Merge branch '15.0' of git@github.com:Dolibarr/dolibarr.git into 15.0

Conflicts:
	htdocs/product/inventory/inventory.php

htdocs/comm/action/class/actioncomm.class.php

@@ -2065,8 +2065,8 @@ class ActionComm extends CommonObject
 						}
 
 						if (!empty($conf->global->AGENDA_EXPORT_FIX_TZ)) {
-							$timestampStart = - ($conf->global->AGENDA_EXPORT_FIX_TZ * 3600);
-							$timestampEnd   = - ($conf->global->AGENDA_EXPORT_FIX_TZ * 3600);
+							$timestampStart = $timestampStart - ($conf->global->AGENDA_EXPORT_FIX_TZ * 3600);
+							$timestampEnd   = $timestampEnd - ($conf->global->AGENDA_EXPORT_FIX_TZ * 3600);
 						}
 
 						$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));

htdocs/comm/propal/class/propal.class.php

@@ -1445,12 +1445,13 @@ class Propal extends CommonObject
 	/**
 	 *	Load a proposal from database. Get also lines.
 	 *
-	 *	@param      int			$rowid		id of object to load
-	 *	@param		string		$ref		Ref of proposal
-	 *	@param		string		$ref_ext	Ref ext of proposal
-	 *	@return     int         			>0 if OK, <0 if KO
+	 *	@param      int			$rowid			id of object to load
+	 *	@param		string		$ref			Ref of proposal
+	 *	@param		string		$ref_ext		Ref ext of proposal
+	 *	@param		int			$forceentity	Entity id to force
+	 *	@return     int         				>0 if OK, <0 if KO
 	 */
-	public function fetch($rowid, $ref = '', $ref_ext = '')
+	public function fetch($rowid, $ref = '', $ref_ext = '', $forceentity = 0)
 	{
 		$sql = "SELECT p.rowid, p.ref, p.entity, p.remise, p.remise_percent, p.remise_absolue, p.fk_soc";
 		$sql .= ", p.total_ttc, p.total_tva, p.localtax1, p.localtax2, p.total_ht";
@@ -1489,10 +1490,15 @@ class Propal extends CommonObject
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_input_reason as dr ON p.fk_input_reason = dr.rowid';
 		$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON p.fk_incoterms = i.rowid';
 
-		if ($ref) {
-			$sql .= " WHERE p.entity IN (".getEntity('propal').")"; // Dont't use entity if you use rowid
+		if (!empty($ref)) {
+			if (!empty($forceentity)) {
+				$sql .= " WHERE p.entity = ".(int) $forceentity; // Check only the current entity because we may have the same reference in several entities
+			} else {
+				$sql .= " WHERE p.entity IN (".getEntity('propal').")";
+			}
 			$sql .= " AND p.ref='".$this->db->escape($ref)."'";
 		} else {
+			// Dont't use entity if you use rowid
 			$sql .= " WHERE p.rowid = ".((int) $rowid);
 		}
 

htdocs/core/lib/signature.lib.php

@@ -26,7 +26,7 @@
  */
 function showOnlineSignatureUrl($type, $ref)
 {
-	global $conf, $langs;
+	global $langs;
 
 	// Load translation files required by the page
 	$langs->loadLangs(array("payment", "paybox"));
@@ -59,7 +59,8 @@ function showOnlineSignatureUrl($type, $ref)
  */
 function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1)
 {
-	global $conf, $db, $langs, $dolibarr_main_url_root;
+	global $conf, $dolibarr_main_url_root;
+	global $object;
 
 	$ref = str_replace(' ', '', $ref);
 	$out = '';
@@ -90,7 +91,7 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1)
 		if ($mode == 1) {
 			$out .= "hash('".$securekeyseed."' + '".$type."' + proposal_ref)";
 		} else {
-			$out .= '&securekey='.dol_hash($securekeyseed.$type.$ref, '0');
+			$out .= '&securekey='.dol_hash($securekeyseed.$type.$ref.$object->entity, '0');
 		}
 		/*
 		if ($mode == 1) {
@@ -120,7 +121,7 @@ function getOnlineSignatureUrl($mode, $type, $ref = '', $localorexternal = 1)
 
