diff --git a/htdocs/core/lib/company.lib.php b/htdocs/core/lib/company.lib.php
index c90630b39a5420570d74bd231c55398cfae3ee31..67bdefa6fc926990f86770795711e797bf95557b 100644
--- a/htdocs/core/lib/company.lib.php
+++ b/htdocs/core/lib/company.lib.php
@@ -435,7 +435,7 @@ function show_projects($conf,$langs,$db,$object,$backtopage='')
$projectstatic->fetch($obj->rowid);
// To verify role of users
- $userAccess = $projectstatic->restrictedProjectArea($user,1);
+ $userAccess = $projectstatic->restrictedProjectArea($user);
if ($user->rights->projet->lire && $userAccess > 0)
{
diff --git a/htdocs/core/lib/project.lib.php b/htdocs/core/lib/project.lib.php
index 00a53319a8c68d4c6318cf8bc48cca5873873de5..6d0dc520c89f1e8a78f12f46627a63bb87a04336 100644
--- a/htdocs/core/lib/project.lib.php
+++ b/htdocs/core/lib/project.lib.php
@@ -687,7 +687,7 @@ function print_projecttasks_array($db, $socid, $projectsListId, $mytasks=0)
$projectstatic->public = $objp->public;
// Check is user has read permission on project
- $userAccess = $projectstatic->restrictedProjectArea($user,1);
+ $userAccess = $projectstatic->restrictedProjectArea($user);
if ($userAccess >= 0)
{
$var=!$var;
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 94e75a456374b6d032e3e33e83f5b12033526b09..3d682c7ca3777631a6f3f44c4e9184d464d48868 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -170,9 +170,9 @@ class Project extends CommonObject
function update($user, $notrigger=0)
{
global $langs, $conf;
-
+
$error=0;
-
+
// Clean parameters
$this->title = trim($this->title);
$this->description = trim($this->description);
@@ -499,7 +499,7 @@ class Project extends CommonObject
global $langs, $conf;
$error=0;
-
+
if ($this->statut != 1)
{
$this->db->begin();
@@ -558,7 +558,7 @@ class Project extends CommonObject
global $langs, $conf;
$error=0;
-
+
if ($this->statut != 2)
{
$this->db->begin();
@@ -789,21 +789,21 @@ class Project extends CommonObject
}
/**
- * Check if user has read permission on project
+ * Check if user has permission on current project
*
* @param User $user Object user to evaluate
- * @param int $noprint 0=Print forbidden message if no permission, 1=Return -1 if no permission
- * @return void
+ * @param string $mode Type of permission we want to know: 'read', 'write'
+ * @return int >0 if user has permission, <0 if user has no permission
*/
- function restrictedProjectArea($user, $noprint=0)
+ function restrictedProjectArea($user, $mode='read')
{
// To verify role of users
$userAccess = 0;
- if ($user->rights->projet->all->lire)
+ if (($mode == 'read' && $user->rights->projet->all->lire) || ($mode == 'write' && $user->rights->projet->all->creer) || ($mode == 'delete' && $user->rights->projet->all->supprimer))
{
$userAccess = 1;
}
- else if ($this->public && $user->rights->projet->lire)
+ else if ($this->public && (($mode == 'read' && $user->rights->projet->lire) || ($mode == 'write' && $user->rights->projet->creer) || ($mode == 'delete' && $user->rights->projet->supprimer)))
{
$userAccess = 1;
}
@@ -819,7 +819,9 @@ class Project extends CommonObject
{
if (preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
{
- $userAccess++;
+ if ($mode == 'read' && $user->rights->projet->lire) $userAccess++;
+ if ($mode == 'write' && $user->rights->projet->creer) $userAccess++;
+ if ($mode == 'delete' && $user->rights->projet->supprimer) $userAccess++;
}
$nblinks++;
}
@@ -833,19 +835,7 @@ class Project extends CommonObject
//}
}
- if (!$userAccess)
- {
- if (!$noprint)
- {
- accessforbidden('', 0);
- }
- else
- {
- return -1;
- }
- }
-
- return $userAccess;
+ return ($userAccess?$userAccess:-1);
}
/**
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index 9409a9dc9971435cb88c9ce27c42fdfaf1e91d63..2a218703394642144ad1f58ce93a983eeca839d2 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -30,7 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/core/class/html.formcompany.class.php');
$langs->load("projects");
$langs->load("companies");
-$projectid = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id');
+$ref= GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
@@ -38,7 +39,7 @@ $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
// Security check
$socid=0;
