Example #1
0
	$projectstatic->fetch($id);
	$projectstatic->societe->fetch($projectstatic->societe->id);
}

print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num);

// Show description of content
if ($mine) print $langs->trans("MyProjectsDesc").'<br><br>';
else
{
	if ($user->rights->projet->all->lire && ! $socid) print $langs->trans("ProjectsDesc").'<br><br>';
	else print $langs->trans("ProjectsPublicDesc").'<br><br>';
}

// Get list of project id allowed to user
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);

// Get list of tasks in tasksarray and taskarrayfiltered
// We need all tasks (even not limited to a user because a task to user can have a parent that is not affected to him).
$tasksarray=$taskstatic->getTasksArray(0, 0, $projectstatic->id, $socid, 0, $search_product);
// We load also tasks limited to a particular user
$tasksrole=($mine ? $taskstatic->getUserRolesForProjectsOrTasks(0,$user,$projectstatic->id,0) : '');

print '<form method="POST" action="'.$_SERVER["PHP_SELF"].'">';
print '<input type="hidden" name="mode" value="'.GETPOST('mode').'">';

print '<table class="noborder" width="100%">';

print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Project").'</td>';
print '<td width="80">'.$langs->trans("RefTask").'</td>';
Example #2
0
if ($user->societe_id > 0) {
    $socid = $user->societe_id;
}
if (!$user->rights->projet->lire) {
    accessforbidden();
}
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
/*
 * View
 */
$socstatic = new Societe($db);
$projectstatic = new Project($db);
$userstatic = new User($db);
$tasktmp = new Task($db);
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, $mine ? $mine : (empty($user->rights->projet->all->lire) ? 0 : 2), 1);
//var_dump($projectsListId);
llxHeader("", $langs->trans("Projects"), "EN:Module_Projects|FR:Module_Projets|ES:M&oacute;dulo_Proyectos");
$text = $langs->trans("Projects");
if ($mine) {
    $text = $langs->trans("MyProjects");
}
print_fiche_titre($text);
// Show description of content
if ($mine) {
    print $langs->trans("MyProjectsDesc") . '<br><br>';
} else {
    if (!empty($user->rights->projet->all->lire) && !$socid) {
        print $langs->trans("ProjectsDesc") . '<br><br>';
    } else {
        print $langs->trans("ProjectsPublicDesc") . '<br><br>';
Example #3
0
}
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$mine = $_REQUEST['mode'] == 'mine' ? 1 : 0;
$search_ref = GETPOST("search_ref");
$search_label = GETPOST("search_label");
$search_societe = GETPOST("search_societe");
$search_all = GETPOST("search_all");
/*
 * View
 */
$projectstatic = new Project($db);
$socstatic = new Societe($db);
llxHeader("", $langs->trans("Projects"), "EN:Module_Projects|FR:Module_Projets|ES:M&oacute;dulo_Proyectos");
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, $mine ? $mine : ($user->rights->projet->all->lire ? 2 : 0), 1, $socid);
$sql = "SELECT p.rowid as projectid, p.ref, p.title, p.fk_statut, p.public, p.fk_user_creat";
$sql .= ", p.datec as date_create, p.dateo as date_start, p.datee as date_end";
$sql .= ", s.nom as name, s.rowid as socid";
$sql .= " FROM " . MAIN_DB_PREFIX . "projet as p";
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe as s on p.fk_soc = s.rowid";
$sql .= " WHERE p.entity = " . $conf->entity;
if ($mine || !$user->rights->projet->all->lire) {
    $sql .= " AND p.rowid IN (" . $projectsListId . ")";
}
// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
//if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
if ($socid) {
    $sql .= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = " . $socid . ")";
}
if ($search_ref) {
Example #4
0
/**
 *	Check permissions of a user to show a page and an object. Check read permission.
 * 	If GETPOST('action') defined, we also check write and delete permission.
 *
 *	@param	User	$user      	  	User to check
 *	@param  string	$features	    Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
 *	@param  int		$objectid      	Object ID if we want to check permission on a particular record (optionnal)
 *	@param  string	$dbtablename    'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
 *	@param  string	$feature2		Feature to check, second level of permission (optionnal)
 *  @param  string	$dbt_keyfield   Field name for socid foreign key if not fk_soc (optionnal)
 *  @param  string	$dbt_select     Field name for select if not rowid (optionnal)
 *  @param	Canvas	$objcanvas		Object canvas
 * 	@return	int						Always 1, die process if not allowed
 */
function restrictedArea($user, $features, $objectid = 0, $dbtablename = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $objcanvas = null)
{
    global $db, $conf;
    //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
    //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
    //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
    //print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";
    // If we use canvas, we try to use function that overlod restrictarea if provided with canvas
    if (is_object($objcanvas)) {
        if (method_exists($objcanvas->control, 'restrictedArea')) {
            return $objcanvas->control->restrictedArea($user, $features, $objectid, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
        }
    }
    if ($dbt_select != 'rowid') {
        $objectid = "'" . $objectid . "'";
    }
    // More features to check
    $features = explode("&", $features);
    // More parameters
    $params = explode('&', $dbtablename);
    $dbtablename = !empty($params[0]) ? $params[0] : '';
    $sharedelement = !empty($params[1]) ? $params[1] : '';
    // Check read permission from module
    // TODO Replace "feature" param into caller by first level of permission
    $readok = 1;
    foreach ($features as $feature) {
        if ($feature == 'societe') {
            if (!$user->rights->societe->lire && !$user->rights->fournisseur->lire) {
                $readok = 0;
            }
        } else {
            if ($feature == 'contact') {
                if (!$user->rights->societe->contact->lire) {
                    $readok = 0;
                }
            } else {
                if ($feature == 'produit|service') {
                    if (!$user->rights->produit->lire && !$user->rights->service->lire) {
                        $readok = 0;
                    }
                } else {
                    if ($feature == 'prelevement') {
                        if (!$user->rights->prelevement->bons->lire) {
                            $readok = 0;
                        }
                    } else {
                        if ($feature == 'commande_fournisseur') {
                            if (!$user->rights->fournisseur->commande->lire) {
                                $readok = 0;
                            }
                        } else {
                            if ($feature == 'cheque') {
                                if (!$user->rights->banque->cheque) {
                                    $readok = 0;
                                }
                            } else {
                                if ($feature == 'projet') {
                                    if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) {
                                        $readok = 0;
                                    }
                                } else {
                                    if (!empty($feature2)) {
                                        if (empty($user->rights->{$feature}->{$feature2}->lire) && empty($user->rights->{$feature}->{$feature2}->read)) {
                                            $readok = 0;
                                        }
                                    } else {
                                        if (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {
                                            if (empty($user->rights->{$feature}->lire) && empty($user->rights->{$feature}->read) && empty($user->rights->{$feature}->run)) {
                                                $readok = 0;
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if ($user->admin) {
        return 1;
    }
    if (!$readok) {
        accessforbidden();
    }
    //print "Read access is ok";
    // Check write permission from module
    $createok = 1;
    if (GETPOST("action") == 'create') {
        foreach ($features as $feature) {
            if ($feature == 'contact') {
                if (!$user->rights->societe->contact->creer) {
                    $createok = 0;
                }
            } else {
                if ($feature == 'produit|service') {
                    if (!$user->rights->produit->creer && !$user->rights->service->creer) {
                        $createok = 0;
                    }
                } else {
                    if ($feature == 'prelevement') {
                        if (!$user->rights->prelevement->bons->creer) {
                            $createok = 0;
                        }
                    } else {
                        if ($feature == 'commande_fournisseur') {
                            if (!$user->rights->fournisseur->commande->creer) {
                                $createok = 0;
                            }
                        } else {
                            if ($feature == 'banque') {
                                if (!$user->rights->banque->modifier) {
                                    $createok = 0;
                                }
                            } else {
                                if ($feature == 'cheque') {
                                    if (!$user->rights->banque->cheque) {
                                        $createok = 0;
                                    }
                                } else {
                                    if (!empty($feature2)) {
