diff --git a/htdocs/adherents/card_subscriptions.php b/htdocs/adherents/card_subscriptions.php
index e13a5bbef6170a06293123a5f6c08fbbb49a7d23..568837befd2f69b18de4ba06676ba762a8edc70b 100644
--- a/htdocs/adherents/card_subscriptions.php
+++ b/htdocs/adherents/card_subscriptions.php
@@ -46,7 +46,7 @@ $rowid=GETPOST('rowid','int');
$typeid=GETPOST('typeid','int');
// Security check
-$result=restrictedArea($user,'adherent',$rowid);
+$result=restrictedArea($user,'adherent',$rowid,'','cotisation');
$object = new Adherent($db);
$extrafields = new ExtraFields($db);
diff --git a/htdocs/adherents/cotisations.php b/htdocs/adherents/cotisations.php
index 1b4fabaf47ed1ae8aa6bc4f4592108edc74312e8..dfba09359539e750778f3b9b5c36481c1871204f 100644
--- a/htdocs/adherents/cotisations.php
+++ b/htdocs/adherents/cotisations.php
@@ -46,8 +46,8 @@ if (! $sortfield) { $sortfield="c.dateadh"; }
$msg='';
$date_select=isset($_GET["date_select"])?$_GET["date_select"]:$_POST["date_select"];
-if (! $user->rights->adherent->cotisation->lire)
-accessforbidden();
+// Security check
+$result=restrictedArea($user,'adherent','','','cotisation');
/*
diff --git a/htdocs/adherents/index.php b/htdocs/adherents/index.php
index 60d7243c5fd73368f79f26a1261c43298f9100e4..af2676a7d3197fc94090ec8cc12ba0ee225e95cb 100644
--- a/htdocs/adherents/index.php
+++ b/htdocs/adherents/index.php
@@ -28,10 +28,12 @@ require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
-
$langs->load("companies");
$langs->load("members");
+// Security check
+$result=restrictedArea($user,'adherent');
+
/*
* View
diff --git a/htdocs/adherents/liste.php b/htdocs/adherents/liste.php
index 592881b2b72035732d8ce72994706c50f8d49c08..5e26c9e35ab333da55f851988d070d4ddac83340 100644
--- a/htdocs/adherents/liste.php
+++ b/htdocs/adherents/liste.php
@@ -31,6 +31,9 @@ require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
$langs->load("members");
$langs->load("companies");
+// Security check
+$result=restrictedArea($user,'adherent');
+
$action=GETPOST("action");
$filter=GETPOST("filter");
$statut=GETPOST("statut");
@@ -70,7 +73,6 @@ if (GETPOST("button_removefilter"))
}
-
/*
* View
*/
diff --git a/htdocs/adherents/stats/byproperties.php b/htdocs/adherents/stats/byproperties.php
index dcc25501d846e6a5c92c9bd5649440f629561170..12732ecdc47a4199ac608cf9d846204e60b01dca 100755
--- a/htdocs/adherents/stats/byproperties.php
+++ b/htdocs/adherents/stats/byproperties.php
@@ -35,11 +35,10 @@ $mode=GETPOST('mode')?GETPOST('mode'):'';
// Security check
if ($user->societe_id > 0)
{
- $action = '';
- $socid = $user->societe_id;
+ $action = '';
+ $socid = $user->societe_id;
}
-if (! $user->rights->adherent->cotisation->lire)
- accessforbidden();
+$result=restrictedArea($user,'adherent','','','cotisation');
$year = strftime("%Y", time());
$startyear=$year-2;
diff --git a/htdocs/adherents/stats/geo.php b/htdocs/adherents/stats/geo.php
index cdc731ecdca769a5edd603bb842308050662f1bd..d78ab4fe61f2c03a8414987d9f9350c0bc7e7e72 100755
--- a/htdocs/adherents/stats/geo.php
+++ b/htdocs/adherents/stats/geo.php
@@ -37,8 +37,7 @@ if ($user->societe_id > 0)
$action = '';
$socid = $user->societe_id;
}
-if (! $user->rights->adherent->cotisation->lire)
-accessforbidden();
+$result=restrictedArea($user,'adherent','','','cotisation');
$year = strftime("%Y", time());
$startyear=$year-2;
diff --git a/htdocs/adherents/stats/index.php b/htdocs/adherents/stats/index.php
index 0d5da2773f930ecb512e33996d9b5096b84d80ab..82dc17506e9c16e4da719f40b81632d5a697fb2e 100644
--- a/htdocs/adherents/stats/index.php
