[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4883 - in phpcompta/trunk: html include include/templat
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4883 - in phpcompta/trunk: html include include/template sql |
|
Date: |
Wed, 13 Jun 2012 00:21:33 +0200 (CEST) |
Author: danydb
Date: 2012-06-13 00:21:33 +0200 (Wed, 13 Jun 2012)
New Revision: 4883
Added:
phpcompta/trunk/include/template/user_sec_profile.php
Modified:
phpcompta/trunk/html/ajax_misc.php
phpcompta/trunk/html/show_document.php
phpcompta/trunk/include/action.common.inc.php
phpcompta/trunk/include/ajax_get_profile.php
phpcompta/trunk/include/class_follow_up.php
phpcompta/trunk/include/class_html_input.php
phpcompta/trunk/include/class_profile_menu.php
phpcompta/trunk/include/class_user.php
phpcompta/trunk/include/profile.inc.php
phpcompta/trunk/include/template/detail-action.php
phpcompta/trunk/sql/upgrade.sql
Log:
0000601: Action gestion : s?\195?\169curit?\195?\169
Modified: phpcompta/trunk/html/ajax_misc.php
===================================================================
--- phpcompta/trunk/html/ajax_misc.php 2012-06-12 20:59:36 UTC (rev 4882)
+++ phpcompta/trunk/html/ajax_misc.php 2012-06-12 22:21:33 UTC (rev 4883)
@@ -63,6 +63,8 @@
$user->check(true);
$user->check_dossier($gDossier, true);
$html = var_export($_REQUEST, true);
+global $g_user;
+$g_user=$user;
switch ($op)
{
case "remove_anc":
Modified: phpcompta/trunk/html/show_document.php
===================================================================
--- phpcompta/trunk/html/show_document.php 2012-06-12 20:59:36 UTC (rev
4882)
+++ phpcompta/trunk/html/show_document.php 2012-06-12 22:21:33 UTC (rev
4883)
@@ -58,10 +58,11 @@
print $json;
}
}
-/* remove the operation */
+/* remove the operation from action_gestion_operation*/
if ( $action == 'rmop' )
{
- if ($User->check_action(RMDOC)==1)
+ $dt_id=$cn->get_value("select ag_id from action_gestion_operation where
ago_id=$1",$_REQUEST['id']);
+ if ($User->check_action(RMDOC)==1 && $User->can_write_action($dt_id)==true)
{
$cn->exec_sql("delete from action_gestion_operation where
ago_id=$1",
array($_REQUEST['id']));
@@ -70,10 +71,11 @@
print $json;
}
}
-/* remove the comment*/
+/* remove the comment from action_gestion_operation*/
if ( $action == 'rmcomment' )
{
- if ($User->check_action(RMDOC)==1)
+ $dt_id=$cn->get_value("select ag_id from action_gestion_comment where
agc_id=$1",$_REQUEST['id']);
+ if ($User->check_action(RMDOC)==1 && $User->can_write_action($dt_id)==true)
{
$cn->exec_sql("delete from action_gestion_comment where
agc_id=$1",
array($_REQUEST['id']));
@@ -82,10 +84,10 @@
print $json;
}
}
-/* remove the action*/
+/* remove the action from action_gestion_operation*/
if ( $action == 'rmaction' )
{
- if ($User->check_action(RMDOC)==1)
+ if ($User->check_action(RMDOC)==1 &&
$User->can_write_action($_REQUEST['id']) == true &&
$User->can_write_action($_REQUEST['ag_id'])== true )
{
$cn->exec_sql("delete from action_gestion_related where
aga_least=$1 and aga_greatest=$2",
array($_REQUEST['id'],$_REQUEST['ag_id']));
Modified: phpcompta/trunk/include/action.common.inc.php
===================================================================
--- phpcompta/trunk/include/action.common.inc.php 2012-06-12 20:59:36 UTC
(rev 4882)
+++ phpcompta/trunk/include/action.common.inc.php 2012-06-12 22:21:33 UTC
(rev 4883)
@@ -1,232 +1,252 @@
<?php
- /*
- * This file is part of PhpCompta.
- *
- * PhpCompta is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * PhpCompta is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with PhpCompta; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
- */
- /* $Revision$ */
- // Copyright Author Dany De Bontridder address@hidden
+/*
+ * This file is part of PhpCompta.
+ *
+ * PhpCompta is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * PhpCompta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PhpCompta; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+/* $Revision$ */
- /*!\file
- * \brief this file is common to suivi client, suivi fournisseur, suivi
- * administration.
- * The needed variables are
- * - $cn for the database connection
- * - $sub_action sa from suivi courrier but sc from Suivi client,
fournisseur...
- *
- */
+// Copyright Author Dany De Bontridder address@hidden
-$supl_hidden='';
-if( isset($_REQUEST['sc']))
- $supl_hidden.=HtmlInput::hidden('sc',$_REQUEST['sc']);
-if( isset($_REQUEST['f_id']))
- $supl_hidden.=HtmlInput::hidden('f_id',$_REQUEST['f_id']);
-if( isset($_REQUEST['sb']))
- $supl_hidden.=HtmlInput::hidden('sb',$_REQUEST['sb']);
- $supl_hidden.=HtmlInput::hidden('ac',$_REQUEST['ac']);
+/* !\file
+ * \brief this file is common to suivi client, suivi fournisseur, suivi
+ * administration.
+ * The needed variables are
+ * - $cn for the database connection
+ * - $sub_action sa from suivi courrier but sc from Suivi client,
fournisseur...
+ *
+ */
+$supl_hidden = '';
+if (isset($_REQUEST['sc']))
+ $supl_hidden.=HtmlInput::hidden('sc', $_REQUEST['sc']);
+if (isset($_REQUEST['f_id']))
+ $supl_hidden.=HtmlInput::hidden('f_id', $_REQUEST['f_id']);
+if (isset($_REQUEST['sb']))
+ $supl_hidden.=HtmlInput::hidden('sb', $_REQUEST['sb']);
+$supl_hidden.=HtmlInput::hidden('ac', $_REQUEST['ac']);
-/*---------------------------------------------------------------------------
*/
+
+/* ---------------------------------------------------------------------------
*/
/* We ask to generate the document */
-/*---------------------------------------------------------------------------
*/
-if ( isset($_POST['generate']))
- {
- $act=new Follow_Up($cn);
- $act->fromArray($_POST);
- if ($act->ag_id == 0 )
- {
- $act->save();
- $ag_id=$act->ag_id;
-
- }
- else
- {
- $act->Update();
- }
- $act->generate_document($_POST['doc_mod'],$_POST);
- $sub_action='detail';
- }
+/* ---------------------------------------------------------------------------
*/
+if (isset($_POST['generate']))
+{
+ $act = new Follow_Up($cn);
+ $act->fromArray($_POST);
+ if ($act->ag_id == 0)
+ {
+ $act->save();
+ $ag_id = $act->ag_id;
+ }
+ else
+ {
+ $act->Update();
+ }
+ $act->generate_document($_POST['doc_mod'], $_POST);
+ $sub_action = 'detail';
+}
/* for delete */
-if ( isset($_POST['delete'] )) $sub_action='delete';
-if ( $sub_action == "" ) $sub_action="list";
+if (isset($_POST['delete']))
+ $sub_action = 'delete';
+if ($sub_action == "")
+ $sub_action = "list";
// if correction is asked go to directly to add_action
-if (isset($_POST['corr'] ))
- {
- $ag_comment=urldecode($_POST['ag_comment']);
- $sub_action="add_action";
- }
+if (isset($_POST['corr']))
+{
+ $ag_comment = urldecode($_POST['ag_comment']);
+ $sub_action = "add_action";
+}
// if this page is called from another menu (customer, supplier,...)
