = dol_sanitizeFileName($object->ref); $filedir = $conf->supplier_proposal->dir_output."/".dol_sanitizeFileName($object->ref); $urlsource = $_SERVER["PHP_SELF"]."?id=".$object->id; - $genallowed = $user->rights->supplier_proposal->lire; - $delallowed = $user->rights->supplier_proposal->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; print $formfile->showdocuments('supplier_proposal', $filename, $filedir, $urlsource, $genallowed, $delallowed, $object->modelpdf, 1, 0, 0, 28, 0, '', 0, '', $soc->default_lang);