From 0dc8d3cb003fefa60d85836ea583958d541119c3 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 19 Mar 2018 18:53:33 +0100 Subject: [PATCH 1/6] Fix trad --- htdocs/langs/en_US/admin.lang | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 29673edf51c..ed2c27fc004 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -833,11 +833,11 @@ Permission1251=Run mass imports of external data into database (data load) Permission1321=Export customer invoices, attributes and payments Permission1322=Reopen a paid bill Permission1421=Export customer orders and attributes -Permission20001=Read leave requests (yours and your subordinates) -Permission20002=Create/modify your leave requests +Permission20001=Read leave requests (your leaves and the one of your subordinates) +Permission20002=Create/modify your leave requests (yours leaves and the one of your subordinates) Permission20003=Delete leave requests -Permission20004=Read all leave requests (even user not subordinates) -Permission20005=Create/modify leave requests for everybody +Permission20004=Read all leave requests (even of user not subordinates) +Permission20005=Create/modify leave requests for everybody (even of user not subordinates) Permission20006=Admin leave requests (setup and update balance) Permission23001=Read Scheduled job Permission23002=Create/update Scheduled job From a325bbf8650567e2fcce5ff9879d1efa57c46ea9 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 19 Mar 2018 20:46:43 +0100 Subject: [PATCH 2/6] FIX Input of holiday for subordinates was ko --- htdocs/core/class/html.form.class.php | 2 +- htdocs/holiday/card.php | 51 ++++++++++++++------------- htdocs/holiday/list.php | 25 +++++++------ htdocs/langs/en_US/holiday.lang | 1 + 4 files changed, 44 insertions(+), 35 deletions(-) diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 2424523ec0a..4daf78ad52e 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1441,7 +1441,7 @@ class Form /** * Return select list of users * - * @param string $selected User id or user object of user preselected. If -1, we use id of current user. + * @param string $selected User id or user object of user preselected. If 0 or < -2, we use id of current user. If -1, keep unselected (if empty is allowed) * @param string $htmlname Field name in form * @param int $show_empty 0=list with no empty value, 1=add also an empty value into list * @param array $exclude Array list of users id to exclude diff --git a/htdocs/holiday/card.php b/htdocs/holiday/card.php index 799b0907a92..e788abca30f 100644 --- a/htdocs/holiday/card.php +++ b/htdocs/holiday/card.php @@ -50,6 +50,18 @@ $now=dol_now(); $langs->load("holiday"); +$childids = $user->getAllChildIds(1); + +$cancreate = 0; +if (! empty($user->rights->holiday->write_all)) $cancreate=1; +if (! empty($user->rights->holiday->write) && in_array($fuserid, $childids)) $cancreate=1; + +$candelete = 0; +if (! empty($user->rights->holiday->delete)) $candelete=1; + +$morefilter = 'AND employee = 1'; +if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = ''; + /* * Actions @@ -61,8 +73,7 @@ if ($action == 'create') $object = new Holiday($db); // If no right to create a request - $fuserid = GETPOST('fuserid','int'); - if (($fuserid == $user->id && empty($user->rights->holiday->write)) || ($fuserid != $user->id && empty($user->rights->holiday->write_all))) + if (! $cancreate) { $error++; setEventMessages($langs->trans('CantCreateCP'), null, 'errors'); @@ -201,13 +212,11 @@ if ($action == 'update') $object = new Holiday($db); $object->fetch($id); - $canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all)); - // If under validation if ($object->statut == 1) { // If this is the requestor or has read/write rights - if ($canedit) + if ($cancreate) { $valideur = $_POST['valideur']; $description = trim($_POST['description']); @@ -280,13 +289,11 @@ if ($action == 'confirm_delete' && GETPOST('confirm') == 'yes' && $user->rights- $object = new Holiday($db); $object->fetch($id); - $canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all)); - // If