diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php index d46442edc9495..4b81e065d3fa6 100644 --- a/htdocs/adherents/card.php +++ b/htdocs/adherents/card.php @@ -2053,7 +2053,7 @@ function initfieldrequired() { // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'member', $socid, 1, 'listactions', $MAX, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, 'listactions', $MAX, '', $morehtmlright); print ''; } diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php index 3f4a387298086..b0a6e40d3ca8a 100644 --- a/htdocs/adherents/subscription/card.php +++ b/htdocs/adherents/subscription/card.php @@ -394,7 +394,7 @@ /* include_once DOL_DOCUMENT_ROOT . '/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'invoice', $socid, 1); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1); */ print ''; diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php index 9798af685303d..b2473409b5b69 100644 --- a/htdocs/asset/card.php +++ b/htdocs/asset/card.php @@ -102,7 +102,7 @@ if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) { $backtopage = $backurlforlist; } else { - $backtopage = DOL_URL_ROOT.'/compta/bank/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); + $backtopage = DOL_URL_ROOT.'/asset/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__'); } } } @@ -334,7 +334,7 @@ // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'asset', $socid, 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php index 66cd9bcb4cf84..34e0a732f57eb 100644 --- a/htdocs/asset/class/asset.class.php +++ b/htdocs/asset/class/asset.class.php @@ -57,6 +57,7 @@ class Asset extends CommonObject const STATUS_DRAFT = 0; const STATUS_VALIDATED = 1; + const STATUS_CANCELED = 9; /** @@ -95,7 +96,7 @@ class Asset extends CommonObject 'fk_user_creat' => array('type'=>'integer', 'label'=>'UserAuthor', 'visible'=>-2, 'enabled'=>1, 'position'=>510, 'notnull'=>1,), 'fk_user_modif' => array('type'=>'integer', 'label'=>'UserModif', 'visible'=>-2, 'enabled'=>1, 'position'=>511, 'notnull'=>-1,), 'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'visible'=>-2, 'enabled'=>1, 'position'=>1000, 'notnull'=>-1,), - 'status' => array('type'=>'integer', 'label'=>'Status', 'visible'=>1, 'enabled'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Active', '-1'=>'Cancel')), + 'status' => array('type'=>'integer', 'label'=>'Status', 'visible'=>1, 'enabled'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Active', '9'=>'Cancel')), ); /** diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php index 44684db64fba4..f24cf3f80d30b 100644 --- a/htdocs/bom/bom_card.php +++ b/htdocs/bom/bom_card.php @@ -694,7 +694,7 @@ // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'bom', $socid, 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php index 2b0898a0c3e05..8a10b39826f02 100644 --- a/htdocs/comm/action/card.php +++ b/htdocs/comm/action/card.php @@ -278,8 +278,20 @@ $object->fulldayevent = (!empty($fulldayevent) ? 1 : 0); $object->location = GETPOST("location", 'alphanohtml'); $object->label = GETPOST('label', 'alphanohtml'); - $object->fk_element = GETPOST("fk_element", 'int'); - $object->elementtype = GETPOST("elementtype", 'alpha'); + + if (GETPOST("elementtype", 'alpha')) { + $modulecodetouseforpermissioncheck = GETPOST("elementtype", 'alpha'); + + $hasPermissionOnLinkedObject = 0; + if ($user->hasRight($modulecodetouseforpermissioncheck, 'read')) { + $hasPermissionOnLinkedObject = 1; + } + if ($hasPermissionOnLinkedObject) { + $object->fk_element = GETPOST("fk_element", 'int'); + $object->elementtype = GETPOST("elementtype", 'alpha'); + } + } + if (!GETPOST('label')) { if (GETPOST('actioncode', 'aZ09') == 'AC_RDV' && $contact->getFullName($langs)) { $object->label = $langs->transnoentitiesnoconv("TaskRDVWith", $contact->getFullName($langs)); @@ -520,8 +532,20 @@ } $object->fk_project = GETPOST("projectid", 