// a button back is added
-
-
//----------------------------------------------------------------------
// Update the detail
// Add a new action related to this one or update
//----------------------------------------------------------------------
-if ( $sub_action=="update" )
- {
- // Update the modification
- if ( isset($_POST['save']))
- {
- $act2=new Follow_Up($cn);
- $act2->fromArray($_POST );
- $sub_action="detail";
- put_global(array(array('key'=>"sa","value"=>"detail")));
- $act2->Update();
- }
- //----------------------------------------------------------------------
- // Add a related action
- //----------------------------------------------------------------------
- if ( isset ($_POST['add_action_here']) )
- {
- $act=new Follow_Up($cn);
+if ($sub_action == "update")
+{
+ // Update the modification
+ if (isset($_POST['save']))
+ {
+ $act2 = new Follow_Up($cn);
+ $act2->fromArray($_POST);
+ $sub_action = "detail";
+ put_global(array(array('key' => "sa", "value" => "detail")));
+ if ($g_user->can_write_action($act2->ag_id))
+ {
+ $act2->Update();
+ }
+ else
+ {
+ echo '<div class="redcontent">';
+ echo '<h2 class="error"> Cette action ne vous est pas
autorisée Contactez votre responsable</h2>';
+ echo '</div>';
+ exit();
+ }
+ }
+ //----------------------------------------------------------------------
+ // Add a related action
+ //----------------------------------------------------------------------
+ if (isset($_POST['add_action_here']))
+ {
+ $act = new Follow_Up($cn);
- //----------------------------------------
- // puis comme ajout normal (copier / coller )
- $act->fromArray($_POST);
- $act->ag_id=0;
- $act->d_id=0;
- $act->action=$_POST['ag_id'];
+ //----------------------------------------
+ // puis comme ajout normal (copier / coller )
+ $act->fromArray($_POST);
+ $act->ag_id = 0;
+ $act->d_id = 0;
+ $act->action = $_POST['ag_id'];
- echo '<div class="content">';
+ echo '<div class="content">';
- // Add hidden tag
- echo '<form enctype="multipart/form-data" action="do.php"
method="post"">';
+ // Add hidden tag
+ echo '<form enctype="multipart/form-data" action="do.php"
method="post"">';
- $act->ag_comment="";
- if (isset($_REQUEST['qcode_dest']))
$act->qcode_dest=$_REQUEST['qcode_dest'];
- echo $act->Display('NEW',false,$base,$retour);
+ $act->ag_comment = "";
+ if (isset($_REQUEST['qcode_dest']))
+ $act->qcode_dest = $_REQUEST['qcode_dest'];
+ echo $act->Display('NEW', false, $base, $retour);
- echo '<input type="hidden" name="ac" value="'.$_REQUEST['ac'].'">';
- echo '<input type="hidden" name="sa" value="save_action_st2">';
- echo '<input type="submit" class="button" name="save_action_st2"
value="'._('Enregistrer').'">';
- echo '<input type="submit" class="button" name="generate"
value="'._('Génère le document').'"></p>';
- echo $supl_hidden;
- echo '</form>';
- echo '</div>';
-
- }
-
-
- }
+ echo '<input type="hidden" name="ac" value="' . $_REQUEST['ac']
. '">';
+ echo '<input type="hidden" name="sa" value="save_action_st2">';
+ echo '<input type="submit" class="button"
name="save_action_st2" value="' . _('Enregistrer') . '">';
+ echo '<input type="submit" class="button" name="generate"
value="' . _('Génère le document') . '"></p>';
+ echo $supl_hidden;
+ echo '</form>';
+ echo '</div>';
+ }
+}
//--------------------------------------------------------------------------------
// Show the detail of an action
// permit the update
-if ( $sub_action=='detail' )
- {
- echo '<div class="content">';
- $act=new Follow_Up($cn);
- $act->ag_id=$ag_id;
- $act->suppress=1;
- echo $act->get();
-// $act->ag_comment=Decode($act->ag_comment);
- echo '<form enctype="multipart/form-data" class="print" action="do.php"
method="post" >';
- echo $supl_hidden;
- echo HtmlInput::hidden('ac',$_REQUEST['ac']);
- echo dossier::hidden();
- echo $act->Display('UPD',false,$base,$retour);
- echo '<input type="hidden" name="sa" value="update">';
- echo HtmlInput::submit("save","Sauve");
- echo HtmlInput::submit("add_action_here",_("Ajoute une action à
celle-ci"));
- echo HtmlInput::submit("delete",_("Efface cette action"),' onclick="return
confirm(\''._("Vous confirmez l\'effacement").'\')" ');
- echo $retour;
- echo '</form>';
- echo '</div>';
+if ($sub_action == 'detail')
+{
+ echo '<div class="content">';
+ $act = new Follow_Up($cn);
+ $act->ag_id = $ag_id;
- }
+ echo $act->get();
+ if ($g_user->can_write_action($ag_id) == true)
+ {
+ echo '<form enctype="multipart/form-data" class="print"
action="do.php" method="post" >';
+ echo $supl_hidden;
+ echo HtmlInput::hidden('ac', $_REQUEST['ac']);
+ echo dossier::hidden();
+ echo $act->Display('UPD', false, $base, $retour);
+ echo '<input type="hidden" name="sa" value="update">';
+ echo HtmlInput::submit("save", "Sauve");
+ echo HtmlInput::submit("add_action_here", _("Ajoute une action
à celle-ci"));
+ echo HtmlInput::submit("delete", _("Efface cette action"), '
onclick="return confirm(\'' . _("Vous confirmez l\'effacement") . '\')" ');
+ echo $retour;
+ echo '</form>';
+ }
+ else if ($g_user->can_read_action($ag_id) == true)
+ {
+ echo $act->Display('READ', false, $base, $retour);
+ }
+ else
+ {
+ echo h2info(_("Ce document n'est pas accessible"));
+ exit();
+ }
+
+
+ echo '</div>';
+}
//-------------------------------------------------------------------------------
// Delete an action
-if ( $sub_action == 'delete' )
- {
- // confirmed
- $cn->start();
- $act=new Follow_Up($cn);
- $act->ag_id=$_REQUEST['ag_id'];
- $act->get();
- $act->remove();
- $sub_action="list";
- $cn->commit();
- Follow_Up::ShowActionList($cn,$base);
- if ( isset( $act->ag_ref) )
- echo hb(_('Action ').$act->ag_ref._(' effacée'));
- exit();
- }
+if ($sub_action == 'delete')
+{
+ // confirmed
+ $cn->start();
+ $act = new Follow_Up($cn);
+ $act->ag_id = $_REQUEST['ag_id'];
+ $act->get();
+ if ($g_user->can_write_action($_REQUEST['ag_id'])==true)
$act->remove();
+ $sub_action = "list";
+ $cn->commit();
+ Follow_Up::ShowActionList($cn, $base);
+ if (isset($act->ag_ref))
+ echo hb(_('Action ') . $act->ag_ref . _(' effacée'));
