diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index d46442edc9495..4b81e065d3fa6 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -2053,7 +2053,7 @@ function initfieldrequired() {
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'member', $socid, 1, 'listactions', $MAX, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, 'listactions', $MAX, '', $morehtmlright);
print '';
}
diff --git a/htdocs/adherents/subscription/card.php b/htdocs/adherents/subscription/card.php
index 3f4a387298086..b0a6e40d3ca8a 100644
--- a/htdocs/adherents/subscription/card.php
+++ b/htdocs/adherents/subscription/card.php
@@ -394,7 +394,7 @@
/*
include_once DOL_DOCUMENT_ROOT . '/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'invoice', $socid, 1);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1);
*/
print '';
diff --git a/htdocs/asset/card.php b/htdocs/asset/card.php
index 9798af685303d..b2473409b5b69 100644
--- a/htdocs/asset/card.php
+++ b/htdocs/asset/card.php
@@ -102,7 +102,7 @@
if (empty($id) && (($action != 'add' && $action != 'create') || $cancel)) {
$backtopage = $backurlforlist;
} else {
- $backtopage = DOL_URL_ROOT.'/compta/bank/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__');
+ $backtopage = DOL_URL_ROOT.'/asset/card.php?id='.((!empty($id) && $id > 0) ? $id : '__ID__');
}
}
}
@@ -334,7 +334,7 @@
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'asset', $socid, 1, '', $MAXEVENT, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright);
print '';
}
diff --git a/htdocs/asset/class/asset.class.php b/htdocs/asset/class/asset.class.php
index 66cd9bcb4cf84..34e0a732f57eb 100644
--- a/htdocs/asset/class/asset.class.php
+++ b/htdocs/asset/class/asset.class.php
@@ -57,6 +57,7 @@ class Asset extends CommonObject
const STATUS_DRAFT = 0;
const STATUS_VALIDATED = 1;
+ const STATUS_CANCELED = 9;
/**
@@ -95,7 +96,7 @@ class Asset extends CommonObject
'fk_user_creat' => array('type'=>'integer', 'label'=>'UserAuthor', 'visible'=>-2, 'enabled'=>1, 'position'=>510, 'notnull'=>1,),
'fk_user_modif' => array('type'=>'integer', 'label'=>'UserModif', 'visible'=>-2, 'enabled'=>1, 'position'=>511, 'notnull'=>-1,),
'import_key' => array('type'=>'varchar(14)', 'label'=>'ImportId', 'visible'=>-2, 'enabled'=>1, 'position'=>1000, 'notnull'=>-1,),
- 'status' => array('type'=>'integer', 'label'=>'Status', 'visible'=>1, 'enabled'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Active', '-1'=>'Cancel')),
+ 'status' => array('type'=>'integer', 'label'=>'Status', 'visible'=>1, 'enabled'=>1, 'position'=>1000, 'notnull'=>1, 'index'=>1, 'arrayofkeyval'=>array('0'=>'Draft', '1'=>'Active', '9'=>'Cancel')),
);
/**
diff --git a/htdocs/bom/bom_card.php b/htdocs/bom/bom_card.php
index 44684db64fba4..f24cf3f80d30b 100644
--- a/htdocs/bom/bom_card.php
+++ b/htdocs/bom/bom_card.php
@@ -694,7 +694,7 @@
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'bom', $socid, 1, '', $MAXEVENT, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright);
print '';
}
diff --git a/htdocs/comm/action/card.php b/htdocs/comm/action/card.php
index 2b0898a0c3e05..8a10b39826f02 100644
--- a/htdocs/comm/action/card.php
+++ b/htdocs/comm/action/card.php
@@ -278,8 +278,20 @@
