function _printHeader(&$langs, &$user)
{
llxHeader('', $langs->trans('PaymentImport'), '', '');
if (!$user->rights->facture->paiement) {
accessforbidden();
}
}
static function checkVersion(&$DoliDb, $moduleName)
{
global $conf;
if (class_exists($moduleName)) {
$conf_name = 'ATM_MODULE_VERSION_' . strtoupper($moduleName);
$mod = new $moduleName($DoliDb);
if (!empty($mod->version)) {
$version = $mod->version;
if ($conf->global->{$conf_name} != $version) {
$message = "Your module wasn't updated (v" . $conf->global->{$conf_name} . " != " . $version . "). Please reload it or launch the update of database script";
accessforbidden($message);
}
}
}
}
* \file htdocs/livraison/fiche.php
* \ingroup livraison
* \brief Fiche descriptive d'un bon de livraison=reception
* \version $Id: fiche.php,v 1.114 2011/07/31 23:24:38 eldy Exp $
*/
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/livraison/class/livraison.class.php");
require_once(DOL_DOCUMENT_ROOT."/includes/modules/livraison/modules_livraison.php");
require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
require_once(DOL_DOCUMENT_ROOT."/lib/sendings.lib.php");
if ($conf->product->enabled || $conf->service->enabled) require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
if ($conf->expedition_bon->enabled) require_once(DOL_DOCUMENT_ROOT."/expedition/class/expedition.class.php");
if ($conf->stock->enabled) require_once(DOL_DOCUMENT_ROOT."/product/stock/class/entrepot.class.php");
if (!$user->rights->expedition->livraison->lire) accessforbidden();
$langs->load("sendings");
$langs->load("bills");
$langs->load('deliveries');
// Security check
$id = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'expedition',$id,'livraison','livraison');
/*
* Actions
*/
}
print '<br>';
} else {
if ($id > 0 || !empty($ref)) {
/*
* Show object in view mode
*/
$result = $object->fetch($id, $ref);
if ($result <= 0) {
dol_print_error($db, $object->error);
exit;
}
// fetch optionals attributes and labels
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
if ($user->societe_id > 0 && $user->societe_id != $object->socid) {
accessforbidden('', 0);
}
$result = $object->fetch_thirdparty();
$soc = new Societe($db);
$result = $soc->fetch($object->socid);
if ($result < 0) {
dol_print_error($db);
}
$selleruserevenustamp = $mysoc->useRevenueStamp();
$totalpaye = $object->getSommePaiement();
$totalcreditnotes = $object->getSumCreditNotesUsed();
$totaldeposits = $object->getSumDepositsUsed();
// print "totalpaye=".$totalpaye." totalcreditnotes=".$totalcreditnotes." totaldeposts=".$totaldeposits."
// selleruserrevenuestamp=".$selleruserevenustamp;
// We can also use bcadd to avoid pb with floating points
// For example print 239.2 - 229.3 - 9.9; does not return 0.
require_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
require_once(DOL_DOCUMENT_ROOT."/projet/class/task.class.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/project.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/date.lib.php");
$langs->load('projects');
$langs->load('users');
$id=GETPOST('id','int');
$search_product=GETPOST('search_product');
// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
if (!$user->rights->projet->lire) accessforbidden();
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
$page = is_numeric($page) ? $page : 0;
$page = $page == -1 ? 0 : $page;
$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
/*
* View
*/
/**
* Check permissions of a user to show a page and an object. Check read permission.
* If GETPOST('action') defined, we also check write and delete permission.
*
* @param User $user User to check
* @param string $features Features to check (in most cases, it's module name. Examples: 'societe', 'contact', 'produit|service', ...)
* @param int $objectid Object ID if we want to check permission on a particular record (optionnal)
* @param string $dbtablename 'TableName&SharedElement' with Tablename is table where object is stored, SharedElement is key to define where to check entity. Not used if objectid is null (optionnal)
* @param string $feature2 Feature to check, second level of permission (optionnal)
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc (optionnal)
* @param string $dbt_select Field name for select if not rowid (optionnal)
* @param Canvas $objcanvas Object canvas
* @return int Always 1, die process if not allowed
*/
function restrictedArea($user, $features, $objectid = 0, $dbtablename = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $objcanvas = null)
{
global $db, $conf;
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";
// If we use canvas, we try to use function that overlod restrictarea if provided with canvas
if (is_object($objcanvas)) {
if (method_exists($objcanvas->control, 'restrictedArea')) {
return $objcanvas->control->restrictedArea($user, $features, $objectid, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
}
}
if ($dbt_select != 'rowid') {
$objectid = "'" . $objectid . "'";
}
// More features to check
$features = explode("&", $features);
// More parameters
$params = explode('&', $dbtablename);
$dbtablename = !empty($params[0]) ? $params[0] : '';
$sharedelement = !empty($params[1]) ? $params[1] : '';
// Check read permission from module
// TODO Replace "feature" param into caller by first level of permission
$readok = 1;
foreach ($features as $feature) {
if ($feature == 'societe') {
if (!$user->rights->societe->lire && !$user->rights->fournisseur->lire) {
$readok = 0;
}
} else {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->lire) {
$readok = 0;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->lire && !$user->rights->service->lire) {
$readok = 0;
}
} else {
if ($feature == 'prelevement') {
if (!$user->rights->prelevement->bons->lire) {
$readok = 0;
}
} else {
if ($feature == 'commande_fournisseur') {
if (!$user->rights->fournisseur->commande->lire) {
$readok = 0;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$readok = 0;
}
} else {
if ($feature == 'projet') {
if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) {
$readok = 0;
}
} else {
if (!empty($feature2)) {
if (empty($user->rights->{$feature}->{$feature2}->lire) && empty($user->rights->{$feature}->{$feature2}->read)) {
$readok = 0;
}
} else {
if (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {
if (empty($user->rights->{$feature}->lire) && empty($user->rights->{$feature}->read) && empty($user->rights->{$feature}->run)) {
$readok = 0;
}
}
}
}
}
}
}
}
}
}
}
if ($user->admin) {
return 1;
}
if (!$readok) {
accessforbidden();
}
//print "Read access is ok";
// Check write permission from module