if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $projectid);
+$result = restrictedArea($user, 'projet', $id);
/*
@@ -51,9 +52,9 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
$result = 0;
$project = new Project($db);
- $result = $project->fetch($projectid);
+ $result = $project->fetch($id);
- if ($result > 0 && $projectid > 0)
+ if ($result > 0 && $id > 0)
{
$result = $project->add_contact($_POST["contactid"], $_POST["type"], $_POST["source"]);
}
@@ -81,7 +82,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
{
$project = new Project($db);
- if ($project->fetch($projectid))
+ if ($project->fetch($id))
{
$result=$project->swapContactStatus(GETPOST('ligne'));
}
@@ -95,7 +96,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
if ($_GET["action"] == 'deleteline' && $user->rights->projet->creer)
{
$project = new Project($db);
- $project->fetch($projectid);
+ $project->fetch($id);
$result = $project->delete_contact($_GET["lineid"]);
if ($result >= 0)
@@ -130,8 +131,6 @@ $userstatic=new User($db);
/* *************************************************************************** */
dol_htmloutput_mesg($mesg);
-$id = $_GET['id'];
-$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$project = new Project($db);
@@ -141,7 +140,10 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
- $userAccess = $project->restrictedProjectArea($user);
+ //$userAccess = $project->restrictedProjectArea($user,'read');
+ $userWrite = $project->restrictedProjectArea($user,'write');
+ //$userDelete = $project->restrictedProjectArea($user,'delete');
+ //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'contact', $langs->trans("Project"), 0, ($project->public?'projectpub':'project'));
@@ -157,8 +159,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans('Ref').'</td><td colspan="3">';
// Define a complementary filter for search of next/prev ref.
- $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
- $project->next_prev_filter=" rowid in (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire)
+ {
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
+ $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
+ }
print $form->showrefnav($project,'ref',$linkback,1,'ref','ref','');
print '</td></tr>';
@@ -194,7 +199,7 @@ if ($id > 0 || ! empty($ref))
* Ajouter une ligne de contact
* Non affiche en mode modification de ligne
*/
- if ($_GET["action"] != 'editline' && $user->rights->projet->creer && $userAccess)
+ if ($_GET["action"] != 'editline')
{
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Source").'</td>';
@@ -230,7 +235,14 @@ if ($id > 0 || ! empty($ref))
print '<td>';
$formcompany->selectTypeContact($project, '', 'type','internal','rowid');
print '</td>';
- print '<td align="right" colspan="3" ><input type="submit" class="button" value="'.$langs->trans("Add").'"></td>';
+ print '<td align="right" colspan="3" >';
+ if ($userWrite > 0 || $user->admin)
+ {
+ print '<input type="submit" class="button" value="'.$langs->trans("Add").'"';
+ if (! ($userWrite > 0 || $user->admin)) print ' disabled="disabled"';
+ print '>';
+ }
+ print '</td>';
print '</tr>';
print '</form>';
@@ -263,9 +275,15 @@ if ($id > 0 || ! empty($ref))
print '<td>';
$formcompany->selectTypeContact($project, '', 'type','external','rowid');
print '</td>';
- print '<td align="right" colspan="3" ><input type="submit" class="button" value="'.$langs->trans("Add").'"';
- if (! $nbofcontacts) print ' disabled="disabled"';
- print '></td>';
+
+ print '<td align="right" colspan="3" >';
+ if ($userWrite > 0 || $user->admin)
+ {
+ print '<input type="submit" class="button" value="'.$langs->trans("Add").'"';
+ if (! $nbofcontacts || ! ($userWrite > 0 || $user->admin)) print ' disabled="disabled"';
+ print '>';
+ }
+ print '</td>';
print '</tr>';
print "</form>";
@@ -346,14 +364,14 @@ if ($id > 0 || ! empty($ref))
// Statut
print '<td align="center">';
// Activation desativation du contact
- if ($project->statut >= 0 && $userAccess) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&action=swapstatut&ligne='.$tab[$i]['rowid'].'">';
+ if ($project->statut >= 0 && $userWrite > 0) print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&action=swapstatut&ligne='.$tab[$i]['rowid'].'">';
