Fix: Add a protection if user has no option to edit stock
This commit is contained in:
Laurent Destailleur
parent
de64ce5b2a
commit
fa7e7c75bf
@ -65,6 +65,21 @@ if (! empty($conf->stock->enabled) && $conf->global->STOCK_CALCULATE_ON_BILL &&
|
||||
exit;
|
||||
}
|
||||
|
||||
// If stock decrease on bill validation, check user has stock edit permissions
|
||||
if (! empty($conf->stock->enabled) && $conf->global->STOCK_CALCULATE_ON_BILL && ! empty($username))
|
||||
{
|
||||
$testuser=new User($db);
|
||||
$testuser->fetch(0,$username);
|
||||
$testuser->getrights('stock');
|
||||
if (empty($testuser->rights->stock->creer))
|
||||
{
|
||||
$retour=$langs->trans("UserNeedPermissionToEditStockToUsePos");
|
||||
header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
if (! empty($_POST['txtUsername']) && ! empty($conf->banque->enabled) && (empty($conf_fkaccount_cash) && empty($conf_fkaccount_cheque) && empty($conf_fkaccount_cb)))
|
||||
{
|
||||
|
||||
@ -36,4 +36,5 @@ BankToPay=Charge Account
|
||||
ShowCompany=Show company
|
||||
ShowStock=Show warehouse
|
||||
DeleteArticle=Click to remove this article
|
||||
FilterRefOrLabelOrBC=Search (Ref/Label)
|
||||
FilterRefOrLabelOrBC=Search (Ref/Label)
|
||||
UserNeedPermissionToEditStockToUsePos=You ask to decrease stock on invoice creation, so user that use POS need to have permission to edit stock.
|
||||
@ -37,3 +37,4 @@ ShowCompany=Voir société
|
||||
ShowStock=Voir entrepôt
|
||||
DeleteArticle=Cliquez pour enlever cet article
|
||||
FilterRefOrLabelOrBC=Recherche (Ref/Lib.)
|
||||
UserNeedPermissionToEditStockToUsePos=La configuration du module stock demande une réduction du stock sur facturation, aussi l'utilisateur du Point De Vente doit avoir les droits de modifier les stocks
|
||||
@ -8,7 +8,7 @@
|
||||
* Copyright (C) 2005 Lionel Cousteix <etm_ltd@tiscali.co.uk>
|
||||
* Copyright (C) 2011 Herve Prot <herve.prot@symeos.com>
|
||||
* Copyright (C) 2013 Philippe Grand <philippe.grand@atoo-net.com>
|
||||
* Copyright (C) 2013 Alexandre Spangaro <alexandre.spangaro@gmail.com>
|
||||
* Copyright (C) 2013 Alexandre Spangaro <alexandre.spangaro@gmail.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -488,6 +488,7 @@ class User extends CommonObject
|
||||
* Clear all permissions array of user
|
||||
*
|
||||
* @return void
|
||||
* @see getrights
|
||||
*/
|
||||
function clearrights()
|
||||
{
|
||||
@ -503,6 +504,7 @@ class User extends CommonObject
|
||||
*
|
||||
* @param string $moduletag Limit permission for a particular module ('' by default means load all permissions)
|
||||
* @return void
|
||||
* @see clearrights
|
||||
*/
|
||||
function getrights($moduletag='')
|
||||
{
|
||||
@ -1013,7 +1015,7 @@ class User extends CommonObject
|
||||
{
|
||||
$newpass=$this->setPassword($user,$this->pass);
|
||||
if (is_numeric($newpass) && $newpass < 0) $result=-2;
|
||||
|
||||
|
||||
if ($result > 0 && $member->fk_soc) // If member is linked to a thirdparty
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user