From 63cd06394f39d60784d6e6a0ccf4867a71a6568f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Sat, 20 Nov 2021 15:41:31 +0100 Subject: [PATCH] Debug permission on supplier order. Fix #huntr58ddbd8a-0faf-4b3f-aec9-5850bb19ab67 --- htdocs/core/menus/standard/eldy.lib.php | 3 +- .../class/fournisseur.commande.class.php | 9 ++- htdocs/fourn/commande/card.php | 9 ++- htdocs/fourn/commande/dispatch.php | 49 +++++++++++----- htdocs/reception/card.php | 57 +++++++++++-------- htdocs/theme/eldy/global.inc.php | 4 +- htdocs/theme/md/style.css.php | 4 +- htdocs/user/perms.php | 13 +++++ 8 files changed, 101 insertions(+), 47 deletions(-) diff --git a/htdocs/core/menus/standard/eldy.lib.php b/htdocs/core/menus/standard/eldy.lib.php index 9dc1781f2d328..07ecf19de63eb 100644 --- a/htdocs/core/menus/standard/eldy.lib.php +++ b/htdocs/core/menus/standard/eldy.lib.php @@ -2149,7 +2149,8 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM // Not enabled but visible (so greyed), except if parent was not enabled. print '
'; print $tabstring; - print ''.$menu_array[$i]['titre'].'
'."\n"; + print ''.$menu_array[$i]['titre'].'
'; + print ''."\n"; } } diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 15d93bfae2c96..9b68ef199db05 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -2295,7 +2295,14 @@ public function Livraison($user, $date, $type, $comment) dol_syslog(get_class($this)."::Livraison"); - if ($user->rights->fournisseur->commande->receptionner) { + $usercanreceive = 0; + if (empty($conf->reception->enabled)) { + $usercanreceive = $user->rights->fournisseur->commande->receptionner; + } else { + $usercanreceive = $user->rights->reception->creer; + } + + if ($usercanreceive) { // Define the new status if ($type == 'par') { $statut = self::STATUS_RECEIVED_PARTIALLY; diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index 8f6ed82160ec1..92501d57d1dbf 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -90,7 +90,6 @@ if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('ordersuppliercard', 'globalcard')); @@ -124,6 +123,8 @@ } } +$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); + // Common permissions $usercanread = ($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire); $usercancreate = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer); @@ -136,7 +137,11 @@ $usercanapprove = $user->rights->fournisseur->commande->approuver; $usercanapprovesecond = $user->rights->fournisseur->commande->approve2; $usercanorder = $user->rights->fournisseur->commande->commander; -$usercanreceived = $user->rights->fournisseur->commande->receptionner; +if (empty($conf->reception->enabled)) { + $usercanreceive = $user->rights->fournisseur->commande->receptionner; +} else { + $usercanreceive = $user->rights->reception->creer; +} // Permissions for includes $permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 547abd33b4b3e..311cbd5f022a0 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -62,11 +62,6 @@ if ($user->socid) { $socid = $user->socid; } -$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); - -if (empty($conf->stock->enabled)) { - accessforbidden(); -} $hookmanager->initHooks(array('ordersupplierdispatch')); @@ -89,6 +84,21 @@ } } +if (empty($conf->reception->enabled)) { + $permissiontoreceive = $user->rights->fournisseur->commande->receptionner; + $permissiontocontrol = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande_advance->check))); +} else { + $permissiontoreceive = $user->rights->reception->creer; + $permissiontocontrol = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate))); +} + +// $id is id of a purchase order. +$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande'); + +if (empty($conf->stock->enabled)) { + accessforbidden(); +} + /* * Actions @@ -100,7 +110,7 @@ setEventMessages($hookmanager->error, $hookmanager->errors, 'errors'); } -if ($action == 'checkdispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) { +if ($action == 'checkdispatchline' && $permissiontocontrol) { $error = 0; $supplierorderdispatch = new CommandeFournisseurDispatch($db); @@ -137,7 +147,7 @@ } } -if ($action == 'uncheckdispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) { +if ($action == 'uncheckdispatchline' && $permissiontocontrol) { $error = 0; $supplierorderdispatch = new CommandeFournisseurDispatch($db); @@ -173,7 +183,7 @@ } } -if ($action == 'denydispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) { +if ($action == 'denydispatchline' && $permissiontocontrol) { $error = 0; $supplierorderdispatch = new CommandeFournisseurDispatch($db); @@ -209,7 +219,7 @@ } } -if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner) { +if ($action == 'dispatch' && $permissiontoreceive) { $error = 0; $db->begin(); @@ -387,7 +397,7 @@ } // Remove a dispatched line -if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->commande->receptionner) { +if ($action == 'confirm_deleteline' && $confirm == 'yes' && $permissiontoreceive) { $db->begin(); $supplierorderdispatch = new CommandeFournisseurDispatch($db); @@ -430,7 +440,7 @@ } // Update a dispatched line -if ($action == 'updateline' && $user->rights->fournisseur->commande->receptionner) { +if ($action == 'updateline' && $permissiontoreceive) { $db->begin(); $error = 0; @@ -751,9 +761,9 @@ // Select warehouse to force it everywhere if (count($listwarehouses) > 1) { - print '