'int'); $object->note_private = trim(GETPOST("note", "restricthtml")); - $object->fk_element = GETPOST("fk_element", "int"); - $object->elementtype = GETPOST("elementtype", "alphanohtml"); + + if (GETPOST("elementtype", 'alpha')) { + $modulecodetouseforpermissioncheck = GETPOST("elementtype", 'alpha'); + + $hasPermissionOnLinkedObject = 0; + if ($user->hasRight($modulecodetouseforpermissioncheck, 'read')) { + $hasPermissionOnLinkedObject = 1; + } + if ($hasPermissionOnLinkedObject) { + $object->fk_element = GETPOST("fk_element", 'int'); + $object->elementtype = GETPOST("elementtype", 'alpha'); + } + } + if (!$datef && $percentage == 100) { $error++; $donotclearsession = 1; setEventMessages($langs->transnoentitiesnoconv("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), $object->errors, 'errors'); @@ -1191,7 +1215,7 @@ function init_repeat() print img_picto('', 'project', 'class="pictofixedwidth"'); print $formproject->select_projects((empty($societe->id) ? '' : $societe->id), $projectid, 'projectid', 0, 0, 1, 1, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx'); - print ' '; + print ' '; print ''; $urloption = '?action=create&donotclearsession=1'; $url = dol_buildpath('comm/action/card.php', 2).$urloption; @@ -1218,7 +1242,7 @@ function init_repeat() if (!empty($projectid)) { $projectsListId = $projectid; } - $tid = GETPOST("projecttaskid") ? GETPOST("projecttaskid") : ''; + $tid = GETPOSTISSET("projecttaskid") ? GETPOST("projecttaskid", 'int') : (GETPOSTISSET("taskid") ? GETPOST("taskid", 'int') : ''); $formproject->selectTasks((!empty($societe->id) ? $societe->id : -1), $tid, 'taskid', 24, 0, '1', 1, 0, 0, 'maxwidth500', $projectsListId); print ''; } @@ -1226,12 +1250,28 @@ function init_repeat() // Object linked if (!empty($origin) && !empty($originid)) { include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php'; - print ''.$langs->trans("LinkedObject").''; - print ''.dolGetElementUrl($originid, $origin, 1).''; - print ''; - print ''; - print ''; - print ''; + + $hasPermissionOnLinkedObject = 0; + if ($user->hasRight($origin, 'read')) { + $hasPermissionOnLinkedObject = 1; + } + //var_dump('origin='.$origin.' originid='.$originid.' $hasPermissionOnLinkedObject='.$hasPermissionOnLinkedObject); + + if (! in_array($origin, array('societe', 'project', 'task', 'user'))) { + // We do not use link for object that already contains a hard coded field to make links with agenda events + print ''.$langs->trans("LinkedObject").''; + print ''; + if ($hasPermissionOnLinkedObject) { + print dolGetElementUrl($originid, $origin, 1); + print ''; + print ''; + print ''; + print ''; + } else { + print ''; + } + print ''; + } } $reg = array(); diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php index a62fe016946ff..de4b9d86da16d 100644 --- a/htdocs/core/actions_addupdatedelete.inc.php +++ b/htdocs/core/actions_addupdatedelete.inc.php @@ -131,8 +131,8 @@ $result = $object->create($user); if ($result > 0) { // Creation OK - if ($conf->categorie->enabled) { - $categories = GETPOST('categories', 'array'); + if ($conf->categorie->enabled && method_exists($object, 'setCategories')) { + $categories = GETPOST('categories', 'array:int'); $object->setCategories($categories); } $urltogo = $backtopage ? str_replace('__ID__', $result, $backtopage) : $backurlforlist; diff --git a/htdocs/core/class/html.formactions.class.php b/htdocs/core/class/html.formactions.class.php index 09c94485d11ff..4b12b4513e5fc 100644 --- a/htdocs/core/class/html.formactions.class.php +++ b/htdocs/core/class/html.formactions.class.php @@ -221,10 +221,13 @@ public function showactions($object, $typeelement, $socid = 0, $forceshowtitle = if ($typeelement == 'project') { $projectid = $object->id; } + if ($typeelement == 'task') { + $taskid = $object->id; + } $newcardbutton = ''; if (!empty($conf->agenda->enabled) && !empty($user->rights->agenda->myactions->create)) { - $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.urlencode(dol_print_date(dol_now(), 'dayhourlog', 'tzuser')).'