lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Factorize user rights

Browse Source
This commit is contained in:
Alexandre SPANGARO 2021-11-02 04:51:18 +01:00
parent f73f3cd55f
commit fb0002a38e
1 changed files with 30 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
htdocs/societe/paymentmodes.php
View File

@ -1,12 +1,13 @@
<?php <?php
/* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org> * Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
* Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2018 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com> * Copyright (C) 2005-2009 Regis Houssin <regis.houssin@inodbox.com>
* Copyright (C) 2013 Peter Fontaine <contact@peterfontaine.fr> * Copyright (C) 2013 Peter Fontaine <contact@peterfontaine.fr>
* Copyright (C) 2015-2016 Marcos García <marcosgdf@gmail.com> * Copyright (C) 2015-2016 Marcos García <marcosgdf@gmail.com>
* Copyright (C) 2017 Ferran Marcet <fmarcet@2byte.es> * Copyright (C) 2017 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018 -2021Thibault FOUCART <support@ptibogxiv.net> * Copyright (C) 2018-2021 Thibault FOUCART <support@ptibogxiv.net>
* Copyright (C) 2021 Alexandre Spangaro <aspangaro@open-dsi.fr>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -41,7 +42,6 @@ require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php';
$langs->loadLangs(array("companies", "commercial", "banks", "bills", 'paypal', 'stripe', 'withdrawals')); $langs->loadLangs(array("companies", "commercial", "banks", "bills", 'paypal', 'stripe', 'withdrawals'));
// Security check // Security check
$socid = GETPOST("socid", "int"); $socid = GETPOST("socid", "int");
if ($user->socid) { if ($user->socid) {
@ -70,6 +70,10 @@ $extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('thirdpartybancard', 'globalcard')); $hookmanager->initHooks(array('thirdpartybancard', 'globalcard'));
$permissiontoread = $user->rights->societe->lire;
$permissiontoadd = $user->rights->societe->creer; // Used by the include of actions_addupdatedelete.inc.php and actions_builddoc.inc.php
$permissiontoaddupdatepaymentinformation = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && $permissiontoadd) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->societe->addupdate_thirdparty_payment_information->write)));
if (!empty($conf->stripe->enabled)) { if (!empty($conf->stripe->enabled)) {
$service = 'StripeTest'; $service = 'StripeTest';
@ -455,7 +459,6 @@ if (empty($reshook)) {
$id = $socid; $id = $socid;
$upload_dir = $conf->societe->multidir_output[$object->entity]; $upload_dir = $conf->societe->multidir_output[$object->entity];
$permissiontoadd = $user->rights->societe->creer;
include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php'; include DOL_DOCUMENT_ROOT.'/core/actions_builddoc.inc.php';
$id = $savid; $id = $savid;
@ -703,7 +706,7 @@ if (empty($companybankaccount->socid)) {
$companybankaccount->socid = $object->id; $companybankaccount->socid = $object->id;
} }
if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) { if ($socid && ($action == 'edit' || $action == 'editcard') && $permissiontoadd) {
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">'; print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.newToken().'">'; print '<input type="hidden" name="token" value="'.newToken().'">';
$actionforadd = 'update'; $actionforadd = 'update';
@ -713,7 +716,7 @@ if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->soc
print '<input type="hidden" name="action" value="'.$actionforadd.'">'; print '<input type="hidden" name="action" value="'.$actionforadd.'">';
print '<input type="hidden" name="id" value="'.GETPOST("id", "int").'">'; print '<input type="hidden" name="id" value="'.GETPOST("id", "int").'">';
} }
if ($socid && ($action == 'create' || $action == 'createcard') && $user->rights->societe->creer) { if ($socid && ($action == 'create' || $action == 'createcard') && $permissiontoadd) {
print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">'; print '<form action="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'" method="post">';
print '<input type="hidden" name="token" value="'.newToken().'">'; print '<input type="hidden" name="token" value="'.newToken().'">';
$actionforadd = 'add'; $actionforadd = 'add';
@ -787,12 +790,11 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
} }
if (!empty($conf->stripe->enabled)) { if (!empty($conf->stripe->enabled)) {
