diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 0cde9145a51..1e0e64fb695 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -99,12 +99,20 @@ if (!empty($user->socid)) $socid = $user->socid; $isdraft = (($object->statut == FactureFournisseur::STATUS_DRAFT) ? 1 : 0); $result = restrictedArea($user, 'fournisseur', $id, 'facture_fourn', 'facture', 'fk_soc', 'rowid', $isdraft); -$usercancreate = $user->rights->fournisseur->facture->creer; +// Common permissions +$usercanread = $user->rights->fournisseur->facture->lire; +$usercancreate = $user->rights->fournisseur->facture->creer; +$usercandelete = $user->rights->fournisseur->facture->supprimer; -$permissionnote = $user->rights->fournisseur->facture->creer; // Used by the include of actions_setnotes.inc.php -$permissiondellink = $user->rights->fournisseur->facture->creer; // Used by the include of actions_dellink.inc.php -$permissiontoedit = $user->rights->fournisseur->facture->creer; // Used by the include of actions_lineupdown.inc.php -$permissiontoadd = $user->rights->fournisseur->facture->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php +// Advanced permissions +$usercanvalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($usercancreate)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))); +$usercansend = (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send); + +// Permissions for includes +$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php +$permissiondellink = $usercancreate; // Used by the include of actions_dellink.inc.php +$permissiontoedit = $usercancreate; // Used by the include of actions_lineupdown.inc.php +$permissiontoadd = $usercancreate; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php /* @@ -159,11 +167,7 @@ if (empty($reshook)) setEventMessages($objectutil->error, $objectutil->errors, 'errors'); $action = ''; } - } elseif ($action == 'confirm_valid' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))) - ) - { + } elseif ($action == 'confirm_valid' && $confirm == 'yes' && $usercanvalidate) { $idwarehouse = GETPOST('idwarehouse'); $object->fetch($id); @@ -222,8 +226,7 @@ if (empty($reshook)) $isErasable = $object->is_erasable(); - if (($user->rights->fournisseur->facture->supprimer && $isErasable > 0) - || ($user->rights->fournisseur->facture->creer && $isErasable == 1)) + if (($usercandelete && $isErasable > 0) || ($usercancreate && $isErasable == 1)) { $result = $object->delete($user); if ($result > 0) @@ -237,7 +240,7 @@ if (empty($reshook)) } // Remove a product line - elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_deleteline' && $confirm == 'yes' && $usercancreate) { $result = $object->deleteline($lineid); if ($result > 0) @@ -268,13 +271,12 @@ if (empty($reshook)) } // Delete link of credit note to invoice - elseif ($action == 'unlinkdiscount' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'unlinkdiscount' && $usercancreate) { $discount = new DiscountAbsolute($db); $result = $discount->fetch(GETPOST("discountid")); $discount->unlink_invoice(); - } elseif ($action == 'confirm_paid' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'confirm_paid' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); $result = $object->set_paid($user); if ($result < 0) @@ -284,7 +286,7 @@ if (empty($reshook)) } // Set supplier ref - if ($action == 'setref_supplier' && $user->rights->fournisseur->facture->creer) + if ($action == 'setref_supplier' && $usercancreate) { $object->ref_supplier = GETPOST('ref_supplier', 'alpha'); @@ -312,7 +314,7 @@ if (empty($reshook)) } // payments conditions - if ($action == 'setconditions' && $user->rights->fournisseur->facture->creer) + if ($action == 'setconditions' && $usercancreate) { $result = $object->setPaymentTerms(GETPOST('cond_reglement_id', 'int')); } @@ -324,35 +326,34 @@ if (empty($reshook)) } // payment mode - elseif ($action == 'setmode' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'setmode' && $usercancreate) { $result = $object->setPaymentMethods(GETPOST('mode_reglement_id', 'int')); } // Multicurrency Code - elseif ($action == 'setmulticurrencycode' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setmulticurrencycode' && $usercancreate) { $result = $object->setMulticurrencyCode(GETPOST('multicurrency_code', 