+++ b/htdocs/adherents/stats/index.php
@@ -33,12 +33,14 @@ $HEIGHT=200;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
+
// Security check
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
+$result=restrictedArea($user,'adherent','','','cotisation');
$year = strftime("%Y", time());
$startyear=$year-2;
diff --git a/htdocs/admin/modules.php b/htdocs/admin/modules.php
index 7a83d625831df00d45949526e08ccebfa3845186..dd96c83e79771e54ccf4be742c06212797e279a1 100644
--- a/htdocs/admin/modules.php
+++ b/htdocs/admin/modules.php
@@ -206,9 +206,8 @@ if ($mode==='expdev') print $langs->trans("ModuleFamilyExperimental")."<br>
$nbofactivatedmodules=count($conf->modules);
print $langs->trans("TotalNumberOfActivatedModules",($nbofactivatedmodules-1));
if ($nbofactivatedmodules <= 1) print ' '.img_warning($langs->trans("YouMustEnableOneModule"));
-print '<br>'."\n";
+print '<br>'."\n";
-print "<br>\n";
$h = 0;
@@ -266,6 +265,11 @@ $head[$h][2] = 'marketplace';
$h++;
+// Show warning about external users
+print showModulesExludedForExternal($modules).'<br>'."\n";
+print "<br>\n";
+
+
dol_fiche_head($head, $mode, $langs->trans("Modules"));
$var=true;
@@ -495,9 +499,6 @@ else
dol_fiche_end();
-// Pour eviter bug mise en page IE
-print '<div class="tabsAction">';
-print '</div>';
llxFooter();
diff --git a/htdocs/admin/perms.php b/htdocs/admin/perms.php
index d01c3421b6b0d4f0bb44cff8f27ad3fc7c1f192f..286275379774435c4a5ee8d07e356890ec857b42 100644
--- a/htdocs/admin/perms.php
+++ b/htdocs/admin/perms.php
@@ -68,8 +68,12 @@ print_fiche_titre($langs->trans("SecuritySetup"),'','setup');
print $langs->trans("DefaultRightsDesc");
print " ".$langs->trans("OnlyActiveElementsAreShown")."<br>\n";
+
+// Show warning about external users
+print showModulesExludedForExternal($modules).'<br>'."\n";
print "<br>\n";
+
$head=security_prepare_head();
dol_fiche_head($head, 'default', $langs->trans("Security"));
diff --git a/htdocs/comm/mailing/index.php b/htdocs/comm/mailing/index.php
index f19458c0f031effa4db56b7b6de458c83011224c..35896917b86a58a95b8ffb8bb953a13bb0c376a3 100644
--- a/htdocs/comm/mailing/index.php
+++ b/htdocs/comm/mailing/index.php
@@ -30,7 +30,9 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
$langs->load("commercial");
$langs->load("orders");
-if (! $user->rights->mailing->lire || $user->societe_id > 0) accessforbidden();
+
+// Security check
+$result=restrictedArea($user,'mailing');
/*
diff --git a/htdocs/comm/mailing/liste.php b/htdocs/comm/mailing/liste.php
index 3ad2198f3ddc1f61ce2bf19b97623550c6577842..549b621b763a8604e28cc2017ec458c09df2d33d 100644
--- a/htdocs/comm/mailing/liste.php
+++ b/htdocs/comm/mailing/liste.php
@@ -27,14 +27,8 @@ require_once DOL_DOCUMENT_ROOT.'/comm/mailing/class/mailing.class.php';
$langs->load("mails");
-if (!$user->rights->mailing->lire) accessforbidden();
-
-// Securite acces client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$result=restrictedArea($user,'mailing');
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php
index 2ca118c47cf4e47f6c3d7f29f1cecce11720ca79..e8e72eace88f69653413f5c4591ecf98d5b28882 100755
--- a/htdocs/compta/deplacement/stats/index.php
+++ b/htdocs/compta/deplacement/stats/index.php
@@ -34,12 +34,16 @@ $HEIGHT=200;
$userid=GETPOST('userid','int'); if ($userid < 0) $userid=0;
$socid=GETPOST('socid','int'); if ($socid < 0) $socid=0;
-// Securite acces client
+$id = GETPOST('id','int');
+
+// Security check
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
+if ($user->societe_id) $socid=$user->societe_id;
+$result = restrictedArea($user, 'deplacement', $id,'');
