From e152a86eae1faf86959803d5807114f866bc8c87 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 29 Oct 2010 07:27:33 +0000
Subject: [PATCH] New: Task #10725

---
 htdocs/user/fiche.php       |  20 +++----
 htdocs/user/group/index.php |   6 +--
 htdocs/user/home.php        | 105 +++++++++++++++++++-----------------
 3 files changed, 68 insertions(+), 63 deletions(-)

diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index ca6bcd60892..2f81d95e995 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -39,8 +39,8 @@ if ($conf->adherent->enabled) require_once(DOL_DOCUMENT_ROOT."/adherents/class/a
 // Define value to know what current user can do on users
 $canadduser=($user->admin || $user->rights->user->user->creer);
 $canreaduser=($user->admin || $user->rights->user->user->lire);
-$caneditperms=($user->admin || $user->rights->user->user->creer);
-$candisableperms=($user->admin || $user->rights->user->user->supprimer);
+$canedituser=($user->admin || $user->rights->user->user->creer);
+$candisableuser=($user->admin || $user->rights->user->user->supprimer);
 // Define value to know what current user can do on properties of edited user
 if ($_GET["id"])
 {
@@ -81,14 +81,14 @@ $quality = 80;
 /**
  * Actions
  */
-if ($_GET["subaction"] == 'addrights' && $caneditperms)
+if ($_GET["subaction"] == 'addrights' && $canedituser)
 {
 	$edituser = new User($db);
 	$edituser->fetch($_GET["id"]);
 	$edituser->addrights($_GET["rights"]);
 }
 
-if ($_GET["subaction"] == 'delrights' && $caneditperms)
+if ($_GET["subaction"] == 'delrights' && $canedituser)
 {
 	$edituser = new User($db);
 	$edituser->fetch($_GET["id"]);
@@ -1143,19 +1143,19 @@ else
 			}
 
 			// Activer
-			if ($user->id <> $_GET["id"] && $candisableperms && $fuser->statut == 0 &&
+			if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 0 &&
 			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=enable">'.$langs->trans("Reactivate").'</a>';
 			}
 			// Desactiver
-			if ($user->id <> $_GET["id"] && $candisableperms && $fuser->statut == 1 &&
+			if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 1 &&
 			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butActionDelete" href="fiche.php?action=disable&amp;id='.$fuser->id.'">'.$langs->trans("DisableUser").'</a>';
 			}
 			// Delete
-			if ($user->id <> $_GET["id"] && $candisableperms &&
+			if ($user->id <> $_GET["id"] && $candisableuser &&
 			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butActionDelete" href="fiche.php?action=delete&amp;id='.$fuser->id.'">'.$langs->trans("DeleteUser").'</a>';
@@ -1256,7 +1256,7 @@ else
 			}
 			$db->free($resql);
 
-			if ($caneditperms)
+			if ($canedituser)
 			{
 				$form = new Form($db);
 				print '<form action="fiche.php?id='.$_GET["id"].'" method="post">'."\n";
@@ -1309,7 +1309,7 @@ else
 					print '</td>';
 					print '<td align="right">';
 
-					if ($caneditperms)
+					if ($canedituser)
 					{
 						print '<a href="fiche.php?id='.$_GET["id"].'&amp;action=removegroup&amp;group='.$group->id.'">';
 						print img_delete($langs->trans("RemoveFromGroup"));
@@ -1335,7 +1335,7 @@ else
 		 * Fiche en mode edition
 		 */
 
-		if ($_GET["action"] == 'edit' && ($caneditperms || ($user->id == $fuser->id)))
+		if ($_GET["action"] == 'edit' && ($canedituser || ($user->id == $fuser->id)))
 		{
 
 			print '<form action="fiche.php?id='.$fuser->id.'" method="post" name="updateuser" enctype="multipart/form-data">';
diff --git a/htdocs/user/group/index.php b/htdocs/user/group/index.php
index 1b7e4a1fe6e..6b1224f4b21 100644
--- a/htdocs/user/group/index.php
+++ b/htdocs/user/group/index.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,7 +28,7 @@
 require("../../main.inc.php");
 
 
-if (! $user->rights->user->user->lire && ! $user->admin) accessforbidden();
+if (! $user->rights->user->group->lire && ! $user->admin) accessforbidden();
 
 $langs->load("users");
 
diff --git a/htdocs/user/home.php b/htdocs/user/home.php
index fcd79c61e71..7c3db54c3e2 100644
--- a/htdocs/user/home.php
+++ b/htdocs/user/home.php
@@ -1,6 +1,6 @@
 <?php
-/* Copyright (C) 2005-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+/* Copyright (C) 2005-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2010 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -48,7 +48,7 @@ print '<table border="0" width="100%" class="notopnoleftnoright">';
 
 print '<tr><td valign="top" width="30%" class="notopnoleft">';
 
