lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13676 from TobiasSekan/CleanupUserRightsForunFactureCard

Browse Source 
Cleanup user rights on forun facture card
This commit is contained in:
Laurent Destailleur 2020-05-28 21:11:58 +02:00 committed by GitHub
commit c7eb71e19e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 59 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
htdocs/fourn/facture/card.php
View File

@ -99,12 +99,20 @@ if (!empty($user->socid)) $socid = $user->socid;
$isdraft = (($object->statut == FactureFournisseur::STATUS_DRAFT) ? 1 : 0);
$result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture', 'fk_soc', 'rowid', $isdraft);
$usercancreate = $user->rights->fournisseur->facture->creer;
// Common permissions
$usercanread = $user->rights->fournisseur->facture->lire;
$usercancreate = $user->rights->fournisseur->facture->creer;
$usercandelete = $user->rights->fournisseur->facture->supprimer;
$permissionnote = $user->rights->fournisseur->facture->creer; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->fournisseur->facture->creer; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $user->rights->fournisseur->facture->creer; // Used by the include of actions_lineupdown.inc.php
$permissiontoadd = $user->rights->fournisseur->facture->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
// Advanced permissions
$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate)));
$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send);
// Permissions for includes
$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php
$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php
$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
/*
@ -159,11 +167,7 @@ if (empty($reshook))
setEventMessages($objectutil->error, $objectutil->errors, 'errors');
$action = '';
}
} elseif ($action == 'confirm_valid' && $confirm == 'yes' &&
((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate)))
)
{
} elseif ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate) {
$idwarehouse = GETPOST('idwarehouse');
$object->fetch($id);
@ -222,8 +226,7 @@ if (empty($reshook))
$isErasable = $object->is_erasable();
if (($user->rights->fournisseur->facture->supprimer && $isErasable > 0)
|| ($user->rights->fournisseur->facture->creer && $isErasable == 1))
if (($usercandelete && $isErasable > 0) || ($usercancreate && $isErasable == 1))
{
$result = $object->delete($user);
if ($result > 0)
@ -237,7 +240,7 @@ if (empty($reshook))
}
// Remove a product line
elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate)
{
$result = $object->deleteline($lineid);
if ($result > 0)
@ -268,13 +271,12 @@ if (empty($reshook))
}
// Delete link of credit note to invoice
elseif ($action == 'unlinkdiscount' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'unlinkdiscount' && $usercancreate)
{
$discount = new DiscountAbsolute($db);
$result = $discount->fetch(GETPOST("discountid"));
$discount->unlink_invoice();
} elseif ($action == 'confirm_paid' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer)
{
} elseif ($action == 'confirm_paid' && $confirm == 'yes' && $usercancreate) {
$object->fetch($id);
$result = $object->set_paid($user);
if ($result < 0)
@ -284,7 +286,7 @@ if (empty($reshook))
}
// Set supplier ref
if ($action == 'setref_supplier' && $user->rights->fournisseur->facture->creer)
if ($action == 'setref_supplier' && $usercancreate)
{
$object->ref_supplier = GETPOST('ref_supplier', 'alpha');
@ -312,7 +314,7 @@ if (empty($reshook))
}
// payments conditions
if ($action == 'setconditions' && $user->rights->fournisseur->facture->creer)
if ($action == 'setconditions' && $usercancreate)
{
$result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int'));
}
@ -324,35 +326,34 @@ if (empty($reshook))
}
// payment mode
elseif ($action == 'setmode' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'setmode' && $usercancreate)
{
$result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int'));
}
// Multicurrency Code
elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->facture->creer) {
elseif ($action == 'setmulticurrencycode' && $usercancreate) {
$result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha'));
}
// Multicurrency rate
elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->facture->creer) {
elseif ($action == 'setmulticurrencyrate' && $usercancreate) {
$result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx', 'alpha')));
}
// bank account
elseif ($action == 'setbankaccount' && $user->rights->fournisseur->facture->creer) {
elseif ($action == 'setbankaccount' && $usercancreate) {
$result = $object->setBankAccount(GETPOST('fk_account', 'int'));
}
// Set label
elseif ($action == 'setlabel' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'setlabel' && $usercancreate)
{
$object->fetch($id);
$object->label = GETPOST('label');
$result = $object->update($user);
if ($result < 0) dol_print_error($db);
} elseif ($action == 'setdatef' && $user->rights->fournisseur->facture->creer)
{
} elseif ($action == 'setdatef' && $usercancreate) {
$newdate = dol_mktime(0, 0, 0, $_POST['datefmonth'], $_POST['datefday'], $_POST['datefyear']);
if ($newdate > (dol_now() + (empty($conf->global->INVOICE_MAX_OFFSET_IN_FUTURE) ? 0 : $conf->global->INVOICE_MAX_OFFSET_IN_FUTURE)))
{
@ -375,8 +376,7 @@ if (empty($reshook))
$result = $object->update($user);
if ($result < 0) dol_print_error($db, $object->error);
} elseif ($action == 'setdate_lim_reglement' && $user->rights->fournisseur->facture->creer)
{
} elseif ($action == 'setdate_lim_reglement' && $usercancreate) {
$object->fetch($id);
$object->date_echeance = dol_mktime(12, 0, 0, $_POST['date_lim_reglementmonth'], $_POST['date_lim_reglementday'], $_POST['date_lim_reglementyear']);
if (!empty($object->date_echeance) && $object->date_echeance < $object->date)
@ -591,7 +591,7 @@ if (empty($reshook))
// Delete payment
elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $usercancreate)
{
$object->fetch($id);
if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $object->paye == 0)
@ -1033,7 +1033,7 @@ if (empty($reshook))
}
// Edit line
elseif ($action == 'updateline' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'updateline' && $usercancreate)
{
$db->begin();
@ -1122,8 +1122,7 @@ if (empty($reshook))
$db->rollback();
setEventMessages($object->error, $object->errors, 'errors');
}
} elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer)
{
} elseif ($action == 'addline' && $usercancreate) {
$db->begin();
$ret = $object->fetch($id);
@ -1411,15 +1410,14 @@ if (empty($reshook))
}
$action = '';
} elseif ($action == 'classin' && $user->rights->fournisseur->facture->creer)
{
} elseif ($action == 'classin' && $usercancreate) {
$object->fetch($id);
$result = $object->setProject($projectid);
}
// Set invoice to draft status
elseif ($action == 'confirm_edit' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'confirm_edit' && $confirm == 'yes' && $usercancreate)
{
$object->fetch($id);
@ -1484,7 +1482,7 @@ if (empty($reshook))
}
// Set invoice to validated/unpaid status
elseif ($action == 'reopen' && $user->rights->fournisseur->facture->creer)
elseif ($action == 'reopen' && $usercancreate)
{
$result = $object->fetch($id);
if ($object->statut == FactureFournisseur::STATUS_CLOSED
@ -1513,7 +1511,7 @@ if (empty($reshook))
// Actions to build doc
$upload_dir = $conf->fournisseur->facture->dir_output;
$permissiontoadd = $user->rights->fournisseur->facture->creer;
$permissiontoadd = $usercancreate;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
// Make calculation according to calculationrule
@ -1555,7 +1553,7 @@ if (empty($reshook))
$action = 'edit_extras';
}
if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->facture->creer)
if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate)
{
if ($action == 'addcontact')
{
@ -2372,8 +2370,8 @@ if ($action == 'create')
$morehtmlref = '<div class="refidno">';
// Ref supplier
$morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', null, null, '', 1);
$morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1);
$morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1);
// Thirdparty
$morehtmlref .= '<br>'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1);
if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref .= ' (<a href="'.DOL_URL_ROOT.'/fourn/facture/list.php?socid='.$object->thirdparty->id.'&search_company='.urlencode($object->thirdparty->name).'">'.$langs->trans("OtherBills").'</a>)';
