From e81663ec3495597815266713de87ad1d1e0ea025 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 12 Jun 2019 19:00:34 +0200 Subject: [PATCH] Fix cropping of image files for BOM module was ko --- htdocs/core/class/html.formfile.class.php | 4 ++-- htdocs/core/lib/security.lib.php | 15 ++++++++------- htdocs/core/photos_resize.php | 20 +++++++++++++++++++- htdocs/langs/en_US/mrp.lang | 2 ++ 4 files changed, 31 insertions(+), 10 deletions(-) diff --git a/htdocs/core/class/html.formfile.class.php b/htdocs/core/class/html.formfile.class.php index b729ad51fc5..8f0aee14424 100644 --- a/htdocs/core/class/html.formfile.class.php +++ b/htdocs/core/class/html.formfile.class.php @@ -1040,7 +1040,7 @@ class FormFile * @param string $relativepath Relative path of docs (autodefined if not provided), relative to module dir, not to MAIN_DATA_ROOT. * @param int $permonobject Permission on object (so permission to delete or crop document) * @param int $useinecm Change output for use in ecm module: - * 0 or 6: Add a preview column. Show also a rename and crop button. + * 0 or 6: Add a preview column. Show also a rename button. Show also a crop button for some values of $modulepart (must be supported into hard coded list in this function + photos_resize.php + restrictedArea + checkUserAccessToObject) * 1: Add link to edit ECM entry * 2: Add rename and crop file * 4: Add a preview column @@ -1068,7 +1068,7 @@ class FormFile global $form; $disablecrop=1; - if (in_array($modulepart, array('expensereport','holiday','member','project','product','produit','service','societe','tax','ticket','user'))) $disablecrop=0; + if (in_array($modulepart, array('bom','expensereport','holiday','member','project','product','produit','service','societe','tax','ticket','user'))) $disablecrop=0; // Define relative path used to store the file if (empty($relativepath)) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index dcdc70c3fe6..69d9173e212 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -247,11 +247,12 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f { if (! $user->rights->projet->lire && ! $user->rights->projet->all->lire) { $readok=0; $nbko++; } } - elseif (! empty($feature2)) // This should be used for future changes + elseif (! empty($feature2)) // This is for permissions on 2 levels { $tmpreadok=1; foreach($feature2 as $subfeature) { + var_dump($subfeature); if ($subfeature == 'user' && $user->id == $objectid) continue; // A user can always read its own card if (! empty($subfeature) && empty($user->rights->$feature->$subfeature->lire) && empty($user->rights->$feature->$subfeature->read)) { $tmpreadok=0; } elseif (empty($subfeature) && empty($user->rights->$feature->lire) && empty($user->rights->$feature->read)) { $tmpreadok=0; } @@ -263,7 +264,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f $nbko++; } } - elseif (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions + elseif (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is permissions on 1 level { if (empty($user->rights->$feature->lire) && empty($user->rights->$feature->read) @@ -307,7 +308,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f { if (! $user->rights->banque->cheque) { $createok=0; $nbko++; } } - elseif (! empty($feature2)) // This should be used + elseif (! empty($feature2)) // This is for permissions on one level { foreach($feature2 as $subfeature) { @@ -317,7 +318,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f else { $createok=1; break; } // Break to bypass second test if the first is ok } } - elseif (! empty($feature)) // This is for old permissions ('creer' or 'write') + elseif (! empty($feature)) // This is for permissions on 2 levels ('creer' or 'write') { //print '
feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write; if (empty($user->rights->$feature->creer) @@ -384,7 +385,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f { if (! $user->rights->salaries->delete) $deleteok=0; } - elseif (! empty($feature2)) // This should be used for permissions on 2 levels + elseif (! empty($feature2)) // This is for permissions on 2 levels { foreach($feature2 as $subfeature) { @@ -392,7 +393,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f else { $deleteok=1; break; } // For bypass the second test if the first is ok } } - elseif (! empty($feature)) // This is used for permissions on 1 level + elseif (! empty($feature)) // This is used for permissions on 1 level { //print '
feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete; if (empty($user->rights->$feature->supprimer) @@ -451,7 +452,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand if ($feature == 'project') $feature='projet'; if ($feature == 'task') $feature='projet_task'; - $check = array('adherent','banque','don','user','usergroup','product','produit','service','produit|service','categorie','resource','expensereport','holiday'); // Test on entity only (Objects with no link to company) + $check = array('adherent','banque','bom','don','user','usergroup','product','produit','service','produit|service','categorie','resource','expensereport','holiday'); // Test on entity only (Objects with no link to company) $checksoc = array('societe'); // Test for societe object $checkother = array('contact','agenda'); // Test on entity and link to third party. Allowed if link is empty (Ex: contacts...). $checkproject = array('projet','project'); // Test for project object diff --git a/htdocs/core/photos_resize.php b/htdocs/core/photos_resize.php index 2ecb127f3b2..47be8cdf974 100644 --- a/htdocs/core/photos_resize.php +++ b/htdocs/core/photos_resize.php @@ -53,6 +53,12 @@ elseif ($modulepart == 'project') if (! $user->rights->projet->lire) accessforbidden(); $accessallowed=1; } +elseif ($modulepart == 'bom') +{ + $result=restrictedArea($user, 'bom', $id, 'bom_bom'); + if (! $user->rights->bom->read) accessforbidden(); + $accessallowed=1; +} elseif ($modulepart == 'expensereport') { $result=restrictedArea($user, 'expensereport', $id, 'expensereport'); @@ -205,8 +211,19 @@ elseif ($modulepart == 'ticket') $dir=$conf->ticket->dir_output; // By default } } +elseif ($modulepart == 'bom') +{ + require_once DOL_DOCUMENT_ROOT.'/bom/class/bom.class.php'; + $object = new BOM($db); + if ($id > 0) + { + $result = $object->fetch($id); + if ($result <= 0) dol_print_error($db, 'Failed to load object'); + $dir=$conf->bom->dir_output; // By default + } +} else { - print 'Action crop for module part '.$modulepart.' is not supported yet.'; + print 'Action crop for modulepart = '.$modulepart.' is not supported yet.'; } if (empty($backtourl)) @@ -220,6 +237,7 @@ if (empty($backtourl)) elseif (in_array($modulepart, array('tax'))) $backtourl=DOL_URL_ROOT."/compta/sociales/document.php?id=".$id.'&file='.urldecode($_POST["file"]); elseif (in_array($modulepart, array('ticket'))) $backtourl=DOL_URL_ROOT."/ticket/document.php?id=".$id.'&file='.urldecode($_POST["file"]); elseif (in_array($modulepart, array('user'))) $backtourl=DOL_URL_ROOT."/user/document.php?id=".$id.'&file='.urldecode($_POST["file"]); + else $backtourl=DOL_URL_ROOT."/".$modulepart."/".$modulepart."_document.php?id=".$id.'&file='.urldecode($_POST["file"]); } diff --git a/htdocs/langs/en_US/mrp.lang b/htdocs/langs/en_US/mrp.lang index c4bb9193a33..360f4303f07 100644 --- a/htdocs/langs/en_US/mrp.lang +++ b/htdocs/langs/en_US/mrp.lang @@ -13,3 +13,5 @@ WatermarkOnDraftBOMs=Watermark on draft BOM ConfirmCloneBillOfMaterials=Are you sure you want to clone this bill of material ? ManufacturingEfficiency=Manufacturing efficiency ValueOfMeansLoss=Value of 0.95 means an average of 5%% of loss during the production +DeleteBillOfMaterials=Delete Bill Of Materials +ConfirmDeleteBillOfMaterials=Are you sure you want to delete this Bill Of Material?