(Multi-Company)

New: a superadmin can create/update a superadmin

(Multi-Company)
225b9da2 · Regis Houssin · 547443c4 · 225b9da2 · 225b9da2 · 225b9da2
Commit 225b9da2 authored 14 years ago by Regis Houssin
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -233,6 +233,7 @@ class Form
        if ($type == 'info') 				$img=img_help(0,$alt);
        if ($type == 'help' || $type ==1)	$img=img_help(1,$alt);
        if ($type == 'superadmin') 			$img=img_redstar($alt);
+        if ($type == 'admin')				$img=img_picto($alt,"star");
        // Warnings
        if ($type == 'warning') 			$img=img_warning($alt);

--- a/htdocs/langs/en_US/users.lang
+++ b/htdocs/langs/en_US/users.lang
@@ -44,7 +44,8 @@ NameNotDefined=Name is not defined.
 ListOfUsers=List of users
 Administrator=Administrator
 SuperAdministrator=Super Administrator
-SuperAdministratorDesc=Administrator with all rights
+SuperAdministratorDesc=Global administrator
+AdministratorDesc=Administrator's entity
 DefaultRights=Default permissions
 DefaultRightsDesc=Define here <u>default</u> permissions that are automatically granted to a <u>new created</u> user (Go on user card to change permission of an existing user).
 DolibarrUsers=Dolibarr users
@@ -111,3 +112,4 @@ NameToCreate=Name of third party to create
 YourRole=Your roles
 YourQuotaOfUsersIsReached=Your quota of active users is reached !
 NbOfUsers=Nb of users
+DontDowngradeSuperAdmin=Only a superadmin can downgrade a superadmin
\ No newline at end of file
--- a/htdocs/langs/fr_FR/users.lang
+++ b/htdocs/langs/fr_FR/users.lang
@@ -44,7 +44,8 @@ NameNotDefined=Le nom n'est pas défini.
 ListOfUsers=Liste des utilisateurs
 Administrator=Administrateur
 SuperAdministrator=Super Administrateur
-SuperAdministratorDesc=Administrateur principal ayant tous les droits
+SuperAdministratorDesc=Administrateur global
+AdministratorDesc=Administrateur de l'entité
 DefaultRights=Permissions par défaut
 DefaultRightsDesc=Définissez ici les permissions <u>par défaut</u>, c'est-à-dire les permissions qui seront attribuées automatiquement à un <u>nouvel</u> utilisateur lors de sa création (Voir la fiche utilisateur pour changer les permissions d'un utilisateur existant).
 DolibarrUsers=Utilisateurs Dolibarr
@@ -111,3 +112,4 @@ NameToCreate=Nom du tiers à créer
 YourRole=Vos rôles
 YourQuotaOfUsersIsReached=Votre quota d'utilisateurs actifs est atteint !
 NbOfUsers=Nb d'utilisateurs
+DontDowngradeSuperAdmin=Seul un superadmin peut rétrograder un superadmin
\ No newline at end of file
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1036,7 +1036,7 @@ class User extends CommonObject
 		$sql.= ", note = '".$this->db->escape($this->note)."'";
 		$sql.= ", photo = ".($this->photo?"'".$this->db->escape($this->photo)."'":"null");
 		$sql.= ", openid = ".($this->openid?"'".$this->db->escape($this->openid)."'":"null");
-		//$sql.= ", entity = '".$this->entity."'";
+		$sql.= ", entity = '".$this->entity."'";
 		$sql.= " WHERE rowid = ".$this->id;
 		dol_syslog("User::update sql=".$sql, LOG_DEBUG);
@@ -1834,17 +1834,24 @@ class User extends CommonObject
 	/**
 	 *    Return number of existing users
-	 *    @param		limitToActive		limit to active users
+	 *    @param		limitTo		limit to 'active' or 'superadmin' users
 	 *    @return       int     	Number of users
 	 */
-	function getNbOfUsers($limitToActive=0)
+	function getNbOfUsers($limitTo='')
 	{
 		global $conf;
 		$sql = "SELECT count(rowid) as nb";
 		$sql.= " FROM ".MAIN_DB_PREFIX."user";
+		if ($limitTo == 'superadmin')
+		{
+			$sql.= " WHERE entity = 0";
+		}
+		else
+		{
 			$sql.= " WHERE entity = ".$conf->entity;
-		if ($limitToActive) $sql.= " AND statut = 1";
+			if ($limitTo == 'active') $sql.= " AND statut = 1";
+		}
 		$resql=$this->db->query($sql);
 		if ($resql)

--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -115,7 +115,7 @@ if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser)
 		if (!empty($conf->file->main_limit_users))
 		{
-			$nb = $edituser->getNbOfUsers(1);
+			$nb = $edituser->getNbOfUsers("active");
 			if ($nb >= $conf->file->main_limit_users)
 			{
 				$message='<div class="error">'.$langs->trans("YourQuotaOfUsersIsReached").'</div>';
@@ -168,7 +168,7 @@ if ($_POST["action"] == 'add' && $canadduser)
 	if (!empty($conf->file->main_limit_users)) // If option to limit users is set
 	{
-		$nb = $edituser->getNbOfUsers(1);
+		$nb = $edituser->getNbOfUsers("active");
 		if ($nb >= $conf->file->main_limit_users)
 		{
 			$message='<div class="error">'.$langs->trans("YourQuotaOfUsersIsReached").'</div>';
@@ -191,7 +191,8 @@ if ($_POST["action"] == 'add' && $canadduser)
 		$edituser->phenix_pass   = $_POST["phenix_pass"];
 		$edituser->note          = $_POST["note"];
 		$edituser->ldap_sid      = $_POST["ldap_sid"];
-		$edituser->entity        = ($_POST["admin"] && empty($conf->multicompany->enabled))?0:$_POST["entity"];   // If multicompany is off, admin users must all be on entity 0.