$nowyear=strftime("%Y", dol_now());
$year = GETPOST('year')>0?GETPOST('year'):$nowyear;
diff --git a/htdocs/compta/journal/index.php b/htdocs/compta/journal/index.php
deleted file mode 100755
index 4b7e347204d2d00cdab67f479352c516218f8035..0000000000000000000000000000000000000000
--- a/htdocs/compta/journal/index.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php
-/* Copyright (C) 2007-2010 Laurent Destailleur <eldy@users.sourceforge.net>
- * Copyright (C) 2007-2010 Jean Heimburger <jean@tiaris.info>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-require '../../main.inc.php';
-
-
-$langs->load("companies");
-$langs->load("other");
-$langs->load("compta");
-
-// Protection if external user
-if ($user->societe_id > 0)
-{
- accessforbidden();
-}
-
-
-/*******************************************************************
-* ACTIONS
-*
-* Put here all code to do according to value of "action" parameter
-********************************************************************/
-
-
-/***************************************************
-* PAGE
-*
-* Put here all code to build page
-****************************************************/
-
-llxHeader('','MyPageName','');
-
-$form=new Form($db);
-
-
-// Put here content of your page
-// ...
-
-/***************************************************
-* LINKED OBJECT BLOCK
-*
-* Put here code to view linked object
-****************************************************/
-/*
-
-$somethingshown=$myobject->showLinkedObjectBlock();
-
-*/
-
-// End of page
-$db->close();
-llxFooter();
-?>
\ No newline at end of file
diff --git a/htdocs/compta/journal/purchasesjournal.php b/htdocs/compta/journal/purchasesjournal.php
index 826d40b00ec4ef08f584b557f3383f648ccbd593..529e70e550a13ee86707c2547f56632b65213af9 100755
--- a/htdocs/compta/journal/purchasesjournal.php
+++ b/htdocs/compta/journal/purchasesjournal.php
@@ -41,11 +41,10 @@ $date_endmonth=GETPOST('date_endmonth');
$date_endday=GETPOST('date_endday');
$date_endyear=GETPOST('date_endyear');
-// Protection if external user
-if ($user->societe_id > 0)
- accessforbidden();
-
-$result = restrictedArea($user, 'societe&facture');
+// Security check
+if ($user->societe_id > 0) $socid = $user->societe_id;
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
/*
diff --git a/htdocs/compta/journal/sellsjournal.php b/htdocs/compta/journal/sellsjournal.php
index e90ae2ef7e7a27faf67e245dcb7c27006e58cde3..df18c41a697736e37f35ab5cd9ee156cc2913709 100755
--- a/htdocs/compta/journal/sellsjournal.php
+++ b/htdocs/compta/journal/sellsjournal.php
@@ -42,11 +42,10 @@ $date_endmonth=GETPOST('date_endmonth');
$date_endday=GETPOST('date_endday');
$date_endyear=GETPOST('date_endyear');
-// Protection if external user
-if ($user->societe_id > 0)
- accessforbidden();
-
-$result = restrictedArea($user, 'societe&facture');
+// Security check
+if ($user->societe_id > 0) $socid = $user->societe_id;
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
/*
* Actions
diff --git a/htdocs/compta/resultat/bilan.php b/htdocs/compta/resultat/bilan.php
index fb8526d077c9e43bf1788647b60c149b8611720f..524f10b79aaeff90792fb8b7a874e296ac6ed526 100644
--- a/htdocs/compta/resultat/bilan.php
+++ b/htdocs/compta/resultat/bilan.php
@@ -25,7 +25,11 @@ require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
-if (!$user->rights->compta->resultat->lire) accessforbidden();
+// Security check
+$socid = GETPOST('socid','int');
+if ($user->societe_id > 0) $socid = $user->societe_id;
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
/*
