From 949ae2f160caf39293fd55918f31ca76c5a11c05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Sun, 14 Sep 2014 13:09:31 +0200
Subject: [PATCH] [ bug #1591 ] Linked object block shows Total HT/TTC even if
 not having permission to read them

---
 ChangeLog                                       |  1 +
 .../comm/propal/tpl/linkedobjectblock.tpl.php   | 17 +++++++++++++----
 htdocs/commande/tpl/linkedobjectblock.tpl.php   | 15 ++++++++++++---
 .../facture/tpl/linkedobjectblock.tpl.php       | 15 ++++++++++++---
 htdocs/expedition/tpl/linkedobjectblock.tpl.php | 15 ++++++++++++---
 .../commande/tpl/linkedobjectblock.tpl.php      | 15 ++++++++++++---
 .../fourn/facture/tpl/linkedobjectblock.tpl.php | 15 ++++++++++++---
 7 files changed, 74 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 04e63ec1c8e..575aa1aa0e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@ Fix: [ bug #1544 ] Can remove date from invoice.
 Fix: list event view lost type event filter.
 Fix: Add code save on create event.
 Fix: SQL injection.
+Fix: [ bug #1591 ] Linked object block shows Total HT/TTC even if not having permission to read them
 
 ***** ChangeLog for 3.5.4 compared to 3.5.3 *****
 Fix: Hide title of event when agenda module disabled.
diff --git a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
index 632dee63965..cb920afd5fc 100644
--- a/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/comm/propal/tpl/linkedobjectblock.tpl.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011  Regis Houssin <regis.houssin@capnetworks.com>
- * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2013       Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -27,6 +28,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -52,17 +55,23 @@ foreach($linkedObjectBlock as $object)
 	<a href="<?php echo DOL_URL_ROOT.'/comm/propal.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowPropal"),"propal").' '.$object->ref; ?></a></td>
 	<td><?php echo $object->ref_client; ?></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->propale->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="3"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->propale->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
diff --git a/htdocs/commande/tpl/linkedobjectblock.tpl.php b/htdocs/commande/tpl/linkedobjectblock.tpl.php
index c7d073501a3..d2fe19c5b6f 100644
--- a/htdocs/commande/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/commande/tpl/linkedobjectblock.tpl.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011	Regis Houssin <regis.houssin@capnetworks.com>
  * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,17 +50,23 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $GLOBALS['bc'][$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/commande/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowOrder"),"order").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->commande->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->commande->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
diff --git a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
index f0fca0b90ff..ae3038a6021 100644
--- a/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/compta/facture/tpl/linkedobjectblock.tpl.php
@@ -1,6 +1,7 @@
 <?php
 /* Copyright (C) 2010-2011	Regis Houssin <regis.houssin@capnetworks.com>
  * Copyright (C) 2013		Juanjo Menent <jmenent@2byte.es>
+ * Copyright (C) 2014       Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -22,6 +23,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,16 +50,22 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $GLOBALS['bc'][$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/compta/facture.php?facid='.$object->id ?>"><?php echo img_object($langs->trans("ShowBill"),"bill").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->facture->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans("TotalHT"); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->facture->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
diff --git a/htdocs/expedition/tpl/linkedobjectblock.tpl.php b/htdocs/expedition/tpl/linkedobjectblock.tpl.php
index fd723650561..364afb92177 100644
--- a/htdocs/expedition/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/expedition/tpl/linkedobjectblock.tpl.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2012 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014 Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -47,17 +50,23 @@ foreach($linkedObjectBlock as $object)
 	<a href="<?php echo DOL_URL_ROOT.'/expedition/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowShipping"),"sending").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date_creation,'day'); ?></td>
 	<td align="center"><?php echo dol_print_date($object->date_delivery,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->expedition->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="3"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->expedition->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
diff --git a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
index d1e209eb54b..fc1942e0f61 100644
--- a/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fourn/commande/tpl/linkedobjectblock.tpl.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2010-2011 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014      Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -44,17 +47,23 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $bc[$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/fourn/commande/fiche.php?id='.$object->id ?>"><?php echo img_object($langs->trans("ShowOrder"),"order").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->commande->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans('TotalHT'); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->commande->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
diff --git a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
index ab585cc4b1f..c10fea8bb8a 100644
--- a/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
+++ b/htdocs/fourn/facture/tpl/linkedobjectblock.tpl.php
@@ -1,5 +1,6 @@
 <?php
 /* Copyright (C) 2010-2011 Regis Houssin <regis.houssin@capnetworks.com>
+ * Copyright (C) 2014      Marcos García <marcosgdf@gmail.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,6 +22,8 @@
 
 <?php
 
+global $user;
+
 $langs = $GLOBALS['langs'];
 $linkedObjectBlock = $GLOBALS['linkedObjectBlock'];
 
@@ -45,16 +48,22 @@ foreach($linkedObjectBlock as $object)
 <tr <?php echo $bc[$var]; ?> ><td>
 	<a href="<?php echo DOL_URL_ROOT.'/fourn/facture/fiche.php?facid='.$object->id ?>"><?php echo img_object($langs->trans("ShowBill"),"bill").' '.$object->ref; ?></a></td>
 	<td align="center"><?php echo dol_print_date($object->date,'day'); ?></td>
-	<td align="right"><?php echo price($object->total_ht); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->facture->lire) {
+			$total = $total + $object->total_ht;
+			echo price($object->total_ht);
+		} ?></td>
 	<td align="right"><?php echo $object->getLibStatut(3); ?></td>
 </tr>
 <?php
-$total = $total + $object->total_ht;
 }
 ?>
 <tr class="liste_total">
 	<td align="left" colspan="2"><?php echo $langs->trans("TotalHT"); ?></td>
-	<td align="right"><?php echo price($total); ?></td>
+	<td align="right"><?php
+		if ($user->rights->fournisseur->facture->lire) {
+			echo price($total);
+		} ?></td>
 	<td>&nbsp;</td>
 </tr>
 </table>
-- 
GitLab