$object->fulldayevent = (!empty($fulldayevent) ? 1 : 0);
$object->location = GETPOST("location", 'alphanohtml');
$object->label = GETPOST('label', 'alphanohtml');
- $object->fk_element = GETPOST("fk_element", 'int');
- $object->elementtype = GETPOST("elementtype", 'alpha');
+
+ if (GETPOST("elementtype", 'alpha')) {
+ $modulecodetouseforpermissioncheck = GETPOST("elementtype", 'alpha');
+
+ $hasPermissionOnLinkedObject = 0;
+ if ($user->hasRight($modulecodetouseforpermissioncheck, 'read')) {
+ $hasPermissionOnLinkedObject = 1;
+ }
+ if ($hasPermissionOnLinkedObject) {
+ $object->fk_element = GETPOST("fk_element", 'int');
+ $object->elementtype = GETPOST("elementtype", 'alpha');
+ }
+ }
+
if (!GETPOST('label')) {
if (GETPOST('actioncode', 'aZ09') == 'AC_RDV' && $contact->getFullName($langs)) {
$object->label = $langs->transnoentitiesnoconv("TaskRDVWith", $contact->getFullName($langs));
@@ -520,8 +532,20 @@
}
$object->fk_project = GETPOST("projectid", 'int');
$object->note_private = trim(GETPOST("note", "restricthtml"));
- $object->fk_element = GETPOST("fk_element", "int");
- $object->elementtype = GETPOST("elementtype", "alphanohtml");
+
+ if (GETPOST("elementtype", 'alpha')) {
+ $modulecodetouseforpermissioncheck = GETPOST("elementtype", 'alpha');
+
+ $hasPermissionOnLinkedObject = 0;
+ if ($user->hasRight($modulecodetouseforpermissioncheck, 'read')) {
+ $hasPermissionOnLinkedObject = 1;
+ }
+ if ($hasPermissionOnLinkedObject) {
+ $object->fk_element = GETPOST("fk_element", 'int');
+ $object->elementtype = GETPOST("elementtype", 'alpha');
+ }
+ }
+
if (!$datef && $percentage == 100) {
$error++; $donotclearsession = 1;
setEventMessages($langs->transnoentitiesnoconv("ErrorFieldRequired", $langs->transnoentitiesnoconv("DateEnd")), $object->errors, 'errors');
@@ -1191,7 +1215,7 @@ function init_repeat()
print img_picto('', 'project', 'class="pictofixedwidth"');
print $formproject->select_projects((empty($societe->id) ? '' : $societe->id), $projectid, 'projectid', 0, 0, 1, 1, 0, 0, 0, '', 1, 0, 'maxwidth500 widthcentpercentminusxx');
- print ' ';
+ print ' ';
print ' ';
$urloption = '?action=create&donotclearsession=1';
$url = dol_buildpath('comm/action/card.php', 2).$urloption;
@@ -1218,7 +1242,7 @@ function init_repeat()
if (!empty($projectid)) {
$projectsListId = $projectid;
}
- $tid = GETPOST("projecttaskid") ? GETPOST("projecttaskid") : '';
+ $tid = GETPOSTISSET("projecttaskid") ? GETPOST("projecttaskid", 'int') : (GETPOSTISSET("taskid") ? GETPOST("taskid", 'int') : '');
$formproject->selectTasks((!empty($societe->id) ? $societe->id : -1), $tid, 'taskid', 24, 0, '1', 1, 0, 0, 'maxwidth500', $projectsListId);
print '';
}
@@ -1226,12 +1250,28 @@ function init_repeat()
// Object linked
if (!empty($origin) && !empty($originid)) {
include_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
- print '
'.$langs->trans("LinkedObject").' ';
- print ''.dolGetElementUrl($originid, $origin, 1).' ';
- print ' ';
- print ' ';
- print ' ';
- print ' ';
+
+ $hasPermissionOnLinkedObject = 0;
+ if ($user->hasRight($origin, 'read')) {
+ $hasPermissionOnLinkedObject = 1;
+ }
+ //var_dump('origin='.$origin.' originid='.$originid.' $hasPermissionOnLinkedObject='.$hasPermissionOnLinkedObject);