&origin='.urlencode($typeelement).'&originid='.$object->id.((!empty($object->socid) && $object->socid > 0) ? '&socid='.$object->socid : ((!empty($socid) && $socid > 0) ? '&socid='.$socid : '')).($projectid > 0 ? '&projectid='.$projectid : '').'&backtopage='.urlencode($urlbacktopage); + $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.urlencode(dol_print_date(dol_now(), 'dayhourlog', 'tzuser')).'&origin='.urlencode($typeelement).'&originid='.$object->id.((!empty($object->socid) && $object->socid > 0) ? '&socid='.$object->socid : ((!empty($socid) && $socid > 0) ? '&socid='.$socid : '')).($projectid > 0 ? '&projectid='.$projectid : '').($taskid > 0 ? '&taskid='.$taskid : '').'&backtopage='.urlencode($urlbacktopage); $newcardbutton .= dolGetButtonTitle($langs->trans("AddEvent"), '', 'fa fa-plus-circle', $url); } diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php index 5ea704881e3ce..26c56d454634e 100644 --- a/htdocs/core/lib/functions2.lib.php +++ b/htdocs/core/lib/functions2.lib.php @@ -2166,6 +2166,9 @@ function dolGetElementUrl($objectid, $objecttype, $withpicto = 0, $option = '') $classpath = 'fichinter/class'; $module = 'ficheinter'; $myobject = 'fichinter'; + } elseif ($objecttype == 'project') { + $classpath = 'projet/class'; + $module = 'projet'; } elseif ($objecttype == 'task') { $classpath = 'projet/class'; $module = 'projet'; diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php index d55d4c555e640..51f35bbc33d5a 100644 --- a/htdocs/mrp/mo_card.php +++ b/htdocs/mrp/mo_card.php @@ -699,7 +699,7 @@ // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'mo', $socid, 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php index 0c9c4b4bb666d..db637136cad1d 100644 --- a/htdocs/partnership/partnership_card.php +++ b/htdocs/partnership/partnership_card.php @@ -643,14 +643,14 @@ $MAXEVENT = 10; - $morehtmlright = ''; + $morehtmlright = ''; $morehtmlright .= $langs->trans("SeeAll"); $morehtmlright .= ''; // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, $object->element.'@'.$object->module, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php index f9b73ffb90f96..ee39486fb5b2a 100644 --- a/htdocs/product/inventory/card.php +++ b/htdocs/product/inventory/card.php @@ -462,7 +462,7 @@ // List of actions on element include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'inventory', 0, 1, '', $MAXEVENT, '', $morehtmlright); + $somethingshown = $formactions->showactions($object, $object->element, 0, 1, '', $MAXEVENT, '', $morehtmlright); print ''; } diff --git a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php index 192d1d4c526ed..ce96d1cd67bc3 100644 --- a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php +++ b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php @@ -36,7 +36,7 @@ class mod_recruitmentcandidature_standard extends ModeleNumRefRecruitmentCandida */ public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr' - public $prefix = 'JOC'; + public $prefix = 'JOA'; /** * @var string Error code (or message) diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index 649b8b55502f8..2dbc2a3f0201d 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -663,26 +663,103 @@ public function loadDefaultValues() * You can use it like this: if ($user->hasRight('module', 'level11')). * It replaces old syntax: if ($user->rights->module->level1) * - * @param int $module Id of permission to add or 0 to add several permissions - * @param string $permlevel1 Permission level1 + * @param int $module Module of permission to check + * @param string $permlevel1 Permission level1 (Example: 'read', 'write', 'delete') * @param string $permlevel2 Permission level2 * @return int 1 if user has permission, 0 if not. * @see