diff --git a/htdocs/compta/resultat/clientfourn.php b/htdocs/compta/resultat/clientfourn.php
index e4b9ddeadf8a32bbb254d3abf2b1de68f12351bf..2fa2d09a86400b825ae46cde34bce67f309f1a08 100644
--- a/htdocs/compta/resultat/clientfourn.php
+++ b/htdocs/compta/resultat/clientfourn.php
@@ -42,8 +42,8 @@ $date_endyear=GETPOST('date_endyear');
// Security check
$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
-if (! $user->rights->compta->resultat->lire && ! $user->rights->accounting->comptarapport->lire)
- accessforbidden();
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
// Date range
$year=GETPOST("year");
diff --git a/htdocs/compta/resultat/compteres.php b/htdocs/compta/resultat/compteres.php
index 0e9a8db8595341716e65a32eca174eadf843bf8f..74960f97de7b71bf2b307791853bed76e8a14dbe 100644
--- a/htdocs/compta/resultat/compteres.php
+++ b/htdocs/compta/resultat/compteres.php
@@ -1,5 +1,5 @@
<?php
-/* Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,17 +15,22 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/compta/tva/class/tva.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/sociales/class/chargesociales.class.php';
-if (!$user->rights->compta->resultat->lire) accessforbidden();
+// Security check
+$socid = GETPOST('socid','int');
+if ($user->societe_id > 0) $socid = $user->societe_id;
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
+
+
/*
-* Views
-*/
+ * Views
+ */
llxHeader();
$year=$_GET["year"];
diff --git a/htdocs/compta/resultat/index.php b/htdocs/compta/resultat/index.php
index 9eb6016c58555c4ef0eb7b789986dbcef00afbf5..4a100fe00dc871e0de659f64e874a7264537673e 100644
--- a/htdocs/compta/resultat/index.php
+++ b/htdocs/compta/resultat/index.php
@@ -40,8 +40,9 @@ else {
// Security check
$socid = GETPOST('socid','int');
if ($user->societe_id > 0) $socid = $user->societe_id;
-if (! $user->rights->compta->resultat->lire && ! $user->rights->accounting->comptarapport->lire)
- accessforbidden();
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
+
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta=(GETPOST("modecompta")?GETPOST("modecompta"):$conf->global->COMPTA_MODE);
diff --git a/htdocs/compta/stats/cabyuser.php b/htdocs/compta/stats/cabyuser.php
index 1a01eba1c0e01eb2aaec23472ddd256de927d02c..4665c9b77580617d54702248be758f40f2d3be50 100644
--- a/htdocs/compta/stats/cabyuser.php
+++ b/htdocs/compta/stats/cabyuser.php
@@ -27,11 +27,12 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/report.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/tax.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
+$socid = GETPOST('socid','int');
+
// Security check
-$socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:'';
if ($user->societe_id > 0) $socid = $user->societe_id;
-if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire)
-accessforbidden();
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
$modecompta = $conf->global->COMPTA_MODE;
diff --git a/htdocs/compta/stats/casoc.php b/htdocs/compta/stats/casoc.php
index 3e71698da1b2ef8b5f76c55ea4addc7c8ee565b7..5a5c82116653f4e44efcd0127d99fddce664247d 100644
--- a/htdocs/compta/stats/casoc.php
+++ b/htdocs/compta/stats/casoc.php
@@ -39,10 +39,12 @@ $sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
if (! $sortorder) $sortorder="asc";
if (! $sortfield) $sortfield="nom";
+$socid = GETPOST('socid','int');
+
// Security check
-$socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:'';
if ($user->societe_id > 0) $socid = $user->societe_id;
-if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
// Date range