+ exit();
+}
//--------------------------------------------------------------------------------
// Show a list of the action
-if ( $sub_action == "list" )
- {
- Follow_Up::ShowActionList($cn,$base);
+if ($sub_action == "list")
+{
+ Follow_Up::ShowActionList($cn, $base);
// Add a button to export to Csv
echo '<form method="GET" ACTION="export.php">';
- echo
HtmlInput::request_to_hidden(array("sag_ref","only_internal","state","gDossier","qcode","start_date","end_date","ag_id","ag_dest_query",
- "tdoc","see_all","all_action","query"));
+ echo HtmlInput::request_to_hidden(array("sag_ref", "only_internal",
"state", "gDossier", "qcode", "start_date", "end_date", "ag_id",
"ag_dest_query",
+ "tdoc", "see_all", "all_action", "query"));
echo HtmlInput::hidden("act", "CSV:ActionGestion");
echo HtmlInput::submit("follow_up_csv", "Export CSV");
echo "</form>";
- }
+}
//--------------------------------------------------------------------------------
// Add an action
-if ( $sub_action == "add_action" )
- {
- $act=new Follow_Up($cn);
- $act->fromArray($_POST );
- $act->ag_id=0;
- $act->d_id=0;
- echo '<div class="content">';
- // Add hidden tag
- echo '<form method="post" action="do.php" name="form_add" id="form_add"
enctype="multipart/form-data" >';
- echo $supl_hidden;
- echo dossier::hidden();
+if ($sub_action == "add_action")
+{
+ $act = new Follow_Up($cn);
+ $act->fromArray($_POST);
+ $act->ag_id = 0;
+ $act->d_id = 0;
+ echo '<div class="content">';
+ // Add hidden tag
+ echo '<form method="post" action="do.php" name="form_add" id="form_add"
enctype="multipart/form-data" >';
+ echo $supl_hidden;
+ echo dossier::hidden();
-
$act->ag_comment=(isset($_POST['ag_comment']))?Decode($_POST['ag_comment']):"";
- if (isset($_REQUEST['qcode'])) $act->qcode_dest=$_REQUEST['qcode'];
- echo $act->Display('NEW',false,$base,$retour);
+ $act->ag_comment = (isset($_POST['ag_comment'])) ?
Decode($_POST['ag_comment']) : "";
+ if (isset($_REQUEST['qcode']))
+ $act->qcode_dest = $_REQUEST['qcode'];
+ echo $act->Display('NEW', false, $base, $retour);
- echo '<input type="hidden" name="ac" value="'.$_REQUEST["ac"].'">';
- echo '<input type="hidden" name="sa" value="save_action_st2">';
- echo '<input type="hidden" name="save_action_st2"
value="save_action_st2">';
- echo '<input type="submit" class="button" name="save_action_st2"
value="'._('Enregistrer').'">';
- echo '</form>';
+ echo '<input type="hidden" name="ac" value="' . $_REQUEST["ac"] . '">';
+ echo '<input type="hidden" name="sa" value="save_action_st2">';
+ echo '<input type="hidden" name="save_action_st2"
value="save_action_st2">';
+ echo '<input type="submit" class="button" name="save_action_st2"
value="' . _('Enregistrer') . '">';
+ echo '</form>';
- echo '</div>';
- }
+ echo '</div>';
+}
//--------------------------------------------------------------------------------
// Save Follow_Up
// Stage 2 : Save the action + Files and generate eventually a document
//--------------------------------------------------------------------------------
-if ( $sub_action == "save_action_st2" )
- {
- $act=new Follow_Up($cn);
- $act->fromArray($_POST);
- $act->d_id=0;
- $act->md_id=(isset($_POST['gen_doc']))?$_POST['gen_doc']:0;
+if ($sub_action == "save_action_st2")
+{
+ $act = new Follow_Up($cn);
+ $act->fromArray($_POST);
+ $act->d_id = 0;
+ $act->md_id = (isset($_POST['gen_doc'])) ? $_POST['gen_doc'] : 0;
- // insert into action_gestion
- echo $act->save();
- $url="?$base&sa=detail&ag_id=".$act->ag_id.'&'.dossier::get();
- echo '<p><a class="mtitle" href="'.$url.'">'.hb('Action Sauvée :
'.$act->ag_ref).'</a></p>';
+ // insert into action_gestion
+ echo $act->save();
+ $url = "?$base&sa=detail&ag_id=" . $act->ag_id . '&' . dossier::get();
+ echo '<p><a class="mtitle" href="' . $url . '">' . hb('Action Sauvée :
' . $act->ag_ref) . '</a></p>';
-
- Follow_Up::ShowActionList($cn,$base);
- $url="?$base&sa=detail&ag_id=".$act->ag_id.'&'.dossier::get();
- echo '<p><a class="mtitle" href="'.$url.'">'.hb('Action Sauvée :
'.$act->ag_ref).'</a></p>';
- }
+ Follow_Up::ShowActionList($cn,$base);
+ $url = "?$base&sa=detail&ag_id=" . $act->ag_id . '&' . dossier::get();
+ echo '<p><a class="mtitle" href="' . $url . '">' . hb('Action Sauvée :
' . $act->ag_ref) . '</a></p>';
+}
?>
Modified: phpcompta/trunk/include/ajax_get_profile.php
===================================================================
--- phpcompta/trunk/include/ajax_get_profile.php 2012-06-12 20:59:36 UTC
(rev 4882)
+++ phpcompta/trunk/include/ajax_get_profile.php 2012-06-12 22:21:33 UTC
(rev 4883)
@@ -34,7 +34,7 @@
$add_one=HtmlInput::button("add", "Ajout
Menu","onclick=\"add_menu({dossier:$gDossier,p_id:$p_id})\"")
?>
<hr>
-<h1>Profile <?=$profile->p_name?></h1>
+<h1>Profil <?=$profile->p_name?></h1>
<?
$id=HtmlInput::hidden('p_id',$profile->p_id);
@@ -79,8 +79,9 @@
$profile_menu->listing_profile($p_id);
echo "<h2>Impression</h2>";
$profile_menu->printing($p_id);
-
echo $add_one;
+ echo "<h2>Action gestion accessible</h2>";
+ $profile_menu->available_profile($p_id);
}
?>
Modified: phpcompta/trunk/include/class_follow_up.php
===================================================================
--- phpcompta/trunk/include/class_follow_up.php 2012-06-12 20:59:36 UTC (rev
4882)
+++ phpcompta/trunk/include/class_follow_up.php 2012-06-12 22:21:33 UTC (rev
4883)
@@ -87,9 +87,24 @@
function __construct($p_cn)
{
$this->db = $p_cn;
+ $this->ag_id=0;
$this->f_id = 0;
}
-
+ static function sql_security_filter($cn,$p_mode)
+ {
+ global $g_user;
+ $profile=$cn->get_value("select p_id from profile_user where
user_name=$1",array($g_user->login));
+ if ($profile == '') die ("Security");
+ if ($p_mode == 'R')
+ {
+ $sql=" (ag_dest in (select p_granted from
user_sec_action_profile where p_id=$profile ) ) ";
+ }
+ if ($p_mode == 'W')
+ {
+ $sql=" ( ag_dest in (select p_granted from
user_sec_action_profile where p_id=$profile and ua_right='W' ) )";
+ }
+ return $sql;
+ }
//----------------------------------------------------------------------
/* !