clearrights(), delrights(), getrights(), hasRight() */ public function hasRight($module, $permlevel1, $permlevel2 = '') { + global $conf; + + // For compatibility with bad naming permissions on module + $moduletomoduletouse = array( + 'contract' => 'contrat', + 'member' => 'adherent', // We must check $user->rights->adherent... + 'mo' => 'mrp', + 'order' => 'commande', + 'product' => 'produit', // We must check $user->rights->produit... + 'project' => 'projet', + 'shipping' => 'expedition', + 'task' => 'task@projet', + 'fichinter' => 'ficheinter', + 'invoice' => 'facture', + 'invoice_supplier' => 'fournisseur', + 'knowledgerecord' => 'knowledgerecord@knowledgemanagement' + ); + if (!empty($moduletomoduletouse[$module])) { + $module = $moduletomoduletouse[$module]; + } + + // If module is abc@module, we check permission user->rights->module->abc->permlevel1 + $tmp = explode('@', $module, 2); + if (! empty($tmp[1])) { + $module = $tmp[1]; + $permlevel2 = $permlevel1; + $permlevel1 = $tmp[0]; + } + + //var_dump($module); + //var_dump($this->rights->$module); + if (!in_array($module, $conf->modules)) { + return 0; + } + + // For compatibility with bad naming permissions on permlevel1 + if ($permlevel1 == 'propale') { + $permlevel1 = 'propal'; + } + if ($permlevel1 == 'member') { + $permlevel1 = 'adherent'; + } + if ($permlevel1 == 'recruitmentcandidature') { + $permlevel1 = 'recruitmentjobposition'; + } + + //var_dump($module.' '.$permlevel1.' '.$permlevel2); if (empty($module) || empty($this->rights) || empty($this->rights->$module) || empty($permlevel1)) { return 0; } if ($permlevel2) { - if (!empty($this->rights->$module->$permlevel1) && !empty($this->rights->$module->$permlevel1->$permlevel2)) { - return $this->rights->$module->$permlevel1->$permlevel2; + if (!empty($this->rights->$module->$permlevel1)) { + if (!empty($this->rights->$module->$permlevel1->$permlevel2)) { + return $this->rights->$module->$permlevel1->$permlevel2; + } + // For backward compatibility with old permissions called "lire", "creer", "create", "supprimer" + // instead of "read", "write", "delete" + if ($permlevel2 == 'read' && !empty($this->rights->$module->$permlevel1->lire)) { + return $this->rights->$module->lire; + } + if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->creer)) { + return $this->rights->$module->create; + } + if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->create)) { + return $this->rights->$module->create; + } + if ($permlevel2 == 'delete' && !empty($this->rights->$module->$permlevel1->supprimer)) { + return $this->rights->$module->supprimer; + } } } else { if (!empty($this->rights->$module->$permlevel1)) { return $this->rights->$module->$permlevel1; } + // For backward compatibility with old permissions called "lire", "creer", "create", "supprimer" + // instead of "read", "write", "delete" + if ($permlevel1 == 'read' && !empty($this->rights->$module->lire)) { + return $this->rights->$module->lire; + } + if ($permlevel1 == 'write' && !empty($this->rights->$module->creer)) { + return $this->rights->$module->create; + } + if ($permlevel1 == 'write' && !empty($this->rights->$module->create)) { + return $this->rights->$module->create; + } + if ($permlevel1 == 'delete' && !empty($this->rights->$module->supprimer)) { + return $this->rights->$module->supprimer; + } } return 0; diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php index ee0f84434c364..ac035127f1457 100644 --- a/htdocs/website/websiteaccount_card.php +++ b/htdocs/website/websiteaccount_card.php @@ -344,7 +344,7 @@ // List of actions on element include_once DOL_DOCUMENT_ROOT . '/core/class/html.formactions.class.php'; $formactions = new FormActions($db); - $somethingshown = $formactions->showactions($object, 'websiteaccount', $socid, 1, '', $MAXEVENT); + $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT); */ print '';