                                        if (empty($user->rights->{$feature}->{$feature2}->creer) && empty($user->rights->{$feature}->{$feature2}->write)) {
                                            $createok = 0;
                                        }
                                    } else {
                                        if (!empty($feature)) {
                                            //print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
                                            if (empty($user->rights->{$feature}->creer) && empty($user->rights->{$feature}->write)) {
                                                $createok = 0;
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        if ($user->admin) {
            $createok = 1;
        }
        if (!$createok) {
            accessforbidden();
        }
        //print "Write access is ok";
    }
    // Check create user permission
    $createuserok = 1;
    if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') {
        if (!$user->rights->user->user->creer) {
            $createuserok = 0;
        }
        if (!$createuserok) {
            accessforbidden();
        }
        //print "Create user access is ok";
    }
    // Check delete permission from module
    $deleteok = 1;
    if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes' || GETPOST("action") == 'delete') {
        foreach ($features as $feature) {
            if ($feature == 'contact') {
                if (!$user->rights->societe->contact->supprimer) {
                    $deleteok = 0;
                }
            } else {
                if ($feature == 'produit|service') {
                    if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
                        $deleteok = 0;
                    }
                } else {
                    if ($feature == 'commande_fournisseur') {
                        if (!$user->rights->fournisseur->commande->supprimer) {
                            $deleteok = 0;
                        }
                    } else {
                        if ($feature == 'banque') {
                            if (!$user->rights->banque->modifier) {
                                $deleteok = 0;
                            }
                        } else {
                            if ($feature == 'cheque') {
                                if (!$user->rights->banque->cheque) {
                                    $deleteok = 0;
                                }
                            } else {
                                if ($feature == 'ecm') {
                                    if (!$user->rights->ecm->upload) {
                                        $deleteok = 0;
                                    }
                                } else {
                                    if ($feature == 'ftp') {
                                        if (!$user->rights->ftp->write) {
                                            $deleteok = 0;
                                        }
                                    } else {
                                        if (!empty($feature2)) {
                                            if (empty($user->rights->{$feature}->{$feature2}->supprimer) && empty($user->rights->{$feature}->{$feature2}->delete)) {
                                                $deleteok = 0;
                                            }
                                        } else {
                                            if (!empty($feature)) {
                                                //print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
                                                if (empty($user->rights->{$feature}->supprimer) && empty($user->rights->{$feature}->delete)) {
                                                    $deleteok = 0;
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        //print "Delete access is ko";
        if (!$deleteok) {
            accessforbidden();
        }
        //print "Delete access is ok";
    }
    // If we have a particular object to check permissions on, we check this object
    // is linked to a company allowed to $user.
    if (!empty($objectid) && $objectid > 0) {
        foreach ($features as $feature) {
            $sql = '';
            $check = array('adherent', 'banque', 'user', 'usergroup', 'produit', 'service', 'produit|service', 'categorie');
            // Test on entity only (Objects with no link to company)
            $checksoc = array('societe');
            // Test for societe object
            $checkother = array('contact');
            // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
            $checkproject = array('projet');
            // Test for project object
            $nocheck = array('barcode', 'stock', 'fournisseur');
            // No test
            $checkdefault = 'all other not already defined';
            // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
            // If dbtable not defined, we use same name for table than module name
            if (empty($dbtablename)) {
                $dbtablename = $feature;
            }
            // Check permission for object with entity
            if (in_array($feature, $check)) {
                $sql = "SELECT dbt." . $dbt_select;
                $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) {
                    $sql .= " AND dbt.entity IS NOT NULL";
                } else {
                    $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                }
            } else {
                if (in_array($feature, $checksoc)) {
                    // If external user: Check permission for external users
                    if ($user->societe_id > 0) {
                        if ($user->societe_id != $objectid) {
                            accessforbidden();
                        }
                    } else {
                        if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                            $sql = "SELECT sc.fk_soc";
                            $sql .= " FROM (" . MAIN_DB_PREFIX . "societe_commerciaux as sc";
                            $sql .= ", " . MAIN_DB_PREFIX . "societe as s)";
                            $sql .= " WHERE sc.fk_soc = " . $objectid;
                            $sql .= " AND sc.fk_user = "******" AND sc.fk_soc = s.rowid";
                            $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                        } else {
                            if (!empty($conf->multicompany->enabled)) {
                                $sql = "SELECT s.rowid";
                                $sql .= " FROM " . MAIN_DB_PREFIX . "societe as s";
                                $sql .= " WHERE s.rowid = " . $objectid;
                                $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                            }
                        }
                    }
                } else {
                    if (in_array($feature, $checkother)) {
                        // If external user: Check permission for external users
                        if ($user->societe_id > 0) {
                            $sql = "SELECT dbt.rowid";
                            $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                            $sql .= " WHERE dbt.rowid = " . $objectid;
                            $sql .= " AND dbt.fk_soc = " . $user->societe_id;
                        } else {
                            if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                                $sql = "SELECT dbt.rowid";
                                $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '******'";
                                $sql .= " WHERE dbt.rowid = " . $objectid;
                                $sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
                                // Contact not linked to a company or to a company of user
                                $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                            } else {
                                if (!empty($conf->multicompany->enabled)) {
                                    $sql = "SELECT dbt.rowid";
                                    $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                    $sql .= " WHERE dbt.rowid = " . $objectid;
                                    $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                                }
                            }
                        }
                    } else {
                        if (in_array($feature, $checkproject)) {
                            if (!empty($conf->projet->enabled) && !$user->rights->projet->all->lire) {
                                include_once DOL_DOCUMENT_ROOT . "/projet/class/project.class.php";
                                $projectstatic = new Project($db);
                                $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
                                $tmparray = explode(',', $tmps);
                                if (!in_array($objectid, $tmparray)) {
                                    accessforbidden();
                                }
                            } else {
                                $sql = "SELECT dbt." . $dbt_select;
                                $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                            }
                        } else {
                            if (!in_array($feature, $nocheck)) {
                                // If external user: Check permission for external users
                                if ($user->societe_id > 0) {
                                    $sql = "SELECT dbt." . $dbt_keyfield;
                                    $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                    $sql .= " WHERE dbt.rowid = " . $objectid;
