lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Factorize user rights

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-11-02 04:51:18 +01:00
parent f73f3cd55f
commit fb0002a38e
1 changed files with 30 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
htdocs/societe/paymentmodes.php
View File

@ -1,12 +1,13 @@
<?php
/* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2013 Peter Fontaine <contact@peterfontaine.fr>
* Copyright (C) 2015-2016 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2017 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018 -2021Thibault FOUCART <support@ptibogxiv.net>
/* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2013 Peter Fontaine <contact@peterfontaine.fr>
* Copyright (C) 2015-2016 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2017 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018-2021 Thibault FOUCART <support@ptibogxiv.net>
* Copyright (C) 2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -41,7 +42,6 @@ require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php';
$langs->loadLangs(array("companies", "commercial", "banks", "bills", 'paypal', 'stripe', 'withdrawals'));
// Security check
$socid = GETPOST("socid", "int");
if ($user->socid) {
@ -70,6 +70,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartybancard', 'globalcard'));
$permissiontoread = $user->rights->societe->lire;
$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_builddoc.inc.php
$permissiontoaddupdatepaymentinformation = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $permissiontoadd) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->societe->addupdate_thirdparty_payment_information->write)));
if (!empty($conf->stripe->enabled)) {
$service = 'StripeTest';
@ -455,7 +459,6 @@ if (empty($reshook)) {
$id = $socid;
$upload_dir = $conf->societe->multidir_output[$object->entity];
$permissiontoadd = $user->rights->societe->creer;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
$id = $savid;
@ -703,7 +706,7 @@ if (empty($companybankaccount->socid)) {
$companybankaccount->socid = $object->id;
}
if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) {
if ($socid && ($action == 'edit' || $action == 'editcard') && $permissiontoadd) {
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.newToken().'">';
$actionforadd = 'update';
@ -713,7 +716,7 @@ if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->soc
print '<input type="hidden" name="action" value="'.$actionforadd.'">';
print '<input type="hidden" name="id" value="'.GETPOST("id", "int").'">';
}
if ($socid && ($action == 'create' || $action == 'createcard') && $user->rights->societe->creer) {
if ($socid && ($action == 'create' || $action == 'createcard') && $permissiontoadd) {
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.newToken().'">';
$actionforadd = 'add';
@ -787,12 +790,11 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
}
if (!empty($conf->stripe->enabled)) {
$permissiontowrite = $user->rights->societe->creer;
// Stripe customer key 'cu_....' stored into llx_societe_account
print '<tr><td class="titlefield">';
print $form->editfieldkey("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontowrite, 'string', '', 0, 2, 'socid');
print $form->editfieldkey("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontoadd, 'string', '', 0, 2, 'socid');
print '</td><td>';
print $form->editfieldval("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontowrite, 'string', '', null, null, '', 2, '', 'socid');
print $form->editfieldval("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontoadd, 'string', '', null, null, '', 2, '', 'socid');
if (!empty($conf->stripe->enabled) && $stripecu && $action != 'editkey_account') {
$connect = '';
if (!empty($stripeacc)) {
@ -849,14 +851,13 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
}
if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && $conf->global->MAIN_FEATURES_LEVEL >= 2) {
$permissiontowrite = $user->rights->societe->creer;
$stripesupplieracc = $stripe->getStripeAccount($service, $object->id); // Get Stripe OAuth connect account (no network access here)
// Stripe customer key 'cu_....' stored into llx_societe_account
print '<tr><td class="titlefield">';
print $form->editfieldkey("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontowrite, 'string', '', 0, 2, 'socid');
print $form->editfieldkey("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontoadd, 'string', '', 0, 2, 'socid');
