Fix: refining permissions to modify an action without the right to remove

65c9b69f · Regis Houssin · c7d2a62e · 65c9b69f · 65c9b69f · 65c9b69f
Commit 65c9b69f authored 15 years ago by Regis Houssin
--- a/htdocs/comm/action/fiche.php
+++ b/htdocs/comm/action/fiche.php
@@ -294,8 +294,8 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes')
 	$actioncomm = new ActionComm($db);
 	$actioncomm->fetch($_GET["id"]);

-	if ($user->rights->agenda->myactions->create
-		|| $user->rights->agenda->allactions->create)
+	if ($user->rights->agenda->myactions->delete
+		|| $user->rights->agenda->allactions->delete)
 	{
 		$result=$actioncomm->delete();

@@ -313,7 +313,6 @@ if ($_REQUEST["action"] == 'confirm_delete' && $_REQUEST["confirm"] == 'yes')

 /*
 * Action mise a jour de l'action
- *
 */
 if ($_POST["action"] == 'update')
 {
@@ -441,11 +440,9 @@ llxHeader('',$langs->trans("Agenda"),$help_url);
 $html = new Form($db);
 $htmlactions = new FormActions($db);

-/* ************************************************************************** */
-/*                                                                            */
-/* Affichage fiche en mode creation                                           */
-/*                                                                            */
-/* ************************************************************************** */
+/*
+ * Affichage fiche en mode creation
+ */

 if ($_GET["action"] == 'create')
 {
@@ -861,7 +858,7 @@ if ($_GET["id"])
 		print $act->priority;
 		print '</td></tr>';

-		// Objet lie
+		// Linked object
 		if ($act->objet_url)
 		{
 			print '<tr><td>'.$langs->trans("LinkedObject").'</td>';
@@ -879,7 +876,7 @@ if ($_GET["id"])
 	print "</div>\n";


-	/**
+	/*
 	 * Barre d'actions
 	 *
 	 */
@@ -888,7 +885,9 @@ if ($_GET["id"])

 	if ($_GET["action"] != 'edit')
 	{
-		if ($user->rights->agenda->allactions->create)
+		if ($user->rights->agenda->allactions->modify || 
+		   (($act->author->id == $user->id && $user->rights->agenda->myactions->modify) ||
+		   ($act->usertodo->id == $user->id && $user->rights->agenda->myactions->modify)))
 		{
 			print '<a class="butAction" href="fiche.php?action=edit&id='.$act->id.'">'.$langs->trans("Modify").'</a>';
 		}
@@ -897,7 +896,9 @@ if ($_GET["id"])
 			print '<a class="butActionRefused" href="#" title="'.$langs->trans("NotAllowed").'">'.$langs->trans("Modify").'</a>';
 		}

-		if ($user->rights->agenda->allactions->create)
+		if ($user->rights->agenda->allactions->delete || 
+		   (($act->author->id == $user->id && $user->rights->agenda->myactions->delete) ||
+		   ($act->usertodo->id == $user->id && $user->rights->agenda->myactions->delete)))
 		{
 			print '<a class="butActionDelete" href="fiche.php?action=delete&id='.$act->id.'">'.$langs->trans("Delete").'</a>';
 		}
@@ -916,8 +917,8 @@ llxFooter('$Date$ - $Revision$');


 /**
- \brief      Ajoute une ligne de tableau a 2 colonnes pour avoir l'option synchro calendrier
- \return     int     Retourne le nombre de lignes ajoutees
+ *  \brief      Ajoute une ligne de tableau a 2 colonnes pour avoir l'option synchro calendrier
+ *  \return     int     Retourne le nombre de lignes ajoutees
 */
 function add_row_for_calendar_link()
 {

--- a/htdocs/includes/modules/modAgenda.class.php
+++ b/htdocs/includes/modules/modAgenda.class.php
@@ -109,14 +109,22 @@ class modAgenda extends DolibarrModules
 		$r++;

