From fe54673a87157ba4461bab8d942bd9a0a6732b3e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 3 Dec 2016 18:13:23 +0100
Subject: [PATCH] FIX List of people able to validate an expense report was not
complete.
---
htdocs/expensereport/card.php | 14 +++++++++-----
htdocs/expensereport/class/expensereport.class.php | 14 ++++++++++----
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/htdocs/expensereport/card.php b/htdocs/expensereport/card.php
index 9112f8ee99b..3f827de3540 100644
--- a/htdocs/expensereport/card.php
+++ b/htdocs/expensereport/card.php
@@ -1117,11 +1117,15 @@ if ($action == 'create')
print '<td>';
$object = new ExpenseReport($db);
$include_users = $object->fetch_users_approver_expensereport();
- $defaultselectuser=$user->fk_user; // Will work only if supervisor has permission to approve so is inside include_users
- if (! empty($conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR)) $defaultselectuser=$conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR;
- if (GETPOST('fk_user_validator') > 0) $defaultselectuser=GETPOST('fk_user_validator');
- $s=$form->select_dolusers($defaultselectuser, "fk_user_validator", 1, "", 0, $include_users);
- print $form->textwithpicto($s, $langs->trans("AnyOtherInThisListCanValidate"));
+ if (empty($include_users)) print img_warning().' '.$langs->trans("NobodyHasPermissionToValidateExpenseReport");
+ else
+ {
+ $defaultselectuser=$user->fk_user; // Will work only if supervisor has permission to approve so is inside include_users
+ if (! empty($conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR)) $defaultselectuser=$conf->global->EXPENSEREPORT_DEFAULT_VALIDATOR; // Can force default approver
+ if (GETPOST('fk_user_validator') > 0) $defaultselectuser=GETPOST('fk_user_validator');
+ $s=$form->select_dolusers($defaultselectuser, "fk_user_validator", 1, "", 0, $include_users);
+ print $form->textwithpicto($s, $langs->trans("AnyOtherInThisListCanValidate"));
+ }
print '</td>';
print '</tr>';
if (! empty($conf->global->EXPENSEREPORT_ASK_PAYMENTMODE_ON_CREATION))
diff --git a/htdocs/expensereport/class/expensereport.class.php b/htdocs/expensereport/class/expensereport.class.php
index a05805c7f74..9349e0e72e0 100644
--- a/htdocs/expensereport/class/expensereport.class.php
+++ b/htdocs/expensereport/class/expensereport.class.php
@@ -1411,7 +1411,8 @@ class ExpenseReport extends CommonObject
/**
- * Return list of people with permission to validate trips and expenses
+ * Return list of people with permission to validate expense reports.
+ * Search for permission "approve expense report"
*
* @return array Array of user ids
*/
@@ -1419,10 +1420,15 @@ class ExpenseReport extends CommonObject
{
$users_validator=array();
- $sql = "SELECT fk_user";
+ $sql = "SELECT DISTINCT ur.fk_user";
$sql.= " FROM ".MAIN_DB_PREFIX."user_rights as ur, ".MAIN_DB_PREFIX."rights_def as rd";
- $sql.= " WHERE ur.fk_id = rd.id and module = 'expensereport' AND perms = 'approve'"; // Permission 'Approve';
-
+ $sql.= " WHERE ur.fk_id = rd.id and rd.module = 'expensereport' AND rd.perms = 'approve'"; // Permission 'Approve';
+ $sql.= "UNION";
+ $sql.= " SELECT DISTINCT ugu.fk_user";
+ $sql.= " FROM ".MAIN_DB_PREFIX."usergroup_user as ugu, ".MAIN_DB_PREFIX."usergroup_rights as ur, ".MAIN_DB_PREFIX."rights_def as rd";
+ $sql.= " WHERE ugu.fk_usergroup = ur.fk_usergroup AND ur.fk_id = rd.id and rd.module = 'expensereport' AND rd.perms = 'approve'"; // Permission 'Approve';
+ //print $sql;
+
dol_syslog(get_class($this)."::fetch_users_approver_expensereport sql=".$sql);
$result = $this->db->query($sql);
if($result)
--
GitLab