Fix: If no permission to edit object, form to change category must be

hidden Fix: Adding supplier category was saved into wrong table.

Fix: If no permission to edit object, form to change category must be
00b0031d · Laurent Destailleur · 9e9a3868 · 00b0031d · 00b0031d
Commit 00b0031d authored 11 years ago by Laurent Destailleur
--- a/htdocs/categories/categorie.php
+++ b/htdocs/categories/categorie.php
@@ -118,7 +118,8 @@ if (empty($reshook))
 		}
 		if ($type==1 && $user->rights->societe->creer)
 		{
-			$object = new Societe($db);
+			require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
+			$object = new Fournisseur($db);
 			$result = $object->fetch($objectid);
 			$elementtype = 'fournisseur';
 		}
@@ -165,7 +166,8 @@ if (empty($reshook))
 		}
 		if ($type==1 && $user->rights->societe->creer)
 		{
-			$object = new Societe($db);
+			require_once DOL_DOCUMENT_ROOT.'/fourn/class/fournisseur.class.php';
+			$object = new Fournisseur($db);
 			$result = $object->fetch($objectid);
 			$elementtype = 'fournisseur';
 		}
@@ -319,11 +321,11 @@ if ($socid)

 	dol_fiche_end();

-	if ($soc->client) formCategory($db,$soc,2,$socid);
+	if ($soc->client) formCategory($db,$soc,2,$socid,$user->rights->societe->creer);

 	if ($soc->client && $soc->fournisseur) print '<br><br>';

-	if ($soc->fournisseur) formCategory($db,$soc,1,$socid);
+	if ($soc->fournisseur) formCategory($db,$soc,1,$socid,$user->rights->societe->creer);
 }
 else if ($id || $ref)
 {
@@ -377,7 +379,7 @@ else if ($id || $ref)

 		dol_fiche_end();

-		formCategory($db,$product,0);
+		formCategory($db,$product,0,($user->rights->produit->creer || $user->rights->service->creer));
 	}

 	if ($type == 3)
@@ -456,7 +458,7 @@ else if ($id || $ref)

 		dol_fiche_end();

-		formCategory($db,$member,3);
+		formCategory($db,$member,3,0,$user->rights->adherent->creer);
 	}
 	if ($type == 4)
 	{
@@ -602,7 +604,7 @@ else if ($id || $ref)

 		dol_fiche_end();

-		formCategory($db,$object,4);
+		formCategory($db,$object,4,$user->rights->societe->creer);
 	}
 }

@@ -614,9 +616,10 @@ else if ($id || $ref)
 * 	@param		Object		$object				Object we want to see categories it can be classified into
 * 	@param		int			$typeid				Type of category (0, 1, 2, 3)
 *  @param		int			$socid				Id thirdparty
+ *  @param		string		$showclassifyform	1=Add form to 'Classify', 0=Do not show form to 'Classify'
 *  @return		int			0
 */
-function formCategory($db,$object,$typeid,$socid=0)
+function formCategory($db,$object,$typeid,$socid=0,$showclassifyform=1)
 {
 	global $user,$langs,$form,$bc;

@@ -626,9 +629,12 @@ function formCategory($db,$object,$typeid,$socid=0)
 	if ($typeid == 3) $title = $langs->trans("MembersCategoriesShort");
 	if ($typeid == 4) $title = $langs->trans("ContactCategoriesShort");

-	// Form to add record into a category
 	print '<br>';
 	print_fiche_titre($title,'','');
+	
+	// Form to add record into a category
+	if ($showclassifyform)
+	{
 		print '<form method="post" action="'.DOL_URL_ROOT.'/categories/categorie.php">';
 		print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 		print '<input type="hidden" name="typeid" value="'.$typeid.'">';
@@ -652,7 +658,8 @@ function formCategory($db,$object,$typeid,$socid=0)
 		print '</tr>';
 		print '</table>';
 		print '</form>';
-	print '<br/>';
+		print '<br>';
+	}


 	$c = new Categorie($db);

--- a/htdocs/categories/class/categorie.class.php
+++ b/htdocs/categories/class/categorie.class.php
@@ -386,7 +386,7 @@ class Categorie
 	 * 	Link an object to the category
 	 *
 	 *	@param		Object	$obj	Object to link to category
-	 * 	@param		string	$type	Type of category (member, supplier, product, customer, contact)
+	 * 	@param		string	$type	Type of category ('member', 'customer', 'supplier', 'product', 'contact')
 	 * 	@return		int				1 : OK, -1 : erreur SQL, -2 : id not defined, -3 : Already linked
 	 */
 	function add_type($obj,$type)
@@ -397,11 +397,14 @@ class Categorie

 		if ($this->id == -1) return -2;

+		// For backward compatibility
 		if ($type == 'company')  $type='societe';
-		if ($type == 'fournisseur') $type='societe';
+		if ($type == 'customer') $type='societe';
+		if ($type == 'supplier') $type='fournisseur';

 		$column_name=$type;
        if ($type=='contact') $column_name='socpeople';
+        if ($type=='fournisseur') $column_name='societe';

 		$sql  = "INSERT INTO ".MAIN_DB_PREFIX."categorie_".$type." (fk_categorie, fk_".$column_name.")";
 		$sql .= " VALUES (".$this->id.", ".$obj->id.")";
@@ -479,7 +482,7 @@ class Categorie
 	 * Delete object from category
 	 *
 	 * @param 	Object	$obj	Object
-	 * @param	string	$type	Type
+	 * @param	string	$type	Type of category ('member', 'customer', 'supplier', 'product', 'contact')
 	 * @return 	int				1 if OK, -1 if KO
 	 */
 	function del_type($obj,$type)
@@ -488,11 +491,14 @@ class Categorie

 		$error=0;

+		// For backward compatibility
 		if ($type == 'company')  $type='societe';
-		if ($type == 'fournisseur') $type='societe';
+		if ($type == 'customer') $type='societe';
+		if ($type == 'supplier') $type='fournisseur';

 		$column_name=$type;
        if ($type=='contact') $column_name='socpeople';
+        if ($type=='fournisseur') $column_name='societe';
        
 		$sql  = "DELETE FROM ".MAIN_DB_PREFIX."categorie_".$type;
 		$sql .= " WHERE fk_categorie = ".$this->id;