 	// For multicompany
 	if (!empty($out) && !empty($conf->multicompany->enabled)) {
-		$out .= "&entity=".$conf->entity; // Check the entity because we may have the same reference in several entities
+		$out .= "&entity=".$object->entity; // Check the entity of object because we may have the same reference in several entities
 	}
 
 	return $out;

htdocs/expensereport/card.php

@@ -263,7 +263,7 @@ if (empty($reshook)) {
 		if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->creer))
 			|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->expensereport->creer) && empty($user->rights->expensereport->writeall_advance))) {
 			$error++;
-			setEventMessages($langs->trans("NotEnoughPermission"), null, 'errors');
+			setEventMessages($langs->trans("NotEnoughPermissions"), null, 'errors');
 		}
 		if (!$error) {
 			if (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->expensereport->writeall_advance)) {

htdocs/expensereport/list.php

@@ -482,7 +482,7 @@ if ($resql) {
 			if ($canedit) {
 				print '<a href="'.DOL_URL_ROOT.'/expensereport/card.php?action=create&fk_user_author='.$fuser->id.'" class="butAction">'.$langs->trans("AddTrip").'</a>';
 			} else {
-				print '<a href="#" class="butActionRefused" title="'.$langs->trans("NotEnoughPermission").'">'.$langs->trans("AddTrip").'</a>';
+				print '<a href="#" class="butActionRefused" title="'.$langs->trans("NotEnoughPermissions").'">'.$langs->trans("AddTrip").'</a>';
 			}
 
 			print '</div>';

htdocs/langs/en_US/main.lang

@@ -344,7 +344,7 @@ KiloBytes=Kilobytes
 MegaBytes=Megabytes
 GigaBytes=Gigabytes
 TeraBytes=Terabytes
-UserAuthor=Ceated by
+UserAuthor=Created by
 UserModif=Updated by
 b=b.
 Kb=Kb
@@ -709,6 +709,7 @@ FeatureDisabled=Feature disabled
 MoveBox=Move widget
 Offered=Offered
 NotEnoughPermissions=You don't have permission for this action
+UserNotInHierachy=This action is reserved to the supervisors of this user
 SessionName=Session name
 Method=Method
 Receive=Receive

htdocs/projet/tasks/list.php

@@ -322,7 +322,7 @@ $sql .= " t.rowid as id, t.ref, t.label, t.planned_workload, t.duration_effectiv
 $sql .= " t.description, t.fk_task_parent";
 $sql .= " ,t.budget_amount";
 // We'll need these fields in order to filter by categ
-if ($search_categ) {
+if ($search_categ > 0) {
 	$sql .= ", cs.fk_categorie, cs.fk_project";
 }
 // Add sum fields
@@ -342,7 +342,7 @@ $sql .= $hookmanager->resPrint;
 $sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
 $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
 // We'll need this table joined to the select in order to filter by categ
-if (!empty($search_categ)) {
+if ($search_categ > 0) {
 	$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_project as cs ON p.rowid = cs.fk_project"; // We'll need this table joined to the select in order to filter by categ
 }
 $sql .= ", ".MAIN_DB_PREFIX."projet_task as t";

htdocs/public/onlinesign/newonlinesign.php

@@ -126,7 +126,7 @@ $creditor = $mysoc->name;
 $type = $source;
 if ($source == 'proposal') {
 	$object = new Propal($db);
-	$object->fetch(0, $ref);
+	$object->fetch(0, $ref, '', $entity);
 } else {
 	accessforbidden('Bad value for source');
 	exit;
@@ -139,7 +139,7 @@ if ($source == 'proposal') {
 	$securekeyseed = $conf->global->PROPOSAL_ONLINE_SIGNATURE_SECURITY_TOKEN;
 }
 
-if (!dol_verifyHash($securekeyseed.$type.$ref, $SECUREKEY, '0')) {
+if (!dol_verifyHash($securekeyseed.$type.$ref.$object->entity, $SECUREKEY, '0')) {
 	http_response_code(403);
 	print 'Bad value for securitykey. Value provided '.dol_escape_htmltag($SECUREKEY).' does not match expected value for ref='.dol_escape_htmltag($ref);
 	exit(-1);
@@ -288,18 +288,8 @@ $error = 0;
 // Signature on commercial proposal
 if ($source == 'proposal') {
 	$found = true;
-	$langs->load("proposal");
 
-	require_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
-
-	$proposal = new Propal($db);
-	$result = $proposal->fetch('', $ref);
-	if ($result <= 0) {
-		$mesg = $proposal->error;
-		$error++;
-	} else {
-		$result = $proposal->fetch_thirdparty($proposal->socid);
-	}
+	$result = $object->fetch_thirdparty($object->socid);
 
 	// Creditor
 
@@ -315,39 +305,39 @@ if ($source == 'proposal') {
 	print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("ThirdParty");
 	print '</td><td class="CTableRow2">';
 	print img_picto('', 'company', 'class="pictofixedwidth"');
-	print '<b>'.$proposal->thirdparty->name.'</b>';
+	print '<b>'.$object->thirdparty->name.'</b>';
 	print '</td></tr>'."\n";
 