                                    $sql .= " AND dbt." . $dbt_keyfield . " = " . $user->societe_id;
                                } else {
                                    if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                                        $sql = "SELECT sc.fk_soc";
                                        $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                        $sql .= ", " . MAIN_DB_PREFIX . "societe as s";
                                        $sql .= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
                                        $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                        $sql .= " AND sc.fk_soc = dbt." . $dbt_keyfield;
                                        $sql .= " AND dbt." . $dbt_keyfield . " = s.rowid";
                                        $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                                        $sql .= " AND sc.fk_user = "******"SELECT dbt." . $dbt_select;
                                            $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                            $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                            $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            //print $sql."<br>";
            if ($sql) {
                $resql = $db->query($sql);
                if ($resql) {
                    if ($db->num_rows($resql) == 0) {
                        accessforbidden();
                    }
                } else {
                    dol_syslog("security.lib:restrictedArea sql=" . $sql, LOG_ERR);
                    accessforbidden();
                }
            }
        }
    }
    return 1;
}
 /**
  *	Output a combo list with projects qualified for a third party
  *
  *	@param	int		$socid      	Id third party (-1=all, 0=only projects not linked to a third party, id=projects not linked or linked to third party id)
  *	@param  int		$selected   	Id task preselected
  *	@param  string	$htmlname   	Name of HTML select
  *	@param	int		$maxlength		Maximum length of label
  *	@param	int		$option_only	Return only html options lines without the select tag
  *	@param	int		$show_empty		Add an empty line
  *  @param	int		$discard_closed Discard closed projects (0=Keep,1=hide completely,2=Disable)
  *  @param	int		$forcefocus		Force focus on field (works with javascript only)
  *  @param	int		$disabled		Disabled
  *	@return int         			Nbr of project if OK, <0 if KO
  */
 function selectTasks($socid = -1, $selected = '', $htmlname = 'taskid', $maxlength = 24, $option_only = 0, $show_empty = 1, $discard_closed = 0, $forcefocus = 0, $disabled = 0)
 {
     global $user, $conf, $langs;
     require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
     $out = '';
     $hideunselectables = false;
     if (!empty($conf->global->PROJECT_HIDE_UNSELECTABLES)) {
         $hideunselectables = true;
     }
     $projectsListId = false;
     if (empty($user->rights->projet->all->lire)) {
         $projectstatic = new Project($this->db);
         $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
     }
     // Search all projects
     $sql = 'SELECT t.rowid, t.ref as tref, t.label as tlabel, p.ref, p.title, p.fk_soc, p.fk_statut, p.public,';
     $sql .= ' s.nom as name';
     $sql .= ' FROM ' . MAIN_DB_PREFIX . 'projet as p';
     $sql .= ' LEFT JOIN ' . MAIN_DB_PREFIX . 'societe as s ON s.rowid = p.fk_soc';
     $sql .= ', ' . MAIN_DB_PREFIX . 'projet_task as t';
     $sql .= " WHERE p.entity = " . $conf->entity;
     $sql .= " AND t.fk_projet = p.rowid";
     if ($projectsListId !== false) {
         $sql .= " AND p.rowid IN (" . $projectsListId . ")";
     }
     if ($socid == 0) {
         $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
     }
     if ($socid > 0) {
         $sql .= " AND (p.fk_soc=" . $socid . " OR p.fk_soc IS NULL)";
     }
     $sql .= " ORDER BY p.ref, t.ref ASC";
     dol_syslog(__METHOD__, LOG_DEBUG);
     $resql = $this->db->query($sql);
     if ($resql) {
         $minmax = '';
         // Use select2 selector
         $nodatarole = '';
         if (!empty($conf->use_javascript_ajax)) {
             include_once DOL_DOCUMENT_ROOT . '/core/lib/ajax.lib.php';
             $comboenhancement = ajax_combobox($htmlname, '', 0, $forcefocus);
             $out .= $comboenhancement;
             $nodatarole = $comboenhancement ? ' data-role="none"' : '';
             $minmax = 'minwidth200';
         }
         if (empty($option_only)) {
             $out .= '<select class="flat' . ($minmax ? ' ' . $minmax : '') . '"' . ($disabled ? ' disabled="disabled"' : '') . ' id="' . $htmlname . '" name="' . $htmlname . '"' . $nodatarole . '>';
         }
         if (!empty($show_empty)) {
             $out .= '<option value="0">&nbsp;</option>';
         }
         $num = $this->db->num_rows($resql);
         $i = 0;
         if ($num) {
             while ($i < $num) {
                 $obj = $this->db->fetch_object($resql);
                 // If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
                 if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire) {
                     // Do nothing
                 } else {
                     if ($discard_closed == 1 && $obj->fk_statut == 2) {
                         $i++;
                         continue;
                     }
                     $labeltoshow = dol_trunc($obj->ref, 18);
                     //if ($obj->public) $labeltoshow.=' ('.$langs->trans("SharedProject").')';
                     //else $labeltoshow.=' ('.$langs->trans("Private").')';
                     $labeltoshow .= ' ' . dol_trunc($obj->title, $maxlength);
                     if ($obj->name) {
                         $labeltoshow .= ' (' . $obj->name . ')';
                     }
                     $disabled = 0;
                     if ($obj->fk_statut == 0) {
                         $disabled = 1;
                         $labeltoshow .= ' - ' . $langs->trans("Draft");
                     } else {
                         if ($obj->fk_statut == 2) {
                             if ($discard_closed == 2) {
                                 $disabled = 1;
                             }
                             $labeltoshow .= ' - ' . $langs->trans("Closed");
                         } else {
                             if ($socid > 0 && (!empty($obj->fk_soc) && $obj->fk_soc != $socid)) {
                                 $disabled = 1;
                                 $labeltoshow .= ' - ' . $langs->trans("LinkedToAnotherCompany");
                             }
                         }
                     }
                     // Label for task
                     $labeltoshow .= ' - ' . $obj->tref . ' ' . dol_trunc($obj->tlabel, $maxlength);
                     if (!empty($selected) && $selected == $obj->rowid) {
                         $out .= '<option value="' . $obj->rowid . '" selected';
                         //if ($disabled) $out.=' disabled';						// with select2, field can't be preselected if disabled
                         $out .= '>' . $labeltoshow . '</option>';
                     } else {
                         if ($hideunselectables && $disabled && $selected != $obj->rowid) {
                             $resultat = '';
                         } else {
                             $resultat = '<option value="' . $obj->rowid . '"';
                             if ($disabled) {
                                 $resultat .= ' disabled';
                             }
                             //if ($obj->public) $labeltoshow.=' ('.$langs->trans("Public").')';
                             //else $labeltoshow.=' ('.$langs->trans("Private").')';
                             $resultat .= '>';
                             $resultat .= $labeltoshow;
                             $resultat .= '</option>';
                         }
                         $out .= $resultat;
                     }
                 }
                 $i++;
             }
         }
         if (empty($option_only)) {
             $out .= '</select>';
         }
         print $out;
         $this->db->free($resql);
         return $num;
     } else {
         dol_print_error($this->db);
         return -1;
     }
 }
Example #6
0
$project = new Project($db);
$taskstatic = new Task($db);
$prev = dol_getdate($daytoparse - 24 * 3600);
$prev_year = $prev['year'];
$prev_month = $prev['mon'];
$prev_day = $prev['mday'];
$next = dol_getdate($daytoparse + 24 * 3600);
$next_year = $next['year'];
$next_month = $next['mon'];
$next_day = $next['mday'];
$title = $langs->trans("TimeSpent");
if ($mine) {
    $title = $langs->trans("MyTimeSpent");
}
$usertoprocess = $user;
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($usertoprocess, 0, 1);
// Return all project i have permission on. I want my tasks and some of my task may be on a public projet that is not my project
if ($id) {
    $project->fetch($id);
    $project->fetch_thirdparty();
}
$onlyopenedproject = 1;
// or -1
$tasksarray = $taskstatic->getTasksArray(0, 0, $project->id ? $project->id : 0, $socid, 0, '', $onlyopenedproject);
// We want to see all task of opened project i am allowed to see, not only mine. Later only mine will be editable later.
$projectsrole = $taskstatic->getUserRolesForProjectsOrTasks($usertoprocess, 0, $project->id ? $project->id : 0, 0, $onlyopenedproject);
$tasksrole = $taskstatic->getUserRolesForProjectsOrTasks(0, $usertoprocess, $project->id ? $project->id : 0, 0, $onlyopenedproject);
//var_dump($tasksarray);
//var_dump($projectsrole);
//var_dump($taskrole);
llxHeader("", $title, "");
Example #7
0
		if (! empty($projectstatic->socid)) $projectstatic->societe->fetch($projectstatic->socid);