$createok = 1;
if (GETPOST("action") == 'create') {
foreach ($features as $feature) {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->creer) {
$createok = 0;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->creer && !$user->rights->service->creer) {
$createok = 0;
}
} else {
if ($feature == 'prelevement') {
if (!$user->rights->prelevement->bons->creer) {
$createok = 0;
}
} else {
if ($feature == 'commande_fournisseur') {
if (!$user->rights->fournisseur->commande->creer) {
$createok = 0;
}
} else {
if ($feature == 'banque') {
if (!$user->rights->banque->modifier) {
$createok = 0;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$createok = 0;
}
} else {
if (!empty($feature2)) {
if (empty($user->rights->{$feature}->{$feature2}->creer) && empty($user->rights->{$feature}->{$feature2}->write)) {
$createok = 0;
}
} else {
if (!empty($feature)) {
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
if (empty($user->rights->{$feature}->creer) && empty($user->rights->{$feature}->write)) {
$createok = 0;
}
}
}
}
}
}
}
}
}
}
if ($user->admin) {
$createok = 1;
}
if (!$createok) {
accessforbidden();
}
//print "Write access is ok";
}
// Check create user permission
$createuserok = 1;
if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') {
if (!$user->rights->user->user->creer) {
$createuserok = 0;
}
if (!$createuserok) {
accessforbidden();
}
//print "Create user access is ok";
}
// Check delete permission from module
$deleteok = 1;
if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes' || GETPOST("action") == 'delete') {
foreach ($features as $feature) {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'commande_fournisseur') {
if (!$user->rights->fournisseur->commande->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'banque') {
if (!$user->rights->banque->modifier) {
$deleteok = 0;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$deleteok = 0;
}
} else {
if ($feature == 'ecm') {
if (!$user->rights->ecm->upload) {
$deleteok = 0;
}
} else {
if ($feature == 'ftp') {
if (!$user->rights->ftp->write) {
$deleteok = 0;
}
} else {
if (!empty($feature2)) {
if (empty($user->rights->{$feature}->{$feature2}->supprimer) && empty($user->rights->{$feature}->{$feature2}->delete)) {
$deleteok = 0;
}
} else {
if (!empty($feature)) {
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
if (empty($user->rights->{$feature}->supprimer) && empty($user->rights->{$feature}->delete)) {
$deleteok = 0;
}
}
}
}
}
}
}
}
}
}
}
//print "Delete access is ko";
if (!$deleteok) {
accessforbidden();
}
//print "Delete access is ok";
}
// If we have a particular object to check permissions on, we check this object
// is linked to a company allowed to $user.
if (!empty($objectid) && $objectid > 0) {
foreach ($features as $feature) {
$sql = '';
$check = array('adherent', 'banque', 'user', 'usergroup', 'produit', 'service', 'produit|service', 'categorie');
// Test on entity only (Objects with no link to company)
$checksoc = array('societe');
// Test for societe object
$checkother = array('contact');
// Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet');
// Test for project object
$nocheck = array('barcode', 'stock', 'fournisseur');
// No test
$checkdefault = 'all other not already defined';
// Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtable not defined, we use same name for table than module name
if (empty($dbtablename)) {
$dbtablename = $feature;
}
// Check permission for object with entity
if (in_array($feature, $check)) {
$sql = "SELECT dbt." . $dbt_select;
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
if (($feature == 'user' || $feature == 'usergroup') && !empty($conf->multicompany->enabled) && $conf->entity == 1 && $user->admin && !$user->entity) {
$sql .= " AND dbt.entity IS NOT NULL";
} else {
$sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
}
} else {
if (in_array($feature, $checksoc)) {
// If external user: Check permission for external users
if ($user->societe_id > 0) {
if ($user->societe_id != $objectid) {
accessforbidden();
}
} else {
if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
$sql = "SELECT sc.fk_soc";
$sql .= " FROM (" . MAIN_DB_PREFIX . "societe_commerciaux as sc";
$sql .= ", " . MAIN_DB_PREFIX . "societe as s)";
$sql .= " WHERE sc.fk_soc = " . $objectid;
$sql .= " AND sc.fk_user = "******" AND sc.fk_soc = s.rowid";
$sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
} else {
if (!empty($conf->multicompany->enabled)) {
$sql = "SELECT s.rowid";
$sql .= " FROM " . MAIN_DB_PREFIX . "societe as s";
$sql .= " WHERE s.rowid = " . $objectid;
$sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
}
}
}
} else {
if (in_array($feature, $checkother)) {
// If external user: Check permission for external users
if ($user->societe_id > 0) {
$sql = "SELECT dbt.rowid";
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt.rowid = " . $objectid;
$sql .= " AND dbt.fk_soc = " . $user->societe_id;
} else {
if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
$sql = "SELECT dbt.rowid";
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '******'";
$sql .= " WHERE dbt.rowid = " . $objectid;
$sql .= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
// Contact not linked to a company or to a company of user
$sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
} else {
if (!empty($conf->multicompany->enabled)) {
$sql = "SELECT dbt.rowid";
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt.rowid = " . $objectid;
$sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
}
}
}
} else {
if (in_array($feature, $checkproject)) {
if (!empty($conf->projet->enabled) && !$user->rights->projet->all->lire) {
include_once DOL_DOCUMENT_ROOT . "/projet/class/project.class.php";
$projectstatic = new Project($db);
$tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
$tmparray = explode(',', $tmps);
if (!in_array($objectid, $tmparray)) {
accessforbidden();
}
} else {
$sql = "SELECT dbt." . $dbt_select;
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
$sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
}
} else {
if (!in_array($feature, $nocheck)) {
// If external user: Check permission for external users
if ($user->societe_id > 0) {
$sql = "SELECT dbt." . $dbt_keyfield;
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt.rowid = " . $objectid;
$sql .= " AND dbt." . $dbt_keyfield . " = " . $user->societe_id;
} else {
if (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
$sql = "SELECT sc.fk_soc";
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= ", " . MAIN_DB_PREFIX . "societe as s";
$sql .= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc";
$sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
$sql .= " AND sc.fk_soc = dbt." . $dbt_keyfield;
$sql .= " AND dbt." . $dbt_keyfield . " = s.rowid";
$sql .= " AND s.entity IN (" . getEntity($sharedelement, 1) . ")";
$sql .= " AND sc.fk_user = "******"SELECT dbt." . $dbt_select;
$sql .= " FROM " . MAIN_DB_PREFIX . $dbtablename . " as dbt";
$sql .= " WHERE dbt." . $dbt_select . " = " . $objectid;
$sql .= " AND dbt.entity IN (" . getEntity($sharedelement, 1) . ")";
}
}
}
}
}
}
}
}
//print $sql."<br>";
if ($sql) {
$resql = $db->query($sql);
if ($resql) {
if ($db->num_rows($resql) == 0) {
accessforbidden();
}
} else {
dol_syslog("security.lib:restrictedArea sql=" . $sql, LOG_ERR);
accessforbidden();
}
}
}
}
return 1;
}
require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php';
// Init vars
$errmsg = '';
$num = 0;
$error = 0;
$backtopage = GETPOST('backtopage', 'alpha');
$action = GETPOST('action', 'alpha');
// Load translation files
$langs->load("main");
$langs->load("members");
$langs->load("companies");
$langs->load("install");
$langs->load("other");
// Security check
if (empty($conf->adherent->enabled)) {
accessforbidden('', 0, 0, 1);
}
if (empty($conf->global->MEMBER_ENABLE_PUBLIC)) {
print $langs->trans("Auto subscription form for public visitors has not been enabled");
exit;
}
$extrafields = new ExtraFields($db);
/**
* Show header for new member
*
* @param string $title Title
* @param string $head Head array
* @param int $disablejs More content into html header
* @param int $disablehead More content into html header
* @param array $arrayofjs Array of complementary js files
* @param array $arrayofcss Array of complementary css files
*/
/**
\file htdocs/commande/note.php
\ingroup commande
\brief Fiche de notes sur une commande
\version $Id: note.php,v 1.24 2011/07/31 22:23:15 eldy Exp $
*/
require("../main.inc.php");
require_once(DOL_DOCUMENT_ROOT.'/lib/order.lib.php');
require_once(DOL_DOCUMENT_ROOT ."/commande/class/commande.class.php");
$socid=isset($_GET["socid"])?$_GET["socid"]:isset($_POST["socid"])?$_POST["socid"]:"";
if (!$user->rights->commande->lire) accessforbidden();
$langs->load("companies");
$langs->load("bills");
$langs->load("orders");
// Security check
$socid=0;
$comid = isset($_GET["id"])?$_GET["id"]:'';
if ($user->societe_id) $socid=$user->societe_id;
$result=restrictedArea($user,'commande',$comid,'');
$id = $_GET['id'];
$ref= $_GET['ref'];
$commande = new Commande($db);
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/opensurvey/list.php
* \ingroup opensurvey
* \brief Page to list surveys
*/
require_once('../main.inc.php');
require_once(DOL_DOCUMENT_ROOT."/core/lib/admin.lib.php");
require_once(DOL_DOCUMENT_ROOT."/core/lib/files.lib.php");
// Security check
if (!$user->rights->opensurvey->read) accessforbidden();
$action=GETPOST('action');
$id=GETPOST('id','alpha');
$numsondage= $id;
$surveytitle=GETPOST('surveytitle');
$status=GETPOST('status');
//if (! isset($_POST['status']) && ! isset($_GET['status'])) $status='opened'; // If filter unknown, we choose 'opened'
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$limit = GETPOST('limit')?GETPOST('limit','int'):$conf->liste_limit;
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $limit * $page;
$pageprev = $page - 1;
<?php
require 'config.php';
/*
* Statistique sur les postes de travail de l'ordonnancement
*/
if (!$conf->workstation->enabled) {
accessforbidden($lang->trans('moduleWorkstationNeeded'));
}
if (!$conf->report->enabled) {
accessforbidden($lang->trans('moduleReportNeeded'));
}
define('INC_FROM_DOLIBARR', true);
dol_include_once('/workstation/config.php');
dol_include_once('/report/class/dashboard.class.php');
$PDOdb = new TPDOdb();
$TWS = TWorkstation::getWorstations($PDOdb, false);
llxHeader('', $langs->trans('OrdonnancementStat'));
print_fiche_titre('Filtres');
echo '<div class="tabBar">';
$form1 = new TFormcore('auto', 'form1', 'post');
echo '<table>';
?>
<tr>
<td>Date de début : </td>
<td><?php
echo $form1->calendrier('', 'date_deb', $_REQUEST['date_deb'] ? $_REQUEST['date_deb'] : '');
?>
</td>
</tr>
<tr>
}
}
}
}
if (!defined('NOLOGIN')) {
// If the login is not recovered, it is identified with an account that does not exist.
// Hacking attempt?
if (!$user->login) {
accessforbidden();
}
// Check if user is active
if ($user->statut < 1) {
// If not active, we refuse the user
$langs->load("other");
dol_syslog("Authentification ko as login is disabled");
accessforbidden($langs->trans("ErrorLoginDisabled"));
exit;
}
// Load permissions
$user->getrights();
}
dol_syslog("--- Access to " . $_SERVER["PHP_SELF"]);
//Another call for easy debugg
//dol_syslog("Access to ".$_SERVER["PHP_SELF"].' GET='.join(',',array_keys($_GET)).'->'.join(',',$_GET).' POST:'.join(',',array_keys($_POST)).'->'.join(',',$_POST));
// Load main languages files
if (!defined('NOREQUIRETRAN')) {
$langs->load("main");
$langs->load("dict");
}
// Define some constants used for style of arrays
$bc = array(0 => 'class="impair"', 1 => 'class="pair"');
/**
* \brief Check if user has read permission on project
* @param user Object user to evaluate
* @param noprint 0=Print forbidden message if no permission, 1=Return -1 if no permission
*/
function restrictedProjectArea($user,$noprint=0)
{
// To verify role of users
$userAccess = 0;
if ($user->rights->projet->all->lire)
{
$userAccess = 1;
}
else if ($this->public && $user->rights->projet->lire)
{
$userAccess = 1;
}
else
{
foreach(array('internal','external') as $source)
{
$userRole = $this->liste_contact(4,$source);
$num=sizeof($userRole);
$nblinks = 0;
while ($nblinks < $num)
{
if (preg_match('/PROJECT/',$userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
{
$userAccess++;
}
$nblinks++;
}
}
//if (empty($nblinks)) // If nobody has permission, we grant creator
//{
// if ((!empty($this->user_author_id) && $this->user_author_id == $user->id))
// {
// $userAccess = 1;
// }
//}
}
if (! $userAccess)
{
if (!$noprint)
{
accessforbidden('',0);
}
else
{
return -1;
}
}
return $userAccess;
}
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/comm/mailing/liste.php
* \ingroup mailing
* \brief Liste des mailings
* \version $Id: liste.php,v 1.23 2011/08/03 00:46:33 eldy Exp $
*/
require("../../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/comm/mailing/class/mailing.class.php");
$langs->load("mails");
if (!$user->rights->mailing->lire) accessforbidden();
// Securite acces client
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
/**
* Check permissions of a user to show a page and an object. Check read permission.