-// Recherche User
+// Search User
 $var=false;
 print '<form method="post" action="'.DOL_URL_ROOT.'/user/index.php">';
 print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@@ -60,17 +60,20 @@ print '<tr '.$bc[$var].'><td nowrap>'.$langs->trans("Other").':</td><td><input t
 print "</table><br>\n";
 print '</form>';
 
-// Recherche Group
-$var=false;
-print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
-print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
-print '<table class="noborder" width="100%">';
-print '<tr class="liste_titre"><td colspan="3">'.$langs->trans("SearchAGroup").'</td></tr>';
-print '<tr '.$bc[$var].'><td>';
-print $langs->trans("Ref").':</td><td><input class="flat" type="text" name="search_group" size="18"></td><td rowspan="2"><input type="submit" value="'.$langs->trans("Search").'" class="button"></td></tr>';
-print '<tr '.$bc[$var].'><td nowrap>'.$langs->trans("Other").':</td><td><input type="text" class="flat" name="sall" size="18"></td></tr>';
-print "</table><br>\n";
-print '</form>';
+// Search Group
+if ($user->user->group->read)
+{
+	$var=false;
+	print '<form method="post" action="'.DOL_URL_ROOT.'/user/group/index.php">';
+	print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
+	print '<table class="noborder" width="100%">';
+	print '<tr class="liste_titre"><td colspan="3">'.$langs->trans("SearchAGroup").'</td></tr>';
+	print '<tr '.$bc[$var].'><td>';
+	print $langs->trans("Ref").':</td><td><input class="flat" type="text" name="search_group" size="18"></td><td rowspan="2"><input type="submit" value="'.$langs->trans("Search").'" class="button"></td></tr>';
+	print '<tr '.$bc[$var].'><td nowrap>'.$langs->trans("Other").':</td><td><input type="text" class="flat" name="sall" size="18"></td></tr>';
+	print "</table><br>\n";
+	print '</form>';
+}
 
 print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
 
@@ -142,48 +145,50 @@ else
 /*
  * Derniers groupes crees
  */
-$max=5;
-
-$sql = "SELECT g.rowid, g.nom, g.note, g.entity, g.datec";
-$sql.= " FROM ".MAIN_DB_PREFIX."usergroup as g";
-$sql.= " WHERE g.entity IN (0,".$conf->entity.")";
-$sql.= $db->order("g.datec","DESC");
-$sql.= $db->plimit($max);
-
-$resql=$db->query($sql);
-if ($resql)
+if ($user->user->group->read)
 {
-	$num = $db->num_rows($resql);
-	print '<table class="noborder" width="100%">';
-	print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("LastGroupsCreated",($num ? $num : $max)).'</td></tr>';
-	$var = true;
-	$i = 0;
-
-	while ($i < $num && (! $max || $i < $max))
+	$max=5;
+	
+	$sql = "SELECT g.rowid, g.nom, g.note, g.entity, g.datec";
+	$sql.= " FROM ".MAIN_DB_PREFIX."usergroup as g";
+	$sql.= " WHERE g.entity IN (0,".$conf->entity.")";
+	$sql.= $db->order("g.datec","DESC");
+	$sql.= $db->plimit($max);
+	
+	$resql=$db->query($sql);
+	if ($resql)
 	{
-		$obj = $db->fetch_object($resql);
-		$var=!$var;
-
-		print "<tr $bc[$var]>";
-		print '<td><a href="'.DOL_URL_ROOT.'/user/group/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';
-		if (!$obj->entity)
+		$num = $db->num_rows($resql);
+		print '<table class="noborder" width="100%">';
+		print '<tr class="liste_titre"><td colspan="2">'.$langs->trans("LastGroupsCreated",($num ? $num : $max)).'</td></tr>';
+		$var = true;
+		$i = 0;
+		
+		while ($i < $num && (! $max || $i < $max))
 		{
-			print img_picto($langs->trans("GlobalGroup"),'redstar');
+			$obj = $db->fetch_object($resql);
+			$var=!$var;
+			
+			print "<tr $bc[$var]>";
+			print '<td><a href="'.DOL_URL_ROOT.'/user/group/fiche.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowGroup"),"group").' '.$obj->nom.'</a>';
+			if (!$obj->entity)
+			{
+				print img_picto($langs->trans("GlobalGroup"),'redstar');
+			}
+			print "</td>";
+			print "<td width=\"80\" align=\"center\">".dol_print_date($db->jdate($obj->datec))."</td>";
+			print "</tr>";
+			$i++;
 		}
-		print "</td>";
-		print "<td width=\"80\" align=\"center\">".dol_print_date($db->jdate($obj->datec))."</td>";
-		print "</tr>";
-		$i++;
+		print "</table><br>";
+		
+		$db->free($resql);
+	}
+	else
+	{
+		dol_print_error($db);
 	}
-	print "</table><br>";
-
-	$db->free($resql);
 }
-else
-{
-	dol_print_error($db);
-}
-
 
 print '</td></tr>';
 print '</table>';