From 3c4aa3b085adafc41eefbfb171fba034759a5810 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Sun, 30 May 2010 20:25:08 +0000
Subject: [PATCH] Fix: A lot of bugs in project permission
---
htdocs/lib/project.lib.php | 14 +++++++++-----
htdocs/projet/activity/index.php | 5 +++++
htdocs/projet/class/project.class.php | 11 ++++++++---
htdocs/projet/{tasks/fiche.php => tasks.php} | 6 +++---
htdocs/projet/tasks/contact.php | 2 ++
htdocs/projet/tasks/document.php | 7 +++++--
htdocs/projet/tasks/index.php | 8 ++++----
htdocs/projet/tasks/note.php | 3 +++
htdocs/projet/tasks/task.php | 3 +++
htdocs/projet/tasks/time.php | 9 +++++++++
10 files changed, 51 insertions(+), 17 deletions(-)
rename htdocs/projet/{tasks/fiche.php => tasks.php} (98%)
diff --git a/htdocs/lib/project.lib.php b/htdocs/lib/project.lib.php
index 6095eeaf494..fabb11eaf21 100644
--- a/htdocs/lib/project.lib.php
+++ b/htdocs/lib/project.lib.php
@@ -80,7 +80,7 @@ function project_prepare_head($object)
}
// Then tab for sub level of projet, i mean tasks
- $head[$h][0] = DOL_URL_ROOT.'/projet/tasks/fiche.php?id='.$object->id;
+ $head[$h][0] = DOL_URL_ROOT.'/projet/tasks.php?id='.$object->id;
$head[$h][1] = $langs->trans("Tasks");
$head[$h][2] = 'tasks';
$h++;
@@ -349,8 +349,9 @@ function PLinesb(&$inc, $parent, $lines, &$level, &$projectsrole)
* @param $var Color
* @param $showproject Show project columns
* @param $taskrole Array of roles of user for each tasks
+ * @param $projectsListId List of id of project allowed to user (separated with comma)
*/
-function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole)
+function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole, $projectsListId='')
{
global $user, $bc, $langs;
@@ -359,6 +360,8 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
$projectstatic = new Project($db);
$taskstatic = new Task($db);
+ $projectsArrayId=explode(',',$projectsListId);
+
for ($i = 0 ; $i < sizeof($lines) ; $i++)
{
if ($parent == 0) $level = 0;
@@ -413,7 +416,8 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
$projectstatic->id=$lines[$i]->fk_project;
$projectstatic->ref=$lines[$i]->projectref;
$projectstatic->public=$lines[$i]->public;
- print $projectstatic->getNomUrl(1);
+ if ($lines[$i]->public || in_array($lines[$i]->fk_project,$projectsArrayId)) print $projectstatic->getNomUrl(1);
+ else print $projectstatic->getNomUrl(1,'nolink');
if ($showlineingray) print '</i>';
print "</td>";
}
@@ -436,7 +440,7 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
// Title of task
print "<td>";
if ($showlineingray) print '<i>';
- else print '<a href="task.php?id='.$lines[$i]->id.'">';
+ else print '<a href="'.DOL_URL_ROOT.'/projet/tasks/task.php?id='.$lines[$i]->id.'">';
for ($k = 0 ; $k < $level ; $k++)
{
print " ";
@@ -466,7 +470,7 @@ function PLines(&$inc, $parent, &$lines, &$level, $var, $showproject, &$taskrole
if (! $showlineingray) $inc++;
$level++;
- if ($lines[$i]->id) PLines($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole);
+ if ($lines[$i]->id) PLines($inc, $lines[$i]->id, $lines, $level, $var, $showproject, $taskrole, $projectsListId);
$level--;
}
}
diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php
index f2eb598999a..d8149b1be43 100644
--- a/htdocs/projet/activity/index.php
+++ b/htdocs/projet/activity/index.php
@@ -89,6 +89,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND date_format(task_date,'%d%m%y') = ".strftime("%d%m%y",time());
+$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@@ -139,6 +140,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND date_format(date_add(task_date, INTERVAL 1 DAY),'%d%m%y') = ".strftime("%d%m%y",time());
+$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@@ -191,6 +193,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND week(task_date) = ".strftime("%W",time());
+$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@@ -241,6 +244,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND month(task_date) = ".strftime("%m",$now);
+$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$resql = $db->query($sql);
@@ -284,6 +288,7 @@ $sql.= " AND p.entity = ".$conf->entity;
$sql.= " AND tt.fk_task = t.rowid";
$sql.= " AND tt.fk_user = ".$user->id;
$sql.= " AND YEAR(task_date) = ".strftime("%Y",$now);
+$sql.= " AND p.rowid in ('".$projectsListId."')";
$sql.= " GROUP BY p.rowid";
$var=false;
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 56c38c70fda..b2214687a20 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -592,7 +592,7 @@ class Project extends CommonObject
/**
* \brief Renvoie nom clicable (avec eventuellement le picto)
* \param withpicto 0=Pas de picto, 1=Inclut le picto dans le lien, 2=Picto seul
- * \param option Sur quoi pointe le lien
+ * \param option Variante ('', 'nolink')
* \return string Chaine avec URL
*/