'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 1, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1); + print '
'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 1, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1); } elseif (count($listwarehouses) == 1) { - print '
'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 0, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1); + print '
'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 0, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1); } print ''; @@ -1055,10 +1065,19 @@ $dispatchBt = empty($conf->reception->enabled) ? $langs->trans("Receive") : $langs->trans("CreateReception"); - print '
'; + print ''; } print ''; @@ -1257,7 +1276,7 @@ // Add button to check/uncheck disaptching print ''; - if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check))) { + if (!$permissiontocontrol) { if (empty($objp->status)) { print ''.$langs->trans("Approve").''; print ''.$langs->trans("Deny").''; diff --git a/htdocs/reception/card.php b/htdocs/reception/card.php index 9f326e8d36b33..f84b8bd4d6c4f 100644 --- a/htdocs/reception/card.php +++ b/htdocs/reception/card.php @@ -112,9 +112,6 @@ // Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context $hookmanager->initHooks(array('receptioncard', 'globalcard')); -$permissiondellink = $user->rights->reception->creer; // Used by the include of actions_dellink.inc.php -//var_dump($object->lines[0]->detail_batch); - $date_delivery = dol_mktime(GETPOST('date_deliveryhour', 'int'), GETPOST('date_deliverymin', 'int'), 0, GETPOST('date_deliverymonth', 'int'), GETPOST('date_deliveryday', 'int'), GETPOST('date_deliveryyear', 'int')); if ($id > 0 || !empty($ref)) { @@ -142,9 +139,10 @@ $socid = $user->socid; } -if ($origin == 'reception') { +if (!empty($conf->reception->enabled) || $origin == 'reception' || empty($origin)) { $result = restrictedArea($user, 'reception', $id); } else { + // We do not use the reception module, so we test permission on the supplier orders if ($origin == 'supplierorder' || $origin == 'order_supplier') { $result = restrictedArea($user, 'fournisseur', $origin_id, 'commande_fournisseur', 'commande'); } elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) { @@ -152,6 +150,20 @@ } } +if (!empty($conf->reception->enabled)) { + $permissiontoread = $user->rights->reception->lire; + $permissiontoadd = $user->rights->reception->creer; + $permissiondellink = $user->rights->reception->creer; // Used by the include of actions_dellink.inc.php + $permissiontovalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate))); + $permissiontodelete = $user->rights->reception->supprimer; +} else { + $permissiontoread = $user->rights->fournisseur->commande->receptionner; + $permissiontoadd = $user->rights->fournisseur->commande->receptionner; + $permissiondellink = $user->rights->fournisseur->commande->receptionner; // Used by the include of actions_dellink.inc.php + $permissiontovalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande_advance->check))); + $permissiontodelete = $user->rights->fournisseur->commande->receptionner; +} + /* * Actions @@ -171,12 +183,12 @@ include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once // Reopen - if ($action == 'reopen' && $user->rights->reception->creer) { + if ($action == 'reopen' && $permissiontoadd) { $result = $object->reOpen(); } // Confirm back to draft status - if ($action == 'modif' && $user->rights->reception->creer) { + if ($action == 'modif' && $permissiontoadd) { $result = $object->setDraft($user); if ($result >= 0) { // Define output language @@ -201,11 +213,11 @@ } // Set incoterm - if ($action == 'set_incoterms' && !empty($conf->incoterm->enabled)) { + if ($action == 'set_incoterms' && !empty($conf->incoterm->enabled) && $permissiontoadd) { $result = $object->setIncoterms(GETPOST('incoterm_id', 'int'), GETPOST('location_incoterms', 'alpha')); } - if ($action == 'setref_supplier') { + if ($action == 'setref_supplier' && $permissiontoadd) { if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); } @@ -220,7 +232,7 @@ } } - if ($action == 'update_extras') { + if ($action == 'update_extras' && $permissiontoadd) { $object->oldcopy = dol_clone($object); // Fill array 'array_options' with data from update form @@ -244,7 +256,7 @@ } // Create reception - if ($action == 'add' && $user->rights->reception->creer) { + if ($action == 'add' && $permissiontoadd) { $error = 0; $predef = ''; @@ -405,10 +417,7 @@ $_GET["commande_id"] = GETPOST('commande_id', 'int'); $action = 'create'; } - } elseif ($action == 'confirm_valid' && $confirm == 'yes' && - ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer)) - || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate))) - ) { + } elseif ($action == 'confirm_valid' && $confirm == 'yes' && $permissiontovalidate) { $object->fetch_thirdparty(); $result = $object->valid($user); @@ -440,7 +449,7 @@ } } } - } elseif ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->reception->supprimer) { + } elseif ($action == 'confirm_delete' && $confirm == 'yes' && $permissiontodelete) { $result = $object->delete($user); if ($result > 0) { header("Location: ".DOL_URL_ROOT.'