* \brief Display the object, the tags for the FORM
@@ -109,6 +124,7 @@
*/
function Display($p_view, $p_gen, $p_base, $retour = "")
{
+ global $g_user;
if ($p_view == 'UPD')
{
$upd = true;
@@ -132,12 +148,12 @@
// Compute the widget
// Date
$date = new IDate();
- $date->readonly = $readonly;
+ $date->readOnly = $readonly;
$date->name = "ag_timestamp";
$date->value = $this->ag_timestamp;
$remind_date = new IDate();
- $remind_date->readonly = $readonly;
+ $remind_date->readOnly = $readonly;
$remind_date->name = "ag_remind_date";
$remind_date->value = $this->ag_remind_date;
@@ -147,7 +163,7 @@
$doc_type->name = "dt_id";
$doc_type->value = $this->db->make_array("select dt_id,dt_value
from document_type order by dt_value");
$doc_type->selected = $this->dt_id;
- $doc_type->readonly = false;
+ $doc_type->readOnly = $readonly;
$str_doc_type = $doc_type->input();
// Description
@@ -155,7 +171,7 @@
$desc->width = 70;
$desc->heigh = 5;
$desc->name = "ag_comment";
- $desc->readonly = $readonly;
+ $desc->readOnly = $readonly;
if (strlen($desc->value) > 300)
{
$desc->width = 120;
@@ -189,7 +205,7 @@
// Retrieve the value
$a = $this->db->make_array("select s_id,s_value from
document_state ");
$state = new ISelect();
- $state->readonly = $readonly;
+ $state->readOnly = $readonly;
$state->name = "ag_state";
$state->value = $a;
$state->selected = $this->ag_state;
@@ -219,14 +235,14 @@
// title
$title = new IText();
- $title->readonly = $readonly;
+ $title->readOnly = $readonly;
$title->name = "ag_title";
$title->value = $this->ag_title;
$title->size = 60;
// ag_cal
$ag_cal = new ICheckBox('ag_cal');
- $ag_cal->readonly = $readonly;
+ $ag_cal->readOnly = $readonly;
$ag_cal->name = "ag_cal";
if ($this->ag_cal == 'C')
@@ -238,7 +254,7 @@
// Priority of the ag_priority
$ag_priority = new ISelect();
- $ag_priority->readonly = $readonly;
+ $ag_priority->readOnly = $readonly;
$ag_priority->name = "ag_priority";
$ag_priority->selected = $this->ag_priority;
$ag_priority->value = array(array('value' => 1, 'label' =>
'Haute'),
@@ -249,7 +265,7 @@
// hour of the action (meeting) ag_hour
$ag_hour = new IText();
- $ag_hour->readonly = $readonly;
+ $ag_hour->readOnly = $readonly;
$ag_hour->name = "ag_hour";
$ag_hour->value = $this->ag_hour;
$ag_hour->size = 6;
@@ -258,14 +274,13 @@
// Profile in charged of the action
$ag_dest = new ISelect();
- $ag_dest->readonly = $readonly;
+ $ag_dest->readOnly = $readonly;
$ag_dest->name = "ag_dest";
// select profile
$aAg_dest = $this->db->make_array("select p_id as value, " .
"p_name as label " .
- " from profile order by 2");
+ " from profile where p_id in (select p_granted
from user_sec_action_profile where ua_right='W' and
p_id=".$g_user->get_profile().") order by 2");
- $aAg_dest[] = array('value' => 0, 'label' => 'Public');
$ag_dest->value = $aAg_dest;
$ag_dest->selected = $this->ag_dest;
$str_ag_dest = $ag_dest->input();
@@ -303,7 +318,7 @@
//
// sender
$w = new ICard();
- $w->readonly = $readonly;
+ $w->readOnly = $readonly;
$w->jrn = 0;
$w->name = 'qcode_dest';
$w->value = ($this->f_id_dest != 0) ? $this->qcode_dest : "";
@@ -327,7 +342,7 @@
// contact
$ag_contact = new ICard();
- $ag_contact->readonly = $readonly;
+ $ag_contact->readOnly = $readonly;
$ag_contact->jrn = 0;
$ag_contact->name = 'ag_contact';
$ag_contact->value = '';
@@ -366,7 +381,7 @@
$h_agrefid = new IHidden();
$iag_ref=new IText("ag_ref");
$iag_ref->value=$this->ag_ref;
- $iag_ref->readOnly = ($p_view == "NEW")?true:false;
+ $iag_ref->readOnly = ($p_view == "NEW" ||$p_view ==
'READ')?true:false;
$str_ag_ref =$iag_ref->input();
// Preparing the return string
$r = "";
@@ -374,6 +389,7 @@
/* for new files */
$upload = new IFile();
$upload->name = "file_upload[]";
+ $upload->readOnly=$readonly;
$upload->value = "";
$aAttachedFile = $this->db->get_array('select
d_id,d_filename,d_mimetype,' .
'\'show_document.php?' .
@@ -387,7 +403,7 @@
' order by md_name');
$str_select_doc = $aDocMod->input();
/* if no document then do not show the generate button */
- if (empty($aDocMod->value))
+ if (empty($aDocMod->value) )
$str_submit_generate = "";
else
$str_submit_generate = HtmlInput::submit("generate",
_("Génére le document"));
@@ -421,6 +437,7 @@
$icard->extra = 'all';
$icard->name = "e_march" . $i;
$tmp_ad = (isset($this->aAction_detail[$i])) ?
$this->aAction_detail[$i] : false;
+ $icard->readOnly=$readonly;
$icard->value = '';
if ($tmp_ad)
{
@@ -447,11 +464,13 @@
$text->name = "e_march" . $i . "_label";
$text->size = 40;
$text->value = ($tmp_ad) ?
$tmp_ad->get_parameter('text') : "";
+ $text->readOnly=$readonly;
$aArticle[$i]['desc'] = $text->input();
$num->javascript = '
onchange="format_number(this);clean_tva(' . $i . ');compute_ledger(' . $i .
')"';
$num->name = "e_march" . $i . "_price";
$num->size = 8;
+ $num->readOnly=$readonly;
$num->value = ($tmp_ad) ?
$tmp_ad->get_parameter('price_unit') : 0;
$aArticle[$i]['pu'] = $num->input();
@@ -462,6 +481,7 @@
$itva->name = 'e_march' . $i . '_tva_id';
$itva->value = ($tmp_ad) ?
$tmp_ad->get_parameter('tva_id') : 0;
+ $itva->readOnly=$readonly;
$itva->js = ' onchange="format_number(this);clean_tva('
. $i . ');compute_ledger(' . $i . ')"';
$itva->set_attribute('compute', $i);
@@ -514,13 +534,15 @@
function get()
{
$sql = "select ag_id,to_char (ag_timestamp,'DD.MM.YYYY') as
ag_timestamp," .
- "
f_id_dest,ag_title,ag_ref,d_id,ag_type,ag_state, " .
+ "
f_id_dest,ag_title,ag_ref,d_id,ag_type,ag_state, ag_owner, " .