+
+ if (! in_array($origin, array('societe', 'project', 'task', 'user'))) {
+ // We do not use link for object that already contains a hard coded field to make links with agenda events
+ print ''.$langs->trans("LinkedObject").' ';
+ print '';
+ if ($hasPermissionOnLinkedObject) {
+ print dolGetElementUrl($originid, $origin, 1);
+ print ' ';
+ print ' ';
+ print ' ';
+ print ' ';
+ } else {
+ print '';
+ }
+ print ' ';
+ }
}
$reg = array();
diff --git a/htdocs/core/actions_addupdatedelete.inc.php b/htdocs/core/actions_addupdatedelete.inc.php
index a62fe016946ff..de4b9d86da16d 100644
--- a/htdocs/core/actions_addupdatedelete.inc.php
+++ b/htdocs/core/actions_addupdatedelete.inc.php
@@ -131,8 +131,8 @@
$result = $object->create($user);
if ($result > 0) {
// Creation OK
- if ($conf->categorie->enabled) {
- $categories = GETPOST('categories', 'array');
+ if ($conf->categorie->enabled && method_exists($object, 'setCategories')) {
+ $categories = GETPOST('categories', 'array:int');
$object->setCategories($categories);
}
$urltogo = $backtopage ? str_replace('__ID__', $result, $backtopage) : $backurlforlist;
diff --git a/htdocs/core/class/html.formactions.class.php b/htdocs/core/class/html.formactions.class.php
index 09c94485d11ff..4b12b4513e5fc 100644
--- a/htdocs/core/class/html.formactions.class.php
+++ b/htdocs/core/class/html.formactions.class.php
@@ -221,10 +221,13 @@ public function showactions($object, $typeelement, $socid = 0, $forceshowtitle =
if ($typeelement == 'project') {
$projectid = $object->id;
}
+ if ($typeelement == 'task') {
+ $taskid = $object->id;
+ }
$newcardbutton = '';
if (!empty($conf->agenda->enabled) && !empty($user->rights->agenda->myactions->create)) {
- $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.urlencode(dol_print_date(dol_now(), 'dayhourlog', 'tzuser')).'&origin='.urlencode($typeelement).'&originid='.$object->id.((!empty($object->socid) && $object->socid > 0) ? '&socid='.$object->socid : ((!empty($socid) && $socid > 0) ? '&socid='.$socid : '')).($projectid > 0 ? '&projectid='.$projectid : '').'&backtopage='.urlencode($urlbacktopage);
+ $url = DOL_URL_ROOT.'/comm/action/card.php?action=create&datep='.urlencode(dol_print_date(dol_now(), 'dayhourlog', 'tzuser')).'&origin='.urlencode($typeelement).'&originid='.$object->id.((!empty($object->socid) && $object->socid > 0) ? '&socid='.$object->socid : ((!empty($socid) && $socid > 0) ? '&socid='.$socid : '')).($projectid > 0 ? '&projectid='.$projectid : '').($taskid > 0 ? '&taskid='.$taskid : '').'&backtopage='.urlencode($urlbacktopage);
$newcardbutton .= dolGetButtonTitle($langs->trans("AddEvent"), '', 'fa fa-plus-circle', $url);
}
diff --git a/htdocs/core/lib/functions2.lib.php b/htdocs/core/lib/functions2.lib.php
index 5ea704881e3ce..26c56d454634e 100644
--- a/htdocs/core/lib/functions2.lib.php
+++ b/htdocs/core/lib/functions2.lib.php
@@ -2166,6 +2166,9 @@ function dolGetElementUrl($objectid, $objecttype, $withpicto = 0, $option = '')
$classpath = 'fichinter/class';
$module = 'ficheinter';
$myobject = 'fichinter';
+ } elseif ($objecttype == 'project') {
+ $classpath = 'projet/class';
+ $module = 'projet';
} elseif ($objecttype == 'task') {
$classpath = 'projet/class';