* If GETPOST('action') defined, we also check write and delete permission.
*
* @param User $user User to check
* @param string $features Features to check (it must be module name. Examples: 'societe', 'contact', 'produit&service', 'produit|service', ...)
* @param int $objectid Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
* @param string $tableandshare 'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity. Not used if objectid is null (optional)
* @param string $feature2 Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
* @param string $dbt_keyfield Field name for socid foreign key if not fk_soc. Not used if objectid is null (optional)
* @param string $dbt_select Field name for select if not rowid. Not used if objectid is null (optional)
* @param Canvas $objcanvas Object canvas
* @return int Always 1, die process if not allowed
*/
function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $feature2 = '', $dbt_keyfield = 'fk_soc', $dbt_select = 'rowid', $objcanvas = null)
{
global $db, $conf;
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", perm: ".$features."->".$feature2."=".($user->rights->$features->$feature2->lire)."<br>";
// If we use canvas, we try to use function that overlod restrictarea if provided with canvas
if (is_object($objcanvas)) {
if (method_exists($objcanvas->control, 'restrictedArea')) {
return $objcanvas->control->restrictedArea($user, $features, $objectid, $dbtablename, $feature2, $dbt_keyfield, $dbt_select);
}
}
if ($dbt_select != 'rowid' && $dbt_select != 'id') {
$objectid = "'" . $objectid . "'";
}
// Features/modules to check
$featuresarray = array($features);
if (preg_match('/&/', $features)) {
$featuresarray = explode("&", $features);
} else {
if (preg_match('/\\|/', $features)) {
$featuresarray = explode("|", $features);
}
}
// More subfeatures to check
if (!empty($feature2)) {
$feature2 = explode("|", $feature2);
}
// More parameters
$params = explode('&', $tableandshare);
$dbtablename = !empty($params[0]) ? $params[0] : '';
$sharedelement = !empty($params[1]) ? $params[1] : $dbtablename;
$listofmodules = explode(',', $conf->global->MAIN_MODULES_FOR_EXTERNAL);
// Check read permission from module
$readok = 1;
$nbko = 0;
foreach ($featuresarray as $feature) {
if (!empty($user->societe_id) && !empty($conf->global->MAIN_MODULES_FOR_EXTERNAL) && !in_array($feature, $listofmodules)) {
$readok = 0;
$nbko++;
continue;
}
if ($feature == 'societe') {
if (!$user->rights->societe->lire && !$user->rights->fournisseur->lire) {
$readok = 0;
$nbko++;
}
} else {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->lire) {
$readok = 0;
$nbko++;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->lire && !$user->rights->service->lire) {
$readok = 0;
$nbko++;
}
} else {
if ($feature == 'prelevement') {
if (!$user->rights->prelevement->bons->lire) {
$readok = 0;
$nbko++;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$readok = 0;
$nbko++;
}
} else {
if ($feature == 'projet') {
if (!$user->rights->projet->lire && !$user->rights->projet->all->lire) {
$readok = 0;
$nbko++;
}
} else {
if (!empty($feature2)) {
$tmpreadok = 1;
foreach ($feature2 as $subfeature) {
if (!empty($subfeature) && empty($user->rights->{$feature}->{$subfeature}->lire) && empty($user->rights->{$feature}->{$subfeature}->read)) {
$tmpreadok = 0;
} else {
if (empty($subfeature) && empty($user->rights->{$feature}->lire) && empty($user->rights->{$feature}->read)) {
$tmpreadok = 0;
} else {
$tmpreadok = 1;
break;
}
}
// Break is to bypass second test if the first is ok
}
if (!$tmpreadok) {
$readok = 0;
// All tests are ko (we manage here the and, the or will be managed later using $nbko).
$nbko++;
}
} else {
if (!empty($feature) && ($feature != 'user' && $feature != 'usergroup')) {
if (empty($user->rights->{$feature}->lire) && empty($user->rights->{$feature}->read) && empty($user->rights->{$feature}->run)) {
$readok = 0;
$nbko++;
}
}
}
}
}
}
}
}
}
}
// If a or and at least one ok
if (preg_match('/\\|/', $features) && $nbko < count($featuresarray)) {
$readok = 1;
}
if (!$readok) {
accessforbidden();
}
//print "Read access is ok";
// Check write permission from module
$createok = 1;
$nbko = 0;
if (GETPOST("action") == 'create') {
foreach ($featuresarray as $feature) {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->creer) {
$createok = 0;
$nbko++;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->creer && !$user->rights->service->creer) {
$createok = 0;
$nbko++;
}
} else {
if ($feature == 'prelevement') {
if (!$user->rights->prelevement->bons->creer) {
$createok = 0;
$nbko++;
}
} else {
if ($feature == 'commande_fournisseur') {
if (!$user->rights->fournisseur->commande->creer) {
$createok = 0;
$nbko++;
}
} else {
if ($feature == 'banque') {
if (!$user->rights->banque->modifier) {
$createok = 0;
$nbko++;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$createok = 0;
$nbko++;
}
} else {
if (!empty($feature2)) {
foreach ($feature2 as $subfeature) {
if (empty($user->rights->{$feature}->{$subfeature}->creer) && empty($user->rights->{$feature}->{$subfeature}->write) && empty($user->rights->{$feature}->{$subfeature}->create)) {
$createok = 0;
$nbko++;
} else {
$createok = 1;
break;
}
// Break to bypass second test if the first is ok
}
} else {
if (!empty($feature)) {
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
if (empty($user->rights->{$feature}->creer) && empty($user->rights->{$feature}->write)) {
$createok = 0;
$nbko++;
}
}
}
}
}
}
}
}
}
}
// If a or and at least one ok
if (preg_match('/\\|/', $features) && $nbko < count($featuresarray)) {
$createok = 1;
}
if (!$createok) {
accessforbidden();
}
//print "Write access is ok";
}
// Check create user permission
$createuserok = 1;
if (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') {
if (!$user->rights->user->user->creer) {
$createuserok = 0;
}
if (!$createuserok) {
accessforbidden();
}
//print "Create user access is ok";
}
// Check delete permission from module
$deleteok = 1;
$nbko = 0;
if (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") == 'yes' || GETPOST("action") == 'delete') {
foreach ($featuresarray as $feature) {
if ($feature == 'contact') {
if (!$user->rights->societe->contact->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'produit|service') {
if (!$user->rights->produit->supprimer && !$user->rights->service->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'commande_fournisseur') {
if (!$user->rights->fournisseur->commande->supprimer) {
$deleteok = 0;
}
} else {
if ($feature == 'banque') {
if (!$user->rights->banque->modifier) {
$deleteok = 0;
}
} else {
if ($feature == 'cheque') {
if (!$user->rights->banque->cheque) {
$deleteok = 0;
}
} else {
if ($feature == 'ecm') {
if (!$user->rights->ecm->upload) {
$deleteok = 0;
}
} else {
if ($feature == 'ftp') {