print $contactstatic->LibStatut($tab[$i]['status'],3);
- if ($project->statut >= 0 && $userAccess) print '</a>';
+ if ($project->statut >= 0 && $userWrite > 0) print '</a>';
print '</td>';
// Icon update et delete
print '<td align="center" nowrap>';
- if ($user->rights->projet->creer && $userAccess)
+ if ($user->rights->projet->creer && $userWrite > 0)
{
print ' ';
print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&action=deleteline&lineid='.$tab[$i]['rowid'].'">';
@@ -375,7 +393,7 @@ if ($id > 0 || ! empty($ref))
}
}
-$db->close();
-
llxFooter();
+
+$db->close();
?>
\ No newline at end of file
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index 69d67b4c5a3ee66fec66d55ef7c153ff42573306..4fe2de8542a87a0d4985da1ffc56da2b2432696c 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -30,10 +30,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
$langs->load('projects');
$langs->load('other');
+$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
-
-$id = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id');
+$ref= GETPOST('ref');
// Security check
$socid=0;
@@ -51,11 +52,8 @@ $pagenext = $page + 1;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
-
-$id = $_GET['id'];
-$ref= $_GET['ref'];
$project = new Project($db);
-if (! $project->fetch($_GET['id'],$_GET['ref']) > 0)
+if (! $project->fetch($id,$ref) > 0)
{
dol_print_error($db);
exit;
@@ -100,7 +98,7 @@ if ($_POST["sendit"] && ! empty($conf->global->MAIN_UPLOAD_DOC))
}
// Delete
-if ($_REQUEST['action'] == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer)
+if ($action == 'confirm_delete' && $_REQUEST['confirm'] == 'yes' && $user->rights->projet->supprimer)
{
$upload_dir = $conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref);
$file = $upload_dir . '/' . $_GET['urlfile']; // Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
@@ -126,8 +124,11 @@ if ($id > 0 || ! empty($ref))
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
- // To verify role of users
- $userAccess = $project->restrictedProjectArea($user);
+ // To verify role of users
+ //$userAccess = $project->restrictedProjectArea($user,'read');
+ $userWrite = $project->restrictedProjectArea($user,'write');
+ //$userDelete = $project->restrictedProjectArea($user,'delete');
+ //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'document', $langs->trans("Project"), 0, ($project->public?'projectpub':'project'));
@@ -140,7 +141,7 @@ if ($id > 0 || ! empty($ref))
$totalsize+=$file['size'];
}
- if ($_GET["action"] == 'delete')
+ if ($action == 'delete')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$_GET["id"]."&urlfile=".$_GET['urlfile'],$langs->trans("DeleteAFile"),$langs->trans("ConfirmDeleteAFile"),"confirm_delete",'','',1);
if ($ret == 'html') print '<br>';
@@ -151,8 +152,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
- $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
- $project->next_prev_filter=" rowid in (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire)
+ {
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
+ $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
+ }
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@@ -181,25 +185,25 @@ if ($id > 0 || ! empty($ref))
print "</table>\n";
print "</div>\n";
- if ($mesg) { print $mesg."<br>"; }
+ dol_htmloutput_mesg($mesg);
// Affiche formulaire upload
$formfile=new FormFile($db);
- $formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,$user->rights->projet->creer);
+ $formfile->form_attach_new_file(DOL_URL_ROOT.'/projet/document.php?id='.$project->id,'',0,0,($userWrite>0));
// List of document
$param='&id='.$project->id;
- $formfile->list_of_documents($filearray,$project,'projet',$param);
+ $formfile->list_of_documents($filearray,$project,'projet',$param,0,'',($userWrite>0));
}
else
{
- Header('Location: index.php');
+ dol_print_error('','NoRecordFound');
}
-$db->close();
-
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php
index bc53b2bb4160ed1c57f86d7cdcb6c88e83eaf8f2..136014cf0e6a21a1ae62a55c87eedb0ad7e47974 100644
--- a/htdocs/projet/element.php
+++ b/htdocs/projet/element.php
@@ -89,8 +89,11 @@ print '<table class="border" width="100%">';
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