'alpha')); } // Multicurrency rate - elseif ($action == 'setmulticurrencyrate' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setmulticurrencyrate' && $usercancreate) { $result = $object->setMulticurrencyRate(price2num(GETPOST('multicurrency_tx', 'alpha'))); } // bank account - elseif ($action == 'setbankaccount' && $user->rights->fournisseur->facture->creer) { + elseif ($action == 'setbankaccount' && $usercancreate) { $result = $object->setBankAccount(GETPOST('fk_account', 'int')); } // Set label - elseif ($action == 'setlabel' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'setlabel' && $usercancreate) { $object->fetch($id); $object->label = GETPOST('label'); $result = $object->update($user); if ($result < 0) dol_print_error($db); - } elseif ($action == 'setdatef' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'setdatef' && $usercancreate) { $newdate = dol_mktime(0, 0, 0, $_POST['datefmonth'], $_POST['datefday'], $_POST['datefyear']); if ($newdate > (dol_now() + (empty($conf->global->INVOICE_MAX_OFFSET_IN_FUTURE) ? 0 : $conf->global->INVOICE_MAX_OFFSET_IN_FUTURE))) { @@ -375,8 +376,7 @@ if (empty($reshook)) $result = $object->update($user); if ($result < 0) dol_print_error($db, $object->error); - } elseif ($action == 'setdate_lim_reglement' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'setdate_lim_reglement' && $usercancreate) { $object->fetch($id); $object->date_echeance = dol_mktime(12, 0, 0, $_POST['date_lim_reglementmonth'], $_POST['date_lim_reglementday'], $_POST['date_lim_reglementyear']); if (!empty($object->date_echeance) && $object->date_echeance < $object->date) @@ -591,7 +591,7 @@ if (empty($reshook)) // Delete payment - elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_delete_paiement' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $object->paye == 0) @@ -1033,7 +1033,7 @@ if (empty($reshook)) } // Edit line - elseif ($action == 'updateline' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'updateline' && $usercancreate) { $db->begin(); @@ -1122,8 +1122,7 @@ if (empty($reshook)) $db->rollback(); setEventMessages($object->error, $object->errors, 'errors'); } - } elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'addline' && $usercancreate) { $db->begin(); $ret = $object->fetch($id); @@ -1411,15 +1410,14 @@ if (empty($reshook)) } $action = ''; - } elseif ($action == 'classin' && $user->rights->fournisseur->facture->creer) - { + } elseif ($action == 'classin' && $usercancreate) { $object->fetch($id); $result = $object->setProject($projectid); } // Set invoice to draft status - elseif ($action == 'confirm_edit' && $confirm == 'yes' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'confirm_edit' && $confirm == 'yes' && $usercancreate) { $object->fetch($id); @@ -1484,7 +1482,7 @@ if (empty($reshook)) } // Set invoice to validated/unpaid status - elseif ($action == 'reopen' && $user->rights->fournisseur->facture->creer) + elseif ($action == 'reopen' && $usercancreate) { $result = $object->fetch($id); if ($object->statut == FactureFournisseur::STATUS_CLOSED @@ -1513,7 +1511,7 @@ if (empty($reshook)) // Actions to build doc $upload_dir = $conf->fournisseur->facture->dir_output; - $permissiontoadd = $user->rights->fournisseur->facture->creer; + $permissiontoadd = $usercancreate; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; // Make calculation according to calculationrule @@ -1555,7 +1553,7 @@ if (empty($reshook)) $action = 'edit_extras'; } - if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $user->rights->fournisseur->facture->creer) + if (!empty($conf->global->MAIN_DISABLE_CONTACTS_TAB) && $usercancreate) { if ($action == 'addcontact') { @@ -2372,8 +2370,8 @@ if ($action == 'create') $morehtmlref = '
'; // Ref supplier - $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', 0, 1); - $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $user->rights->fournisseur->facture->creer, 'string', '', null, null, '', 1); + $morehtmlref .= $form->editfieldkey("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', 0, 1); + $morehtmlref .= $form->editfieldval("RefSupplier", 'ref_supplier', $object->ref_supplier, $object, $usercancreate, 'string', '', null, null, '', 1); // Thirdparty $morehtmlref .= '