if (!$user->rights->ftp->write) {
$deleteok = 0;
}
} else {
if (!empty($feature2)) {
foreach ($feature2 as $subfeature) {
if (empty($user->rights->{$feature}->{$subfeature}->supprimer) && empty($user->rights->{$feature}->{$subfeature}->delete)) {
$deleteok = 0;
} else {
$deleteok = 1;
break;
}
// For bypass the second test if the first is ok
}
} else {
if (!empty($feature)) {
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
if (empty($user->rights->{$feature}->supprimer) && empty($user->rights->{$feature}->delete) && empty($user->rights->{$feature}->run)) {
$deleteok = 0;
}
}
}
}
}
}
}
}
}
}
}
// If a or and at least one ok
if (preg_match('/\\|/', $features) && $nbko < count($featuresarray)) {
$deleteok = 1;
}
if (!$deleteok) {
accessforbidden();
}
//print "Delete access is ok";
}
// If we have a particular object to check permissions on, we check this object
// is linked to a company allowed to $user.
if (!empty($objectid) && $objectid > 0) {
$ok = checkUserAccessToObject($user, $featuresarray, $objectid, $tableandshare, $feature2, $dbt_keyfield, $dbt_select);
return $ok ? 1 : accessforbidden();
}
return 1;
}
/**
* Check permissions of a user to show a page and an object. Check read permission
* If $_REQUEST['action'] defined, we also check write and delete permission.
* @param user User to check
* @param features Features to check (in most cases, it's module name)
* @param objectid Object ID if we want to check permission on a particular record (optionnal)
* @param dbtablename Table name where object is stored. Not used if objectid is null (optionnal)
* @param feature2 Feature to check (second level of permission)
* @param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal)
* @param dbt_select Field name for select if not rowid. (optionnal)
* @return int Always 1, die process if not allowed
*/
function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
{
global $db, $conf;
//dol_syslog("functions.lib:restrictedArea $feature, $objectid, $dbtablename,$feature2,$dbt_socfield,$dbt_select");
if ($dbt_select != 'rowid') $objectid = "'".$objectid."'";
//print "user_id=".$user->id.", features=".$features.", feature2=".$feature2.", objectid=".$objectid;
//print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select;
//print ", perm: ".$features."->".$feature2."=".$user->rights->$features->$feature2->lire."<br>";
// More features to check
$features = explode("&",$features);
//var_dump($features);
// Check read permission from module
// TODO Replace "feature" param by permission for reading
$readok=1;
foreach ($features as $feature)
{
if ($feature == 'societe')
{
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
}
else if ($feature == 'contact')
{
if (! $user->rights->societe->contact->lire) $readok=0;
}
else if ($feature == 'produit|service')
{
if (! $user->rights->produit->lire && ! $user->rights->service->lire) $readok=0;
}
else if ($feature == 'prelevement')
{
if (! $user->rights->prelevement->bons->lire) $readok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->lire) $readok=0;
}
else if ($feature == 'cheque')
{
if (! $user->rights->banque->cheque) $readok=0;
}
else if ($feature == 'projet')
{
if (! $user->rights->projet->lire && ! $user->rights->projet->all->lire) $readok=0;
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->lire)
&& empty($user->rights->$feature->$feature2->read)) $readok=0;
}
else if (! empty($feature) && ($feature!='user' && $feature!='usergroup')) // This is for old permissions
{
if (empty($user->rights->$feature->lire)
&& empty($user->rights->$feature->read)
&& empty($user->rights->$feature->run)) $readok=0;
}
}
if (! $readok)
{
//print "Read access is down";
accessforbidden();
}
//print "Read access is ok";
// Check write permission from module
$createok=1;
if ( GETPOST("action") && GETPOST("action") == 'create')
{
foreach ($features as $feature)
{
if ($feature == 'contact')
{
if (! $user->rights->societe->contact->creer) $createok=0;
}
else if ($feature == 'produit|service')
{
if (! $user->rights->produit->creer && ! $user->rights->service->creer) $createok=0;
}
else if ($feature == 'prelevement')
{
if (! $user->rights->prelevement->bons->creer) $createok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->creer) $createok=0;
}
else if ($feature == 'banque')
{
if (! $user->rights->banque->modifier) $createok=0;
}
else if ($feature == 'cheque')
{
if (! $user->rights->banque->cheque) $createok=0;
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->creer)
&& empty($user->rights->$feature->$feature2->write)) $createok=0;
}
else if (! empty($feature)) // This is for old permissions
{
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->creer.' write='.$user->rights->$feature->write;
if (empty($user->rights->$feature->creer)
&& empty($user->rights->$feature->write)) $createok=0;
}
}
if (! $createok) accessforbidden();
//print "Write access is ok";
}
// Check create user permission
$createuserok=1;
if ( GETPOST("action") && (GETPOST("action") == 'confirm_create_user' && GETPOST("confirm") == 'yes') )
{
if (! $user->rights->user->user->creer) $createuserok=0;
if (! $createuserok) accessforbidden();
//print "Create user access is ok";
}
// Check delete permission from module
$deleteok=1;
if ( GETPOST("action") && ( (GETPOST("action") == 'confirm_delete' && GETPOST("confirm") && GETPOST("confirm") == 'yes') || GETPOST("action") == 'delete') )
{
foreach ($features as $feature)
{
if ($feature == 'contact')
{
if (! $user->rights->societe->contact->supprimer) $deleteok=0;
}
else if ($feature == 'produit|service')
{
if (! $user->rights->produit->supprimer && ! $user->rights->service->supprimer) $deleteok=0;
}
else if ($feature == 'commande_fournisseur')
{
if (! $user->rights->fournisseur->commande->supprimer) $deleteok=0;
}
else if ($feature == 'banque')
{
if (! $user->rights->banque->modifier) $deleteok=0;
}
else if ($feature == 'cheque')
{
if (! $user->rights->banque->cheque) $deleteok=0;
}
else if ($feature == 'ecm')
{
if (! $user->rights->ecm->upload) $deleteok=0;
}
else if ($feature == 'ftp')
{
if (! $user->rights->ftp->write) $deleteok=0;
}
else if (! empty($feature2)) // This should be used for future changes
{
if (empty($user->rights->$feature->$feature2->supprimer)
&& empty($user->rights->$feature->$feature2->delete)) $deleteok=0;
}
else if (! empty($feature)) // This is for old permissions
{
//print '<br>feature='.$feature.' creer='.$user->rights->$feature->supprimer.' write='.$user->rights->$feature->delete;
if (empty($user->rights->$feature->supprimer)
&& empty($user->rights->$feature->delete)) $deleteok=0;
}
}
//print "Delete access is ko";
if (! $deleteok) accessforbidden();
//print "Delete access is ok";
}
// If we have a particular object to check permissions on, we check this object
// is linked to a company allowed to $user.