 	// Amount
 
 	print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
 	print '</td><td class="CTableRow2">';
-	print '<b>'.price($proposal->total_ttc, 0, $langs, 1, -1, -1, $conf->currency).'</b>';
+	print '<b>'.price($object->total_ttc, 0, $langs, 1, -1, -1, $conf->currency).'</b>';
 	print '</td></tr>'."\n";
 
 	// Object
 
-	$text = '<b>'.$langs->trans("SignatureProposalRef", $proposal->ref).'</b>';
+	$text = '<b>'.$langs->trans("SignatureProposalRef", $object->ref).'</b>';
 	print '<tr class="CTableRow2"><td class="CTableRow2 tdtop">'.$langs->trans("Designation");
 	print '</td><td class="CTableRow2">'.$text;
-	if ($proposal->status == $proposal::STATUS_VALIDATED) {
-		$directdownloadlink = $proposal->getLastMainDocLink('proposal');
+	if ($object->status == $object::STATUS_VALIDATED) {
+		$directdownloadlink = $object->getLastMainDocLink('proposal');
 		if ($directdownloadlink) {
 			print '<br><a href="'.$directdownloadlink.'">';
-			print img_mime($proposal->last_main_doc, '');
+			print img_mime($object->last_main_doc, '');
 			print $langs->trans("DownloadDocument").'</a>';
 		}
 	} else {
-		$last_main_doc_file = $proposal->last_main_doc;
+		$last_main_doc_file = $object->last_main_doc;
 
-		if ($proposal->status == $proposal::STATUS_NOTSIGNED) {
-			$directdownloadlink = $proposal->getLastMainDocLink('proposal');
+		if ($object->status == $object::STATUS_NOTSIGNED) {
+			$directdownloadlink = $object->getLastMainDocLink('proposal');
 			if ($directdownloadlink) {
 				print '<br><a href="'.$directdownloadlink.'">';
-				print img_mime($proposal->last_main_doc, '');
+				print img_mime($object->last_main_doc, '');
 				print $langs->trans("DownloadDocument").'</a>';
 			}
-		} elseif ($proposal->status == $proposal::STATUS_SIGNED || $proposal->status == $proposal::STATUS_BILLED) {
+		} elseif ($object->status == $object::STATUS_SIGNED || $object->status == $object::STATUS_BILLED) {
 			if (preg_match('/_signed-(\d+)/', $last_main_doc_file)) {	// If the last main doc has been signed
 				$last_main_doc_file_not_signed = preg_replace('/_signed-(\d+)/', '', $last_main_doc_file);
 
@@ -355,10 +345,10 @@ if ($source == 'proposal') {
 				$datefilenotsigned = dol_filemtime($last_main_doc_file_not_signed);
 
 				if (empty($datefilenotsigned) || $datefilesigned > $datefilenotsigned) {
-					$directdownloadlink = $proposal->getLastMainDocLink('proposal');
+					$directdownloadlink = $object->getLastMainDocLink('proposal');
 					if ($directdownloadlink) {
 						print '<br><a href="'.$directdownloadlink.'">';
-						print img_mime($proposal->last_main_doc, '');
+						print img_mime($object->last_main_doc, '');
 						print $langs->trans("DownloadDocument").'</a>';
 					}
 				}
@@ -367,7 +357,7 @@ if ($source == 'proposal') {
 	}
 
 	print '<input type="hidden" name="source" value="'.GETPOST("source", 'alpha').'">';
-	print '<input type="hidden" name="ref" value="'.$proposal->ref.'">';
+	print '<input type="hidden" name="ref" value="'.$object->ref.'">';
 	print '</td></tr>'."\n";
 
 	// TODO Add link to download PDF (similar code than for invoice)

htdocs/user/bank.php

@@ -692,7 +692,7 @@ if ($action != 'edit' && $action != 'create') {		// If not bank account yet, $ac
 		if ($permissiontoaddbankaccount) {
 			$morehtmlright = dolGetButtonTitle($langs->trans('Add'), '', 'fa fa-plus-circle', $_SERVER["PHP_SELF"].'?id='.$object->id.'&action=create');
 		} else {
-			$morehtmlright = dolGetButtonTitle($langs->trans('Add'), 'NotEnoughPermission', 'fa fa-plus-circle', '', '', -2);
+			$morehtmlright = dolGetButtonTitle($langs->trans('Add'), $langs->trans('NotEnoughPermissions'), 'fa fa-plus-circle', '', '', -2);
 		}
 	} else {
 		$morehtmlright = dolGetButtonTitle($langs->trans('Add'), 'AlreadyOneBankAccount', 'fa fa-plus-circle', '', '', -2);