$year=GETPOST("year");
diff --git a/htdocs/compta/stats/index.php b/htdocs/compta/stats/index.php
index c66b840fda0104924ef49472241cd2a02869d5a5..699465c5c605a91d96b6fec1fee15ee707e02f3e 100644
--- a/htdocs/compta/stats/index.php
+++ b/htdocs/compta/stats/index.php
@@ -25,27 +25,28 @@
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/report.lib.php';
-
$year_start=GETPOST("year_start");
$year_current = strftime("%Y",time());
$nbofyear=4;
if (! $year_start) {
- $year_start = $year_current - ($nbofyear-1);
- $year_end = $year_current;
+ $year_start = $year_current - ($nbofyear-1);
+ $year_end = $year_current;
}
else {
- $year_end=$year_start + ($nbofyear-1);
+ $year_end=$year_start + ($nbofyear-1);
}
-
$userid=GETPOST('userid','int');
-$socid=GETPOST('socid','int');
+$socid = GETPOST('socid','int');
+// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
+$modecompta = $conf->global->COMPTA_MODE;
+if ($_GET["modecompta"]) $modecompta=$_GET["modecompta"];
+
// Security check
if ($user->societe_id > 0) $socid = $user->societe_id;
-if (!$user->rights->compta->resultat->lire && !$user->rights->accounting->comptarapport->lire) accessforbidden();
+if (! empty($conf->comptabilite->enabled)) $result=restrictedArea($user,'compta','','','resultat');
+if (! empty($conf->accounting->enabled)) $result=restrictedArea($user,'accounting','','','comptarapport');
+
-// Define modecompta ('CREANCES-DETTES' or 'RECETTES-DEPENSES')
-$modecompta = $conf->global->COMPTA_MODE;
-if ($_GET["modecompta"]) $modecompta=$_GET["modecompta"];
/*
diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php
index a63e3f320e294e3523848244d51c1aaf23a799a5..95d534609da4eedca821f3eaf6a69e72124ccfb4 100644
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@@ -233,7 +233,7 @@ if (! empty($conf->contrat->enabled) && $user->rights->contrat->lire)
$sql.= " AND c.entity IN (".getEntity('contract').")";
$sql.= " AND c.statut = 0";
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
- if ($socid) $sql.= " AND s.fk_soc = ".$socid;
+ if ($socid) $sql.= " AND c.fk_soc = ".$socid;
$resql = $db->query($sql);
diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php
index cdef1458b2c4bd38ca2572b3a5b00a85adaf5c23..d131db5e89b25b0fdc77f42d5eea4336f06631b3 100644
--- a/htdocs/core/class/conf.class.php
+++ b/htdocs/core/class/conf.class.php
@@ -386,7 +386,7 @@ class Conf
$this->mailing->email_from=$this->email_from;
if (! empty($this->global->MAILING_EMAIL_FROM)) $this->mailing->email_from=$this->global->MAILING_EMAIL_FROM;
- // Format for date (used by default when not found or searched in lang)
+ // Format for date (used by default when not found or not searched in lang)
$this->format_date_short="%d/%m/%Y"; // Format of day with PHP/C tags (strftime functions)
$this->format_date_short_java="dd/MM/yyyy"; // Format of day with Java tags
$this->format_hour_short="%H:%M";
@@ -406,7 +406,10 @@ class Conf
if (! isset($this->global->MAIN_MAX_DECIMALS_SHOWN)) $this->global->MAIN_MAX_DECIMALS_SHOWN=8;
// Default max file size for upload
- $this->maxfilesize = (! empty($this->global->MAIN_UPLOAD_DOC) ? $this->global->MAIN_UPLOAD_DOC * 1024 : 0);
+ $this->maxfilesize = (empty($this->global->MAIN_UPLOAD_DOC) ? 0 : $this->global->MAIN_UPLOAD_DOC * 1024);
+
+ // Define list of limited modules
+ if (! isset($this->global->MAIN_MODULES_FOR_EXTERNAL)) $this->global->MAIN_MODULES_FOR_EXTERNAL='facture,commande,contact,propal,projet,contrat,societe,ficheinter,expedition,agenda'; // '' means 'all'. Note that contact is added here as it should be a module later.