" ag_dest, ag_hour, ag_priority,
ag_cal,ag_contact,to_char (ag_remind_date,'DD.MM.YYYY') as ag_remind_date " .
" from action_gestion left join document using
(ag_id) where ag_id=" . $this->ag_id;
$r = $this->db->exec_sql($sql);
$row = Database::fetch_all($r);
- if ($row == false)
+ if ($row == false){
+ $this->ag_id=0;
return;
+ }
$this->ag_timestamp = $row[0]['ag_timestamp'];
$this->ag_contact = $row[0]['ag_contact'];
$this->f_id_dest = $row[0]['f_id_dest'];
@@ -534,6 +556,7 @@
$this->ag_priority = $row[0]['ag_priority'];
$this->ag_cal = $row[0]['ag_cal'];
$this->ag_remind_date = $row[0]['ag_remind_date'];
+ $this->ag_owner= $row[0]['ag_owner'];
$action_detail = new Follow_Up_Detail($this->db);
$action_detail->set_parameter('ag_id', $this->ag_id);
@@ -737,7 +760,7 @@
//show the sub_action
foreach ($a_row as $row)
{
- $href = '<A class="document" HREF="do.php' .
HtmlInput::get_to_string(array("sag_ref","only_internal","state","gDossier",
"qcode", "ag_dest_query", "query", "tdoc", "date_start", "date_end", "see_all",
"ac", "all_action")) . "&" . $p_base . '&sa=detail&ag_id=' . $row['ag_id'] .
'">';
+ $href = '<A class="document" HREF="do.php?' . $p_base
.HtmlInput::get_to_string(array("sag_ref","only_internal","state","gDossier",
"qcode", "ag_dest_query", "query", "tdoc", "date_start", "date_end", "see_all",
"ac", "all_action"),"") . '&sa=detail&ag_id=' . $row['ag_id'] . '">';
$i++;
$tr = ($i % 2 == 0) ? 'even' : 'odd';
if ($row['ag_priority'] < 2)
@@ -1143,7 +1166,6 @@
" from profile order by 2");
$ag_dest = new ISelect();
$ag_dest->name = "ag_dest_query";
- $aAg_dest[] = array('value' => 0, 'label' => 'Public');
$ag_dest->value = $aAg_dest;
$ag_dest->selected = (isset($_GET["ag_dest_query"])) ?
$_GET["ag_dest_query"] : 0;
$str_ag_dest = $ag_dest->input();
@@ -1230,7 +1252,9 @@
$query .= ' and f_id_dest=0 ';
if (!isset($all_action))
{
- $query .=" and (ag_owner='" . $_SESSION['g_user'] . "'
or ag_dest in (select p_id from profile_user where user_name='" .
$_SESSION['g_user'] . "') or ag_dest is null )";
+ $query .=" and (ag_owner='" . $_SESSION['g_user'] . "'
or ".self::sql_security_filter($cn, "R")." )";
+ } else {
+ $query .= "and ".self::sql_security_filter($cn,'R');
}
if (isset($date_start) && isDate($date_start) != null)
{
Modified: phpcompta/trunk/include/class_html_input.php
===================================================================
--- phpcompta/trunk/include/class_html_input.php 2012-06-12 20:59:36 UTC
(rev 4882)
+++ phpcompta/trunk/include/class_html_input.php 2012-06-12 22:21:33 UTC
(rev 4883)
@@ -533,9 +533,9 @@
address@hidden HtmlInput::request_to_string
address@hidden html string with the string data
*/
- static function get_to_string($array)
+ static function get_to_string($array,$start="?")
{
- $r=self::array_to_string($array,$_GET );
+ $r=self::array_to_string($array,$_GET ,$start);
return $r;
}
Modified: phpcompta/trunk/include/class_profile_menu.php
===================================================================
--- phpcompta/trunk/include/class_profile_menu.php 2012-06-12 20:59:36 UTC
(rev 4882)
+++ phpcompta/trunk/include/class_profile_menu.php 2012-06-12 22:21:33 UTC
(rev 4883)
@@ -208,7 +208,26 @@
$gDossier = Dossier::id();
$this->sub_menu($ret, $p_id);
}
-
+ function available_profile($p_id)
+ {
+ $array=$this->cn->get_array("
+ select
p.p_id,p.p_name,s.p_granted,s.ua_id,s.ua_right
+ from profile as p
+ join user_sec_action_profile as
s on (s.p_granted=p.p_id)
+ where s.p_id=$1
+ union
+ select p2.p_id,
p2.p_name,null,null,'X'
+ from profile as p2
+ where
+ p2.p_id not in (select
p_granted from user_sec_action_profile where p_id = $1) order by p_name;
+ ",array($p_id));
+ $aright_value=array(
+
array('value'=>'R','label'=>_('Lecture')),
+
array('value'=>'W','label'=>_('Ecriture')),
+
array('value'=>'X','label'=>_('Aucun accès'))
+ );
+ require_once 'template/user_sec_profile.php';
+ }
}
//end class
Modified: phpcompta/trunk/include/class_user.php
===================================================================
--- phpcompta/trunk/include/class_user.php 2012-06-12 20:59:36 UTC (rev
4882)
+++ phpcompta/trunk/include/class_user.php 2012-06-12 22:21:33 UTC (rev
4883)
@@ -32,7 +32,6 @@
require_once("user_common.php");
require_once('class_dossier.php');
require_once('ac_common.php');
-
class User
{
@@ -964,7 +963,7 @@
natural join ac_dossier
join priv_user on ( priv_jnt=jnt_id)
where use_active=1
- and use_login= $1
+ and use_login= $1
and priv_priv != 'X' and ( dos_name ~* $2 or dos_description ~*
$2 )
order by dos_name", array($this->login,$p_filter));
}
@@ -1007,7 +1006,7 @@
$_SERVER['REQUEST_URI'],
$action));
}
- }
+ }
function save_profile($p_id)
{
$count=$this->db->get_value("select count(*) from profile_user
where user_name=$1", array($this->login));
@@ -1029,6 +1028,22 @@
user_name=$1",array($this->login));
return $profile;
}
+ function can_write_action( $dtoc)
+ {
+ $profile=$this->get_profile();
+ $r=$this->db->get_value(" select count(*) from action_gestion
where ag_id=$1 and ag_dest in
+ (select p_granted from user_sec_action_profile
where ua_right='W' and p_id=$2) ",array($dtoc,$profile));
+ if ( $r == 0 ) return false;
+ return true;
+ }
+ function can_read_action($dtoc)
+ {
+ $profile=$this->get_profile();
+ $r=$this->db->get_value(" select count(*) from action_gestion
where ag_id=$1 and (ag_dest in
+ (select p_granted from user_sec_action_profile
where p_id=$2) or ag_owner=$3)",array($dtoc,$profile,$this->login));
