Works on enhancement of project tasks

Fix: security check

Works on enhancement of project tasks
860611c1 · Regis Houssin · 5b661dba · 860611c1 · 860611c1 · 860611c1
Commit 860611c1 authored Feb 10, 2010 by Regis Houssin
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -38,7 +38,7 @@ $taskid = isset($_GET["id"])?$_GET["id"]:'';
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
 //$result = restrictedArea($user, 'projet', $taskid, 'projet_task');
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();


 /*
@@ -46,7 +46,7 @@ if (!$user->rights->projet->task->lire) accessforbidden();
 */

 // Add new contact
-if ($_POST["action"] == 'addcontact' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'addcontact' && $user->rights->projet->creer)
 {

 	$result = 0;
@@ -77,7 +77,7 @@ if ($_POST["action"] == 'addcontact' && $user->rights->projet->task->creer)
 	}
 }
 // modification d'un contact. On enregistre le type
-if ($_POST["action"] == 'updateline' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'updateline' && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	if ($task->fetch($taskid))
@@ -103,7 +103,7 @@ if ($_POST["action"] == 'updateline' && $user->rights->projet->task->creer)
 }

 // bascule du statut d'un contact
-if ($_GET["action"] == 'swapstatut' && $user->rights->projet->task->creer)
+if ($_GET["action"] == 'swapstatut' && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	if ($task->fetch($taskid))
@@ -129,7 +129,7 @@ if ($_GET["action"] == 'swapstatut' && $user->rights->projet->task->creer)
 }

 // Efface un contact
-if ($_GET["action"] == 'deleteline' && $user->rights->projet->task->creer)
+if ($_GET["action"] == 'deleteline' && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	$task->fetch($taskid);
@@ -221,7 +221,7 @@ if ($id > 0 || ! empty($ref))
 		 * Ajouter une ligne de contact
 		 * Non affiche en mode modification de ligne
 		 */
-		if ($_GET["action"] != 'editline' && $user->rights->projet->task->creer)
+		if ($_GET["action"] != 'editline' && $user->rights->projet->creer)
 		{
 			print '<tr class="liste_titre">';
 			print '<td>'.$langs->trans("Source").'</td>';
@@ -377,7 +377,7 @@ if ($id > 0 || ! empty($ref))

 				// Icon update et delete
 				print '<td align="center" nowrap>';
-				if ($user->rights->projet->task->creer)
+				if ($user->rights->projet->creer)
 				{
 					print '&nbsp;';
 					print '<a href="'.$_SERVER["PHP_SELF"].'?id='.$task->id.'&amp;action=deleteline&amp;lineid='.$tab[$i]['rowid'].'">';

--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks/fiche.php
@@ -125,7 +125,7 @@ if ($id > 0 || ! empty($ref))
 	$userAccess = $project->restrictedProjectArea($user);
 }

-if ($_GET["action"] == 'create' && $user->rights->projet->task->creer && (empty($project->societe->id) || $userAccess))
+if ($_GET["action"] == 'create' && $user->rights->projet->creer && (empty($project->societe->id) || $userAccess))
 {
 	print_fiche_titre($langs->trans("NewTask"));

@@ -238,7 +238,7 @@ else
 	 */
 	print '<div class="tabsAction">';

-	if ($user->rights->projet->task->creer)
+	if ($user->rights->projet->creer)
 	{
 		if ($userAccess)
 		{

--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -92,7 +92,7 @@ print '</div>';
 /*
 * Actions
 */
-if ($user->rights->projet->task->creer)
+if ($user->rights->projet->creer)
 {
 	print '<div class="tabsAction">';
 	print '<a class="butAction" href="'.DOL_URL_ROOT.'/projet/tasks/fiche.php?action=create">'.$langs->trans('AddTask').'</a>';

--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -33,7 +33,7 @@ $id = isset($_GET["id"])?$_GET["id"]:'';

 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
 //$result = restrictedArea($user, 'projet', $id, '', 'task'); // TODO ameliorer la verification


@@ -42,7 +42,7 @@ if (!$user->rights->projet->task->lire) accessforbidden();
 /*                     Actions                                                */
 /******************************************************************************/

-if ($_POST["action"] == 'update_public' && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'update_public' && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	$task->fetch($_GET['id']);
@@ -61,7 +61,7 @@ if ($_POST["action"] == 'update_public' && $user->rights->projet->task->creer)
 	}
 }

-if ($_POST['action'] == 'update_private' && $user->rights->projet->task->creer)
+if ($_POST['action'] == 'update_private' && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	$task->fetch($_GET['id']);
@@ -198,7 +198,7 @@ if ($id > 0 || ! empty($ref))
 		 */

 		print '<div class="tabsAction">';
-		if ($user->rights->projet->task->creer && $_GET['action'] <> 'edit')
+		if ($user->rights->projet->creer && $_GET['action'] <> 'edit')
 		{
 			if ($userAccess)
 			{

--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -32,13 +32,13 @@ require_once(DOL_DOCUMENT_ROOT."/html.formother.class.php");
 $taskid = (isset($_GET["id"])?$_GET["id"]:(isset($_POST["id"])?$_POST["id"]:''));
 $taskref = (isset($_GET["ref"])?$_GET["ref"]:'');

-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();

 /*
 * Actions
 */

-if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet->creer)
 {
 	$error=0;

@@ -74,7 +74,7 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->projet-
 	}
 }

-if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->projet->task->creer)
+if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->projet->creer)
 {
 	$task = new Task($db);
 	if ($task->fetch($_GET["id"]) >= 0 )
@@ -125,7 +125,7 @@ if ($taskid)

 		dol_fiche_head($head, 'task', $langs->trans("Task"),0,'projecttask');

-		if ($_GET["action"] == 'edit' && $user->rights->projet->task->creer)
+		if ($_GET["action"] == 'edit' && $user->rights->projet->creer)
 		{
 			print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
 			print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
@@ -252,7 +252,7 @@ if ($taskid)
 			print '<div class="tabsAction">';

 			// Modify
-			if ($user->rights->projet->task->creer)
+			if ($user->rights->projet->creer)
 			{
 				print '<a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$task->id.'&amp;action=edit">'.$langs->trans('Modify').'</a>';
 			}
@@ -262,7 +262,7 @@ if ($taskid)
 			}

 			// Delete
-			if ($user->rights->projet->task->supprimer)
+			if ($user->rights->projet->supprimer)
 			{
 				print '<a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$task->id.'&amp;action=delete">'.$langs->trans('Delete').'</a>';
 			}

--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -28,7 +28,7 @@
 require("./pre.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");

-if (!$user->rights->projet->task->lire) accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();

 /*
 * Actions