-$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
-$project->next_prev_filter=" rowid in (".$projectsListId.")";
+if (! $user->rights->projet->all->lire)
+{
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
+ $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
+}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@@ -223,7 +226,7 @@ foreach ($listofreferent as $key => $value)
// Amount
if (empty($value['disableamount'])) print '<td align="right">'.(isset($element->total_ttc)?price($element->total_ttc):' ').'</td>';
-
+
// Status
print '<td align="right">'.$element->getLibStatut(5).'</td>';
@@ -281,7 +284,7 @@ foreach ($listofreferent as $key => $value)
}
}
-$db->close();
-
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php
index 563b8839e05bdca82a51af39210c085790cfcb3a..995a9365f6135bebe8d30bb93ccd6cf35346231e 100644
--- a/htdocs/projet/fiche.php
+++ b/htdocs/projet/fiche.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
*
* This program is free software; you can redistribute it and/or modify
@@ -33,10 +33,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/modules/project/modules_project.php");
$langs->load("projects");
$langs->load('companies');
-$projectid = GETPOST('id','int');
-$projectref = GETPOST('ref');
+$id=GETPOST('id','int');
+$ref = GETPOST('ref');
+$action=GETPOST('action');
-if ($projectid == '' && $projectref == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();
+if ($id == '' && $ref == '' && ($action != "create" && $action != "add" && $action != "update" && ! $_POST["cancel"])) accessforbidden();
$mine = GETPOST('mode')=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
@@ -44,7 +45,7 @@ $mine = GETPOST('mode')=='mine' ? 1 : 0;
// Security check
$socid=0;
if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $projectid);
+$result = restrictedArea($user, 'projet', $id);
@@ -60,7 +61,7 @@ if (GETPOST("cancel") && GETPOST('backtopage'))
exit;
}
-if ($_POST["action"] == 'add' && $user->rights->projet->creer)
+if ($action == 'add' && $user->rights->projet->creer)
{
$error=0;
if (empty($_POST["ref"]))
@@ -121,20 +122,20 @@ if ($_POST["action"] == 'add' && $user->rights->projet->creer)
{
$db->rollback();
- $_GET["action"] = 'create';
+ $action = 'create';
}
}
else
{
- $_GET["action"] = 'create';
+ $action = 'create';
}
}
-if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
+if ($action == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
{
$error=0;
- if (empty($_POST["ref"]))
+ if (empty($ref))
{
$error++;
//$_GET["id"]=$_POST["id"]; // On retourne sur la fiche projet
@@ -161,20 +162,19 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet-
$result=$project->update($user);
- $_GET["id"]=$project->id; // On retourne sur la fiche projet
+ $id=$project->id; // On retourne sur la fiche projet
}
else
{
- $_GET["id"]=$_POST["id"];
- $_GET['action']='edit';
+ $action='edit';
}
}
// Build doc
-if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer)
+if ($action == 'builddoc' && $user->rights->projet->creer)
{
$project = new Project($db);
- $project->fetch($_GET['id']);
+ $project->fetch($id);
if (GETPOST('model'))
{
$project->setDocModel($user, GETPOST('model'));
@@ -199,10 +199,10 @@ if (GETPOST('action') == 'builddoc' && $user->rights->projet->creer)
}
}
-if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes')
+if ($action == 'confirm_validate' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
- $project->fetch(GETPOST("id"));
+ $project->fetch($id);
$result = $project->setValid($user);
if ($result <= 0)
@@ -211,10 +211,10 @@ if (GETPOST('action') == 'confirm_validate' && GETPOST('confirm') == 'yes')
}
}
-if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes')
+if ($action == 'confirm_close' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
- $project->fetch(GETPOST("id"));
+ $project->fetch($id);
$result = $project->setClose($user);
if ($result <= 0)
{
@@ -222,10 +222,10 @@ if (GETPOST('action') == 'confirm_close' && GETPOST('confirm') == 'yes')
}
}
-if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes')
+if ($action == 'confirm_reopen' && GETPOST('confirm') == 'yes')
{
$project = new Project($db);
- $project->fetch(GETPOST("id"));
+ $project->fetch($id);