		// To verify role of users
		//$userAccess = $projectstatic->restrictedProjectArea($user); // We allow task affected to user even if a not allowed project
		//$arrayofuseridoftask=$task->getListContactId('internal');

		$head = task_prepare_head($task);
		dol_fiche_head($head, 'note', $langs->trans('Task'), 0, 'projecttask');

		print '<table class="border" width="100%">';

		//$linkback="<a href=\"".$_SERVER["PHP_SELF"]."?page=$page&socid=$socid&viewstatut=$viewstatut&sortfield=$sortfield&$sortorder\">".$langs->trans("BackToList")."</a>";

		// Ref
		print '<tr><td width="30%">'.$langs->trans("Ref").'</td><td>';
		$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
		$task->next_prev_filter=" fk_projet in (".$projectsListId.")";
		print $html->showrefnav($task,'id','',1,'rowid','ref','','');
		print '</td></tr>';

		// Label
		print '<tr><td>'.$langs->trans("Label").'</td><td>'.$task->label.'</td></tr>';

		// Project
		print '<tr><td>'.$langs->trans("Project").'</td><td colspan="3">';
		print $projectstatic->getNomUrl(1);
		print '</td></tr>';

		// Third party
		print '<tr><td>'.$langs->trans("Company").'</td><td>';
		if ($projectstatic->societe->id > 0) print $projectstatic->societe->getNomUrl(1);
Example #8
0
if ($search_project_user > 0) $puser->fetch($search_project_user);
if ($search_task_user > 0) $tuser->fetch($search_task_user);

$title=$langs->trans("Activities");
if ($search_task_user == $user->id) $title=$langs->trans("MyActivities");

llxHeader("",$title,"Projet");

if ($id)
{
	$projectstatic->fetch($id);
	$projectstatic->societe->fetch($projectstatic->societe->id);
}

// Get list of project id allowed to user (in a string list separated by coma)
if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,0,1,$socid);
//var_dump($projectsListId);