@ -2382,7 +2380,7 @@ if ($action == 'create')
{
$langs->load("projects");
$morehtmlref .= '<br>'.$langs->trans('Project').' ';
if ($user->rights->fournisseur->facture->creer)
if ($usercancreate)
{
if ($action != 'classify') {
$morehtmlref .= '<a class="editfielda" href="'.$_SERVER['PHP_SELF'].'?action=classify&amp;id='.$object->id.'">'.img_edit($langs->transnoentitiesnoconv('SetProject')).'</a> : ';
@ -2482,11 +2480,11 @@ if ($action == 'create')
// Label
print '<tr>';
print '<td>'.$form->editfieldkey("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).'</td>';
print '<td>'.$form->editfieldval("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).'</td>';
print '<td>'.$form->editfieldkey("Label", 'label', $object->label, $object, ($usercancreate)).'</td>';
print '<td>'.$form->editfieldval("Label", 'label', $object->label, $object, ($usercancreate)).'</td>';
print '</tr>';
$form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $user->rights->fournisseur->facture->creer && ($object->getSommePaiement() <= 0);
$form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $usercancreate && ($object->getSommePaiement() <= 0);
// Date
print '<tr><td>'.$form->editfieldkey("DateInvoice", 'datef', $object->datep, $object, $form_permission, 'datepicker').'</td><td colspan="3">';
@ -2507,7 +2505,7 @@ if ($action == 'create')
print '<table width="100%" class="nobordernopadding"><tr><td class="nowrap">';
print $langs->trans('PaymentConditions');
print '<td>';
if ($action != 'editconditions' && $user->rights->fournisseur->facture->creer) {
if ($action != 'editconditions' && $usercancreate) {
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editconditions&amp;id='.$object->id.'">'.img_edit($langs->trans('SetConditions'), 1).'</a></td>';
}
print '</tr></table>';
@ -2527,7 +2525,7 @@ if ($action == 'create')
print '<table width="100%" class="nobordernopadding"><tr><td class="nowrap">';
print $langs->trans('PaymentMode');
print '</td>';
if ($action != 'editmode' && $user->rights->fournisseur->facture->creer) {
if ($action != 'editmode' && $usercancreate) {
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editmode&amp;id='.$object->id.'">'.img_edit($langs->trans('SetMode'), 1).'</a></td>';
}
print '</tr></table>';
@ -2594,7 +2592,7 @@ if ($action == 'create')
print '<table width="100%" class="nobordernopadding"><tr><td class="nowrap">';
print $langs->trans('BankAccount');
print '<td>';
if ($action != 'editbankaccount' && $user->rights->fournisseur->facture->creer)
if ($action != 'editbankaccount' && $usercancreate)
print '<td class="right"><a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?action=editbankaccount&amp;id='.$object->id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'</a></td>';
print '</tr></table>';
print '</td><td colspan="3">';
@ -2613,7 +2611,7 @@ if ($action == 'create')
print '<table width="100%" class="nobordernopadding"><tr><td>';
print $langs->trans('IncotermLabel');
print '<td><td class="right">';
if ($user->rights->fournisseur->facture->creer) print '<a class="editfielda" href="'.DOL_URL_ROOT.'/fourn/facture/card.php?facid='.$object->id.'&action=editincoterm">'.img_edit().'</a>';
if ($usercancreate) print '<a class="editfielda" href="'.DOL_URL_ROOT.'/fourn/facture/card.php?facid='.$object->id.'&action=editincoterm">'.img_edit().'</a>';
else print '&nbsp;';
print '</td></tr></table>';
print '</td>';
@ -2996,7 +2994,7 @@ if ($action == 'create')
$num = count($object->lines);
// Form to add new line
if ($object->statut == FactureFournisseur::STATUS_DRAFT && $user->rights->fournisseur->facture->creer)
if ($object->statut == FactureFournisseur::STATUS_DRAFT && $usercancreate)
{
if ($action != 'editline')
{
@ -3029,7 +3027,7 @@ if ($action == 'create')
if (empty($reshook))
{
// Modify a validated invoice with no payments
if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $user->rights->fournisseur->facture->creer)
if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $usercancreate)
{
// We check if lines of invoice are not already transfered into accountancy
$ventilExportCompta = $object->getVentilExportCompta(); // Should be 0 since the sum of payments are zero. But we keep the protection.
