Fix: Add a protection if user has no option to edit stock

fa7e7c75 · Laurent Destailleur · de64ce5b · fa7e7c75 · fa7e7c75 · fa7e7c75
Commit fa7e7c75 authored 11 years ago by Laurent Destailleur
--- a/htdocs/cashdesk/index_verif.php
+++ b/htdocs/cashdesk/index_verif.php
@@ -65,6 +65,21 @@ if (! empty($conf->stock->enabled) && $conf->global->STOCK_CALCULATE_ON_BILL &&
 	exit;
 }

+// If stock decrease on bill validation, check user has stock edit permissions
+if (! empty($conf->stock->enabled) && $conf->global->STOCK_CALCULATE_ON_BILL && ! empty($username))
+{
+	$testuser=new User($db);
+	$testuser->fetch(0,$username);
+	$testuser->getrights('stock');
+	if (empty($testuser->rights->stock->creer))
+	{
+		$retour=$langs->trans("UserNeedPermissionToEditStockToUsePos");
+		header('Location: '.DOL_URL_ROOT.'/cashdesk/index.php?err='.urlencode($retour).'&user='.$username.'&socid='.$thirdpartyid.'&warehouseid='.$warehouseid.'&bankid_cash='.$bankid_cash.'&bankid_cheque='.$bankid_cheque.'&bankid_cb='.$bankid_cb);
+		exit;
+	}
+}
+
+
 /*
 if (! empty($_POST['txtUsername']) && ! empty($conf->banque->enabled) && (empty($conf_fkaccount_cash) && empty($conf_fkaccount_cheque) && empty($conf_fkaccount_cb)))
 {

--- a/htdocs/langs/en_US/cashdesk.lang
+++ b/htdocs/langs/en_US/cashdesk.lang
@@ -36,4 +36,5 @@ BankToPay=Charge Account
 ShowCompany=Show company
 ShowStock=Show warehouse
 DeleteArticle=Click to remove this article
-FilterRefOrLabelOrBC=Search (Ref/Label)
\ No newline at end of file
+FilterRefOrLabelOrBC=Search (Ref/Label)
+UserNeedPermissionToEditStockToUsePos=You ask to decrease stock on invoice creation, so user that use POS need to have permission to edit stock.
\ No newline at end of file
--- a/htdocs/langs/fr_FR/cashdesk.lang
+++ b/htdocs/langs/fr_FR/cashdesk.lang
@@ -37,3 +37,4 @@ ShowCompany=Voir société
 ShowStock=Voir entrepôt
 DeleteArticle=Cliquez pour enlever cet article
 FilterRefOrLabelOrBC=Recherche (Ref/Lib.)
+UserNeedPermissionToEditStockToUsePos=La configuration du module stock demande une réduction du stock sur facturation, aussi l'utilisateur du Point De Vente doit avoir les droits de modifier les stocks
\ No newline at end of file
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -8,7 +8,7 @@
 * Copyright (C) 2005      Lionel Cousteix      <etm_ltd@tiscali.co.uk>
 * Copyright (C) 2011      Herve Prot           <herve.prot@symeos.com>
 * Copyright (C) 2013      Philippe Grand       <philippe.grand@atoo-net.com>
- * Copyright (C) 2013      Alexandre Spangaro   <alexandre.spangaro@gmail.com> 
+ * Copyright (C) 2013      Alexandre Spangaro   <alexandre.spangaro@gmail.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@@ -488,6 +488,7 @@ class User extends CommonObject
 	 *  Clear all permissions array of user
 	 *
 	 *  @return	void
+	 *  @see	getrights
 	 */
 	function clearrights()
 	{
@@ -503,6 +504,7 @@ class User extends CommonObject
 	 *
 	 *	@param  string	$moduletag    Limit permission for a particular module ('' by default means load all permissions)
 	 *	@return	void
+	 *  @see	clearrights
 	 */
 	function getrights($moduletag='')
 	{
@@ -1013,7 +1015,7 @@ class User extends CommonObject
 		{
 			$newpass=$this->setPassword($user,$this->pass);
 			if (is_numeric($newpass) && $newpass < 0) $result=-2;
-			
+
 			if ($result > 0 && $member->fk_soc)	// If member is linked to a thirdparty
 			{
 				$sql = "UPDATE ".MAIN_DB_PREFIX."user";