this is a rough draft, approved, canceled or refused if ($object->statut == 1 || $object->statut == 4 || $object->statut == 5) { // Si l'utilisateur à le droit de lire cette demande, il peut la supprimer - if ($canedit) + if ($candelete) { $result=$object->delete($user); } @@ -314,10 +321,8 @@ if ($action == 'confirm_send') $object = new Holiday($db); $object->fetch($id); - $canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all)); - // Si brouillon et créateur - if($object->statut == 1 && $canedit) + if($object->statut == 1 && $cancreate) { $object->statut = 2; @@ -615,7 +620,7 @@ if ($action == 'confirm_cancel' && GETPOST('confirm') == 'yes') $object->fetch($id); // Si statut en attente de validation et valideur = valideur ou utilisateur, ou droits de faire pour les autres - if (($object->statut == 2 || $object->statut == 3) && ($user->id == $object->fk_validator || $user->id == $object->fk_user || ! empty($user->rights->holiday->write_all))) + if (($object->statut == 2 || $object->statut == 3) && ($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all))) { $db->begin(); @@ -849,10 +854,10 @@ if (empty($id) || $action == 'add' || $action == 'request' || $action == 'create print ''; if (empty($user->rights->holiday->write_all)) { - print $form->select_dolusers($fuserid, 'useridbis', 0, '', 1, '', '', 0, 0, 0, '', 0, '', 'maxwidth300'); - print ''; + print $form->select_dolusers(($fuserid?$fuserid:$user->id), 'fuserid', 0, '', 0, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth300'); + //print ''; } - else print $form->select_dolusers(GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id, 'fuserid', 0, '', 0, '', '', 0, 0, 0, 'AND employee = 1'); + else print $form->select_dolusers(GETPOST('fuserid','int')?GETPOST('fuserid','int'):$user->id, 'fuserid', 0, '', 0, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth300'); print ''; print ''; @@ -957,8 +962,6 @@ else { $object->fetch($id); - $canedit=(($user->id == $object->fk_user && $user->rights->holiday->write) || ($user->id != $object->fk_user && $user->rights->holiday->write_all)); - $valideur = new User($db); $valideur->fetch($object->fk_validator); @@ -1005,7 +1008,7 @@ else } // On vérifie si l'utilisateur à le droit de lire cette demande - if ($canedit) + if ($cancreate) { if ($action == 'delete') { @@ -1242,7 +1245,7 @@ else if ($action == 'edit' && $object->statut == 1) { print '
'; - if ($canedit && $object->statut == 1) + if ($cancreate && $object->statut == 1) { print ''; } @@ -1257,11 +1260,11 @@ else print '
'; // Boutons d'actions - if ($canedit && $object->statut == 1) + if ($cancreate && $object->statut == 1) { print ''.$langs->trans("EditCP").''; } - if ($canedit && $object->statut == 1) + if ($cancreate && $object->statut == 1) // If draft { print ''.$langs->trans("Validate").''; } @@ -1270,7 +1273,7 @@ else print ''.$langs->trans("DeleteCP").''; } - if ($object->statut == 2) + if ($object->statut == 2) // If validated { if ($user->id == $object->fk_validator) { @@ -1284,13 +1287,13 @@ else } } - if (($user->id == $object->fk_validator || $user->id == $object->fk_user || ! empty($user->rights->holiday->write_all)) && ($object->statut == 2 || $object->statut == 3)) // Status validated or approved + if (($user->id == $object->fk_validator || in_array($object->fk_user, $childids) || ! empty($user->rights->holiday->write_all)) && ($object->statut == 2 || $object->statut == 3)) // Status validated or approved { if (($object->date_debut > dol_now()) || $user->admin) print ''.$langs->trans("ActionCancelCP").''; else print ''.$langs->trans("ActionCancelCP").''; } - if ($canedit && $object->statut == 4) + if ($cancreate && $object->statut == 4) { print ''.