'.$langs->trans('ThirdParty').' : '.$object->thirdparty->getNomUrl(1); if (empty($conf->global->MAIN_DISABLE_OTHER_LINK) && $object->thirdparty->id > 0) $morehtmlref .= ' ('.$langs->trans("OtherBills").')'; @@ -2382,7 +2380,7 @@ if ($action == 'create') { $langs->load("projects"); $morehtmlref .= '
'.$langs->trans('Project').' '; - if ($user->rights->fournisseur->facture->creer) + if ($usercancreate) { if ($action != 'classify') { $morehtmlref .= ''.img_edit($langs->transnoentitiesnoconv('SetProject')).' : '; @@ -2482,11 +2480,11 @@ if ($action == 'create') // Label print ''; - print ''.$form->editfieldkey("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).''; - print ''.$form->editfieldval("Label", 'label', $object->label, $object, ($user->rights->fournisseur->facture->creer)).''; + print ''.$form->editfieldkey("Label", 'label', $object->label, $object, ($usercancreate)).''; + print ''.$form->editfieldval("Label", 'label', $object->label, $object, ($usercancreate)).''; print ''; - $form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $user->rights->fournisseur->facture->creer && ($object->getSommePaiement() <= 0); + $form_permission = ($object->statut < FactureFournisseur::STATUS_CLOSED) && $usercancreate && ($object->getSommePaiement() <= 0); // Date print ''.$form->editfieldkey("DateInvoice", 'datef', $object->datep, $object, $form_permission, 'datepicker').''; @@ -2507,7 +2505,7 @@ if ($action == 'create') print ''; } print '
'; print $langs->trans('PaymentConditions'); print ''; - if ($action != 'editconditions' && $user->rights->fournisseur->facture->creer) { + if ($action != 'editconditions' && $usercancreate) { print 'id.'">'.img_edit($langs->trans('SetConditions'), 1).'
'; @@ -2527,7 +2525,7 @@ if ($action == 'create') print ''; - if ($action != 'editmode' && $user->rights->fournisseur->facture->creer) { + if ($action != 'editmode' && $usercancreate) { print ''; } print '
'; print $langs->trans('PaymentMode'); print 'id.'">'.img_edit($langs->trans('SetMode'), 1).'
'; @@ -2594,7 +2592,7 @@ if ($action == 'create') print ''; print '
'; print $langs->trans('BankAccount'); print ''; - if ($action != 'editbankaccount' && $user->rights->fournisseur->facture->creer) + if ($action != 'editbankaccount' && $usercancreate) print 'id.'">'.img_edit($langs->trans('SetBankAccount'), 1).'
'; print ''; @@ -2613,7 +2611,7 @@ if ($action == 'create') print '
'; print $langs->trans('IncotermLabel'); print ''; - if ($user->rights->fournisseur->facture->creer) print ''.img_edit().''; + if ($usercancreate) print ''.img_edit().''; else print ' '; print '
'; print ''; @@ -2996,7 +2994,7 @@ if ($action == 'create') $num = count($object->lines); // Form to add new line - if ($object->statut == FactureFournisseur::STATUS_DRAFT && $user->rights->fournisseur->facture->creer) + if ($object->statut == FactureFournisseur::STATUS_DRAFT && $usercancreate) { if ($action != 'editline') { @@ -3029,7 +3027,7 @@ if ($action == 'create') if (empty($reshook)) { // Modify a validated invoice with no payments - if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $user->rights->fournisseur->facture->creer) + if ($object->statut == FactureFournisseur::STATUS_VALIDATED && $action != 'confirm_edit' && $object->getSommePaiement() == 0 && $usercancreate) { // We check if lines of invoice are not already transfered into accountancy $ventilExportCompta = $object->getVentilExportCompta(); // Should be 0 since the sum of payments are zero. But we keep the protection. @@ -3050,11 +3048,11 @@ if ($action == 'create') || ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && empty($discount->id))) && ($object->statut == FactureFournisseur::STATUS_CLOSED || $object->statut == FactureFournisseur::STATUS_ABANDONED)) // A paid invoice (partially or completely) { - if (!$facidnext && $object->close_code != 'replaced' && $user->rights->fournisseur->facture->creer) // Not replaced by another invoice + if (!$facidnext && $object->close_code != 'replaced' && $usercancreate) // Not replaced by another invoice { print '
'.$langs->trans('ReOpen').'
'; } else { - if ($user->rights->fournisseur->facture->creer) { + if ($usercancreate) { print '
'.$langs->trans('ReOpen').'
