From f5a530e5d5c149a5f4674ef276ae88fcee3ab714 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 29 May 2014 18:58:55 +0200 Subject: [PATCH] Fix: Bad permission. Fix: Bad transaction. --- htdocs/fourn/facture/fiche.php | 136 ++++----------------------------- 1 file changed, 14 insertions(+), 122 deletions(-) diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php index 75025a8a539..ccd32ce1e68 100644 --- a/htdocs/fourn/facture/fiche.php +++ b/htdocs/fourn/facture/fiche.php @@ -466,9 +466,10 @@ elseif ($action == 'add' && $user->rights->fournisseur->facture->creer) } } -// Modification d'une ligne +// Edit line elseif ($action == 'update_line' && $user->rights->fournisseur->facture->creer) { + // TODO Missing transaction if (GETPOST('etat') == '1' && ! GETPOST('cancel')) // si on valide la modification { $object->fetch($id); @@ -516,6 +517,8 @@ elseif ($action == 'update_line' && $user->rights->fournisseur->facture->creer) elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer) { + $db->begin(); + $ret=$object->fetch($id); if ($ret < 0) { @@ -655,6 +658,8 @@ elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer) //print "xx".$tva_tx; exit; if (! $error && $result > 0) { + $db->commit(); + // Define output language $outputlangs = $langs; $newlang=GETPOST('lang_id','alpha'); @@ -704,9 +709,13 @@ elseif ($action == 'addline' && $user->rights->fournisseur->facture->creer) unset($_POST['date_endmonth']); unset($_POST['date_endyear']); } - else if (empty($mesg)) - { - $mesg='
'.$object->error.'
'; + else + { + $db->rollback(); + if (empty($mesg)) + { + $mesg='
'.$object->error.'
'; + } } $action = ''; @@ -2056,24 +2065,9 @@ else // Form to add new line if ($object->statut == 0 && $action != 'edit_line') { - /*print ''; - print ''; - print ''; // ancre - print $langs->trans('AddNewLine').' - '.$langs->trans("FreeZone").''; - print ''.$langs->trans('VAT').''; - print ''.$langs->trans('PriceUHT').''; - print ''.$langs->trans('PriceUTTC').''; - print ''.$langs->trans('Qty').''; - print ''.$langs->trans('ReductionShort').''; - print ' '; - print ' '; - print ' '; - print ' '; - print '';*/ - global $forceall, $senderissupplier, $dateSelector, $inputalsopricewithtax; $forceall=1; $senderissupplier=1; $dateSelector=0; $inputalsopricewithtax=1; - if ($object->statut == 0 && $user->rights->propal->creer) + if ($object->statut == 0 && $user->rights->fournisseur->facture->creer) { if ($action != 'editline') { @@ -2086,108 +2080,6 @@ else $reshook = $hookmanager->executeHooks('formAddObjectLine', $parameters, $object, $action); // Note that $action and $object may have been modified by hook } } - - // Add free products/services form - /* - $var=true; - print ''; - print ''; - - $forceall=1; // For suppliers, we always show all types - print $form->select_type_of_lines(isset($_POST["type"])?$_POST["type"]:-1,'type',1,0,$forceall); - if ($forceall || (! empty($conf->product->enabled) && ! empty($conf->service->enabled)) - || (empty($conf->product->enabled) && empty($conf->service->enabled))) print '
'; - - if (is_object($hookmanager)) - { - $parameters=array(); - $reshook=$hookmanager->executeHooks('formCreateSupplierProductOptions',$parameters,$object,$action); - } - - $nbrows=ROWS_2; - if (! empty($conf->global->MAIN_INPUT_DESC_HEIGHT)) $nbrows=$conf->global->MAIN_INPUT_DESC_HEIGHT; - $doleditor=new DolEditor('dp_desc',GETPOST("dp_desc"),'',100,'dolibarr_details','',false,true,$conf->global->FCKEDITOR_ENABLE_DETAILS,$nbrows,70); - $doleditor->Create(); - - print ''; - print ''; - print $form->load_tva('tauxtva',(GETPOST('tauxtva')?GETPOST('tauxtva'):-1),$societe,$mysoc); - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print ''; - print '%'; - print ' '; - print ' '; - print ''; - - // Ajout de produits/services predefinis - if (! empty($conf->product->enabled) || ! empty($conf->service->enabled)) - { - print ''; - - print ''; - print ''; - print $langs->trans("AddNewLine").' - '; - if (! empty($conf->service->enabled)) - { - print $langs->trans('RecordedProductsAndServices'); - } - else - { - print $langs->trans('RecordedProducts'); - } - print ''; - print ''.$langs->trans('Qty').''; - print ''.$langs->trans('ReductionShort').''; - print ' '; - print ' '; - print ''; - - $var=! $var; - print ''; - print ''; - - $ajaxoptions=array( - 'update' => array('qty_predef'=>'qty','remise_percent_predef' => 'discount'), // html id tag will be edited with which ajax json response key - 'disabled' => 'addPredefinedProductButton', // html id to disable once select is done - 'error' => $langs->trans("NoPriceDefinedForThisSupplier") // translation of an error saved into var 'error' - ); - $form->select_produits_fournisseurs($object->socid, GETPOST('idprodfournprice'), 'idprodfournprice', '', '', $ajaxoptions); - - if (empty($conf->global->PRODUIT_USE_SEARCH_TO_SELECT)) print '
'; - - if (is_object($hookmanager)) - { - $parameters=array('htmlname'=>'idprodfournprice'); - $reshook=$hookmanager->executeHooks('formCreateProductSupplierOptions',$parameters,$object,$action); - } - - $nbrows=ROWS_2; - if (! empty($conf->global->MAIN_INPUT_DESC_HEIGHT)) $nbrows=$conf->global->MAIN_INPUT_DESC_HEIGHT; - $doleditor = new DolEditor('np_desc', GETPOST('np_desc'), '', 100, 'dolibarr_details', '', false, true, $conf->global->FCKEDITOR_ENABLE_DETAILS, $nbrows, 70); - $doleditor->Create(); - - print ''; - print ''; - print '%'; - print ' '; - print ' '; - print ''; - print ''; - }*/ } print '';