if (! empty($objectid) && $objectid > 0)
{
foreach ($features as $feature)
{
$sql='';
$check = array('banque','user','usergroup','produit','service','produit|service'); // Test on entity only (Objects with no link to company)
$checksoc = array('societe'); // Test for societe object
$checkother = array('contact'); // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
$checkproject = array('projet'); // Test for project object
$nocheck = array('categorie','barcode','stock','fournisseur'); // No test
$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
// If dbtable not defined, we use same name for table than module name
if (empty($dbtablename)) $dbtablename = $feature;
// Check permission for object with entity
if (in_array($feature,$check))
{
$sql = "SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
else if (in_array($feature,$checksoc))
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
if ($user->societe_id <> $objectid) accessforbidden();
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! $user->rights->societe->client->voir)
{
$sql = "SELECT sc.fk_soc";
$sql.= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ", ".MAIN_DB_PREFIX."societe as s)";
$sql.= " WHERE sc.fk_soc = ".$objectid;
$sql.= " AND sc.fk_user = "******" AND sc.fk_soc = s.rowid";
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
{
$sql = "SELECT s.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql.= " WHERE s.rowid = ".$objectid;
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
}
else if (in_array($feature,$checkother))
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.fk_soc = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! $user->rights->societe->client->voir)
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '******'";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
// If multicompany and internal users with all permissions, check user is in correct entity
else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
{
$sql = "SELECT dbt.rowid";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
}
else if (in_array($feature,$checkproject))
{
if (! $user->rights->projet->all->lire)
{
include_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
$projectstatic=new Project($db);
$tmps=$projectstatic->getProjectsAuthorizedForUser($user,0,1,$user->societe_id);
$tmparray=explode(',',$tmps);
if (! in_array($objectid,$tmparray)) accessforbidden();
}
}
else if (! in_array($feature,$nocheck)) // By default we check with link to third party
{
// If external user: Check permission for external users
if ($user->societe_id > 0)
{
$sql = "SELECT dbt.".$dbt_keyfield;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.rowid = ".$objectid;
$sql.= " AND dbt.".$dbt_keyfield." = ".$user->societe_id;
}
// If internal user: Check permission for internal users that are restricted on their objects
else if (! $user->rights->societe->client->voir)
{
$sql = "SELECT sc.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
$sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
$sql.= " AND sc.fk_user = "******"SELECT dbt.".$dbt_select;
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
}
}
//print $sql."<br>";
if ($sql)
{
$resql=$db->query($sql);
if ($resql)
{
if ($db->num_rows($resql) == 0) accessforbidden();
}
else
{
dol_syslog("functions.lib:restrictedArea sql=".$sql, LOG_ERR);
accessforbidden();
}
}
}
}
return 1;
}
/**
* \file htdocs/fourn/product/liste.php
* \ingroup produit
* \brief Page liste des produits ou services
* \version $Id: liste.php,v 1.42 2011/07/31 23:57:03 eldy Exp $
*/
require("../../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
require_once(DOL_DOCUMENT_ROOT."/societe/class/societe.class.php");
require_once(DOL_DOCUMENT_ROOT."/fourn/class/fournisseur.class.php");
$langs->load("products");
$langs->load("suppliers");
if (!$user->rights->produit->lire && !$user->rights->service->lire) accessforbidden();
$sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"];
$sRefSupplier=isset($_GET["srefsupplier"])?$_GET["srefsupplier"]:$_POST["srefsupplier"];
$snom=isset($_GET["snom"])?$_GET["snom"]:$_POST["snom"];
$type=isset($_GET["type"])?$_GET["type"]:$_POST["type"];
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page = $_GET["page"];
if ($page < 0) {
$page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$sortfield = GETPOST("sortfield");
$sortorder = GETPOST("sortorder");
$page = GETPOST("page","int");
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="a.datec";
// Security check
$socid = GETPOST("socid","int",1);
if ($user->societe_id) $socid=$user->societe_id;
$result = restrictedArea($user, 'agenda', 0, '', 'myactions');
$canedit=1;
if (! $user->rights->agenda->myactions->read) accessforbidden();
if (! $user->rights->agenda->allactions->read) $canedit=0;
if (! $user->rights->agenda->allactions->read || $filter =='mine') // If no permission to see all, we show only affected to me
{
$filtera=$user->id;
$filtert=$user->id;
$filterd=$user->id;
}
$action=GETPOST('action','alpha');
//$year=GETPOST("year");
$year=GETPOST("year","int")?GETPOST("year","int"):date("Y");
$month=GETPOST("month","int")?GETPOST("month","int"):date("m");
$week=GETPOST("week","int")?GETPOST("week","int"):date("W");
$day=GETPOST("day","int")?GETPOST("day","int"):0;
$pid=GETPOST("projectid","int")?GETPOST("projectid","int"):0;
/**
\file htdocs/compta/ventilation/fiche.php
\ingroup compta
\brief Page fiche ventilation
\version $Revision: 1.18 $
*/
require('../../main.inc.php');
require_once(DOL_DOCUMENT_ROOT."/compta/facture/class/facture.class.php");
$langs->load("bills");
$mesg = '';
if (!$user->rights->compta->ventilation->creer) accessforbidden();
/*
* Actions
*/
if ($_POST["action"] == 'ventil' && $user->rights->compta->ventilation->creer)
{
$sql = " UPDATE ".MAIN_DB_PREFIX."facturedet";
$sql .= " SET fk_code_ventilation = ".$_POST["codeventil"];
$sql .= " WHERE rowid = ".$_GET["id"];
$db->query($sql);
}
* \brief File to offer a way to make a payment for a particular Dolibarr entity
* \author Laurent Destailleur
* \version $Id: newpayment.php,v 1.61 2011/07/31 23:23:21 eldy Exp $
*/
define("NOLOGIN",1); // This means this output page does not require to be logged.