/reception/index.php'); @@ -455,7 +464,7 @@ if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); }*/ - } elseif ($action == 'setdate_livraison' && $user->rights->reception->creer) { + } elseif ($action == 'setdate_livraison' && $permissiontoadd) { //print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year']; $datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int')); @@ -506,7 +515,7 @@ } $action = ""; - } elseif ($action == 'builddoc') { + } elseif ($action == 'builddoc' && $permissiontoread) { // Build document // En get ou en post // Save last template used to generate document @@ -532,7 +541,7 @@ setEventMessages($object->error, $object->errors, 'errors'); $action = ''; } - } elseif ($action == 'remove_file') { + } elseif ($action == 'remove_file' && $permissiontoadd) { // Delete file in doc form require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; @@ -550,13 +559,13 @@ header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit(); } - } elseif ($action == 'classifyclosed') { + } elseif ($action == 'classifyclosed' && $permissiontoread) { $result = $object->setClosed(); if ($result >= 0) { header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id); exit(); } - } elseif ($action == 'deleteline' && !empty($line_id)) { + } elseif ($action == 'deleteline' && !empty($line_id) && $permissiontoread) { // delete a line $lines = $object->lines; $line = new CommandeFournisseurDispatch($db); @@ -579,7 +588,7 @@ } else { setEventMessages($line->error, $line->errors, 'errors'); } - } elseif ($action == 'updateline' && $user->rights->reception->creer && GETPOST('save')) { + } elseif ($action == 'updateline' && GETPOST('save') && $permissiontoadd) { // Update a line // Clean parameters $qty = 0; @@ -666,11 +675,11 @@ $object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref); } } else { - header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition + header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // To reshow the record we edit exit(); } - } elseif ($action == 'updateline' && $user->rights->reception->creer && GETPOST('cancel', 'alpha') == $langs->trans("Cancel")) { - header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition + } elseif ($action == 'updateline' && $permissiontoadd && GETPOST('cancel', 'alpha') == $langs->trans("Cancel")) { + header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // To reshow the record we edit exit(); } diff --git a/htdocs/theme/eldy/global.inc.php b/htdocs/theme/eldy/global.inc.php index bfe92bd5fe9b0..218d2a20be00c 100644 --- a/htdocs/theme/eldy/global.inc.php +++ b/htdocs/theme/eldy/global.inc.php @@ -2881,12 +2881,12 @@ color: #202020; margin: 1px 1px 1px 6px; } -font.vsmenudisabled { font-family: ; text-align: ; color: #aaa; } +span.vsmenudisabled, font.vsmenudisabled { font-family: ; text-align: ; color: #aaa; } a.vsmenu:link, a.vsmenu:visited { color: var(--colortextbackvmenu); white-space: nowrap; } -font.vsmenudisabledmargin { margin: 1px 1px 1px 6px; } +span.vsmenudisabledmargin, font.vsmenudisabledmargin { margin: 1px 1px 1px 6px; } li a.vsmenudisabled, li.vsmenudisabled { color: #aaa !important; } a.help:link, a.help:visited, a.help:hover, a.help:active, span.help { text-align: ; color: #aaa; text-decoration: none; } diff --git a/htdocs/theme/md/style.css.php b/htdocs/theme/md/style.css.php index e499319a72247..c39bf34d74a55 100644 --- a/htdocs/theme/md/style.css.php +++ b/htdocs/theme/md/style.css.php @@ -2928,9 +2928,9 @@ a.vmenu:link, a.vmenu:visited { color: #; } a.vsmenu:link, a.vsmenu:visited, a.vsmenu:hover, a.vsmenu:active, span.vsmenu { font-size:px; font-family: ; text-align: ; font-weight: normal; color: #202020; margin: 1px 1px 1px 8px; } -font.vsmenudisabled { font-size:px; font-family: ; text-align: ; font-weight: normal; color: #aaa; } +span.vsmenudisabled, font.vsmenudisabled { font-size:px; font-family: ; text-align: ; font-weight: normal; color: #aaa; } a.vsmenu:link, a.vsmenu:visited { color: #; white-space: nowrap; } -font.vsmenudisabledmargin { margin: 1px 1px 1px 8px; } +span.vsmenudisabledmargin, font.vsmenudisabledmargin { margin: 1px 1px 1px 8px; } a.help:link, a.help:visited, a.help:hover, a.help:active, span.help { text-align: ; font-weight: normal; color: #999; text-decoration: none; } diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php index d3ba33a5acf6a..4571ed48884d0 100644 --- a/htdocs/user/perms.php +++ b/htdocs/user/perms.php @@ -317,6 +317,19 @@ continue; } + // Special cases + if (!empty($conf->reception->enabled)) { + // The 2 permission in fournisseur modules has been replaced by permissions into reception module + if ($obj->module == 'fournisseur' && $obj->perms == 'commande' && $obj->subperms == 'receptionner') { + $i++; + continue; + } + if ($obj->module == 'fournisseur' && $obj->perms == 'commande_advance' && $obj->subperms == 'check') { + $i++; + continue; + } + } + $objMod = $modules[$obj->module]; // Save field module_position in database if value is wrong