$result = $project->setValid($user);
if ($result <= 0)
{
@@ -233,10 +233,10 @@ if (GETPOST('action') == 'confirm_reopen' && GETPOST('confirm') == 'yes')
}
}
-if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer)
+if ($action == 'confirm_delete' && GETPOST("confirm") == "yes" && $user->rights->projet->supprimer)
{
$project = new Project($db);
- $project->fetch(GETPOST("id"));
+ $project->fetch($id);
$result=$project->delete($user);
if ($result > 0)
{
@@ -264,20 +264,20 @@ $help_url="EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos";
llxHeader("",$langs->trans("Projects"),$help_url);
-if ($_GET["action"] == 'create' && $user->rights->projet->creer)
+if ($action == 'create' && $user->rights->projet->creer)
{
/*
* Create
*/
print_fiche_titre($langs->trans("NewProject"));
- if ($mesg) print $mesg.'<br>';
+ dol_htmloutput_mesg($mesg);
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="backtopage" value="'.GETPOST('backtopage').'">';
-
+
print '<table class="border" width="100%">';
$project = new Project($db);
@@ -347,39 +347,43 @@ else
* Show or edit
*/
- if ($mesg) print $mesg;
+ dol_htmloutput_mesg($mesg);
$project = new Project($db);
- $project->fetch($projectid,$projectref);
+ $project->fetch($id,$ref);
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
- $userAccess = $project->restrictedProjectArea($user);
+ $userAccess = $project->restrictedProjectArea($user,'read');
+ $userWrite = $project->restrictedProjectArea($user,'write');
+ $userDelete = $project->restrictedProjectArea($user,'delete');
+ //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
+
$head=project_prepare_head($project);
dol_fiche_head($head, 'project', $langs->trans("Project"),0,($project->public?'projectpub':'project'));
// Confirmation validation
- if ($_GET['action'] == 'validate')
+ if ($action == 'validate')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"].'?id='.$project->id, $langs->trans('ValidateProject'), $langs->trans('ConfirmValidateProject'), 'confirm_validate','',0,1);
if ($ret == 'html') print '<br>';
}
// Confirmation close
- if ($_GET["action"] == 'close')
+ if ($action == 'close')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("CloseAProject"),$langs->trans("ConfirmCloseAProject"),"confirm_close",'','',1);
if ($ret == 'html') print '<br>';
}
// Confirmation reopen
- if ($_GET["action"] == 'reopen')
+ if ($action == 'reopen')
{
$ret=$form->form_confirm($_SERVER["PHP_SELF"]."?id=".$project->id,$langs->trans("ReOpenAProject"),$langs->trans("ConfirmReOpenAProject"),"confirm_reopen",'','',1);
if ($ret == 'html') print '<br>';
}
// Confirmation delete
- if ($_GET["action"] == 'delete')
+ if ($action == 'delete')
{
$text=$langs->trans("ConfirmDeleteAProject");
$task=new Task($db);
@@ -391,7 +395,7 @@ else
}
- if ($_GET["action"] == 'edit' && $userAccess)
+ if ($action == 'edit' && $userWrite > 0)
{
print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@@ -453,8 +457,8 @@ else
// Define a complementary filter for search of next/prev ref.
if (! $user->rights->projet->all->lire)
{
- $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
- $project->next_prev_filter=" rowid in (".$projectsListId.")";
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
+ $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
}
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@@ -502,12 +506,12 @@ else
*/
print '<div class="tabsAction">';
- if ($_GET["action"] != "edit" )
+ if ($action != "edit" )
{
// Validate
if ($project->statut == 0 && $user->rights->projet->creer)
{
- if ($userAccess)
+ if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&action=validate">'.$langs->trans("Valid").'</a>';
}
@@ -520,7 +524,7 @@ else
// Modify
if ($project->statut != 2 && $user->rights->projet->creer)
{
- if ($userAccess)
+ if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&action=edit">'.$langs->trans("Modify").'</a>';
}
@@ -533,7 +537,7 @@ else
// Close
if ($project->statut == 1 && $user->rights->projet->creer)
{
- if ($userAccess)
+ if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&action=close">'.$langs->trans("Close").'</a>';
}
@@ -546,7 +550,7 @@ else
// Reopen
if ($project->statut == 2 && $user->rights->projet->creer)
{
- if ($userAccess)