// Timeouts
if (empty($this->global->MAIN_USE_CONNECT_TIMEOUT)) $this->global->MAIN_USE_CONNECT_TIMEOUT=10;
diff --git a/htdocs/core/lib/admin.lib.php b/htdocs/core/lib/admin.lib.php
index 21d32e2cbbe5b5523315922bef08fec33121d4bb..a60c3c63946daf3ae6812b328189a6ccf4acd764 100644
--- a/htdocs/core/lib/admin.lib.php
+++ b/htdocs/core/lib/admin.lib.php
@@ -1133,6 +1133,38 @@ function form_constantes($tableau)
print '</table>';
}
+
+/**
+ * Show array with constants to edit
+ *
+ * @param array $modules Array of all modules
+ * @return string HTML string with warning
+ */
+function showModulesExludedForExternal($modules)
+{
+ global $conf,$langs;
+
+ $text=$langs->trans("OnlyFollowingModulesAreOpenedToExternalUsers");
+ $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+ $i=0;
+ foreach($modules as $module)
+ {
+ $moduleconst=$module->const_name;
+ $modulename=strtolower($module->name);
+ //print 'modulename='.$modulename;
+
+ //if (empty($conf->global->$moduleconst)) continue;
+ if (! in_array($modulename,$listofmodules)) continue;
+
+ if ($i > 0) $text.=', ';
+ else $text.=' ';
+ $i++;
+ $text.=$langs->trans($module->name);
+ }
+ return img_picto($langs->trans('InfoAdmin'), 'star').' '.$text;
+}
+
+
/**
* Add document model used by doc generator
*
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index f5fde411c8f6ee1ef156f7ee78b4be901b6a22b9..988493874e2ac546cf503e189135ff8fd747f535 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -2040,9 +2040,10 @@ function img_phone($alt = 'default', $option = 0)
*
* @param string $text Text info
* @param string $infoonimgalt Info is shown only on alt of star picto, otherwise it is show on output after the star picto
+ * @param int $nodiv No div
* @return string String with info text
*/
-function info_admin($text, $infoonimgalt = 0)
+function info_admin($text, $infoonimgalt = 0, $nodiv=0)
{
global $conf, $langs;
@@ -2051,7 +2052,7 @@ function info_admin($text, $infoonimgalt = 0)
return img_picto($text, 'star');
}
- return '<div class="info">'.img_picto($langs->trans('InfoAdmin'), 'star').' '.$text.'</div>';
+ return ($nodiv?'':'<div class="info">').img_picto($langs->trans('InfoAdmin'), 'star').' '.$text.($nodiv?'':'</div>');
}
diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 17c9bf7e249cb152dba40757cdec235ece6005e4..76920f1fb886d61628ed69ca6806956532a32bab 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -88,12 +88,12 @@ function dol_hash($chain,$type=0)
* If GETPOST('action') defined, we also check write and delete permission.
*
* @param User $user User to check
- * @param string $features Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
+ * @param string $features Features to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', ...)
* @param int $objectid Object ID if we want to check a particular record (optionnal) is linked to a owned thirdparty (optionnal).
- * @param string $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
+ * @param string $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optionnal key to define where to check entity. Not used if objectid is null (optionnal)
* @param string $feature2 Feature to check, second level of permission (optionnal)
- * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc (optionnal)
- * @param string $dbt_select Field name for select if not rowid (optionnal)
+ * @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optionnal)
+ * @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optionnal)
* @param Canvas $objcanvas Object canvas
* @return int Always 1, die process if not allowed
*/
@@ -122,11 +122,18 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
$dbtablename=(! empty($params[0]) ? $params[0] : '');
$sharedelement=(! empty($params[1]) ? $params[1] : '');
- // Check read permission from module
- // TODO Replace "feature" param into caller by first level of permission
+ $listofmodules=explode(',',$conf->global->MAIN_MODULES_FOR_EXTERNAL);