$permissiontowrite = $user->rights->societe->creer;
// Stripe customer key 'cu_....' stored into llx_societe_account // Stripe customer key 'cu_....' stored into llx_societe_account
print '<tr><td class="titlefield">'; print '<tr><td class="titlefield">';
print $form->editfieldkey("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontowrite, 'string', '', 0, 2, 'socid'); print $form->editfieldkey("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontoadd, 'string', '', 0, 2, 'socid');
print '</td><td>'; print '</td><td>';
print $form->editfieldval("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontowrite, 'string', '', null, null, '', 2, '', 'socid'); print $form->editfieldval("StripeCustomerId", 'key_account', $stripecu, $object, $permissiontoadd, 'string', '', null, null, '', 2, '', 'socid');
if (!empty($conf->stripe->enabled) && $stripecu && $action != 'editkey_account') { if (!empty($conf->stripe->enabled) && $stripecu && $action != 'editkey_account') {
$connect = ''; $connect = '';
if (!empty($stripeacc)) { if (!empty($stripeacc)) {
@ -849,14 +851,13 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
} }
if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && $conf->global->MAIN_FEATURES_LEVEL >= 2) { if (!empty($conf->stripe->enabled) && !empty($conf->stripeconnect->enabled) && $conf->global->MAIN_FEATURES_LEVEL >= 2) {
$permissiontowrite = $user->rights->societe->creer;
$stripesupplieracc = $stripe->getStripeAccount($service, $object->id); // Get Stripe OAuth connect account (no network access here) $stripesupplieracc = $stripe->getStripeAccount($service, $object->id); // Get Stripe OAuth connect account (no network access here)
// Stripe customer key 'cu_....' stored into llx_societe_account // Stripe customer key 'cu_....' stored into llx_societe_account
print '<tr><td class="titlefield">'; print '<tr><td class="titlefield">';
print $form->editfieldkey("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontowrite, 'string', '', 0, 2, 'socid'); print $form->editfieldkey("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontoadd, 'string', '', 0, 2, 'socid');
print '</td><td>'; print '</td><td>';
print $form->editfieldval("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontowrite, 'string', '', null, null, '', 2, '', 'socid'); print $form->editfieldval("StripeConnectAccount", 'key_account_supplier', $stripesupplieracc, $object, $permissiontoadd, 'string', '', null, null, '', 2, '', 'socid');
if (!empty($conf->stripe->enabled) && $stripesupplieracc && $action != 'editkey_account_supplier') { if (!empty($conf->stripe->enabled) && $stripesupplieracc && $action != 'editkey_account_supplier') {
$connect = ''; $connect = '';
@ -1061,7 +1062,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print $hookmanager->resPrint; print $hookmanager->resPrint;
// Action column // Action column
print '<td class="right nowraponall">'; print '<td class="right nowraponall">';
if ($user->rights->societe->creer) { if ($permissiontoadd) {
if ($stripecu && empty($companypaymentmodetemp->stripe_card_ref)) { if ($stripecu && empty($companypaymentmodetemp->stripe_card_ref)) {
print '<a href="'.$_SERVER['PHP_SELF'].'?action=synccardtostripe&socid='.$object->id.'&id='.$companypaymentmodetemp->id.'" class="paddingrightonly marginrightonly">'.$langs->trans("CreateCardOnStripe").'</a>'; print '<a href="'.$_SERVER['PHP_SELF'].'?action=synccardtostripe&socid='.$object->id.'&id='.$companypaymentmodetemp->id.'" class="paddingrightonly marginrightonly">'.$langs->trans("CreateCardOnStripe").'</a>';
} }
@ -1214,7 +1215,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
print $hookmanager->resPrint; print $hookmanager->resPrint;
// Action column // Action column
print '<td class="right nowraponall">'; print '<td class="right nowraponall">';
if ($user->rights->societe->creer) { if ($permissiontoadd) {
print '<a href="'.DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id.'&source='.$src->id.'&action=deletecard&token='.newToken().'">'; print '<a href="'.DOL_URL_ROOT.'/societe/paymentmodes.php?socid='.$object->id.'&source='.$src->id.'&action=deletecard&token='.newToken().'">';
print img_picto($langs->trans("Delete"), 'delete'); print img_picto($langs->trans("Delete"), 'delete');
print '</a>'; print '</a>';
@ -1288,7 +1289,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