$langs->trans("SetToDraft").''; } diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index e0894ecb355..8769046b03a 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -96,6 +96,7 @@ $fieldstosearchall = array( 'uu.firstname'=>'EmployeeFirstname' ); +$childids = $user->getAllChildIds(1); /* @@ -160,9 +161,6 @@ $holiday = new Holiday($db); $holidaystatic=new Holiday($db); $fuser = new User($db); -$childids = $user->getAllChildIds(); -$childids[]=$user->id; - // Update sold $result = $holiday->updateBalance(); @@ -302,7 +300,7 @@ if ($search_year_create) $param.='&search_year_create='.urlencode($searc if ($search_search_day_start) $param.='&search_day_start='.urlencode($search_day_start); if ($search_month_start) $param.='&search_month_start='.urlencode($search_month_start); if ($search_year_start) $param.='&search_year_start='.urlencode($search_year_start); -if ($day_end) $param.='&day_end='.urlencode($day_end); +if ($search_day_end) $param.='&search_day_end='.urlencode($search_day_end); if ($search_month_end) $param.='&search_month_end='.urlencode($search_month_end); if ($search_year_end) $param.='&search_year_end='.urlencode($search_year_end); if ($search_employee > 0) $param.='&search_employee='.urlencode($search_employee); @@ -401,18 +399,25 @@ print ''; - print $form->select_dolusers($search_employee,"search_employee",1,"",0,'','',0,0,0,'',0,'','maxwidth200'); + $defaultuserid = -1; + if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int'); + print ''; + print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); print ''; } else { - //print ' '; + $defaultuserid = $user->id; + if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int'); print ''; - print $form->select_dolusers($user->id,"search_employee",1,"",1,'','',0,0,0,'',0,'','maxwidth200'); + print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); print ''; } @@ -426,7 +431,7 @@ if($user->rights->holiday->write_all) $valideurobjects = $validator->listUsersForGroup($excludefilter); $valideurarray = array(); foreach($valideurobjects as $val) $valideurarray[$val->id]=$val->id; - print $form->select_dolusers($search_valideur,"search_valideur",1,"",0,$valideurarray,'', 0, 0, 0, '', 0, '', 'maxwidth200'); + print $form->select_dolusers($search_valideur, "search_valideur", 1, "", 0, $valideurarray, '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); print ''; } else diff --git a/htdocs/langs/en_US/holiday.lang b/htdocs/langs/en_US/holiday.lang index 621cc02c758..bb0d1e6ab41 100644 --- a/htdocs/langs/en_US/holiday.lang +++ b/htdocs/langs/en_US/holiday.lang @@ -59,6 +59,7 @@ DateRefusCP=Date of refusal DateCancelCP=Date of cancellation DefineEventUserCP=Assign an exceptional leave for a user addEventToUserCP=Assign leave +NotTheAssignedApprover=You are not the assigned approver MotifCP=Reason UserCP=User ErrorAddEventToUserCP=An error occurred while adding the exceptional leave. From 8cf2d4eb45205f704b3357d4d48feb623c3980ee Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 20 Mar 2018 10:10:21 +0100 Subject: [PATCH 3/6] Fix filter on holiday statut Fix tr/td balance for extrafields on lines --- htdocs/contrat/card.php | 9 +-- htdocs/core/class/commonobject.class.php | 44 +++++++------- htdocs/core/menus/init_menu_auguria.sql | 2 +- htdocs/core/menus/standard/eldy.lib.php | 10 ++-- htdocs/core/tpl/objectline_create.tpl.php | 70 ++++++++++++----------- htdocs/core/tpl/objectline_edit.tpl.php | 16 +++--- htdocs/core/tpl/objectline_view.tpl.php | 5 +- htdocs/holiday/class/holiday.class.php | 2 +- 8 files changed, 82 insertions(+), 76 deletions(-) diff --git a/htdocs/contrat/card.php b/htdocs/contrat/card.php index 93f1b4fd157..9d504aae6e4 100644 --- a/htdocs/contrat/card.php +++ b/htdocs/contrat/card.php @@ -1680,11 +1680,9 @@ else // Display lines extrafields if (is_array($extralabelslines) && count($extralabelslines)>0) { - print ''; $line = new ContratLigne($db); $line->fetch_optionals($objp->rowid,$extralabelslines); - print $line->showOptionals($extrafieldsline, 'view', array('style'=>$bcnd[$var], 'colspan'=>$colspan)); - print ''; + print $line->showOptionals($extrafieldsline, 'view', array('style'=>$bcnd[$var], 'colspan'=>$colspan), '', '', empty($conf->global->MAIN_EXTRAFIELDS_IN_ONE_TD)?0:1); } } // Ligne en mode update @@ -1752,13 +1750,12 @@ else print '   '.