+
+ // Check read permission from module
$readok=1;
foreach ($features as $feature)
{
+ if (! empty($user->societe_id) && ! empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && ! in_array($feature,$listofmodules)) // If limits on modules for external users, module must be into list of modules for external users
+ {
+ $readok=0;
+ continue;
+ }
+
if ($feature == 'societe')
{
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
diff --git a/htdocs/exports/index.php b/htdocs/exports/index.php
index b4dcbd6cd9c33482ddcdb2a36644c4a814b723cb..a0501a3418e56db3771c0a89c740c9abbc179ea5 100644
--- a/htdocs/exports/index.php
+++ b/htdocs/exports/index.php
@@ -26,7 +26,9 @@ require_once DOL_DOCUMENT_ROOT.'/exports/class/export.class.php';
$langs->load("exports");
-if (! $user->rights->export->lire) accessforbidden();
+
+// Security check
+$result=restrictedArea($user,'export');
diff --git a/htdocs/imports/import.php b/htdocs/imports/import.php
index ad0369299e86f4f5eec717688e75cc43585defb9..d70f63cebd79c548ae1fa62e77f2cb46794a6307 100644
--- a/htdocs/imports/import.php
+++ b/htdocs/imports/import.php
@@ -36,7 +36,6 @@ $langs->load("exports");
$langs->load("errors");
// Security check
-if (! empty($user->societe_id)) $socid=$user->societe_id;
$result=restrictedArea($user, 'import');
$entitytoicon=array(
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 89d200d773151db19ae941129e105835553b49c0..4ec24bb0232f2f0143aeb28631c8c0f25a972f60 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -929,6 +929,7 @@ TotalNumberOfActivatedModules=Total number of activated feature modules: <b>%s</
YouMustEnableOneModule=You must at least enable 1 module
ClassNotFoundIntoPathWarning=Class %s not found into PHP path
YesInSummer=Yes in summer
+OnlyFollowingModulesAreOpenedToExternalUsers=Note, only following modules are opened to external users( whatever are permission of such users):
##### Module password generation
PasswordGenerationStandard=Return a password generated according to internal Dolibarr algorithm: 8 characters containing shared numbers and characters in lowercase.
diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index cedc06496d9c6f7f92ee22b06b937e201828c1f6..adb0a063d5d0f9ca9076d25ab4f0d3e7dca6f4b4 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -936,6 +936,7 @@ TranslationSetup=Translation setup
TranslationDesc=Le choix de la langue affichée à l'écran se modifie:<br>* Soit de manière globale depuis le menu <strong>Accueil - Configuration - Affichage</strong><br>* Soit de manière spécifique à l'utilisateur depuis l'onglet <strong>Interface utilisateur</strong> de sa fiche utilisateur (cliquer sur le login en haut de l'écran).
ClassNotFoundIntoPathWarning=La class %s n'a pas été trouvée dans le path PHP
YesInSummer=Oui en été
+OnlyFollowingModulesAreOpenedToExternalUsers=Remarque, seuls les modules suivants sont ouverts aux utilisateurs externes (quelquesoit les permissions de ces utilisateurs):
##### Module password generation= undefined
PasswordGenerationStandard= Renvoie un mot de passe généré selon algorithme interne Dolibarr: 8 caractères, chiffres et caractères en minuscules mélangés.
diff --git a/htdocs/product/stock/fiche-valo.php b/htdocs/product/stock/fiche-valo.php
index ef79496af20f1c9a207ca356f67624902fd671c2..976df224365568c7ee3f204344e9171ab6b8f49f 100644
--- a/htdocs/product/stock/fiche-valo.php
+++ b/htdocs/product/stock/fiche-valo.php
@@ -31,6 +31,8 @@ $langs->load("stocks");
$langs->load("companies");
$mesg = '';
+// Security check
+$result=restrictedArea($user,'stock');
/*
diff --git a/htdocs/product/stock/fiche.php b/htdocs/product/stock/fiche.php
index 2102de86d25d8f30d3e19e66e96f38120d195a63..fbf597aee3409b8a4e7f481d51b1c49736537423 100644
--- a/htdocs/product/stock/fiche.php
+++ b/htdocs/product/stock/fiche.php
@@ -44,6 +44,10 @@ if (! $sortorder) $sortorder="DESC";
$mesg = '';
+// Security check
+$result=restrictedArea($user,'stock');