define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
require("../../main.inc.php");
require_once(DOL_DOCUMENT_ROOT."/paybox/lib/paybox.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
require_once(DOL_DOCUMENT_ROOT."/lib/functions2.lib.php");
require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
// Security check
if (empty($conf->paybox->enabled)) accessforbidden('',1,1,1);
$langs->load("main");
$langs->load("other");
$langs->load("dict");
$langs->load("bills");
$langs->load("companies");
$langs->load("errors");
$langs->load("paybox");
// Input are:
// type ('invoice','order','contractline'),
// id (object id),
// amount (required if id is empty),
// tag (a free text, required if type is empty)
// currency (iso code)
* \version $Id: rappro.php,v 1.68 2011/07/31 22:23:16 eldy Exp $
*/
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/lib/bank.lib.php");
require_once(DOL_DOCUMENT_ROOT."/societe/class/societe.class.php");
require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php");
require_once(DOL_DOCUMENT_ROOT."/compta/sociales/class/chargesociales.class.php");
require_once(DOL_DOCUMENT_ROOT."/compta/paiement/class/paiement.class.php");
require_once(DOL_DOCUMENT_ROOT."/compta/tva/class/tva.class.php");
require_once(DOL_DOCUMENT_ROOT."/fourn/class/paiementfourn.class.php");
$langs->load("banks");
$langs->load("bills");
if (! $user->rights->banque->consolidate) accessforbidden();
/*
* Actions
*/
if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $_GET["action"] == 'dvnext')
{
$ac = new Account($db);
$ac->datev_next($_GET["rowid"]);
}
if (($user->rights->banque->modifier || $user->rights->banque->consolidate) && $_GET["action"] == 'dvprev')
{
$canreaduser=($user->admin || ($user->rights->user->user->lire && $user->rights->user->user_advance->readperms));
$caneditselfperms=($user->id == $_GET["id"] && $user->rights->user->self_advance->writeperms);
$caneditperms = '('.$caneditperms.' || '.$caneditselfperms.')';
}
// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2 = (($socid && $user->rights->user->self->creer)?'':'user');
if ($user->id == $_GET["id"]) // A user can always read its own card
{
$feature2='';
$canreaduser=1;
}
$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2);
if ($user->id <> $_REQUEST["id"] && ! $canreaduser) accessforbidden();
/**
* Actions
*/
if ($_GET["action"] == 'addrights' && $caneditperms)
{
$edituser = new User($db);
$edituser->fetch($_GET["id"]);
$edituser->addrights($_GET["rights"],$module);
// Si on a touche a ses propres droits, on recharge
if ($_GET["id"] == $user->id)
{
$user->clearrights();
/**
* \file public/emailing/mailing-read.php
* \ingroup mailing
* \brief Script use to update mail status if destinaries read it (if images during mail read are display)
*/
define("NOLOGIN",1); // This means this output page does not require to be logged.
define("NOCSRFCHECK",1); // We accept to go on this page from external web site.
require("../../main.inc.php");
$id=GETPOST('tag');
if (empty($conf->global->MAILING_EMAIL_UNSUBSCRIBE)) accessforbidden('Option not enabled');
/*
* Actions
*/
if ($id!='')
{
$statut='2';
$sql = "UPDATE ".MAIN_DB_PREFIX."mailing_cibles SET statut=".$statut." WHERE tag='".$id."'";
dol_syslog("public/emailing/mailing-read.php : Mail read : ".$sql, LOG_DEBUG);
$resql=$db->query($sql);
//Update status communication of thirdparty prospect
// List of supported format
$type2label=array(
'varchar'=>$langs->trans('String'),
'text'=>$langs->trans('Text'),
'int'=>$langs->trans('Int'),
//'date'=>$langs->trans('Date'),
//'datetime'=>$langs->trans('DateAndTime')
);
$yesno=array($langs->trans('No'),$langs->trans('Yes'));
$action=GETPOST("action");
$elementtype='Societe';
if (!$user->admin) accessforbidden();
$acts[0] = "activate";
$acts[1] = "disable";
$actl[0] = img_picto($langs->trans("Disabled"),'switch_off');
$actl[1] = img_picto($langs->trans("Activated"),'switch_on');
/*
* Actions
*/
$maxsizestring=255;
$maxsizeint=10;
if($action==$acts[0] || $action==$acts[1])
{
// $user est le user qui edite, $id est l'id de l'utilisateur edite
$caneditfield=((($user->id == $id) && $user->rights->user->self->creer)
|| (($user->id != $id) && $user->rights->user->user->creer));
$caneditpassword=((($user->id == $id) && $user->rights->user->self->password)
|| (($user->id != $id) && $user->rights->user->user->password));
}
// Security check
$socid=0;
if ($user->societe_id > 0) $socid = $user->societe_id;
$feature2='user';
if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card
if (!$canreaduser) {
$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
}
if ($user->id <> $id && ! $canreaduser) accessforbidden();
$langs->load("users");
$langs->load("companies");
$langs->load("ldap");
$langs->load("admin");
$langs->load('hrm');
$object = new User($db);
$extrafields = new ExtraFields($db);
// fetch optionals attributes and labels
$extralabels=$extrafields->fetch_name_optionals_label($object->table_element);
// Initialize technical object to manage hooks. Note that conf->hooks_modules contains array
$hookmanager->initHooks(array('usercard','globalcard'));
require '../../main.inc.php';
require_once '../../core/lib/functions2.lib.php';
$langs->load("main");
$langs->load("install");
$langs->load("other");
$conf->dol_hide_topmenu=GETPOST('dol_hide_topmenu','int');