$langs->trans("DateEndPlanned").' '; $form->select_date($db->jdate($objp->date_fin),"date_end_update",$usehm,$usehm,($db->jdate($objp->date_fin)>0?0:1),"update"); print ''; + print ''; if (is_array($extralabelslines) && count($extralabelslines)>0) { - print ''; $line = new ContratLigne($db); $line->fetch_optionals($objp->rowid,$extralabelslines); - print $line->showOptionals($extrafieldsline, 'edit', array('style'=>$bcnd[$var], 'colspan'=>$colspan)); - print ''; + print $line->showOptionals($extrafieldsline, 'edit', array('style'=>$bcnd[$var], 'colspan'=>$colspan), '', '', empty($conf->global->MAIN_EXTRAFIELDS_IN_ONE_TD)?0:1); } print ''; diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 388dfe9799b..63788a32569 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -5371,7 +5371,7 @@ abstract class CommonObject $label = $val['label']; $type = $val['type']; $size = $val['css']; - + // Convert var to be able to share same code than showOutputField of extrafields if (preg_match('/varchar\((\d+)\)/', $type, $reg)) { @@ -5708,15 +5708,15 @@ abstract class CommonObject /** * Function to show lines of extrafields with output datas * - * @param Extrafields $extrafields Extrafield Object - * @param string $mode Show output (view) or input (edit) for extrafield - * @param array $params Optional parameters - * @param string $keysuffix Suffix string to add after name and id of field (can be used to avoid duplicate names) - * @param string $keyprefix Prefix string to add before name and id of field (can be used to avoid duplicate names) - * - * @return string + * @param Extrafields $extrafields Extrafield Object + * @param string $mode Show output (view) or input (edit) for extrafield + * @param array $params Optional parameters + * @param string $keysuffix Suffix string to add after name and id of field (can be used to avoid duplicate names) + * @param string $keyprefix Prefix string to add before name and id of field (can be used to avoid duplicate names) + * @param string $onetrtd All fields in same tr td + * @return string */ - function showOptionals($extrafields, $mode='view', $params=null, $keysuffix='', $keyprefix='') + function showOptionals($extrafields, $mode='view', $params=null, $keysuffix='', $keyprefix='', $onetrtd=0) { global $_POST, $conf, $langs, $action; @@ -5780,15 +5780,13 @@ abstract class CommonObject $csstyle=$params['style']; } } - if ( !empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && ($e % 2) == 0) + + $out .= ''; + if (empty($onetrtd)) { - $out .= ''; - $colspan='0'; - } - else - { - $out .= ''; + if (! empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && ($e % 2) == 0) { $colspan='0'; } } + // Convert date into timestamp format (value in memory must be a timestamp) if (in_array($extrafields->attribute_type[$key],array('date','datetime'))) { @@ -5806,10 +5804,17 @@ abstract class CommonObject { $labeltoshow = ''.$labeltoshow.''; } - $out .= ''.$labeltoshow.''; + + if (empty($onetrtd)) $out .= ''; + else $out .= ''; + + $out .= $labeltoshow; + + if (empty($onetrtd)) $out .= ''; + else $out.=' '; $html_id = !empty($this->id) ? $this->element.'_extras_'.$key.'_'.$this->id : ''; - $out .=''; + $out .=''; switch($mode) { case "view": @@ -5821,9 +5826,8 @@ abstract class CommonObject } $out .= ''; + $out .= ''; - if (! empty($conf->global->MAIN_EXTRAFIELDS_USE_TWO_COLUMS) && (($e % 2) == 1)) $out .= ''; - else $out .= ''; $e++; } } diff --git a/htdocs/core/menus/init_menu_auguria.sql b/htdocs/core/menus/init_menu_auguria.sql index 28eb9fa044a..c2dde1c8493 100644 --- a/htdocs/core/menus/init_menu_auguria.sql +++ b/htdocs/core/menus/init_menu_auguria.sql @@ -350,7 +350,7 @@ insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, left insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5000__+MAX_llx_menu__, 'hrm', 'hrm', 15__+MAX_llx_menu__, '/holiday/list.php?&leftmenu=hrm', 'CPTitreMenu', 0, 'holiday', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5001__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/card.php?