+ if ( $r == 0 ) return false;
+ return true;
+ }
}
Modified: phpcompta/trunk/include/profile.inc.php
===================================================================
--- phpcompta/trunk/include/profile.inc.php 2012-06-12 20:59:36 UTC (rev
4882)
+++ phpcompta/trunk/include/profile.inc.php 2012-06-12 22:21:33 UTC (rev
4883)
@@ -23,89 +23,127 @@
global $cn;
//**********************************************
+// Save avail. profiles
+//**********************************************
+if (isset($_POST['change_profile']))
+{
+ extract($_POST);
+ try
+ {
+ for ($e = 0; $e < count($right); $e++)
+ {
+ if ($right[$e] == 'X' && $ua_id[$e]=='')
+ continue;
+ if ($right[$e] == 'X' && $ua_id[$e]!='')
+ {
+ $cn->exec_sql("delete from
user_sec_action_profile where p_id=$1 and p_granted=$2", array($p_id,
$ap_id[$e]));
+ continue;
+ }
+ if ($ua_id[$e] == "")
+ {
+ $cn->exec_sql("insert into
user_sec_action_profile (p_id,p_granted,ua_right) values($1,$2,$3)",
array($p_id, $ap_id[$e], $right[$e]));
+ continue;
+ }
+ if ($ua_id[$e] != '')
+ {
+ $cn->exec_sql("update user_sec_action_profile
set ua_right=$3 where p_id=$1 and p_granted=$2 ", array($p_id, $ap_id[$e],
$right[$e]));
+ continue;
+ }
+ }
+ }
+ catch (Exception $exc)
+ {
+ echo $exc->getTraceAsString();
+ throw $exc;
+ }
+}
+//**********************************************
// Save_name
// *********************************************
-if ( isset($_POST['save_name']))
+if (isset($_POST['save_name']))
{
- extract ($_POST);
- try{
- if (strlen(trim($p_name))==0) throw new Exception("Nom
ne peut être vide");
- if (isNumber($p_id)==0) throw new Exception("profile
Invalide");
- $wc=(isset($with_calc))?1:0;
- $wd=(isset($with_direct_form))?1:0;
- $p_desc=(strlen(trim($p_desc))==0)?null:trim($p_desc);
+ extract($_POST);
+ try
+ {
+ if (strlen(trim($p_name)) == 0)
+ throw new Exception("Nom ne peut être vide");
+ if (isNumber($p_id) == 0)
+ throw new Exception("profile Invalide");
+ $wc = (isset($with_calc)) ? 1 : 0;
+ $wd = (isset($with_direct_form)) ? 1 : 0;
+ $p_desc = (strlen(trim($p_desc)) == 0) ? null : trim($p_desc);
if ($p_id != -1)
{
$cn->exec_sql("update profile set p_name=$1,p_desc=$2,
- with_calc=$3, with_direct_form=$4 where
p_id=$5",array($p_name,
- $p_desc,$wc,$wd,$p_id));
+ with_calc=$3, with_direct_form=$4 where
p_id=$5", array($p_name,
+ $p_desc, $wc, $wd, $p_id));
}
else
{
- $p_id=$cn->get_value ("insert into profile (p_name,
+ $p_id = $cn->get_value("insert into profile (p_name,
p_desc,with_calc,with_direct_form) values
- ($1,$2,$3,$4) returning p_id",array(
- $p_name,$p_desc,$wc,$wd
- ));
+ ($1,$2,$3,$4) returning p_id", array(
+ $p_name, $p_desc, $wc, $wd
+ ));
}
}
catch (Exception $e)
{
alert($e->getMessage());
}
-
}
//************************************
// Clone
//************************************
-if ( isset($_POST['clone']))
+if (isset($_POST['clone']))
{
- extract ($_POST);
+ extract($_POST);
try
{
$cn->start();
- $new_id=$cn->get_value("insert into
profile(p_name,p_desc,with_calc,
+ $new_id = $cn->get_value("insert into
profile(p_name,p_desc,with_calc,
with_direct_form)
select 'copie de '||p_name,p_desc,with_calc,
- with_direct_form from profile where p_id=$1 returning
p_id",array($p_id));
+ with_direct_form from profile where p_id=$1 returning
p_id", array($p_id));
$cn->exec_sql("
insert into profile_menu
(p_id,me_code,me_code_dep,p_order,p_type_display,pm_default)
select
$1,me_code,me_code_dep,p_order,p_type_display,pm_default from profile_menu
where p_id=$2
- ",array($new_id,$p_id));
+ ", array($new_id, $p_id));
$cn->commit();
- $p_id=$new_id;
-
+ $p_id = $new_id;
}
catch (Exception $exc)
{
echo alert($exc->getMessage());
$cn->rollback();
}
-
}
//************************************
// Delete
//************************************
-if ( isset($_POST['delete_profil']))
+if (isset($_POST['delete_profil']))
{
- extract ($_POST);
+ extract($_POST);
try
{
$cn->start();
- if ( $p_id==1 ) { throw new Exception('On ne peut effacer le
profil par défaut');}
- $new_id=$cn->get_value("delete from profile
- where p_id=$1 ",array($p_id));
+ if ($p_id == 1)
+ {
+ throw new Exception('On ne peut effacer le profil par
défaut');
+ }
+ $new_id = $cn->get_value("delete from profile
+ where p_id=$1 ", array($p_id));
$cn->commit();
}
catch (Exception $exc)
{
- echo alert($exc->getMessage());;
+ echo alert($exc->getMessage());
+ ;
$cn->rollback();
}
-
}
//************************************
// Modify the menu or delete it
@@ -113,18 +151,16 @@
if (isset($_POST['mod']))
{
extract($_POST);
- if (isset($delete) || isset ($del_dep))
+ if (isset($delete) || isset($del_dep))
{
try
{
$cn->start();
- if ( isset ($del_dep))
- {
- $cn->exec_sql("delete from profile_menu where
pm_id in (select * from get_menu_dependency($1))",
- array($pm_id));
- }
- $cn->exec_sql("delete from profile_menu where pm_id=$1",
- array($pm_id));
+ if (isset($del_dep))
+ {
+ $cn->exec_sql("delete from profile_menu where
pm_id in (select * from get_menu_dependency($1))", array($pm_id));
+ }
+ $cn->exec_sql("delete from profile_menu where
pm_id=$1", array($pm_id));
$cn->commit();
}
catch (Exception $exc)
@@ -132,11 +168,11 @@
echo $exc->getMessage();
$cn->rollback();
}
- }
+ }
else
try
{
- /**
+ /**
* Printing cannot be a menu and do not depend of
anything
*/
$menu_type = $cn->get_value("select me_type from
menu_ref
@@ -173,9 +209,9 @@
//****************************************************
// Add a menu, module, submenu,plugin...