$module = 'projet';
diff --git a/htdocs/mrp/mo_card.php b/htdocs/mrp/mo_card.php
index d55d4c555e640..51f35bbc33d5a 100644
--- a/htdocs/mrp/mo_card.php
+++ b/htdocs/mrp/mo_card.php
@@ -699,7 +699,7 @@
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'mo', $socid, 1, '', $MAXEVENT, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT, '', $morehtmlright);
print '';
}
diff --git a/htdocs/partnership/partnership_card.php b/htdocs/partnership/partnership_card.php
index 0c9c4b4bb666d..db637136cad1d 100644
--- a/htdocs/partnership/partnership_card.php
+++ b/htdocs/partnership/partnership_card.php
@@ -643,14 +643,14 @@
$MAXEVENT = 10;
- $morehtmlright = '';
+ $morehtmlright = ' ';
$morehtmlright .= $langs->trans("SeeAll");
$morehtmlright .= ' ';
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, $object->element.'@'.$object->module, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, (is_object($object->thirdparty) ? $object->thirdparty->id : 0), 1, '', $MAXEVENT, '', $morehtmlright);
print '';
}
diff --git a/htdocs/product/inventory/card.php b/htdocs/product/inventory/card.php
index f9b73ffb90f96..ee39486fb5b2a 100644
--- a/htdocs/product/inventory/card.php
+++ b/htdocs/product/inventory/card.php
@@ -462,7 +462,7 @@
// List of actions on element
include_once DOL_DOCUMENT_ROOT.'/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'inventory', 0, 1, '', $MAXEVENT, '', $morehtmlright);
+ $somethingshown = $formactions->showactions($object, $object->element, 0, 1, '', $MAXEVENT, '', $morehtmlright);
print '';
}
diff --git a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php
index 192d1d4c526ed..ce96d1cd67bc3 100644
--- a/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php
+++ b/htdocs/recruitment/core/modules/recruitment/mod_recruitmentcandidature_standard.php
@@ -36,7 +36,7 @@ class mod_recruitmentcandidature_standard extends ModeleNumRefRecruitmentCandida
*/
public $version = 'dolibarr'; // 'development', 'experimental', 'dolibarr'
- public $prefix = 'JOC';
+ public $prefix = 'JOA';
/**
* @var string Error code (or message)
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 649b8b55502f8..2dbc2a3f0201d 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -663,26 +663,103 @@ public function loadDefaultValues()
* You can use it like this: if ($user->hasRight('module', 'level11')).
* It replaces old syntax: if ($user->rights->module->level1)
*
- * @param int $module Id of permission to add or 0 to add several permissions
- * @param string $permlevel1 Permission level1
+ * @param int $module Module of permission to check
+ * @param string $permlevel1 Permission level1 (Example: 'read', 'write', 'delete')
* @param string $permlevel2 Permission level2
* @return int 1 if user has permission, 0 if not.
* @see clearrights(), delrights(), getrights(), hasRight()
*/
public function hasRight($module, $permlevel1, $permlevel2 = '')
{
+ global $conf;
+
+ // For compatibility with bad naming permissions on module
+ $moduletomoduletouse = array(
+ 'contract' => 'contrat',
+ 'member' => 'adherent', // We must check $user->rights->adherent...
+ 'mo' => 'mrp',
+ 'order' => 'commande',
+ 'product' => 'produit', // We must check $user->rights->produit...