// Get id of types of contacts for projects (This list never contains a lot of elements)
$listofprojectcontacttype=array();
$sql = "SELECT ctc.rowid, ctc.code FROM ".MAIN_DB_PREFIX."c_type_contact as ctc";
$sql.= " WHERE ctc.element = '" . $projectstatic->element . "'";
$sql.= " AND ctc.source = 'internal'";
$resql = $db->query($sql);
if ($resql)
{
    while($obj = $db->fetch_object($resql))
    {
        $listofprojectcontacttype[$obj->rowid]=$obj->code;
    }
}
/**
 * Check access by user to object
 *
 * @param User		$user			User to check
 * @param array		$featuresarray	Features/modules to check
 * @param int		$objectid		Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
 * @param string	$tableandshare	'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
 * @param string	$feature2		Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
 * @param string	$dbt_keyfield	Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
 * @param string	$dbt_select		Field name for select if not rowid. Not used if objectid is null (optional)
 *
 * @return	bool		True if user has access, False otherwise
 */
function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = '', $dbt_select = 'rowid')
{
    global $db, $conf;
    // More parameters
    $params = explode('&', $tableandshare);
    $dbtablename = !empty($params[0]) ? $params[0] : '';
    $sharedelement = !empty($params[1]) ? $params[1] : $dbtablename;
    foreach ($featuresarray as $feature) {
        $sql = '';
        $check = array('adherent', 'banque', 'user', 'usergroup', 'produit', 'service', 'produit|service', 'categorie');
        // Test on entity only (Objects with no link to company)
        $checksoc = array('societe');
        // Test for societe object
        $checkother = array('contact');
        // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
        $checkproject = array('projet');
        // Test for project object
        $nocheck = array('barcode', 'stock', 'fournisseur');
        // No test
        $checkdefault = 'all other not already defined';
        // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
        // If dbtable not defined, we use same name for table than module name
        if (empty($dbtablename)) {
            $dbtablename = $feature;
        }
        // Check permission for object with entity
        if (in_array($feature, $check)) {
            $sql = "SELECT dbt." . $dbt_select;
            $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
            $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
            if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) {
                $sql .= " AND dbt.entity IS NOT NULL";
            } else {
                $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
            }
        } else {
            if (in_array($feature, $checksoc)) {
                // If external user: Check permission for external users
                if ($user->societe_id > 0) {
                    if ($user->societe_id != $objectid) {
                        return false;
                    }
                } else {
                    if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                        $sql = "SELECT sc.fk_soc";
                        $sql .= " FROM (" . MAIN_DB_PREFIX . "societe_commerciaux as sc";
                        $sql .= ", " . MAIN_DB_PREFIX . "societe as s)";
                        $sql .= " WHERE sc.fk_soc = " . $objectid;
                        $sql .= " AND sc.fk_user = "******" AND sc.fk_soc = s.rowid";
                        $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                    } else {
                        if (!empty($conf->multicompany->enabled)) {
                            $sql = "SELECT s.rowid";
                            $sql .= " FROM " . MAIN_DB_PREFIX . "societe as s";
                            $sql .= " WHERE s.rowid = " . $objectid;
                            $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                        }
                    }
                }
            } else {
                if (in_array($feature, $checkother)) {
                    // If external user: Check permission for external users
                    if ($user->societe_id > 0) {
                        $sql = "SELECT dbt." . $dbt_select;
                        $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                        $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                        $sql .= " AND dbt.fk_soc = " . $user->societe_id;
                    } else {
                        if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                            $sql = "SELECT dbt." . $dbt_select;
                            $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                            $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '******'";
                            $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                            $sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
                            // Contact not linked to a company or to a company of user
                            $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                        } else {
                            if (!empty($conf->multicompany->enabled)) {
                                $sql = "SELECT dbt." . $dbt_select;
                                $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                            }
                        }
                    }
                } else {
                    if (in_array($feature, $checkproject)) {
                        if (!empty($conf->projet->enabled) && !$user->rights->projet->all->lire) {
                            include_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
                            $projectstatic = new Project($db);
                            $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
                            $tmparray = explode(',', $tmps);
                            if (!in_array($objectid, $tmparray)) {
                                return false;
                            }
                        } else {
                            $sql = "SELECT dbt." . $dbt_select;
                            $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                            $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                            $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                        }
                    } else {
                        if (!in_array($feature, $nocheck)) {
                            // If external user: Check permission for external users
                            if ($user->societe_id > 0) {
                                if (empty($dbt_keyfield)) {
                                    dol_print_error('', 'Param dbt_keyfield is required but not defined');
                                }
                                $sql = "SELECT dbt." . $dbt_keyfield;
                                $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                $sql .= " WHERE dbt.rowid = " . $objectid;
                                $sql .= " AND dbt." . $dbt_keyfield . " = " . $user->societe_id;
                            } else {
                                if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
                                    if (empty($dbt_keyfield)) {
                                        dol_print_error('', 'Param dbt_keyfield is required but not defined');
                                    }
                                    $sql = "SELECT sc.fk_soc";
                                    $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                    $sql .= ", " . MAIN_DB_PREFIX . "societe as s";
                                    $sql .= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
                                    $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                    $sql .= " AND sc.fk_soc = dbt." . $dbt_keyfield;
                                    $sql .= " AND dbt." . $dbt_keyfield . " = s.rowid";
                                    $sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
                                    $sql .= " AND sc.fk_user = "******"SELECT dbt." . $dbt_select;
                                        $sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
                                        $sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
                                        $sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        //print "sql=".$sql."<br>";
        if ($sql) {
            $resql = $db->query($sql);
            if ($resql) {
                if ($db->num_rows($resql) == 0) {
                    return false;
                }
            } else {
                return false;
            }
        }
    }
    return true;
}
 /**
  *	Show a combo list with projects qualified for a third party
  *
  *	@param	int		$socid      	Id third party (-1=all, 0=only projects not linked to a third party, id=projects not linked or linked to third party id)
  *	@param  int		$selected   	Id project preselected
  *	@param  string	$htmlname   	Nom de la zone html
  *	@param	int		$maxlength		Maximum length of label
  *	@param	int		$option_only	Option only
  *	@param	int		$show_empty		Add an empty line
  *	@return int         			Nber of project if OK, <0 if KO
  */
 function select_projects($socid = -1, $selected = '', $htmlname = 'projectid', $maxlength = 16, $option_only = 0, $show_empty = 1)
 {
     global $user, $conf, $langs;
     require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
     $out = '';
     $hideunselectables = false;
     if (!empty($conf->global->PROJECT_HIDE_UNSELECTABLES)) {
         $hideunselectables = true;
     }
     $projectsListId = false;
     if (empty($user->rights->projet->all->lire)) {
         $projectstatic = new Project($this->db);
         $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
     }
     // Search all projects
     $sql = 'SELECT p.rowid, p.ref, p.title, p.fk_soc, p.fk_statut, p.public';
     $sql .= ' FROM ' . MAIN_DB_PREFIX . 'projet as p';
     $sql .= " WHERE p.entity = " . $conf->entity;
     if ($projectsListId !== false) {
         $sql .= " AND p.rowid IN (" . $projectsListId . ")";
     }
     if ($socid == 0) {
         $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
     }
     if ($socid > 0) {
         $sql .= " AND (p.fk_soc=" . $socid . " OR p.fk_soc IS NULL)";
     }
     $sql .= " ORDER BY p.ref ASC";
     dol_syslog(get_class($this) . "::select_projects sql=" . $sql, LOG_DEBUG);
     $resql = $this->db->query($sql);
     if ($resql) {
         if (empty($option_only)) {
             $out .= '<select class="flat" name="' . $htmlname . '">';
         }
         if (!empty($show_empty)) {
             $out .= '<option value="0">&nbsp;</option>';
         }
         $num = $this->db->num_rows($resql);
         $i = 0;
         if ($num) {
             while ($i < $num) {
                 $obj = $this->db->fetch_object($resql);
                 // If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
                 if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire) {
                     // Do nothing
                 } else {
                     $labeltoshow = dol_trunc($obj->ref, 18);
                     //if ($obj->public) $labeltoshow.=' ('.$langs->trans("SharedProject").')';
                     //else $labeltoshow.=' ('.$langs->trans("Private").')';
                     if (!empty($selected) && $selected == $obj->rowid && $obj->fk_statut > 0) {
                         $out .= '<option value="' . $obj->rowid . '" selected="selected">' . $labeltoshow . ' - ' . dol_trunc($obj->title, $maxlength) . '</option>';
                     } else {
                         $disabled = 0;
                         $labeltoshow .= ' ' . dol_trunc($obj->title, $maxlength);
                         if (!$obj->fk_statut > 0) {
                             $disabled = 1;
                             $labeltoshow .= ' - ' . $langs->trans("Draft");
                         }
                         if ($socid > 0 && (!empty($obj->fk_soc) && $obj->fk_soc != $socid)) {
                             $disabled = 1;
                             $labeltoshow .= ' - ' . $langs->trans("LinkedToAnotherCompany");
                         }
                         if ($hideunselectables && $disabled) {
                             $resultat = '';
                         } else {
                             $resultat = '<option value="' . $obj->rowid . '"';
                             if ($disabled) {
                                 $resultat .= ' disabled="disabled"';
                             }
                             //if ($obj->public) $labeltoshow.=' ('.$langs->trans("Public").')';
                             //else $labeltoshow.=' ('.$langs->trans("Private").')';
                             $resultat .= '>';
                             $resultat .= $labeltoshow;
                             $resultat .= '</option>';
                         }
                         $out .= $resultat;
                     }
                 }
                 $i++;
             }
         }
         if (empty($option_only)) {
             $out .= '</select>';
         }
         print $out;
         $this->db->free($resql);
         return $num;
     } else {
         dol_print_error($this->db);
         return -1;
     }
 }
Example #11
0
	/**
	 * Load indicators for dashboard (this->nbtodo and this->nbtodolate)
	 *
	 * @param	User	$user   Objet user
	 * @return WorkboardResponse|int <0 if KO, WorkboardResponse if OK
	 */
	function load_board($user)
	{
	    global $conf, $langs;
	
	    $mine=0; $socid=$user->societe_id;
	    
	    $projectstatic = new Project($this->db);
	    $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);
	    