 		$this->rights[$r][0] = 2402;
-		$this->rights[$r][1] = 'Create/modify/delete actions/tasks linked to his account';
+		$this->rights[$r][1] = 'Create/delete actions/tasks linked to his account';
 		$this->rights[$r][2] = 'w';
 		$this->rights[$r][3] = 0;
 		$this->rights[$r][4] = 'myactions';
 		$this->rights[$r][5] = 'create';
 		$r++;
-
+		
 		$this->rights[$r][0] = 2403;
+		$this->rights[$r][1] = 'Modify actions/tasks linked to his account';
+		$this->rights[$r][2] = 'w';
+		$this->rights[$r][3] = 0;
+		$this->rights[$r][4] = 'myactions';
+		$this->rights[$r][5] = 'modify';
+		$r++;
+
+		$this->rights[$r][0] = 2411;
 		$this->rights[$r][1] = 'Read actions/tasks of others';
 		$this->rights[$r][2] = 'r';
 		$this->rights[$r][3] = 0;
@@ -124,13 +132,21 @@ class modAgenda extends DolibarrModules
 		$this->rights[$r][5] = 'read';
 		$r++;

-		$this->rights[$r][0] = 2405;
-		$this->rights[$r][1] = 'Create/modify/delete actions/tasks of others';
+		$this->rights[$r][0] = 2412;
+		$this->rights[$r][1] = 'Create/delete actions/tasks of others';
 		$this->rights[$r][2] = 'w';
 		$this->rights[$r][3] = 0;
 		$this->rights[$r][4] = 'allactions';
 		$this->rights[$r][5] = 'create';
 		$r++;
+		
+		$this->rights[$r][0] = 2413;
+		$this->rights[$r][1] = 'Modify actions/tasks of others';
+		$this->rights[$r][2] = 'w';
+		$this->rights[$r][3] = 0;
+		$this->rights[$r][4] = 'allactions';
+		$this->rights[$r][5] = 'modify';
+		$r++;

 		// Main menu entries
 		$this->menu = array();			// List of menus to add

--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -548,9 +548,11 @@ Permission1251=Run mass imports of external data into database (data load)
 Permission1321=Export customer invoices, attributes and payments
 Permission1421=Export customer orders and attributes
 Permission2401=Read actions (events or tasks) linked to his account
-Permission2402=Create/modify/delete actions (events or tasks) linked to his account
-Permission2403=Read actions (events or tasks) of others
-Permission2405=Create/modify/delete actions (events or tasks) of others
+Permission2402=Create/delete actions (events or tasks) linked to his account
+Permission2403=Modify actions (events or tasks) linked to his account
+Permission2411=Read actions (events or tasks) of others
+Permission2412=Create/delete actions (events or tasks) of others
+Permission2413=Modify actions (events or tasks) of others
 Permission2500=Read documents
 Permission2501=Submit or delete documents
 Permission2515=Setup documents directories

--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -548,9 +548,11 @@ Permission1251 = Lancer des imports de masse dans la base (chargement de donnée
 Permission1321 = Exporter les factures clients, attributs et règlements
 Permission1421 = Exporter les commandes clients et attributs
 Permission2401 = Lire les actions (évènements ou tâches) liées à son compte
-Permission2402 = Creer/modifier/supprimer les actions (évènements ou tâches) liées à son compte
-Permission2403 = Lire les actions (évènements ou tâches) des autres
-Permission2405 = Creer/modifier/supprimer les actions (évènements ou tâches) pour les autres
+Permission2402 = Creer/supprimer les actions (évènements ou tâches) liées à son compte
+Permission2403 = Modifier les actions (évènements ou tâches) liées à son compte
+Permission2411 = Lire les actions (évènements ou tâches) des autres
+Permission2412 = Creer/supprimer les actions (évènements ou tâches) pour les autres
+Permission2413 = Modifier les actions (évènements ou tâches) pour les autres
 Permission2500 = Consulter les documents
 Permission2501 = Soumettre ou supprimer des documents
 Permission2515 = Administrer les rubriques de documents