print '</td><td>';
print $form->editfieldval("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontowrite, 'string', '', null, null, '', 2, '', 'socid');
print $form->editfieldval("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontoadd, 'string', '', null, null, '', 2, '', 'socid');
if (!empty($conf->stripe->enabled) && $stripesupplieracc && $action != 'editkey_account_supplier') {
$connect = '';
@ -1061,7 +1062,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print $hookmanager->resPrint;
// Action column
print '<td class="right nowraponall">';
if ($user->rights->societe->creer) {
if ($permissiontoadd) {
if ($stripecu && empty($companypaymentmodetemp->stripe_card_ref)) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=synccardtostripe&socid='.$object->id.'&id='.$companypaymentmodetemp->id.'" class="paddingrightonly marginrightonly">'.$langs->trans("CreateCardOnStripe").'</a>';
}
@ -1214,7 +1215,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print $hookmanager->resPrint;
// Action column
print '<td class="right nowraponall">';
if ($user->rights->societe->creer) {
if ($permissiontoadd) {
print '<a href="'.DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id.'&source='.$src->id.'&action=deletecard&token='.newToken().'">';
print img_picto($langs->trans("Delete"), 'delete');
print '</a>';
@ -1288,7 +1289,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
$rib_list = $object->get_all_rib();
if (is_array($rib_list)) {
print '<div class="div-table-responsive-no-min">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table
print '<div class="div-table-responsive-no-min">'; // You can use div-table-responsive-no-min if you don't need reserved height for your table
print '<table class="liste centpercent">';
print '<tr class="liste_titre">';
@ -1446,7 +1447,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
// Edit/Delete
print '<td class="right nowraponall">';
if ($user->rights->societe->creer) {
if ($permissiontoadd) {
print '<a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'&id='.$rib->id.'&action=edit">';
print img_picto($langs->trans("Modify"), 'edit');
print '</a>';
@ -1486,10 +1487,8 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
*/
$filedir = $conf->societe->multidir_output[$object->entity].'/'.$object->id;
$urlsource = $_SERVER["PHP_SELF"]."?socid=".$object->id;
$genallowed = $user->rights->societe->lire;
$delallowed = $user->rights->societe->creer;
print $formfile->showdocuments('company', $object->id, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, 'entity='.$object->entity, 0, '', $object->default_lang);
print $formfile->showdocuments('company', $object->id, $filedir, $urlsource, $permissiontoread, $permissiontoadd, $object->model_pdf, 0, 0, 0, 28, 0, 'entity='.$object->entity, 0, '', $object->default_lang);
// Show direct download link
if (!empty($conf->global->BANK_ACCOUNT_ALLOW_EXTERNAL_DOWNLOAD)) {
@ -1536,7 +1535,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
}
// Edit BAN
if ($socid && $action == 'edit' && $user->rights->societe->creer) {
if ($socid && $action == 'edit' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1655,7 +1654,7 @@ if ($socid && $action == 'edit' && $user->rights->societe->creer) {
}
// Edit Card
if ($socid && $action == 'editcard' && $user->rights->societe->creer) {
if ($socid && $action == 'editcard' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1698,7 +1697,7 @@ if ($socid && $action == 'editcard' && $user->rights->societe->creer) {
// Create BAN
if ($socid && $action == 'create' && $user->rights->societe->creer) {
if ($socid && $action == 'create' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1813,7 +1812,7 @@ if ($socid && $action == 'create' && $user->rights->societe->creer) {
}
// Create Card
if ($socid && $action == 'createcard' && $user->rights->societe->creer) {
if ($socid && $action == 'createcard' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1857,10 +1856,10 @@ if ($socid && $action == 'createcard' && $user->rights->societe->creer) {
print $form->buttonsSaveCancel("Add");
}
if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) {
if ($socid && ($action == 'edit' || $action == 'editcard') && $permissiontoadd) {
print '</form>';
}
if ($socid && ($action == 'create' || $action == 'createcard') && $user->rights->societe->creer) {
if ($socid && ($action == 'create' || $action == 'createcard') && $permissiontoadd) {
print '</form>';
}