	    // List of tasks (does not care about permissions. Filtering will be done later)
	    $sql = "SELECT p.rowid as projectid, p.fk_statut as projectstatus,";
	    $sql.= " t.rowid as taskid, t.progress as progress, t.fk_statut as status,";
	    $sql.= " t.dateo as date_start, t.datee as datee";
        $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
        $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
        if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
        $sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
        $sql.= " WHERE p.entity IN (".getEntity('project').')';
        $sql.= " AND p.fk_statut = 1";
        $sql.= " AND t.fk_projet = p.rowid";
        $sql.= " AND t.progress < 100";         // tasks to do
        if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
        // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
        //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
        if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
        if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = "******") OR (s.rowid IS NULL))";
        //print $sql;
	    $resql=$this->db->query($sql);
	    if ($resql)
	    {
	        $task_static = new Task($this->db);
	
	        $response = new WorkboardResponse();
	        $response->warning_delay = $conf->projet->task->warning_delay/60/60/24;
	        $response->label = $langs->trans("OpenedTasks");
	        if ($user->rights->projet->all->lire) $response->url = DOL_URL_ROOT.'/projet/tasks/list.php?mainmenu=project';
	        else $response->url = DOL_URL_ROOT.'/projet/tasks/list.php?mode=mine&amp;mainmenu=project';
	        $response->img = img_object($langs->trans("Tasks"),"task");
	
	        // This assignment in condition is not a bug. It allows walking the results.
	        while ($obj=$this->db->fetch_object($resql))
	        {
	            $response->nbtodo++;
	
	            $task_static->projectstatus = $obj->projectstatus;
	            $task_static->progress = $obj->progress;
	            $task_static->fk_statut = $obj->status;
	            $task_static->datee = $this->db->jdate($obj->datee);
	
	            if ($task_static->hasDelay()) {
	                $response->nbtodolate++;
	            }
	        }
	
	        return $response;
	    }
	    else
	    {
	        $this->error=$this->db->error();
	        return -1;
	    }
	}
Example #12
0
/**
 *	Check permissions of a user to show a page and an object. Check read permission
 * 	If $_REQUEST['action'] defined, we also check write and delete permission.
 *	@param      user      	  	User to check
 *	@param      features	    Features to check (in most cases, it's module name)
 *	@param      objectid      	Object ID if we want to check permission on a particular record (optionnal)
 *	@param      dbtablename    	Table name where object is stored. Not used if objectid is null (optionnal)
 *	@param      feature2		Feature to check (second level of permission)
 *  @param      dbt_keyfield    Field name for socid foreign key if not fk_soc. (optionnal)
 *  @param      dbt_select      Field name for select if not rowid. (optionnal)
 * 	@return		int				Always 1, die process if not allowed
 */
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
    global $db, $conf;

    //dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
    if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";

    //print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
    //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
    //print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";

    // More features to check
    $features = explode("&",$features);
    //var_dump($features);

    // Check read permission from module
    // TODO Replace "feature" param by permission for reading
    $readok=1;
    foreach ($features as $feature)
    {
        if ($feature == 'societe')
        {
            if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
        }
        else if ($feature == 'contact')
        {
            if (! $user->rights->societe->contact->lire) $readok=0;
        }
        else if ($feature == 'produit|service')
        {
            if (! $user->rights->produit->lire && ! $user->rights->service->lire) $readok=0;
        }
        else if ($feature == 'prelevement')
        {
            if (! $user->rights->prelevement->bons->lire) $readok=0;
        }
        else if ($feature == 'commande_fournisseur')
        {
            if (! $user->rights->fournisseur->commande->lire) $readok=0;
        }
        else if ($feature == 'cheque')
        {
            if (! $user->rights->banque->cheque) $readok=0;
        }
        else if ($feature == 'projet')
        {
            if (! $user->rights->projet->lire && ! $user->rights->projet->all->lire) $readok=0;
        }
        else if (! empty($feature2))	// This should be used for future changes
        {
            if (empty($user->rights->$feature->$feature2->lire)
            && empty($user->rights->$feature->$feature2->read)) $readok=0;
        }
        else if (! empty($feature) && ($feature!='user' && $feature!='usergroup'))		// This is for old permissions
        {
            if (empty($user->rights->$feature->lire)
            && empty($user->rights->$feature->read)
            && empty($user->rights->$feature->run)) $readok=0;
        }
    }

    if (! $readok)
    {
        //print "Read access is down";
        accessforbidden();
    }
    //print "Read access is ok";

    // Check write permission from module
    $createok=1;
    if ( GETPOST("action") && GETPOST("action")  == 'create')
    {
        foreach ($features as $feature)
        {
            if ($feature == 'contact')
            {
                if (! $user->rights->societe->contact->creer) $createok=0;
            }
            else if ($feature == 'produit|service')
            {
                if (! $user->rights->produit->creer && ! $user->rights->service->creer) $createok=0;
            }
            else if ($feature == 'prelevement')
            {
                if (! $user->rights->prelevement->bons->creer) $createok=0;
            }
            else if ($feature == 'commande_fournisseur')
            {
                if (! $user->rights->fournisseur->commande->creer) $createok=0;
            }
            else if ($feature == 'banque')
            {
                if (! $user->rights->banque->modifier) $createok=0;
            }
            else if ($feature == 'cheque')
            {
                if (! $user->rights->banque->cheque) $createok=0;
            }
            else if (! empty($feature2))	// This should be used for future changes
            {
                if (empty($user->rights->$feature->$feature2->creer)
                && empty($user->rights->$feature->$feature2->write)) $createok=0;
            }
            else if (! empty($feature))		// This is for old permissions
            {
                //print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
                if (empty($user->rights->$feature->creer)
                && empty($user->rights->$feature->write)) $createok=0;
            }
        }

        if (! $createok) accessforbidden();
        //print "Write access is ok";
    }

    // Check create user permission
    $createuserok=1;
    if ( GETPOST("action") && (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') )
    {
        if (! $user->rights->user->user->creer) $createuserok=0;

        if (! $createuserok) accessforbidden();
        //print "Create user access is ok";
    }

    // Check delete permission from module
    $deleteok=1;
    if ( GETPOST("action") && ( (GETPOST("action")  == 'confirm_delete' && GETPOST("confirm") && GETPOST("confirm") == 'yes') || GETPOST("action")  == 'delete') )
    {
        foreach ($features as $feature)
        {
            if ($feature == 'contact')
            {
                if (! $user->rights->societe->contact->supprimer) $deleteok=0;
            }
            else if ($feature == 'produit|service')
            {
                if (! $user->rights->produit->supprimer && ! $user->rights->service->supprimer) $deleteok=0;
            }
            else if ($feature == 'commande_fournisseur')
            {
                if (! $user->rights->fournisseur->commande->supprimer) $deleteok=0;
            }
            else if ($feature == 'banque')
            {
                if (! $user->rights->banque->modifier) $deleteok=0;
            }
            else if ($feature == 'cheque')
            {
                if (! $user->rights->banque->cheque) $deleteok=0;
            }
            else if ($feature == 'ecm')
            {
                if (! $user->rights->ecm->upload) $deleteok=0;
            }
            else if ($feature == 'ftp')
            {
                if (! $user->rights->ftp->write) $deleteok=0;
            }
            else if (! empty($feature2))	// This should be used for future changes
            {
                if (empty($user->rights->$feature->$feature2->supprimer)
                && empty($user->rights->$feature->$feature2->delete)) $deleteok=0;
            }
            else if (! empty($feature))		// This is for old permissions
            {
                //print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
                if (empty($user->rights->$feature->supprimer)
                && empty($user->rights->$feature->delete)) $deleteok=0;
            }
        }

        //print "Delete access is ko";
        if (! $deleteok) accessforbidden();
        //print "Delete access is ok";
    }

    // If we have a particular object to check permissions on, we check this object
    // is linked to a company allowed to $user.
    if (! empty($objectid) && $objectid > 0)
    {
        foreach ($features as $feature)
        {
            $sql='';

            $check = array('banque','user','usergroup','produit','service','produit|service'); // Test on entity only (Objects with no link to company)
            $checksoc = array('societe');	 // Test for societe object
            $checkother = array('contact');	 // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
            $checkproject = array('projet'); // Test for project object
            $nocheck = array('categorie','barcode','stock','fournisseur');	// No test
            $checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).