//****************************************************
-if ( isset ($_POST['add_menu']))
+if (isset($_POST['add_menu']))
{
- extract ($_POST);
+ extract($_POST);
try
{
$cn->start();
@@ -183,47 +219,44 @@
/**
* Printing cannot be a menu and do not depend of anything
*/
- $menu_type=$cn->get_value("select me_type from menu_ref
- where me_code=$1",array($me_code));
+ $menu_type = $cn->get_value("select me_type from menu_ref
+ where me_code=$1", array($me_code));
- if ($menu_type=='PR')
+ if ($menu_type == 'PR')
{
- $p_type='P';
- $me_code_dep=-1;
+ $p_type = 'P';
+ $me_code_dep = -1;
}
// Module never depends of anything
- if ($p_type=='M')
+ if ($p_type == 'M')
{
- $me_code_dep=-1;
+ $me_code_dep = -1;
}
/**
* Check for infinite loop
*/
- $inf=$cn->get_value("select count(*) from profile_menu
- where p_id=$1 and me_code_dep=$2 and me_code=$3",
- array($p_id,$me_code,$me_code_dep));
- if ( $inf > 0 ) throw new Exception("Boucle
infinie");
- /**
+ $inf = $cn->get_value("select count(*) from profile_menu
+ where p_id=$1 and me_code_dep=$2 and me_code=$3",
array($p_id, $me_code, $me_code_dep));
+ if ($inf > 0)
+ throw new Exception("Boucle infinie");
+ /**
* if me_code_dep == -1, it means it is null
*/
- $me_code_dep=($me_code_dep==-1)?null:$me_code_dep;
+ $me_code_dep = ($me_code_dep == -1) ? null : $me_code_dep;
- $pm_default=(isset($pm_default))?1:0;
+ $pm_default = (isset($pm_default)) ? 1 : 0;
$cn->exec_sql("
insert into profile_menu
(me_code,me_code_dep,p_id,p_order,pm_default,p_type_display)
values ($1,$2,$3,$4,$5,$6)
-
",array($me_code,$me_code_dep,$p_id,$p_order,$pm_default,$p_type));
+ ", array($me_code, $me_code_dep, $p_id,
$p_order, $pm_default, $p_type));
$cn->commit();
-
}
catch (Exception $exc)
{
alert($exc->getMessage());
}
-
-
}
echo '<div id="list_profile" class="content">';
@@ -240,7 +273,7 @@
$order = $table->get_sql_order($ord);
$menu = new Profile_sql($cn);
-$ret = $menu->seek($order);
+$ret = $menu->seek("where p_id > 0 ".$order);
echo '<table class="result">';
echo '<tr>';
echo '<th>' . $table->get_header(0) . '</th>';
@@ -263,7 +296,7 @@
}
$js = sprintf('<a href="javascript:void(0)" class="button"
onclick="get_profile_detail(\'%s\',\'%s\')">', $gDossier, -1);
echo '<tr>';
-echo "<td>".$js."Ajouter un profil </td>";
+echo "<td>" . $js . "Ajouter un profil </td>";
echo '</tr>';
echo '</table>';
echo '</div>';
Modified: phpcompta/trunk/include/template/detail-action.php
===================================================================
--- phpcompta/trunk/include/template/detail-action.php 2012-06-12 20:59:36 UTC
(rev 4882)
+++ phpcompta/trunk/include/template/detail-action.php 2012-06-12 22:21:33 UTC
(rev 4883)
@@ -82,7 +82,7 @@
</td>
</Tr>
</table>
- <?echo $str_add_button;?>
+ <?if ($p_view != 'READ') echo $str_add_button;?>
</div>
<div style="float:left;width:45%">
@@ -147,17 +147,25 @@
<?
for ($o=0;$o<count($operation);$o++)
{
- $rmOperation=sprintf("javascript:if (
confirm('"._('Voulez-vous effacer cette opération ')."')==true )
{remove_operation('%s','%s');}",
- dossier::id(),
- $operation[$o]['ago_id']);
- $js= '<a class="mtitle" style="color:orange"
id="acop'.$operation[$o]['ago_id'].'" href="'.$rmOperation.'">Effacer</a>';
- echo '<li
id="op'.$operation[$o]['ago_id'].'">'.$operation[$o]['str_date']."
".HtmlInput::detail_op($operation[$o]['jr_id'],$operation[$o]['jr_internal'])."
".h($operation[$o]['jr_comment'])." "
- .$js.'</li>';
+ if ( $p_view != 'READ')
+ {
+ $rmOperation=sprintf("javascript:if (
confirm('"._('Voulez-vous effacer cette opération ')."')==true )
{remove_operation('%s','%s');}",
+ dossier::id(),
+
$operation[$o]['ago_id']);
+ $js= '<a class="mtitle"
style="color:orange" id="acop'.$operation[$o]['ago_id'].'"
href="'.$rmOperation.'">Effacer</a>';
+ echo '<li
id="op'.$operation[$o]['ago_id'].'">'.$operation[$o]['str_date']."
".HtmlInput::detail_op($operation[$o]['jr_id'],$operation[$o]['jr_internal'])."
".h($operation[$o]['jr_comment'])." "
+ .$js.'</li>';
+ }
+ else
+ {
+ echo '<li
>'.$operation[$o]['str_date']."
".HtmlInput::detail_op($operation[$o]['jr_id'],$operation[$o]['jr_internal'])."
".h($operation[$o]['jr_comment'])." "
+ .'</li>';
+ }
}
?>
</ol>
- <?=$iconcerned->input()?>
+ <? if ($p_view != 'READ') echo $iconcerned->input()?>
</div>
<div style="float:left;width:45%">
@@ -168,6 +176,8 @@
$base=HtmlInput::request_to_string(array("gDossier","ac","sa","sb","sc","f_id"));
for ($o=0;$o<count($action);$o++)
{
+ if ( $p_view != 'READ')
+ {
$rmAction=sprintf("javascript:if (
confirm('"._('Voulez-vous effacer cette action ')."')==true )
{remove_action('%s','%s','%s');}",
dossier::id(),
$action[$o]['ag_id'],$_REQUEST['ag_id']);
@@ -176,11 +186,17 @@
echo '<li
id="act'.$action[$o]['ag_id'].'">'.$showAction.$action[$o]['str_date']."
".$action[$o]['ag_ref']." ".
h($action[$o]['sub_title']).'('.h($action[$o]['dt_value']).')</a>'." "
.$js.'</li>';
+ } else {
+ $showAction='<a class="line"
href="'.$base."&ag_id=".$action[$o]['ag_id'].'">';
+ echo
'<li>'.$showAction.$action[$o]['str_date']." ".$action[$o]['ag_ref']." ".
+
h($action[$o]['sub_title']).'('.h($action[$o]['dt_value']).')</a>'." "
+ .'</li>';
+ }
}
?>
</ol>
- <?=$iaction->input()?>
+ <? if ( $p_view != 'READ') echo $iaction->input()?>
</div>
</fieldset>
<fieldset>
@@ -201,7 +217,9 @@
}
</script>
-
+<? if ($p_view != 'NEW') : ?>
+Document créé le <?=$this->ag_timestamp ?> par <?=$this->ag_owner?>
+<? endif; ?>
<h4 class="info"><?=_('Titre')?></h4>
<p style="margin-left:100">
<?php echo $title->input();
@@ -213,14 +231,25 @@
$style_enl='style="display:inline"';$style_small='style="display:none"';
for( $c=0;$c<count($acomment);$c++){
- $rmComment=sprintf("javascript:if ( confirm('"._('Voulez-vous effacer
ce commentaire ')."')==true ) {remove_comment('%s','%s');}",
- dossier::id(),
- $acomment[$c]['agc_id']);
- $js= '<a class="mtitle" style="color:orange"
id="accom'.$acomment[$c]['agc_id'].'" href="'.$rmComment.'">Effacer</a>';
- echo 'n°'.$acomment[$c]['agc_id'].'('.h($acomment[$c]['tech_user'])."
".smaller_date($acomment[$c]['str_agc_date']).')'.$js.
- '<pre style="white-space: -moz-pre-wrap;white-space:
pre-wrap;border:1px solid blue;width:70%;" id="com'.$acomment[$c]['agc_id'].'">
'.