'; } elseif (empty($conf->global->MAIN_BUTTON_HIDE_UNAUTHORIZED)) { print '
'.$langs->trans('ReOpen').'
'; @@ -3066,7 +3064,7 @@ if ($action == 'create') if (empty($user->socid)) { if (($object->statut == FactureFournisseur::STATUS_VALIDATED || $object->statut == FactureFournisseur::STATUS_CLOSED)) { - if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || $user->rights->fournisseur->supplier_invoice_advance->send) + if ($usercansend) { print '
'.$langs->trans('SendMail').'
'; } else print '
'.$langs->trans('SendMail').'
'; @@ -3102,18 +3100,18 @@ if ($action == 'create') } // For standard invoice with excess paid - if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $user->rights->fournisseur->facture->creer && empty($discount->id)) + if ($object->type == FactureFournisseur::TYPE_STANDARD && empty($object->paye) && ($object->total_ttc - $totalpaye - $totalcreditnotes - $totaldeposits) < 0 && $usercancreate && empty($discount->id)) { print '
'.$langs->trans('ConvertExcessPaidToReduc').'
'; } // For credit note - if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $user->rights->fournisseur->facture->creer + if ($object->type == FactureFournisseur::TYPE_CREDIT_NOTE && $object->statut == 1 && $object->paye == 0 && $usercancreate && (!empty($conf->global->SUPPLIER_INVOICE_ALLOW_REUSE_OF_CREDIT_WHEN_PARTIALLY_REFUNDED) || $object->getSommePaiement() == 0) ) { print '
'.$langs->trans('ConvertToReduc').'
'; } // For deposit invoice - if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $user->rights->fournisseur->facture->creer && empty($discount->id)) + if ($object->type == FactureFournisseur::TYPE_DEPOSIT && $object->paye == 1 && $resteapayer == 0 && $usercancreate && empty($discount->id)) { print '
'.$langs->trans('ConvertToReduc').'
'; } @@ -3124,8 +3122,7 @@ if ($action == 'create') { if (count($object->lines)) { - if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->facture->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->supplier_invoice_advance->validate))) + if ($usercanvalidate) { print '
'.$langs->trans('Validate').'
'; @@ -3143,13 +3140,13 @@ if ($action == 'create') }*/ // Clone - if ($action != 'edit' && $user->rights->fournisseur->facture->creer) + if ($action != 'edit' && $usercancreate) { print '
socid.'">'.$langs->trans('ToClone').'
'; } // Create a credit note - if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $user->rights->fournisseur->facture->creer) + if (($object->type == FactureFournisseur::TYPE_STANDARD || $object->type == FactureFournisseur::TYPE_DEPOSIT) && $object->statut > 0 && $usercancreate) { if (!$objectidnext) { @@ -3159,7 +3156,7 @@ if ($action == 'create') // Delete $isErasable = $object->is_erasable(); - if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($user->rights->fournisseur->facture->creer && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions) + if ($action != 'confirm_edit' && ($user->rights->fournisseur->facture->supprimer || ($usercancreate && $isErasable == 1))) // isErasable = 1 means draft with temporary ref (draft can always be deleted with no need of permissions) { //var_dump($isErasable); if ($isErasable == -4) { @@ -3190,8 +3187,8 @@ if ($action == 'create') $subdir = get_exdir($object->id, 2, 0, 0, $object, 'invoice_supplier').$ref; $filedir = $conf->fournisseur->facture->dir_output.'/'.$subdir; $urlsource = $_SERVER['PHP_SELF'].'?id='.$object->id; - $genallowed = $user->rights->fournisseur->facture->lire; - $delallowed = $user->rights->fournisseur->facture->creer; + $genallowed = $usercanread; + $delallowed = $usercancreate; $modelpdf = (!empty($object->modelpdf) ? $object->modelpdf : (empty($conf->global->INVOICE_SUPPLIER_ADDON_PDF) ? '' : $conf->global->INVOICE_SUPPLIER_ADDON_PDF)); print $formfile->showdocuments('facture_fournisseur', $subdir, $filedir, $urlsource, $genallowed, $delallowed, $modelpdf, 1, 0, 0, 40, 0, '', '', '', $societe->default_lang);