function getNomUrl($withpicto=0,$option='')
@@ -600,9 +600,14 @@ class Project extends CommonObject
global $langs;
$result='';
+ $lien='';
+ $lienfin='';
- $lien = '<a href="'.DOL_URL_ROOT.'/projet/fiche.php?id='.$this->id.'">';
- $lienfin='</a>';
+ if ($option != 'nolink')
+ {
+ $lien = '<a href="'.DOL_URL_ROOT.'/projet/fiche.php?id='.$this->id.'">';
+ $lienfin='</a>';
+ }
$picto='projectpub';
if (! $this->public) $picto='project';
diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks.php
similarity index 98%
rename from htdocs/projet/tasks/fiche.php
rename to htdocs/projet/tasks.php
index 95e183707fb..29e6e98d77f 100644
--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks.php
@@ -19,13 +19,13 @@
*/
/**
- * \file htdocs/projet/tasks/fiche.php
+ * \file htdocs/projet/tasks.php
* \ingroup projet
- * \brief Fiche taches d'un projet
+ * \brief List all tasks of a project
* \version $Id$
*/
-require ("../../main.inc.php");
+require ("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index 8c1106e531d..887e969b878 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -196,6 +196,8 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">';
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+ $task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index 28ff56c6e77..9c986038f00 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -128,9 +128,10 @@ if ($action=='delete')
* View
*/
-llxHeader('',$langs->trans('Project'));
-
$form = new Form($db);
+$project = new Project($db);
+
+llxHeader('',$langs->trans('Project'));
if ($id > 0 || ! empty($ref))
{
@@ -154,6 +155,8 @@ if ($id > 0 || ! empty($ref))
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+ $task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $form->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td>';
print '</tr>';
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index 2b23b7e5ce9..58662d8c83f 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -32,6 +32,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
$langs->load('projects');
+$langs->load('users');
// Security check
$socid=0;
@@ -77,9 +78,8 @@ else
else print $langs->trans("ProjectsPublicDesc").'<br><br>';
}
-
-//$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
-
+// Get list of project id allowed to user
+$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1);
// Get list of tasks in tasksarray and taskarrayfiltered
// We need all tasks (even not limited to a user because a task to user
// can have a parent that is not affected to him).
@@ -97,7 +97,7 @@ print '<td align="right">'.$langs->trans("TimeSpent").'</td>';
print "</tr>\n";
// Show all lines in taskarray (recursive function to go down on tree)
$j=0; $level=0;
-$nboftaskshown=PLines($j, 0, $tasksarray, $level, true, 1, $tasksrole);
+$nboftaskshown=PLines($j, 0, $tasksarray, $level, true, 1, $tasksrole, $projectsListId);
print "</table>";
print '</div>';
diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php
index 351d238db0f..621a0039656 100644
--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -90,6 +90,7 @@ if ($_POST['action'] == 'update_private' && $user->rights->projet->creer)
llxHeader();
$html = new Form($db);
+$project = new Project($db);
$id = $_GET['id'];
$ref= $_GET['ref'];
@@ -120,6 +121,8 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+ $task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index 76c15fa93f4..816f5e6a319 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -115,6 +115,7 @@ llxHeader("",$langs->trans("Task"));
$html = new Form($db);
$formother = new FormOther($db);
+$project = new Project($db);
if ($taskid)
{
@@ -215,6 +216,8 @@ if ($taskid)
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+ $task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td>';
print '</tr>';
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index 38fde85ce6d..5767d33e454 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -51,6 +51,11 @@ if ($_POST["action"] == 'addtimespent' && $user->rights->projet->creer)
$mesg='<div class="error">'.$langs->trans('ErrorFieldRequired',$langs->transnoentitiesnoconv("Duration")).'</div>';
$error++;
}
+ if (empty($_POST["userid"]))
+ {
+ $mesg='<div class="error">'.$langs->trans('ErrorUserNotAffectedToTask').'</div>';
+ $error++;
+ }
if (! $error)
{
@@ -137,6 +142,8 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == "yes" &&
* View
*/
+$project=new Project($db);
+
llxHeader("",$langs->trans("Task"));
$html = new Form($db);
@@ -177,6 +184,8 @@ if ($_GET["id"] > 0)
print '<tr><td width="30%">';
print $langs->trans("Ref");
print '</td><td colspan="3">';
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+ $task->next_prev_filter=" fk_projet in (".$projectsListId.")";
print $html->showrefnav($task,'id','',1,'rowid','ref','','');
print '</td></tr>';
--
GitLab