diff --git a/htdocs/core/modules/modStockTransfer.class.php b/htdocs/core/modules/modStockTransfer.class.php
index 1d3ecda6fb4..24bdd4b42d0 100644
--- a/htdocs/core/modules/modStockTransfer.class.php
+++ b/htdocs/core/modules/modStockTransfer.class.php
@@ -455,15 +455,18 @@ class modStockTransfer extends DolibarrModules
// Rôles
$resql = $this->db->query('SELECT rowid FROM '.MAIN_DB_PREFIX.'c_type_contact WHERE code = "STDEST" AND element = "StockTransfer" AND source = "internal"');
$res = $this->db->fetch_object($resql);
- if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.$this->getNextId().', "StockTransfer", "internal", "STRESP", "Responsable du transfert de stocks", 1, NULL, 0)');
+ $nextid=$this->getNextId();
+ if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.((int) $nextid).', "StockTransfer", "internal", "STRESP", "Responsable du transfert de stocks", 1, NULL, 0)');
$resql = $this->db->query('SELECT rowid FROM '.MAIN_DB_PREFIX.'c_type_contact WHERE code = "STFROM" AND element = "StockTransfer" AND source = "external"');
$res = $this->db->fetch_object($resql);
- if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.$this->getNextId().', "StockTransfer", "external", "STFROM", "Contact expéditeur transfert de stocks", 1, NULL, 0)');
+ $nextid=$this->getNextId();
+ if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.((int) $nextid).', "StockTransfer", "external", "STFROM", "Contact expéditeur transfert de stocks", 1, NULL, 0)');
$resql = $this->db->query('SELECT rowid FROM '.MAIN_DB_PREFIX.'c_type_contact WHERE code = "STDEST" AND element = "StockTransfer" AND source = "external"');
$res = $this->db->fetch_object($resql);
- if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.$this->getNextId().', "StockTransfer", "external", "STDEST", "Contact destinataire transfert de stocks", 1, NULL, 0)');
+ $nextid=$this->getNextId();
+ if (empty($res)) $this->db->query('INSERT INTO '.MAIN_DB_PREFIX.'c_type_contact(rowid, element, source, code, libelle, active, module, position) VALUES('.((int) $nextid).', "StockTransfer", "external", "STDEST", "Contact destinataire transfert de stocks", 1, NULL, 0)');
return $this->_init($sql, $options);
}
diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php b/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php
index b260dfc8d76..ccbdf12e712 100644
--- a/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php
+++ b/htdocs/product/stock/stocktransfer/stocktransfer_agenda.php
@@ -89,7 +89,7 @@ if ($id > 0 || !empty($ref)) $upload_dir = $conf->stocktransfer->multidir_output
// Security check - Protection if external user
//if ($user->socid > 0) accessforbidden();
//if ($user->socid > 0) $socid = $user->socid;
-//$result = restrictedArea($user, 'stocktransfer', $object->id);
+$result = restrictedArea($user, 'stocktransfer', $object->id, '', 'stocktransfer');
$permissiontoadd = $user->rights->stocktransfer->stocktransfer->write; // Used by the include of actions_addupdatedelete.inc.php
diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_card.php b/htdocs/product/stock/stocktransfer/stocktransfer_card.php
index dd56c5ce6df..b001904b6de 100644
--- a/htdocs/product/stock/stocktransfer/stocktransfer_card.php
+++ b/htdocs/product/stock/stocktransfer/stocktransfer_card.php
@@ -116,7 +116,6 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be includ
$permissiontoread = $user->rights->stocktransfer->stocktransfer->read;
$permissiontoadd = $user->rights->stocktransfer->stocktransfer->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
-$permissiontodelete = $user->rights->stocktransfer->stocktransfer->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
$permissionnote = $user->rights->stocktransfer->stocktransfer->write; // Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->stocktransfer->stocktransfer->write; // Used by the include of actions_dellink.inc.php
$upload_dir = $conf->stocktransfer->multidir_output[isset($object->entity) ? $object->entity : 1];
@@ -127,7 +126,7 @@ $upload_dir = $conf->stocktransfer->multidir_output[isset($object->entity) ? $ob
//$isdraft = (($object->statut == $object::STATUS_DRAFT) ? 1 : 0);
//$result = restrictedArea($user, 'stocktransfer', $object->id, '', '', 'fk_soc', 'rowid', $isdraft);
-//if (!$permissiontoread) accessforbidden();
+if (!$permissiontoread || ($action === 'create' && !$permissiontoadd)) accessforbidden();
/*
@@ -158,6 +157,9 @@ if (empty($reshook)) {
// Actions cancel, add, update, update_extras, confirm_validate, confirm_delete, confirm_deleteline, confirm_clone, confirm_close, confirm_setdraft, confirm_reopen
include DOL_DOCUMENT_ROOT.'/core/actions_addupdatedelete.inc.php';
+ // On met cette permission ici car nécessaire d'avoir le dernier statut de l'objet après toute action exécutée dessus
+ $permissiontodelete = $user->rights->stocktransfer->stocktransfer->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
+
// Actions when linking object each other
include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php';
@@ -754,7 +756,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
}
print getTitleFieldOfList($langs->trans('AverageUnitPricePMPShort'), 0, $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'center tagtd maxwidthonsmartphone ');
print getTitleFieldOfList($langs->trans('EstimatedStockValueShort'), 0, $_SERVER["PHP_SELF"], '', $param, '', '', $sortfield, $sortorder, 'center tagtd maxwidthonsmartphone ');
- if (empty($object->status)) {
+ if (empty($object->status) && $permissiontoadd) {
print getTitleFieldOfList('', 0);
print getTitleFieldOfList('', 0);
print getTitleFieldOfList('', 0);
@@ -822,7 +824,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
print '| ';
print price($line->pmp * $line->qty, 0, '', 1, -1, -1, $conf->currency);
print ' | ';
- if (empty($object->status)) {
+ if (empty($object->status) && $permissiontoadd) {
if ($action === 'editline' && $line->id == $lineid) {
//print ' | ';
print '
';
@@ -862,7 +864,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
print '';
}
- if (empty($object->status) && $action !== 'editline') {
+ if (empty($object->status) && $action !== 'editline' && $permissiontoadd) {
print ' | ';
// Product
print '| ';
@@ -1020,7 +1022,7 @@ if ($object->id > 0 && (empty($action) || ($action != 'edit' && $action != 'crea
*/
// Delete (need delete permission, or if draft, just need create/modify permission)
- if ($object->status < $object::STATUS_TRANSFERED && $permissiontoadd) {
+ if ($object->status < $object::STATUS_TRANSFERED && $permissiontodelete) {
print ''.$langs->trans('Delete').''."\n";
}
/*else
diff --git a/htdocs/product/stock/stocktransfer/stocktransfer_list.php b/htdocs/product/stock/stocktransfer/stocktransfer_list.php
index e196e9b1068..0424251d54d 100644
--- a/htdocs/product/stock/stocktransfer/stocktransfer_list.php
+++ b/htdocs/product/stock/stocktransfer/stocktransfer_list.php
@@ -158,7 +158,7 @@ if ($user->socid > 0) { // Protection if external user
accessforbidden();
}
//$result = restrictedArea($user, 'stocktransfer', $id, '');
-//if (!$permissiontoread) accessforbidden();
+if (!$permissiontoread) accessforbidden();
|