$conf->dol_hide_leftmenu=GETPOST('dol_hide_leftmenu','int');
$conf->dol_optimize_smallscreen=GETPOST('dol_optimize_smallscreen','int');
$conf->dol_no_mouse_hover=GETPOST('dol_no_mouse_hover','int');
$conf->dol_use_jmobile=GETPOST('dol_use_jmobile','int');
// Security check
global $dolibarr_main_demo;
if (empty($dolibarr_main_demo)) accessforbidden('Parameter dolibarr_main_demo must be defined in conf file with value "default login,default pass" to enable the demo entry page',0,0,1);
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$res=$hookmanager->initHooks(array('demo'));
$demoprofiles=array();
$alwayscheckedmodules=array();
$alwaysuncheckedmodules=array();
$alwayshiddencheckedmodules=array();
$alwayshiddenuncheckedmodules=array();
$tmpaction = 'view';
$parameters=array();
$object=new stdClass();
$reshook=$hookmanager->executeHooks('addDemoProfile', $parameters, $object, $tmpaction); // Note that $action and $object may have been modified by some hooks
$error=$hookmanager->error; $errors=$hookmanager->errors;
* \brief Page de detail des lignes de ventilation d'une facture
* \version $Revision: 1.23 $
*/
require('../../main.inc.php');
require_once(DOL_DOCUMENT_ROOT."/compta/facture/class/facture.class.php");
require_once(DOL_DOCUMENT_ROOT."/product/class/product.class.php");
$langs->load("bills");
$langs->load("compta");
if (!$user->rights->facture->lire) accessforbidden();
if (!$user->rights->compta->ventilation->creer) accessforbidden();
// Securite acces client
if ($user->societe_id > 0) accessforbidden();
llxHeader('');
/*
* Lignes de factures
*
*/
$page = $_GET["page"];
if ($page < 0) $page = 0;
$limit = $conf->liste_limit;
$offset = $limit * $page ;
$sql = "SELECT f.facnumber, f.rowid as facid, l.fk_product, l.description, l.price, l.qty, l.rowid, l.tva_tx, l.fk_code_ventilation, c.intitule, c.numero,";
$sql.= " p.rowid as product_id, p.ref as product_ref, p.label as product_label, p.fk_product_type as type";
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* \file htdocs/public/donations/therm.php
* \ingroup donation
* \brief Screen with thermometer
*/
define("NOLOGIN", 1);
// This means this output page does not require to be logged.
define("NOCSRFCHECK", 1);
// We accept to go on this page from external web site.
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/images.lib.php';
require_once DOL_DOCUMENT_ROOT . '/compta/dons/class/don.class.php';
// Security check
if (empty($conf->don->enabled)) {
accessforbidden('', 1, 1, 1);
}
/*
* View (output an image)
*/
$dontherm = new Don($db);
$intentValue = $dontherm->sum_donations(1);
$pendingValue = $dontherm->sum_donations(2);
$actualValue = $dontherm->sum_donations(3);
$db->close();
/*
* Graph thermometer
*/
print moneyMeter($actualValue, $pendingValue, $intentValue);
}
}
else
{
/*
* Show object in view mode
*/
if ($id > 0 || ! empty($ref))
{
dol_htmloutput_mesg($mesg);
$result=$object->fetch($id,$ref);
if ($result > 0)
{
if ($user->societe_id>0 && $user->societe_id!=$object->socid) accessforbidden('',0);
$result=$object->fetch_thirdparty();
$soc = new Societe($db, $object->socid);
$soc->fetch($object->socid);
$totalpaye = $object->getSommePaiement();
$totalcreditnotes = $object->getSumCreditNotesUsed();
$totaldeposits = $object->getSumDepositsUsed();
//print "totalpaye=".$totalpaye." totalcreditnotes=".$totalcreditnotes." totaldeposts=".$totaldeposits;
// We can also use bcadd to avoid pb with floating points
// For example print 239.2 - 229.3 - 9.9; does not return 0.
//$resteapayer=bcadd($object->total_ttc,$totalpaye,$conf->global->MAIN_MAX_DECIMALS_TOT);
//$resteapayer=bcadd($resteapayer,$totalavoir,$conf->global->MAIN_MAX_DECIMALS_TOT);
*/
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
require_once DOL_DOCUMENT_ROOT . '/projet/class/task.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/project.lib.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
$langs->load("projects");
$langs->load("companies");
$mine = GETPOST('mode') == 'mine' ? 1 : 0;
// Security check
$socid = 0;
if ($user->societe_id > 0) {
$socid = $user->societe_id;
}
if (!$user->rights->projet->lire) {
accessforbidden();
}
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
/*
* View
*/
$socstatic = new Societe($db);
$projectstatic = new Project($db);
$userstatic = new User($db);
$tasktmp = new Task($db);
$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, $mine ? $mine : (empty($user->rights->projet->all->lire) ? 0 : 2), 1);
//var_dump($projectsListId);
llxHeader("", $langs->trans("Projects"), "EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos");
$text = $langs->trans("Projects");
if ($mine) {
// Load traductions files
$langs->load("ecm");
$langs->load("companies");
$langs->load("other");
$langs->load("users");
$langs->load("orders");
$langs->load("propal");
$langs->load("bills");
$langs->load("contracts");
$langs->load("categories");
// Load permissions
$user->getrights('ecm');
if (!$user->rights->ecm->setup) accessforbidden();
// Get parameters
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$section=$_GET["section"];
if (! $section) $section='misc';
$upload_dir = $conf->ecm->dir_output.'/'.$section;
$sortfield = GETPOST("sortfield",'alpha');
$sortorder = GETPOST("sortorder",'alpha');
$page = GETPOST("page",'int');
if ($page == -1) { $page = 0; }
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