+		// If multicompany is off, admin users must all be on entity 0.
+		$edituser->entity        = ( ! empty($_POST["admin"]) && (! empty($_POST["superadmin"]) || empty($conf->multicompany->enabled)) ? 0 : $_POST["entity"]);
 		$db->begin();
@@ -287,7 +288,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"])
 			$edituser->webcal_login  = $_POST["webcal_login"];
 			$edituser->phenix_login  = $_POST["phenix_login"];
 			$edituser->phenix_pass   = $_POST["phenix_pass"];
-			$edituser->entity        = $_POST["entity"];
+			$edituser->entity        = ( (! empty($_POST["superadmin"]) && ! empty($_POST["admin"])) ? 0 : $_POST["entity"]);
 			if (! empty($_FILES['photo']['name'])) $edituser->photo = $_FILES['photo']['name'];
 			$ret=$edituser->update($user);
@@ -653,6 +654,30 @@ if (($action == 'create') || ($action == 'adduserldap'))
 		print '<tr><td valign="top">'.$langs->trans("Administrator").'</td>';
 		print '<td>';
 		print $form->selectyesno('admin',$_POST["admin"],1);
+		if (! empty($conf->multicompany->enabled) && ! $user->entity)
+		{
+			if ($conf->use_javascript_ajax)
+			{
+				print '<script type="text/javascript">
+							$(function() {
+								$("select[name=admin]").change(function() {
+									 if ( $(this).val() == 0 ) {
+									 	$("input[name=superadmin]")
+									 		.attr("disabled", true)
+									 		.attr("checked", false);
+									 } else {
+									 	$("input[name=superadmin]")
+									 		.attr("disabled", false);
+									 }
+								});
+							});
+					</script>';
+			}
+			$checked=($_POST["superadmin"]?' checked':'');
+			$disabled=($_POST["superadmin"]?'':' disabled');
+			print '<input type="checkbox" name="superadmin" value="1"'.$checked.$disabled.' /> '.$langs->trans("SuperAdministrator");
+		}
 		print "</td></tr>\n";
 	}
@@ -950,22 +975,23 @@ else
            print '</tr>'."\n";
 			// Administrator
-			print '<tr><td valign="top">'.$langs->trans("Administrator").'</td>';
+			print '<tr><td valign="top">'.$langs->trans("Administrator").'</td><td>';
-			print '<td>'.yn($fuser->admin);
+			if (! empty($conf->multicompany->enabled) && $fuser->admin && ! $fuser->entity)
-			if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY) && $fuser->admin && ! $fuser->entity)
 			{
-				print ' '.img_redstar($langs->trans("SuperAdministrator"));
+				print $html->textwithpicto(yn($fuser->admin),$langs->trans("SuperAdministratorDesc"),1,"superadmin");
 			}
 			else if ($fuser->admin)
 			{
-				print ' '.img_picto($langs->trans("Administrator"),"star");
+				print $html->textwithpicto(yn($fuser->admin),$langs->trans("AdministratorDesc"),1,"admin");
 			}
-			print '</td>';
+			else
-            print '</tr>'."\n";
+			{
+				print yn($fuser->admin);
+			}
+            print '</td></tr>'."\n";
 			// Type
-			print '<tr><td valign="top">'.$langs->trans("Type").'</td>';
+			print '<tr><td valign="top">'.$langs->trans("Type").'</td><td>';
-			print '<td>';
 			if ($fuser->societe_id)
 			{
 				print $html->textwithpicto($langs->trans("External"),$langs->trans("InternalExternalDesc"));
@@ -974,16 +1000,11 @@ else
 			{
 				print $langs->trans("DomainUser",$ldap->domainFQDN);
 			}
-			else if (empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ! empty($fuser->entity))
-			{
-				print $html->textwithpicto($langs->trans("Internal"),$langs->trans("InternalExternalDesc"));
-			}
 			else
 			{
-				print $html->textwithpicto($langs->trans("SuperAdministrator"),$langs->trans("SuperAdministratorDesc"));
+				print $html->textwithpicto($langs->trans("Internal"),$langs->trans("InternalExternalDesc"));
 			}
-			print '</td>';
+            print '</td></tr>'."\n";
-            print '</tr>'."\n";
 			// Tel pro
 			print '<tr><td valign="top">'.$langs->trans("PhonePro").'</td>';
@@ -1112,7 +1133,7 @@ else
 			print '<div class="tabsAction">';
 			if ($caneditfield &&
-			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || (($fuser->entity == $conf->entity) || $fuser->entity == $user->entity)) )
+			(empty($conf->multicompany->enabled) || (($fuser->entity == $conf->entity) || $fuser->entity == $user->entity)) )
 			{
 				if (! empty($conf->global->MAIN_ONLY_LOGIN_ALLOWED))
 				{
@@ -1124,7 +1145,7 @@ else
 				}
 			}
 			elseif ($caneditpassword && ! $fuser->ldap_sid &&
-			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
+			(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=edit">'.$langs->trans("EditPassword").'</a>';
 			}
@@ -1133,13 +1154,13 @@ else
 			if ($conf->global->USER_PASSWORD_GENERATED != 'none')
 			{