&action=request', 'MenuAddCP', 1, 'holiday', '$user->rights->holiday->write', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5002__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/list.php?&leftmenu=hrm', 'List', 1, 'holiday', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); -insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5003__+MAX_llx_menu__, 'hrm', '', 5002__+MAX_llx_menu__, '/holiday/list.php?select_statut=2&leftmenu=hrm', 'ListToApprove', 2, 'trips', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); +insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5003__+MAX_llx_menu__, 'hrm', '', 5002__+MAX_llx_menu__, '/holiday/list.php?search_statut=2&leftmenu=hrm', 'ListToApprove', 2, 'trips', '$user->rights->holiday->read', '', 0, 1, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5004__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/define_holiday.php?&action=request', 'MenuConfCP', 1, 'holiday', '$user->rights->holiday->define_holiday', '', 0, 2, __ENTITY__); insert into llx_menu (module, enabled, menu_handler, type, rowid, mainmenu, leftmenu, fk_menu, url, titre, level, langs, perms, target, usertype, position, entity) values ('', '$conf->holiday->enabled', __HANDLER__, 'left', 5005__+MAX_llx_menu__, 'hrm', '', 5000__+MAX_llx_menu__, '/holiday/view_log.php?&action=request', 'MenuLogCP', 1, 'holiday', '$user->rights->holiday->define_holiday', '', 0, 3, __ENTITY__); -- HRM - Trips and expenses (old module) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 15a262654f4..fd3668aeaac 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -1364,11 +1364,11 @@ function print_left_eldy_menu($db,$menu_array_before,$menu_array_after,&$tabMenu $newmenu->add("/holiday/list.php?leftmenu=hrm", $langs->trans("CPTitreMenu"), 0, $user->rights->holiday->read, '', $mainmenu, 'hrm'); $newmenu->add("/holiday/card.php?action=request", $langs->trans("New"), 1,$user->rights->holiday->write); $newmenu->add("/holiday/list.php?leftmenu=hrm", $langs->trans("List"), 1,$user->rights->holiday->read); - if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?select_statut=1&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read); - if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?select_statut=2&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read); - if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?select_statut=3&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read); - if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?select_statut=4&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read); - if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?select_statut=5&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read); + if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?search_statut=1&leftmenu=hrm", $langs->trans("DraftCP"), 2, $user->rights->holiday->read); + if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?search_statut=2&leftmenu=hrm", $langs->trans("ToReviewCP"), 2, $user->rights->holiday->read); + if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?search_statut=3&leftmenu=hrm", $langs->trans("ApprovedCP"), 2, $user->rights->holiday->read); + if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?search_statut=4&leftmenu=hrm", $langs->trans("CancelCP"), 2, $user->rights->holiday->read); + if ($usemenuhider || empty($leftmenu) || $leftmenu=="hrm") $newmenu->add("/holiday/list.php?search_statut=5&leftmenu=hrm", $langs->trans("RefuseCP"), 2, $user->rights->holiday->read); $newmenu->add("/holiday/define_holiday.php?action=request", $langs->trans("MenuConfCP"), 1, $user->rights->holiday->read); $newmenu->add("/holiday/view_log.php?action=request", $langs->trans("MenuLogCP"), 1, $user->rights->holiday->define_holiday); } diff --git a/htdocs/core/tpl/objectline_create.tpl.php b/htdocs/core/tpl/objectline_create.tpl.php index 0bccdd61e79..6dec803b975 100644 --- a/htdocs/core/tpl/objectline_create.tpl.php +++ b/htdocs/core/tpl/objectline_create.tpl.php @@ -58,6 +58,37 @@ if (empty($inputalsopricewithtax)) $inputalsopricewithtax=0; $colspan = 3; // Col total ht + col edit + col delete if (in_array($object->element,array('propal','commande','order','facture','facturerec','invoice','supplier_proposal','order_supplier','invoice_supplier'))) $colspan++; // With this, there is a column move button //print $object->element; + +// Lines for extrafield +$objectline = null; +if (!empty($extrafieldsline)) +{ + if ($this->table_element_line=='commandedet') { + $objectline = new OrderLine($this->db); + } + elseif ($this->table_element_line=='propaldet') { + $objectline = new PropaleLigne($this->db); + } + elseif ($this->table_element_line=='supplier_proposaldet') { + $objectline = new SupplierProposalLine($this->db); + } + elseif ($this->table_element_line=='facturedet') { + $objectline = new FactureLigne($this->db); + } + elseif ($this->table_element_line=='contratdet') { + $objectline = new ContratLigne($this->db); + } + elseif ($this->table_element_line=='commande_fournisseurdet') { + $objectline = new CommandeFournisseurLigne($this->db); + } + elseif ($this->table_element_line=='facture_fourn_det') { + $objectline = new SupplierInvoiceLine($this->db); + } + elseif ($this->table_element_line=='facturedet_rec') { + $objectline = new FactureLigneRec($this->db); + } +} + ?> @@ -363,41 +394,14 @@ else { - table_element_line=='commandedet') { - $newline = new OrderLine($this->db); - } - elseif ($this->table_element_line=='propaldet') { - $newline = new PropaleLigne($this->db); - } - elseif ($this->table_element_line=='supplier_proposaldet') { - $newline = new SupplierProposalLine($this->db); - } - elseif ($this->table_element_line=='facturedet') { - $newline = new FactureLigne($this->db); - } - elseif ($this->table_element_line=='contratdet') { - $newline = new ContratLigne($this->db); - } - elseif ($this->table_element_line=='commande_fournisseurdet') { - $newline = new CommandeFournisseurLigne($this->db); - } - elseif ($this->table_element_line=='facture_fourn_det') { - $newline = new SupplierInvoiceLine($this->db); - } - elseif ($this->table_element_line=='facturedet_rec') { - $newline = new FactureLigneRec($this->db); - } - if (is_object($newline)) { - print $newline->showOptionals($extrafieldsline, 'edit', array('style'=>$bcnd[$var], 'colspan'=>$coldisplay+8)); - } - } - ?> +showOptionals($extrafieldsline, 'edit', array('style'=>$bcnd[$var], 'colspan'=>$coldisplay+8), '', '', empty($conf->global->MAIN_EXTRAFIELDS_IN_ONE_TD)?0:1); +} +?> + service->enabled) || ($object->element == 'contrat')) && $dateSelector && GETPOST('type') != '0') // We show date field if required { diff --git a/htdocs/core/tpl/objectline_edit.tpl.php b/htdocs/core/tpl/objectline_edit.tpl.php index 67adba3a2ae..41d419694e8 100644 --- a/htdocs/core/tpl/objectline_edit.tpl.php +++ b/htdocs/core/tpl/objectline_edit.tpl.php @@ -225,16 +225,16 @@ $coldisplay=-1; // We remove first td ">
"> - - showOptionals($extrafieldsline,'edit',array('style'=>$bc[$var],'colspan'=>$coldisplay)); - } - ?> +showOptionals($extrafieldsline, 'edit', array('style'=>$bc[$var],'colspan'=>$coldisplay), '', '', empty($conf->global->MAIN_EXTRAFIELDS_IN_ONE_TD)?0:1); +} +?> + service->enabled) && $line->product_type == 1 && $dateSelector) { ?> > trans('ServiceLimitedDuration').' '.$langs->trans('From').' '; ?> diff --git a/htdocs/core/tpl/objectline_view.tpl.php b/htdocs/core/tpl/objectline_view.tpl.php index 8d5b13ece7c..f1c691bf2a2 100644 --- a/htdocs/core/tpl/objectline_view.tpl.php +++ b/htdocs/core/tpl/objectline_view.tpl.php @@ -285,13 +285,14 @@ if (empty($outputalsopricetotalwithtax)) $outputalsopricetotalwithtax=0; + + showOptionals($extrafieldsline,'view',array('style'=>$bcdd[$var],'colspan'=>$coldisplay)); + print $line->showOptionals($extrafieldsline, 'view', array('style'=>$bcdd[$var],'colspan'=>$coldisplay), '', '', empty($conf->global->MAIN_EXTRAFIELDS_IN_ONE_TD)?0:1); } ?> - diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php index 6e230fac7b2..c3c541bb8ce 100644 --- a/htdocs/holiday/class/holiday.class.php +++ b/htdocs/holiday/class/holiday.class.php @@ -958,7 +958,7 @@ class Holiday extends CommonObject * Affiche un select HTML des statuts de congés payés * * @param int $selected Id of preselected status - * @param string $select_statut Name of HTML select field + * @param string $htmlname Name of HTML select field * @return string Show select of status */ function selectStatutCP($selected='', $htmlname='select_statut') { From 896a1cbc2475abb160f96cb43bfc5cb557099c43 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 20 Mar 2018 11:27:47 +0100 Subject: [PATCH 4/6] Fix bad var init --- htdocs/core/class/conf.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index a1d051440c3..9b2646a12b5 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -422,7 +422,7 @@ class Conf if (empty($this->global->MAIN_MONNAIE)) $this->global->MAIN_MONNAIE='EUR'; $this->currency=$this->global->MAIN_MONNAIE; - if (empty($conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY)) $conf->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY = 30; // Less than 1 minutes to be sure + if (empty($this->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY)) $this->global->MAIN_BROWSER_NOTIFICATION_FREQUENCY = 30; // Less than 1 minutes to be sure // conf->global->ACCOUNTING_MODE = Option des modules Comptabilites (simple ou expert). Defini le mode de calcul des etats comptables (CA,...) if (empty($this->global->ACCOUNTING_MODE)) $this->global->ACCOUNTING_MODE='RECETTES-DEPENSES'; // By default. Can be 'RECETTES-DEPENSES' ou 'CREANCES-DETTES' @@ -581,13 +581,13 @@ class Conf if (! isset($this->global->THEME_HIDE_BORDER_ON_INPUT)) $this->global->THEME_HIDE_BORDER_ON_INPUT=0; // Save inconsistent option - if (empty($conf->global->AGENDA_USE_EVENT_TYPE) && (! isset($conf->global->AGENDA_DEFAULT_FILTER_TYPE) || $conf->global->AGENDA_DEFAULT_FILTER_TYPE == 'AC_NON_AUTO')) + if (empty($this->global->AGENDA_USE_EVENT_TYPE) && (! isset($this->global->AGENDA_DEFAULT_FILTER_TYPE) || $this->global->AGENDA_DEFAULT_FILTER_TYPE == 'AC_NON_AUTO')) { - $conf->global->AGENDA_DEFAULT_FILTER_TYPE='0'; // 'AC_NON_AUTO' does not exists when AGENDA_DEFAULT_FILTER_TYPE is not on. + $this->global->AGENDA_DEFAULT_FILTER_TYPE='0'; // 'AC_NON_AUTO' does not exists when AGENDA_DEFAULT_FILTER_TYPE is not on. } - $conf->global->MAIN_MODULE_DOLISTORE_API_SRV='https://www.dolistore.com'; - $conf->global->MAIN_MODULE_DOLISTORE_API_KEY='dolistorecatalogpublickey1234567'; + $this->global->MAIN_MODULE_DOLISTORE_API_SRV='https://www.dolistore.com'; + $this->global->MAIN_MODULE_DOLISTORE_API_KEY='dolistorecatalogpublickey1234567'; // For backward compatibility if (isset($this->product)) $this->produit=$this->product; From 8214e7bb42e042d06f55eb77b2c19ec2e8df17c8 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 20 Mar 2018 11:45:57 +0100 Subject: [PATCH 5/6] Fix missing security restiction test --- htdocs/holiday/list.php | 9 +++++++++ htdocs/modulebuilder/template/myobject_list.php | 6 +++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 8769046b03a..35c386387a8 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -48,6 +48,15 @@ $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectl $backtopage = GETPOST('backtopage','alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss','aZ'); // Option for the css output (always '' except when 'print') +// Security check +$socid=0; +if ($user->societe_id > 0) // Protection if external user +{ + //$socid = $user->societe_id; + accessforbidden(); +} +$result = restrictedArea($user, 'holiday', $id, ''); + // Load variable for pagination $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; $sortfield = GETPOST('sortfield','alpha'); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index ed8e58e1c12..79d35dddcad 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -95,14 +95,14 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search