FIX #12896

2020-01-25 14:23:23 +01:00 · 2020-01-25 14:23:23 +01:00 · f2771b3365
commit f2771b3365
parent 09f809f347
6 changed files with 15 additions and 12 deletions
--- a/htdocs/compta/cashcontrol/cashcontrol_card.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_card.php
@ -56,7 +56,7 @@ if (!$sortfield) $sortfield = 'rowid';
 if (!$sortorder) $sortorder = 'ASC';

 // Security check
-if (!$user->rights->cashdesk->use && !$user->rights->takepos->use)
+if (!$user->rights->cashdesk->run && !$user->rights->takepos->run)
 {
 	accessforbidden();
 }
@ -82,8 +82,8 @@ $hookmanager->initHooks(array('cashcontrolcard', 'globalcard'));
 * Actions
 */

-$permissiontoadd = ($user->rights->cashdesk->use || $user->rights->takepos->use);
-$permissiontodelete = ($user->rights->cashdesk->use || $user->rights->takepos->use) || ($permissiontoadd && $object->status == 0);
+$permissiontoadd = ($user->rights->cashdesk->run || $user->rights->takepos->run);
+$permissiontodelete = ($user->rights->cashdesk->run || $user->rights->takepos->run) || ($permissiontoadd && $object->status == 0);
 if (empty($backtopage)) $backtopage = dol_buildpath('/compta/cashcontrol/cashcontrol_card.php', 1).'?id='.($id > 0 ? $id : '__ID__');
 $backurlforlist = dol_buildpath('/compta/cashcontrol/cashcontrol_list.php', 1);
 $triggermodname = 'CACHCONTROL_MODIFY'; // Name of trigger action code to execute when we modify record
--- a/htdocs/compta/cashcontrol/cashcontrol_list.php
+++ b/htdocs/compta/cashcontrol/cashcontrol_list.php
@ -168,8 +168,8 @@ if (empty($reshook))
 	// Mass actions
 	$objectclass = 'CashControl';
 	$objectlabel = 'CashControl';
-	$permissiontoread = ($user->rights->cashdesk->use || $user->rights->takepos->use);
-	$permissiontodelete = ($user->rights->cashdesk->use || $user->rights->takepos->use);
+	$permissiontoread = ($user->rights->cashdesk->run || $user->rights->takepos->run);
+	$permissiontodelete = ($user->rights->cashdesk->run || $user->rights->takepos->run);

 	//$uploaddir = '';
 	//include DOL_DOCUMENT_ROOT.'/core/actions_massactions.inc.php';
--- a/htdocs/core/menus/standard/eldy.lib.php
+++ b/htdocs/core/menus/standard/eldy.lib.php
@ -1474,7 +1474,7 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
 			// Cash Control
 			if (!empty($conf->takepos->enabled) || !empty($conf->cashdesk->enabled))
 			{
-				$permtomakecashfence = ($user->rights->cashdesk->use || $user->rights->takepos->use);
+				$permtomakecashfence = ($user->rights->cashdesk->run || $user->rights->takepos->run);
 				$newmenu->add("/compta/cashcontrol/cashcontrol_list.php?action=list", $langs->trans("POS"), 0, $permtomakecashfence, '', $mainmenu, 'cashcontrol');
 				$newmenu->add("/compta/cashcontrol/cashcontrol_card.php?action=create", $langs->trans("NewCashFence"), 1, $permtomakecashfence);
 				$newmenu->add("/compta/cashcontrol/cashcontrol_list.php?action=list", $langs->trans("List"), 1, $permtomakecashfence);
--- a/htdocs/core/modules/modCashDesk.class.php
+++ b/htdocs/core/modules/modCashDesk.class.php
@ -85,10 +85,10 @@ class modCashDesk extends DolibarrModules

 		$r++;
 		$this->rights[$r][0] = 50101;
-		$this->rights[$r][1] = 'Use point of sale';
+		$this->rights[$r][1] = 'Use Point of sale';
 		$this->rights[$r][2] = 'a';
 		$this->rights[$r][3] = 0;
-		$this->rights[$r][4] = 'use';
+		$this->rights[$r][4] = 'run';

 		// Main menu entries
 		$this->menus = array();			// List of menus to add
@ -103,7 +103,7 @@ class modCashDesk extends DolibarrModules
 									'langs'=>'cashdesk',	// Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 									'position'=>900,
                                    'enabled'=>'$conf->cashdesk->enabled',
-		                            'perms'=>'$user->rights->cashdesk->use',		// Use 'perms'=>'1' if you want your menu with no permission rules
+		                            'perms'=>'$user->rights->cashdesk->run',		// Use 'perms'=>'1' if you want your menu with no permission rules
 									'target'=>'pointofsale',
 									'user'=>0);				// 0=Menu for internal users, 1=external users, 2=both

--- a/htdocs/core/modules/modTakePos.class.php
+++ b/htdocs/core/modules/modTakePos.class.php
@ -199,10 +199,10 @@ class modTakePos extends DolibarrModules

 		$r++;
 		$this->rights[$r][0] = 50151;
-		$this->rights[$r][1] = 'Use point of sale';
+		$this->rights[$r][1] = 'Use Point Of Sale';
 		$this->rights[$r][2] = 'a';
 		$this->rights[$r][3] = 0;
-		$this->rights[$r][4] = 'use';
+		$this->rights[$r][4] = 'run';


 		// Main menu entries
@ -221,7 +221,7 @@ class modTakePos extends DolibarrModules
 								'langs'=>'cashdesk',	        // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
 								'position'=>1000+$r,
 								'enabled'=>'$conf->takepos->enabled',	// Define condition to show or hide menu entry. Use '$conf->takepos->enabled' if entry must be visible if module is enabled.
-								'perms'=>'1',			                // Use 'perms'=>'$user->rights->takepos->level1->level2' if you want your menu with a permission rules
+								'perms'=>'$user->rights->takepos->run',			                // Use 'perms'=>'$user->rights->takepos->level1->level2' if you want your menu with a permission rules
 								'target'=>'takepos',
 								'user'=>2);				                // 0=Menu for internal users, 1=external users, 2=both

--- a/htdocs/takepos/takepos.php
+++ b/htdocs/takepos/takepos.php
@ -78,6 +78,9 @@ if ($invoice->socid > 0) $soc->fetch($invoice->socid);
 else $soc->fetch($conf->global->$constforcompanyid);
 */

+// Security check
+$result = restrictedArea($user, 'takepos', 0, '');
+

 /*
 * View