 				if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid &&
-				(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)))
+				(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)))
 				{
 					print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=password">'.$langs->trans("ReinitPassword").'</a>';
 				}
 				if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid &&
-				(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
+				(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) )
 				{
 					if ($fuser->email) print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=passwordsend">'.$langs->trans("SendNewPassword").'</a>';
 					else print '<a class="butActionRefused" href="#" title="'.dol_escape_htmltag($langs->trans("NoEMail")).'">'.$langs->trans("SendNewPassword").'</a>';
@@ -1148,19 +1169,19 @@ else
 			// Activer
 			if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 0 &&
-			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
+			(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&amp;action=enable">'.$langs->trans("Reactivate").'</a>';
 			}
 			// Desactiver
 			if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 1 &&
-			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
+			(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butActionDelete" href="fiche.php?action=disable&amp;id='.$fuser->id.'">'.$langs->trans("DisableUser").'</a>';
 			}
 			// Delete
 			if ($user->id <> $_GET["id"] && $candisableuser &&
-			(empty($conf->global->MAIN_MODULE_MULTICOMPANY) || ($fuser->entity == $conf->entity)) )
+			(empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) )
 			{
 				print '<a class="butActionDelete" href="fiche.php?action=delete&amp;id='.$fuser->id.'">'.$langs->trans("DeleteUser").'</a>';
 			}
@@ -1293,7 +1314,7 @@ else
 		if ($_GET["action"] == 'edit' && ($canedituser || ($user->id == $fuser->id)))
 		{
-			print '<form action="fiche.php?id='.$fuser->id.'" method="post" name="updateuser" enctype="multipart/form-data">';
+			print '<form action="'.$_SERVER['PHP_SELF'].'?id='.$fuser->id.'" method="POST" name="updateuser" enctype="multipart/form-data">';
 			print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
 			print '<input type="hidden" name="action" value="update">';
 			print '<input type="hidden" name="entity" value="'.$conf->entity.'">';
@@ -1400,15 +1421,47 @@ else
 			else
 			{
 				print '<td>';
-				if ($user->admin && $fuser->entity!=0) // On ne doit pas rétrograder le superadmin
+				// Don't downgrade a superadmin if alone
+				$nbSuperAdmin = $user->getNbOfUsers('superadmin');
+				if ($user->admin && ($fuser->entity > 0 || $nbSuperAdmin > 1) )
 				{
 					print $form->selectyesno('admin',$fuser->admin,1);
+					if (! empty($conf->multicompany->enabled) && ! $user->entity)
+					{
+						if ($conf->use_javascript_ajax)
+						{
+							print '<script type="text/javascript">
+									$(function() {
+										var admin = $("select[name=admin]");
+										if (admin.val() == 0) {
+											$("input[name=superadmin]")
+													.attr("disabled", true)
+													.attr("checked", false);
+										}
+										$("select[name=admin]").change(function() {
+											 if ( $(this).val() == 0 ) {
+											 	$("input[name=superadmin]")
+											 		.attr("disabled", true)
+											 		.attr("checked", false);
+											 } else {
+											 	$("input[name=superadmin]")
+											 		.attr("disabled", false);
+											 }
+										});
+									});
+								</script>';
+						}
+						$checked=(($fuser->admin && ! $fuser->entity) ? ' checked' : '');
+						print '<input type="checkbox" name="superadmin" value="1"'.$checked.' /> '.$langs->trans("SuperAdministrator");
+					}
 				}
 				else
 				{
 					$yn = yn($fuser->admin);
 					print '<input type="hidden" name="admin" value="'.$fuser->admin.'">';
-					if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) print $html->textwithpicto($yn,$langs->trans("DontChangeSuperAdmin"),1,'warning');
+					if (! empty($conf->multicompany->enabled) && ! $fuser->entity) print $html->textwithpicto($yn,$langs->trans("DontDowngradeSuperAdmin"),1,'warning');
 					else print $yn;
 				}
 				print '</td></tr>';
@@ -1425,11 +1478,6 @@ else
 			{
 				print $langs->trans("DomainUser");
 			}
-			else if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY) && $fuser->admin && !$fuser->entity)
-			{
-				print $langs->trans("SuperAdministrator");
-				print ' '.img_picto($langs->trans("SuperAdministrator"),"redstar");
-			}
 			else
 			{
 				print $langs->trans("Internal");