+ if ($userWrite > 0)
{
print '<a class="butAction" href="fiche.php?id='.$project->id.'&action=reopen">'.$langs->trans("ReOpen").'</a>';
}
@@ -559,7 +563,7 @@ else
// Delete
if ($user->rights->projet->supprimer)
{
- if ($userAccess)
+ if ($userDelete > 0)
{
print '<a class="butActionDelete" href="fiche.php?id='.$project->id.'&action=delete">'.$langs->trans("Delete").'</a>';
}
@@ -573,7 +577,7 @@ else
print "</div>";
print "<br>\n";
- if ($_GET['action'] != 'presend')
+ if ($action != 'presend')
{
print '<table width="100%"><tr><td width="50%" valign="top">';
print '<a name="builddoc"></a>'; // ancre
@@ -585,8 +589,8 @@ else
$filename=dol_sanitizeFileName($project->ref);
$filedir=$conf->projet->dir_output . "/" . dol_sanitizeFileName($project->ref);
$urlsource=$_SERVER["PHP_SELF"]."?id=".$project->id;
- $genallowed=($user->rights->projet->creer && $userAccess);
- $delallowed=($user->rights->projet->supprimer && $userAccess);
+ $genallowed=($user->rights->projet->lire && $userAccess > 0);
+ $delallowed=($user->rights->projet->creer && $userWrite > 0);
$var=true;
@@ -604,7 +608,7 @@ else
}
-$db->close();
-
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php
index 7da800e13044d07134d1c7fd7fc17c90372abaa4..bcb5f12024ef5ac9acc0229e08e4d7b3869adb34 100644
--- a/htdocs/projet/ganttview.php
+++ b/htdocs/projet/ganttview.php
@@ -30,15 +30,15 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
-$projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"];
-
+$id=GETPOST('id');
+$ref=GETPOST('ref');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
// Security check
$socid=0;
if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $projectid);
+$result = restrictedArea($user, 'projet', $id);
$userAccess=0;
@@ -73,16 +73,14 @@ llxHeader("",$langs->trans("Tasks"),$help_url,'',0,0,$arrayofjs,$arrayofcss);
$task = new Task($db);
-$id = $_REQUEST['id'];
-$ref= $_GET['ref'];
if ($id > 0 || ! empty($ref))
{
$project = new Project($db);
- $project->fetch($_REQUEST["id"],$_GET["ref"]);
+ $project->fetch($id,$ref);
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
// To verify role of users
- $userAccess = $project->restrictedProjectArea($user);
+ $userAccess = $project->restrictedProjectArea($user,'read');
}
diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php
index 6efc3f1e058e1786eb603298f069bbe8dfefd3fe..1cc4fc638f8f9d17575549d70be89107611a395c 100644
--- a/htdocs/projet/index.php
+++ b/htdocs/projet/index.php
@@ -130,7 +130,7 @@ print "</table>";
print '</td></tr></table>';
-$db->close();
-
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
index 63abcd891957084a211a427d3037f216dc526865..34b131196ad9496a87025c0ed516e2855aaec558 100644
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@@ -143,12 +143,12 @@ if ($resql)
$projectstatic->user_author_id = $objp->fk_user_creat;
$projectstatic->public = $objp->public;
- $userAccess = $projectstatic->restrictedProjectArea($user,1);
+ $userAccess = $projectstatic->restrictedProjectArea($user);
if ($userAccess >= 0)
{
$var=!$var;
- print "<tr $bc[$var]>";
+ print "<tr ".$bc[$var].">";
// Project url
print "<td>";
@@ -201,8 +201,8 @@ else
print "</table>";
-$db->close();
-
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php
index 4edf8dc897672c1ec64ac728074b7068d57f8cec..6d193e771eb9bb613c6ad195db32f012f7fc1222 100644
--- a/htdocs/projet/note.php
+++ b/htdocs/projet/note.php
@@ -107,8 +107,11 @@ if ($id > 0 || ! empty($ref))
{
if ($project->societe->id > 0) $result=$project->societe->fetch($project->societe->id);
- // To verify role of users
- $userAccess = $project->restrictedProjectArea($user);
+ // To verify role of users
+ //$userAccess = $project->restrictedProjectArea($user,'read');
+ $userWrite = $project->restrictedProjectArea($user,'write');
+ //$userDelete = $project->restrictedProjectArea($user,'delete');
+ //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
$head = project_prepare_head($project);
dol_fiche_head($head, 'note', $langs->trans('Project'), 0, ($project->public?'projectpub':'project'));
@@ -120,8 +123,11 @@ if ($id > 0 || ! empty($ref))
// Ref
print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
// Define a complementary filter for search of next/prev ref.