$rib_list = $object->get_all_rib(); $rib_list = $object->get_all_rib();
if (is_array($rib_list)) { if (is_array($rib_list)) {
print '<div class="div-table-responsive-no-min">'; // You can use div-table-responsive-no-min if you dont need reserved height for your table print '<div class="div-table-responsive-no-min">'; // You can use div-table-responsive-no-min if you don't need reserved height for your table
print '<table class="liste centpercent">'; print '<table class="liste centpercent">';
print '<tr class="liste_titre">'; print '<tr class="liste_titre">';
@ -1446,7 +1447,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
// Edit/Delete // Edit/Delete
print '<td class="right nowraponall">'; print '<td class="right nowraponall">';
if ($user->rights->societe->creer) { if ($permissiontoadd) {
print '<a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'&id='.$rib->id.'&action=edit">'; print '<a class="editfielda" href="'.$_SERVER["PHP_SELF"].'?socid='.$object->id.'&id='.$rib->id.'&action=edit">';
print img_picto($langs->trans("Modify"), 'edit'); print img_picto($langs->trans("Modify"), 'edit');
print '</a>'; print '</a>';
@ -1486,10 +1487,8 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
*/ */
$filedir = $conf->societe->multidir_output[$object->entity].'/'.$object->id; $filedir = $conf->societe->multidir_output[$object->entity].'/'.$object->id;
$urlsource = $_SERVER["PHP_SELF"]."?socid=".$object->id; $urlsource = $_SERVER["PHP_SELF"]."?socid=".$object->id;
$genallowed = $user->rights->societe->lire;
$delallowed = $user->rights->societe->creer;
print $formfile->showdocuments('company', $object->id, $filedir, $urlsource, $genallowed, $delallowed, $object->model_pdf, 0, 0, 0, 28, 0, 'entity='.$object->entity, 0, '', $object->default_lang); print $formfile->showdocuments('company', $object->id, $filedir, $urlsource, $permissiontoread, $permissiontoadd, $object->model_pdf, 0, 0, 0, 28, 0, 'entity='.$object->entity, 0, '', $object->default_lang);
// Show direct download link // Show direct download link
if (!empty($conf->global->BANK_ACCOUNT_ALLOW_EXTERNAL_DOWNLOAD)) { if (!empty($conf->global->BANK_ACCOUNT_ALLOW_EXTERNAL_DOWNLOAD)) {
@ -1536,7 +1535,7 @@ if ($socid && $action != 'edit' && $action != 'create' && $action != 'editcard'
} }
// Edit BAN // Edit BAN
if ($socid && $action == 'edit' && $user->rights->societe->creer) { if ($socid && $action == 'edit' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company'); print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1655,7 +1654,7 @@ if ($socid && $action == 'edit' && $user->rights->societe->creer) {
} }
// Edit Card // Edit Card
if ($socid && $action == 'editcard' && $user->rights->societe->creer) { if ($socid && $action == 'editcard' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company'); print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1698,7 +1697,7 @@ if ($socid && $action == 'editcard' && $user->rights->societe->creer) {
// Create BAN // Create BAN
if ($socid && $action == 'create' && $user->rights->societe->creer) { if ($socid && $action == 'create' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company'); print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1813,7 +1812,7 @@ if ($socid && $action == 'create' && $user->rights->societe->creer) {
} }
// Create Card // Create Card
if ($socid && $action == 'createcard' && $user->rights->societe->creer) { if ($socid && $action == 'createcard' && $permissiontoadd) {
print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company'); print dol_get_fiche_head($head, 'rib', $langs->trans("ThirdParty"), 0, 'company');
$linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>'; $linkback = '<a href="'.DOL_URL_ROOT.'/societe/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
@ -1857,10 +1856,10 @@ if ($socid && $action == 'createcard' && $user->rights->societe->creer) {
print $form->buttonsSaveCancel("Add"); print $form->buttonsSaveCancel("Add");
} }
if ($socid && ($action == 'edit' || $action == 'editcard') && $user->rights->societe->creer) { if ($socid && ($action == 'edit' || $action == 'editcard') && $permissiontoadd) {
print '</form>'; print '</form>';
} }
if ($socid && ($action == 'create' || $action == 'createcard') && $user->rights->societe->creer) { if ($socid && ($action == 'create' || $action == 'createcard') && $permissiontoadd) {
print '</form>'; print '</form>';
} }