+
+
/*
* Actions
diff --git a/htdocs/product/stock/index.php b/htdocs/product/stock/index.php
index 9e65a8d41db5ae9d16b03867beb5a63accdb8171..76732b5ac073098c51e9e487e1f0f516c7bd14db 100644
--- a/htdocs/product/stock/index.php
+++ b/htdocs/product/stock/index.php
@@ -29,8 +29,8 @@ require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
$langs->load("stocks");
-if (!$user->rights->stock->lire)
- accessforbidden();
+// Security check
+$result=restrictedArea($user,'stock');
/*
diff --git a/htdocs/product/stock/info.php b/htdocs/product/stock/info.php
index 46e13daee1f0bce2065054440b8ac9be4a6178e2..0dc4938ab2f66508aacf6cfdeb23a4e7e026db89 100644
--- a/htdocs/product/stock/info.php
+++ b/htdocs/product/stock/info.php
@@ -28,6 +28,10 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/stock.lib.php';
$langs->load("stocks");
+// Security check
+$result=restrictedArea($user,'stock');
+
+
/*
* View
*/
diff --git a/htdocs/product/stock/liste.php b/htdocs/product/stock/liste.php
index 29402b26066005e30b9beb3efd7ff4eb7117e545..b571f5bb3ff0b5a0cfe2009f7e16cc7395bac303 100644
--- a/htdocs/product/stock/liste.php
+++ b/htdocs/product/stock/liste.php
@@ -28,8 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
$langs->load("stocks");
-if (!$user->rights->stock->lire)
- accessforbidden();
+// Security check
+$result=restrictedArea($user,'stock');
$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
diff --git a/htdocs/product/stock/mouvement.php b/htdocs/product/stock/mouvement.php
index 172f22119477be8f86269d89e50f06c05ec13049..22c2d1baea68bacdbc2ffd7e90b2e89931dc092a 100644
--- a/htdocs/product/stock/mouvement.php
+++ b/htdocs/product/stock/mouvement.php
@@ -35,7 +35,8 @@ require_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
$langs->load("products");
$langs->load("stocks");
-if (!$user->rights->produit->lire) accessforbidden();
+// Security check
+$result=restrictedArea($user,'stock');
$id=GETPOST('id','int');
$product_id=GETPOST("product_id");
diff --git a/htdocs/product/stock/valo.php b/htdocs/product/stock/valo.php
index c6631ad078ed30494857cce0f419856d277726a3..5addef0fbb76da51b97447ad3db84bdf72328c6f 100644
--- a/htdocs/product/stock/valo.php
+++ b/htdocs/product/stock/valo.php
@@ -28,8 +28,8 @@ require_once DOL_DOCUMENT_ROOT.'/product/stock/class/entrepot.class.php';
$langs->load("stocks");
-if (!$user->rights->stock->lire)
-accessforbidden();
+// Security check
+$result=restrictedArea($user,'stock');
$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php
index 32de5b9d73c92604fd7e4ee9ede356bb4295b77b..15e6bd24801c9f952d540b57f0f2251039fcc9c8 100644
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -27,7 +27,8 @@
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
-require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
$langs->load("users");
$langs->load("admin");
@@ -253,19 +254,22 @@ print $form->showrefnav($fuser,'id','',$user->rights->user->user->lire || $user-
print '</td>';
print '</tr>'."\n";
-// Nom
+// Lastname
print '<tr><td width="25%" valign="top">'.$langs->trans("Lastname").'</td>';
print '<td>'.$fuser->nom.'</td>';
print '</tr>'."\n";
-// Prenom
+// Firstname
print '<tr><td width="25%" valign="top">'.$langs->trans("Firstname").'</td>';
print '<td>'.$fuser->prenom.'</td>';
print '</tr>'."\n";
print '</table><br>';
-if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"));
+if ($user->admin) print info_admin($langs->trans("WarningOnlyPermissionOfActivatedModules"), 0, 1).'<br>';
+// Show warning about external users
+print showModulesExludedForExternal($modules).'<br>'."\n";
+print "<br>\n";
// For multicompany transversal mode
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
@@ -366,7 +370,7 @@ if ($result)
print img_picto($langs->trans("Active"),'tick');
print '</td>';
}
-
+
else if (is_array($permsgroupbyentity[$entity]))
{
if (in_array($obj->id, $permsgroupbyentity[$entity])) // Permission own by group