@ -3050,11 +3048,11 @@ if ($action == 'create')
|| ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && empty($discount->id)))
&& ($object->statut == FactureFournisseur::STATUS_CLOSED || $object->statut == FactureFournisseur::STATUS_ABANDONED)) // A paid invoice (partially or completely)
{
if (!$facidnext && $object->close_code != 'replaced' && $user->rights->fournisseur->facture->creer) // Not replaced by another invoice
if (!$facidnext && $object->close_code != 'replaced' && $usercancreate) // Not replaced by another invoice
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=reopen">'.$langs->trans('ReOpen').'</a></div>';
} else {
if ($user->rights->fournisseur->facture->creer) {
if ($usercancreate) {
print '<div class="inline-block divButAction"><span class="butActionRefused classfortooltip" title="'.$langs->trans("DisabledBecauseReplacedInvoice").'">'.$langs->trans('ReOpen').'</span></div>';
} elseif (empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED)) {
print '<div class="inline-block divButAction"><span class="butActionRefused classfortooltip">'.$langs->trans('ReOpen').'</span></div>';
@ -3066,7 +3064,7 @@ if ($action == 'create')
if (empty($user->socid)) {
if (($object->statut == FactureFournisseur::STATUS_VALIDATED || $object->statut == FactureFournisseur::STATUS_CLOSED))
{
if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send)
if ($usercansend)
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=presend&mode=init#formmailbeforetitle">'.$langs->trans('SendMail').'</a></div>';
} else print '<div class="inline-block divButAction"><span class="butActionRefused classfortooltip">'.$langs->trans('SendMail').'</a></div>';
@ -3102,18 +3100,18 @@ if ($action == 'create')
}
// For standard invoice with excess paid
if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $user->rights->fournisseur->facture->creer && empty($discount->id))
if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $usercancreate && empty($discount->id))
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&amp;action=converttoreduc">'.$langs->trans('ConvertExcessPaidToReduc').'</a></div>';
}
// For credit note
if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $user->rights->fournisseur->facture->creer
if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $usercancreate
&& (!empty($conf->global->SUPPLIER_INVOICE_ALLOW_REUSE_OF_CREDIT_WHEN_PARTIALLY_REFUNDED) || $object->getSommePaiement() == 0)
) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&amp;action=converttoreduc" title="'.dol_escape_htmltag($langs->trans("ConfirmConvertToReducSupplier2")).'">'.$langs->trans('ConvertToReduc').'</a></div>';
}
// For deposit invoice
if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $user->rights->fournisseur->facture->creer && empty($discount->id))
if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $usercancreate && empty($discount->id))
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?facid='.$object->id.'&amp;action=converttoreduc">'.$langs->trans('ConvertToReduc').'</a></div>';
}
@ -3124,8 +3122,7 @@ if ($action == 'create')
{
if (count($object->lines))
{
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate)))
if ($usercanvalidate)
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=valid"';
print '>'.$langs->trans('Validate').'</a></div>';
@ -3143,13 +3140,13 @@ if ($action == 'create')
}*/
// Clone
if ($action != 'edit' && $user->rights->fournisseur->facture->creer)
if ($action != 'edit' && $usercancreate)
{
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$object->id.'&amp;action=clone&amp;socid='.$object->socid.'">'.$langs->trans('ToClone').'</a></div>';
}
// Create a credit note
if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $user->rights->fournisseur->facture->creer)
if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $usercancreate)
{
if (!$objectidnext)
{
@ -3159,7 +3156,7 @@ if ($action == 'create')
// Delete
$isErasable = $object->is_erasable();
if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($user->rights->fournisseur->facture->creer && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions)
if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($usercancreate && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions)
{
//var_dump($isErasable);
if ($isErasable == -4) {
@ -3190,8 +3187,8 @@ if ($action == 'create')
$subdir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref;
$filedir = $conf->fournisseur->facture->dir_output.'/'.$subdir;
$urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id;
$genallowed = $user->rights->fournisseur->facture->lire;
$delallowed = $user->rights->fournisseur->facture->creer;
$genallowed = $usercanread;
$delallowed = $usercancreate;
$modelpdf = (!empty($object->modelpdf) ? $object->modelpdf : (empty($conf->global->INVOICE_SUPPLIER_ADDON_PDF) ? '' : $conf->global->INVOICE_SUPPLIER_ADDON_PDF));
print $formfile->showdocuments('facture_fournisseur', $subdir, $filedir, $urlsource, $genallowed, $delallowed, $modelpdf, 1, 0, 0, 40, 0, '', '', '', $societe->default_lang);