            // If dbtable not defined, we use same name for table than module name
            if (empty($dbtablename)) $dbtablename = $feature;

            // Check permission for object with entity
            if (in_array($feature,$check))
            {
                $sql = "SELECT dbt.".$dbt_select;
                $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
                $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
            }
            else if (in_array($feature,$checksoc))
            {
                // If external user: Check permission for external users
                if ($user->societe_id > 0)
                {
                    if ($user->societe_id <> $objectid) accessforbidden();
                }
                // If internal user: Check permission for internal users that are restricted on their objects
                else if (! $user->rights->societe->client->voir)
                {
                    $sql = "SELECT sc.fk_soc";
                    $sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
                    $sql.= ", ".MAIN_DB_PREFIX."societe as s)";
                    $sql.= " WHERE sc.fk_soc = ".$objectid;
                    $sql.= " AND sc.fk_user = "******" AND sc.fk_soc = s.rowid";
                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
                {
                    $sql = "SELECT s.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
                    $sql.= " WHERE s.rowid = ".$objectid;
                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                }
            }
            else if (in_array($feature,$checkother))
            {
                // If external user: Check permission for external users
                if ($user->societe_id > 0)
                {
                    $sql = "SELECT dbt.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND dbt.fk_soc = ".$user->societe_id;
                }
                // If internal user: Check permission for internal users that are restricted on their objects
                else if (! $user->rights->societe->client->voir)
                {
                    $sql = "SELECT dbt.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '******'";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";	// Contact not linked to a company or to a company of user
                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                }
                // If multicompany and internal users with all permissions, check user is in correct entity
                else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
                {
                    $sql = "SELECT dbt.rowid";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                }
            }
            else if (in_array($feature,$checkproject))
            {
                if (! $user->rights->projet->all->lire)
                {
                    include_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
                    $projectstatic=new Project($db);
                    $tmps=$projectstatic->getProjectsAuthorizedForUser($user,0,1,$user->societe_id);
                    $tmparray=explode(',',$tmps);
                    if (! in_array($objectid,$tmparray)) accessforbidden();
                }
            }
            else if (! in_array($feature,$nocheck))	// By default we check with link to third party
            {
                // If external user: Check permission for external users
                if ($user->societe_id > 0)
                {
                    $sql = "SELECT dbt.".$dbt_keyfield;
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.rowid = ".$objectid;
                    $sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
                }
                // If internal user: Check permission for internal users that are restricted on their objects
                else if (! $user->rights->societe->client->voir)
                {
                    $sql = "SELECT sc.fk_soc";
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= ", ".MAIN_DB_PREFIX."societe as s";
                    $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
                    $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
                    $sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
                    $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                    $sql.= " AND sc.fk_user = "******"SELECT dbt.".$dbt_select;
                    $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
                    $sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
                    $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
                }
            }

            //print $sql."<br>";
            if ($sql)
            {
                $resql=$db->query($sql);
                if ($resql)
                {
                    if ($db->num_rows($resql) == 0)	accessforbidden();
                }
                else
                {
                    dol_syslog("functions.lib:restrictedArea sql=".$sql, LOG_ERR);
                    accessforbidden();
                }
            }
        }
    }

    return 1;
}
Example #13
0
$prev = dol_getdate($daytoparse - (24 * 3600));
$prev_year  = $prev['year'];
$prev_month = $prev['mon'];
$prev_day   = $prev['mday'];

$next = dol_getdate($daytoparse + (24 * 3600));
$next_year  = $next['year'];
$next_month = $next['mon'];
$next_day   = $next['mday'];

$title=$langs->trans("TimeSpent");
if ($mine) $title=$langs->trans("MyTimeSpent");

$usertoprocess = $user;

$projectsListId = $projectstatic->getProjectsAuthorizedForUser($usertoprocess,0,1);  // Return all project i have permission on. I want my tasks and some of my task may be on a public projet that is not my project