- $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
- $project->next_prev_filter=" rowid in (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire)
+ {
+ $projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,0);
+ $project->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
+ }
print $form->showrefnav($project,'ref','',1,'ref','ref');
print '</td></tr>';
@@ -193,7 +199,7 @@ if ($id > 0 || ! empty($ref))
print '<div class="tabsAction">';
if ($user->rights->projet->creer && $_GET['action'] <> 'edit')
{
- if ($userAccess)
+ if ($userWrite > 0)
{
print '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$project->id.'&action=edit">'.$langs->trans('Modify').'</a>';
}
@@ -205,7 +211,8 @@ if ($id > 0 || ! empty($ref))
print '</div>';
}
}
-$db->close();
llxFooter();
+
+$db->close();
?>
diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php
index 87e35a9c8ba5d38be221a434e0fb846a81479bff..c54b349d258a730ff765d34d05048e32d4851dc1 100644
--- a/htdocs/projet/tasks.php
+++ b/htdocs/projet/tasks.php
@@ -150,11 +150,14 @@ if ($id > 0 || ! empty($ref))
$object->fetch($id, $ref);
if ($object->societe->id > 0) $result=$object->societe->fetch($object->societe->id);
- // To verify role of users
- $userAccess = $object->restrictedProjectArea($user);
+ // To verify role of users
+ //$userAccess = $object->restrictedProjectArea($user,'read');
+ $userWrite = $object->restrictedProjectArea($user,'write');
+ //$userDelete = $object->restrictedProjectArea($user,'delete');
+ //print "userAccess=".$userAccess." userWrite=".$userWrite." userDelete=".$userDelete;
}
-if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess))
+if ($action == 'create' && $user->rights->projet->creer && (empty($object->societe->id) || $userAccess > 0))
{
print_fiche_titre($langs->trans("NewTask"));
@@ -203,12 +206,12 @@ if ($action == 'create' && $user->rights->projet->creer && (empty($object->socie
print '</td></tr>';
print '</table>';
-
- print '<center><br>';
+
+ print '<div align="center"><br>';
print '<input type="submit" class="button" name="add" value="'.$langs->trans("Add").'">';
print ' ';
print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'">';
- print '</center>';
+ print '</div>';
print '</form>';
@@ -234,8 +237,11 @@ else
print $langs->trans("Ref");
print '</td><td>';
// Define a complementary filter for search of next/prev ref.
- $projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,1);
- $object->next_prev_filter=" rowid in (".$projectsListId.")";
+ if (! $user->rights->projet->all->lire)
+ {
+ $projectsListId = $object->getProjectsAuthorizedForUser($user,$mine,0);
+ $object->next_prev_filter=" rowid in (".(count($projectsListId)?join(',',array_keys($projectsListId)):'0').")";
+ }
print $form->showrefnav($object,'ref','',1,'ref','ref','',$param);
print '</td></tr>';
@@ -267,7 +273,7 @@ else
if ($user->rights->projet->all->creer || $user->rights->projet->creer)
{
- if ($object->public || $userAccess)
+ if ($object->public || $userWrite > 0)
{
print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=create'.$param.'">'.$langs->trans('AddTask').'</a>';
}
@@ -313,7 +319,7 @@ else
print '<table class="noborder" width="100%">';
print '<tr class="liste_titre">';
- if (! empty($object->id)) print '<td>'.$langs->trans("Project").'</td>';
+ // print '<td>'.$langs->trans("Project").'</td>';
print '<td width="80">'.$langs->trans("RefTask").'</td>';
print '<td>'.$langs->trans("LabelTask").'</td>';
print '<td align="right">'.$langs->trans("Progress").'</td>';
@@ -347,5 +353,4 @@ else
llxFooter();
$db->close();
-
?>
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index ac2dd13d9b450ce9016c969957050f4e9e6d04e6..c7c39012110e20ef3f0c13a6fcb191e4de6cc298 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -32,12 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
$langs->load('projects');
$langs->load('other');
-$action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
-
+$action=GETPOST('action');
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
//if (! $user->rights->projet->all->lire) $mine=1; // Special for projects
-
-$id = isset($_GET["id"])?$_GET["id"]:'';
+$id = GETPOST('id');
+$ref= GETPOST('ref');
// Security check
$socid=0;
@@ -57,8 +56,6 @@ if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="name";
-$id = $_GET['id'];
-$ref= $_GET['ref'];
$task = new Task($db);