- " ".h($acomment[$c]['agc_comment']).'</pre>'
- ;
+ if ( $p_view != 'READ')
+ {
+ $rmComment=sprintf("javascript:if ( confirm('"._('Voulez-vous
effacer ce commentaire ')."')==true ) {remove_comment('%s','%s');}",
+ dossier::id(),
+ $acomment[$c]['agc_id']);
+ $js= '<a class="mtitle" style="color:orange"
id="accom'.$acomment[$c]['agc_id'].'" href="'.$rmComment.'">Effacer</a>';
+ echo
'n°'.$acomment[$c]['agc_id'].'('.h($acomment[$c]['tech_user'])."
".smaller_date($acomment[$c]['str_agc_date']).')'.$js.
+ '<pre style="white-space:
-moz-pre-wrap;white-space: pre-wrap;border:1px solid blue;width:70%;"
id="com'.$acomment[$c]['agc_id'].'"> '.
+ " ".h($acomment[$c]['agc_comment']).'</pre>'
+ ;
+ }
+ else
+ {
+ echo
'n°'.$acomment[$c]['agc_id'].'('.h($acomment[$c]['tech_user'])."
".smaller_date($acomment[$c]['str_agc_date']).')'.
+ '<pre style="white-space:
-moz-pre-wrap;white-space: pre-wrap;border:1px solid blue;width:70%;"
id="com'.$acomment[$c]['agc_id'].'"> '.
+ " ".h($acomment[$c]['agc_comment']).'</pre>'
+ ;
+
+ }
}
echo $desc->input();
?>
@@ -292,14 +321,19 @@
</div>
</fieldset>
+
+<? if ($p_view != 'READ') : ?>
<fieldset >
<legend>
<?=_('Document à générer')?>
</legend>
<?php echo $str_select_doc;
-echo $str_submit_generate;
+ echo $str_submit_generate;
?>
</fieldset>
+<? endif; ?>
+
+
<fieldset>
<legend>
<?=_('Pièces attachées')?>
@@ -315,7 +349,7 @@
dossier::id(),
$aAttachedFile[$i]['d_id']);
?>
- <a class="mtitle" style="color:orange" id="<?php echo
"ac".$aAttachedFile[$i]['d_id'];?>" href="<?php echo $rmDoc;?>">Effacer</a>
+ <? if ($p_view != 'READ') : ?> <a class="mtitle" style="color:orange"
id="<?php echo "ac".$aAttachedFile[$i]['d_id'];?>" href="<?php echo
$rmDoc;?>">Effacer</a><? endif;?>
</p>
<?php
endfor;
@@ -340,7 +374,7 @@
</li>
</ol>
<span >
- <input type="button" class="button" onclick="addFiles();" value="Ajouter un
fichier">
+<? if ($p_view != 'READ') : ?> <input type="button" class="button"
onclick="addFiles();" value="Ajouter un fichier"> <? endif;?>
</span>
</p>
</fieldset>
Added: phpcompta/trunk/include/template/user_sec_profile.php
===================================================================
--- phpcompta/trunk/include/template/user_sec_profile.php
(rev 0)
+++ phpcompta/trunk/include/template/user_sec_profile.php 2012-06-12
22:21:33 UTC (rev 4883)
@@ -0,0 +1,55 @@
+<?php
+
+/*
+ * This file is part of PhpCompta.
+ *
+ * PhpCompta is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * PhpCompta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PhpCompta; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+/* $Revision$ */
+
+// Copyright Author Dany De Bontridder address@hidden
+
+/**
+ * @file
+ * @brief show the available profiles for action-management
+ *
+ */
+?>
+<form method="POST" class="print">
+ <?=HtmlInput::hidden("p_id", $p_id);?>
+ <table>
+ <tr>
+ <th><?=_("Profile")?></th>
+ <th><?=_("Accès")?></th>
+ </tr>
+ <? for ($i=0;$i<count($array);$i++): ?>
+ <tr>
+ <td>
+ <?=$array[$i]['p_name']?>
+
<?=HtmlInput::hidden('ua_id[]',$array[$i]['ua_id'])?>
+
<?=HtmlInput::hidden('ap_id[]',$array[$i]['p_id'])?>
+ </td>
+ <td>
+ <?
+ $isel=new ISelect("right[]");
+ $isel->value=$aright_value;
+ $isel->selected=$array[$i]['ua_right'];
+ echo $isel->input();?>
+ </td>
+ </tr>
+ <?endfor;?>
+ </table>
+<?=HtmlInput::submit("change_profile", "Sauver")?>
+</form>
\ No newline at end of file
Modified: phpcompta/trunk/sql/upgrade.sql
===================================================================
--- phpcompta/trunk/sql/upgrade.sql 2012-06-12 20:59:36 UTC (rev 4882)
+++ phpcompta/trunk/sql/upgrade.sql 2012-06-12 22:21:33 UTC (rev 4883)
@@ -188,4 +188,27 @@
ALTER TABLE document_type ADD COLUMN dt_prefix text;
COMMENT ON COLUMN document_type.dt_prefix IS 'Prefix for ag_ref';
-update document_type set dt_prefix= upper(substr(replace(dt_value,'
',''),0,7))||dt_id::text
\ No newline at end of file
+update document_type set dt_prefix= upper(substr(replace(dt_value,'
',''),0,7))||dt_id::text
+
+CREATE TABLE user_sec_action_profile
+(
+ ua_id bigserial NOT NULL, -- pk
+ p_id bigint, -- fk to profile
+ p_granted bigint, -- fk to profile
+ ua_right character(1), -- Type of right : R for readonly W for write
+ CONSTRAINT user_sec_action_profile_pkey PRIMARY KEY (ua_id ),
+ CONSTRAINT user_sec_action_profile_p_id_fkey FOREIGN KEY (p_id)
+ REFERENCES profile (p_id) MATCH SIMPLE
+ ON UPDATE CASCADE ON DELETE CASCADE,
+ CONSTRAINT user_sec_action_profile_p_granted_fkey FOREIGN KEY (p_granted)
+ REFERENCES profile (p_id) MATCH SIMPLE
+ ON UPDATE CASCADE ON DELETE CASCADE,
+ CONSTRAINT user_sec_action_profile_ua_right_check CHECK (ua_right = ANY
(ARRAY['R'::bpchar, 'W'::bpchar]))
+);
+COMMENT ON TABLE user_sec_action_profile IS 'Available profile for user';
+COMMENT ON COLUMN user_sec_action_profile.ua_id IS 'pk';
+COMMENT ON COLUMN user_sec_action_profile.p_id IS 'fk to profile';
+COMMENT ON COLUMN user_sec_action_profile.ua_right IS 'Type of right : R for
readonly W for write';
+INSERT INTO profile (p_name, p_id, p_desc, with_calc, with_direct_form) VALUES
('Public', -1, 'faux groupe', NULL, NULL);
+insert into user_sec_action_profile(p_id,p_granted,ua_right) select 1,p_id,'W'
from profile;
+insert into user_sec_action_profile(p_id,p_granted ,ua_right) select
2,p_id,'W' from profile;
---
PhpCompta est un logiciel de comptabilité libre en ligne (full web)
Projet opensource http://www.phpcompta.eu
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4883 - in phpcompta/trunk: html include include/template sql,
phpcompta-dev <=