if ($id)
{
    $project->fetch($id);
    $project->fetch_thirdparty();
}

$onlyopenedproject=1;	// or -1
$tasksarray=$taskstatic->getTasksArray(0, 0, ($project->id?$project->id:0), $socid, 0, '', $onlyopenedproject);    // We want to see all task of opened project i am allowed to see, not only mine. Later only mine will be editable later.
$projectsrole=$taskstatic->getUserRolesForProjectsOrTasks($usertoprocess, 0, ($project->id?$project->id:0), 0, $onlyopenedproject);
$tasksrole=$taskstatic->getUserRolesForProjectsOrTasks(0, $usertoprocess, ($project->id?$project->id:0), 0, $onlyopenedproject);
//var_dump($tasksarray);
//var_dump($projectsrole);
//var_dump($taskrole);
Example #14
0
/**
 *		\brief      Show a combo list with projects qualified for a third party
 *		\param      socid       Id third party (-1=all, 0=only projects not linked to a third party, id=projects not linked or linked to third party id)
 *		\param      selected    Id project preselected
 *		\param      htmlname    Nom de la zone html
 *		\return     int         Nbre of project if OK, <0 if KO
 */
function select_projects($socid = -1, $selected = '', $htmlname = 'projectid')
{
    global $db, $user, $conf, $langs;
    $projectstatic = new Project($db);
    $projectsListId = '';
    if (empty($user->rights->projet->all->lire)) {
        $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
    }
    // On recherche les projets
    $sql = 'SELECT p.rowid, p.ref, p.title, p.fk_soc, p.fk_statut, p.public';
    $sql .= ' FROM ' . MAIN_DB_PREFIX . 'projet as p';
    $sql .= " WHERE p.entity = " . $conf->entity;
    if ($projectsListId) {
        $sql .= " AND p.rowid in (" . $projectsListId . ")";
    }
    if ($socid == 0) {
        $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
    }
    //if ($socid > 0) $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc='0' OR p.fk_soc IS NULL)";	// We will filter later
    $sql .= " ORDER BY p.title ASC";
    //print $sql;
    //var_dump($user->rights);
    dol_syslog("project.lib::select_projects sql=" . $sql);
    $resql = $db->query($sql);
    if ($resql) {
        print '<select class="flat" name="' . $htmlname . '">';
        print '<option value="0">&nbsp;</option>';
        $num = $db->num_rows($resql);
        $i = 0;
        if ($num) {
            while ($i < $num) {
                $obj = $db->fetch_object($resql);
                // If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
                if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire) {
                    // Do nothing
                } else {
                    $labeltoshow = dol_trunc($obj->ref, 16);
                    //if ($obj->public) $labeltoshow.=' ('.$langs->trans("SharedProject").')';
                    //else $labeltoshow.=' ('.$langs->trans("Private").')';
                    if (!empty($selected) && $selected == $obj->rowid && $obj->fk_statut > 0) {
                        print '<option value="' . $obj->rowid . '" selected="selected">' . $labeltoshow . '</option>';
                    } else {
                        $disabled = 0;
                        print '<option value="' . $obj->rowid . '"';
                        if (!$obj->fk_statut > 0) {
                            $disabled = 1;
                            $labeltoshow .= ' - ' . $langs->trans("Draft");
                        }
                        if ($socid > 0 && (!empty($obj->fk_soc) && $obj->fk_soc != $socid)) {
                            $disabled = 1;
                            $labeltoshow .= ' - ' . $langs->trans("LinkedToAnotherCompany");
                        }
                        if ($disabled == 1) {
                            print ' disabled="true"';
                        } else {
                            $labeltoshow .= ' - ' . dol_trunc($obj->title, 12);
                        }
                        //if ($obj->public) $labeltoshow.=' ('.$langs->trans("Public").')';
                        //else $labeltoshow.=' ('.$langs->trans("Private").')';
                        print '>' . $labeltoshow . '</option>';
                    }
                }
                $i++;
            }
        }
        print '</select>';
        $db->free($resql);
        return $num;
    } else {
        dol_print_error($db);
        return -1;
    }
}
/**
 *	Override de la fonction classique de la class FormProject
 *  Show a combo list with projects qualified for a third party
 *
 *	@param	int		$socid      	Id third party (-1=all, 0=only projects not linked to a third party, id=projects not linked or linked to third party id)
 *	@param  int		$selected   	Id project preselected
 *	@param  string	$htmlname   	Nom de la zone html
 *	@param	int		$maxlength		Maximum length of label
 *	@param	int		$option_only	Option only
 *	@param	int		$show_empty		Add an empty line
 *	@return string         		    select or options if OK, void if KO
 */
function custom_select_projects($socid = -1, $selected = '', $htmlname = 'projectid', $type_aff = 'view', $maxlength = 25, $option_only = 0, $show_empty = 1)
{
    global $user, $conf, $langs, $db;
    require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
    $out = '';
    if ($type_aff == 'view') {
        if ($selected > 0) {
            $project = new Project($db);
            $project->fetch($selected);
            //return dol_trunc($project->ref,18).' - '.dol_trunc($project->title,$maxlength);
            return $project->getNomUrl(1) . ' - ' . dol_trunc($project->title, $maxlength);
        } else {
            return $out;
        }
    }
    $hideunselectables = false;
    if (!empty($conf->global->PROJECT_HIDE_UNSELECTABLES)) {
        $hideunselectables = true;
    }
    $projectsListId = false;
    if (empty($user->rights->projet->all->lire)) {
        $projectstatic = new Project($db);
        $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1);
    }
    // Search all projects
    $sql = 'SELECT p.rowid, p.ref, p.title, p.fk_soc, p.fk_statut, p.public';
    $sql .= ' FROM ' . MAIN_DB_PREFIX . 'projet as p';
    $sql .= " WHERE p.entity IN (" . getEntity('project', 1) . ")";
    if ($projectsListId !== false) {
        $sql .= " AND p.rowid IN (" . $projectsListId . ")";
    }
    if ($socid == 0) {
        $sql .= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
    }
    if ($socid > 0) {
        $sql .= " AND (p.fk_soc=" . $socid . " OR p.fk_soc IS NULL)";
    }
    $sql .= " ORDER BY p.ref ASC";
    $resql = $db->query($sql);
    if ($resql) {
        if (empty($option_only)) {
            $out .= '<select class="flat" name="' . $htmlname . '">';
        }
        if (!empty($show_empty)) {
            $out .= '<option value="0">&nbsp;</option>';
        }
        $num = $db->num_rows($resql);
        $i = 0;
        if ($num) {
            while ($i < $num) {
                $obj = $db->fetch_object($resql);
                // If we ask to filter on a company and user has no permission to see all companies and project is linked to another company, we hide project.
                if ($socid > 0 && (empty($obj->fk_soc) || $obj->fk_soc == $socid) && !$user->rights->societe->lire) {
                    // Do nothing
                } else {
                    $labeltoshow = dol_trunc($obj->ref, 18);
                    //if ($obj->public) $labeltoshow.=' ('.$langs->trans("SharedProject").')';
                    //else $labeltoshow.=' ('.$langs->trans("Private").')';
                    if (!empty($selected) && $selected == $obj->rowid && $obj->fk_statut > 0) {
                        $out .= '<option value="' . $obj->rowid . '" selected="selected">' . $labeltoshow . ' - ' . dol_trunc($obj->title, $maxlength) . '</option>';
                    } else {
                        $disabled = 0;
                        $labeltoshow .= ' ' . dol_trunc($obj->title, $maxlength);
                        if (!$obj->fk_statut > 0) {
                            $disabled = 1;
                            $labeltoshow .= ' - ' . $langs->trans("Draft");
                        }
                        if ($socid > 0 && (!empty($obj->fk_soc) && $obj->fk_soc != $socid)) {
                            $disabled = 1;
                            $labeltoshow .= ' - ' . $langs->trans("LinkedToAnotherCompany");
                        }
                        if ($hideunselectables && $disabled) {
                            $resultat = '';
                        } else {
                            $resultat = '<option value="' . $obj->rowid . '"';
                            if ($disabled) {
                                $resultat .= ' disabled="disabled"';
                            }
                            //if ($obj->public) $labeltoshow.=' ('.$langs->trans("Public").')';
                            //else $labeltoshow.=' ('.$langs->trans("Private").')';
                            $resultat .= '>';
                            $resultat .= $labeltoshow;
                            $resultat .= '</option>';
                        }
                        $out .= $resultat;
                    }
                }
                $i++;
            }
        }
        if (empty($option_only)) {
            $out .= '</select>';
        }
        if ($conf->cliacropose->enabled) {
            // TODO c'est naze, à refaire en utilisant la vraie autocompletion dispo depuis dolibarr 3.8 pour utiliser l'auto complete projets de doli si active (j'avais rajouté un script ajax/projects.php pour acropose)
            // Autocomplétion
            if (isset($selected)) {
                $p = new Project($db);
                $p->fetch($selected);
                $selected_value = $p->ref;
            }
            $out = ajax_autocompleter($selected, $htmlname, DOL_URL_ROOT . '/projet/ajax/projects.php', $urloption, 1);
            $out .= '<input type="text" size="20" name="search_' . $htmlname . '" id="search_' . $htmlname . '" value="' . $selected_value . '"' . $placeholder . ' />';
        }
        $db->free($resql);
        return $out;
    } else {
        dol_print_error($db);
        return '';
    }
}