+ 'project' => 'projet',
+ 'shipping' => 'expedition',
+ 'task' => 'task@projet',
+ 'fichinter' => 'ficheinter',
+ 'invoice' => 'facture',
+ 'invoice_supplier' => 'fournisseur',
+ 'knowledgerecord' => 'knowledgerecord@knowledgemanagement'
+ );
+ if (!empty($moduletomoduletouse[$module])) {
+ $module = $moduletomoduletouse[$module];
+ }
+
+ // If module is abc@module, we check permission user->rights->module->abc->permlevel1
+ $tmp = explode('@', $module, 2);
+ if (! empty($tmp[1])) {
+ $module = $tmp[1];
+ $permlevel2 = $permlevel1;
+ $permlevel1 = $tmp[0];
+ }
+
+ //var_dump($module);
+ //var_dump($this->rights->$module);
+ if (!in_array($module, $conf->modules)) {
+ return 0;
+ }
+
+ // For compatibility with bad naming permissions on permlevel1
+ if ($permlevel1 == 'propale') {
+ $permlevel1 = 'propal';
+ }
+ if ($permlevel1 == 'member') {
+ $permlevel1 = 'adherent';
+ }
+ if ($permlevel1 == 'recruitmentcandidature') {
+ $permlevel1 = 'recruitmentjobposition';
+ }
+
+ //var_dump($module.' '.$permlevel1.' '.$permlevel2);
if (empty($module) || empty($this->rights) || empty($this->rights->$module) || empty($permlevel1)) {
return 0;
}
if ($permlevel2) {
- if (!empty($this->rights->$module->$permlevel1) && !empty($this->rights->$module->$permlevel1->$permlevel2)) {
- return $this->rights->$module->$permlevel1->$permlevel2;
+ if (!empty($this->rights->$module->$permlevel1)) {
+ if (!empty($this->rights->$module->$permlevel1->$permlevel2)) {
+ return $this->rights->$module->$permlevel1->$permlevel2;
+ }
+ // For backward compatibility with old permissions called "lire", "creer", "create", "supprimer"
+ // instead of "read", "write", "delete"
+ if ($permlevel2 == 'read' && !empty($this->rights->$module->$permlevel1->lire)) {
+ return $this->rights->$module->lire;
+ }
+ if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->creer)) {
+ return $this->rights->$module->create;
+ }
+ if ($permlevel2 == 'write' && !empty($this->rights->$module->$permlevel1->create)) {
+ return $this->rights->$module->create;
+ }
+ if ($permlevel2 == 'delete' && !empty($this->rights->$module->$permlevel1->supprimer)) {
+ return $this->rights->$module->supprimer;
+ }
}
} else {
if (!empty($this->rights->$module->$permlevel1)) {
return $this->rights->$module->$permlevel1;
}
+ // For backward compatibility with old permissions called "lire", "creer", "create", "supprimer"
+ // instead of "read", "write", "delete"
+ if ($permlevel1 == 'read' && !empty($this->rights->$module->lire)) {
+ return $this->rights->$module->lire;
+ }
+ if ($permlevel1 == 'write' && !empty($this->rights->$module->creer)) {
+ return $this->rights->$module->create;
+ }
+ if ($permlevel1 == 'write' && !empty($this->rights->$module->create)) {
+ return $this->rights->$module->create;
+ }
+ if ($permlevel1 == 'delete' && !empty($this->rights->$module->supprimer)) {
+ return $this->rights->$module->supprimer;
+ }
}
return 0;
diff --git a/htdocs/website/websiteaccount_card.php b/htdocs/website/websiteaccount_card.php
index ee0f84434c364..ac035127f1457 100644
--- a/htdocs/website/websiteaccount_card.php
+++ b/htdocs/website/websiteaccount_card.php
@@ -344,7 +344,7 @@
// List of actions on element
include_once DOL_DOCUMENT_ROOT . '/core/class/html.formactions.class.php';
$formactions = new FormActions($db);
- $somethingshown = $formactions->showactions($object, 'websiteaccount', $socid, 1, '', $MAXEVENT);
+ $somethingshown = $formactions->showactions($object, $object->element, $socid, 1, '', $MAXEVENT);
*/
print '';