if (! $sortfield) $sortfield="t.".key($object->fields); // Set here default search field. By default 1st field in definition. if (! $sortorder) $sortorder="ASC"; -// Protection if external user +// Security check $socid=0; -if ($user->societe_id > 0) +if ($user->societe_id > 0) // Protection if external user { //$socid = $user->societe_id; accessforbidden(); } -//$result = restrictedArea($user, 'mymodule', $id,''); +//$result = restrictedArea($user, 'mymodule', $id, ''); // Initialize array of search criterias $search_all=trim(GETPOST("search_all",'alpha')); From 78b4492f1e2afb2226c94a81d4d3065ec7d09475 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 20 Mar 2018 14:31:33 +0100 Subject: [PATCH 6/6] FIX Permission in list of holiday Conflicts: htdocs/holiday/list.php --- htdocs/holiday/list.php | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/htdocs/holiday/list.php b/htdocs/holiday/list.php index 35c386387a8..63d9527c132 100644 --- a/htdocs/holiday/list.php +++ b/htdocs/holiday/list.php @@ -48,6 +48,8 @@ $contextpage= GETPOST('contextpage','aZ')?GETPOST('contextpage','aZ'):'myobjectl $backtopage = GETPOST('backtopage','alpha'); // Go back to a dedicated page $optioncss = GETPOST('optioncss','aZ'); // Option for the css output (always '' except when 'print') +$childis = $user->getAllChildIds(1); + // Security check $socid=0; if ($user->societe_id > 0) // Protection if external user @@ -56,6 +58,7 @@ if ($user->societe_id > 0) // Protection if external user accessforbidden(); } $result = restrictedArea($user, 'holiday', $id, ''); +$id = GETPOST('id','int'); // Load variable for pagination $limit = GETPOST('limit','int')?GETPOST('limit','int'):$conf->liste_limit; @@ -80,7 +83,6 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search if (! $sortfield) $sortfield="cp.rowid"; if (! $sortorder) $sortorder="DESC"; -$id = GETPOST('id','int'); $sall = trim((GETPOST('search_all', 'alphanohtml')!='')?GETPOST('search_all', 'alphanohtml'):GETPOST('sall', 'alphanohtml')); $search_ref = GETPOST('search_ref','alpha'); @@ -413,25 +415,30 @@ $morefilter = 'AND employee = 1'; if (! empty($conf->global->HOLIDAY_FOR_NON_SALARIES_TOO)) $morefilter = ''; // User -if (! empty($user->rights->holiday->write_all)) +$disabled=0; +// If into the tab holiday of a user ($id is set in such a case) +if ($id && ! GETPOSTISSET('search_employee')) { - $defaultuserid = -1; - if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int'); + $search_employee=$id; + $disabled=1; +} +if (! empty($user->rights->holiday->read_all)) // Can see all +{ + if (GETPOSTISSET('search_employee')) $search_employee=GETPOST('search_employee','int'); print ''; - print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); + print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, '', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); print ''; } else { - $defaultuserid = $user->id; - if (GETPOSTISSET('search_employee')) $defaultuserid=GETPOST('search_employee','int'); + if (GETPOSTISSET('search_employee')) $search_employee=GETPOST('search_employee','int'); print ''; - print $form->select_dolusers($defaultuserid, "search_employee", 1, "", 0, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); + print $form->select_dolusers($search_employee, "search_employee", 1, "", $disabled, 'hierarchyme', '', 0, 0, 0, $morefilter, 0, '', 'maxwidth200'); print ''; } // Approve -if($user->rights->holiday->write_all) +if ($user->rights->holiday->read_all) { print ''; @@ -504,8 +511,16 @@ print "\n"; $listhalfday=array('morning'=>$langs->trans("Morning"),"afternoon"=>$langs->trans("Afternoon")); + +// If we ask a dedicated card and not allow to see it, we forc on user. +if ($id && empty($user->rights->holiday->read_all) && ! in_array($id, $childids)) +{ + $langs->load("errors"); + print ''.$langs->trans("NotEnoughPermissions").''; + $result = 0; +} // Lines -if (! empty($holiday->holiday)) +elseif (! empty($holiday->holiday)) { $userstatic = new User($db); $approbatorstatic = new User($db);