[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 26/119: FollowUp : new right : delete action
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 26/119: FollowUp : new right : delete action |
Date: |
Mon, 26 Oct 2020 18:27:08 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 096e16cf2f317e04f4624c86484c4b37e78fc8e1
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Tue Sep 29 18:10:00 2020 +0200
FollowUp : new right : delete action
---
include/action.common.inc.php | 43 +++++++++++++++++++++---------------
include/action.inc.php | 9 +++++---
include/ajax/ajax_anc_search.php | 2 +-
include/class/profile_menu.class.php | 3 ++-
include/class/user.class.php | 16 ++++++++++++++
sql/upgrade.sql | 11 +++++++--
6 files changed, 59 insertions(+), 25 deletions(-)
diff --git a/include/action.common.inc.php b/include/action.common.inc.php
index 59d9041..976fcbe 100644
--- a/include/action.common.inc.php
+++ b/include/action.common.inc.php
@@ -30,18 +30,20 @@
*
*/
if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
+$http=new HttpInput();
$supl_hidden = '';
if (isset($_REQUEST['sc']))
- $supl_hidden.=HtmlInput::hidden('sc', $_REQUEST['sc']);
+ $supl_hidden.=HtmlInput::hidden('sc', $http->request("sc"));
if (isset($_REQUEST['f_id']))
- $supl_hidden.=HtmlInput::hidden('f_id', $_REQUEST['f_id']);
+ $supl_hidden.=HtmlInput::hidden('f_id',
$http->request("f_id","number"));
if (isset($_REQUEST['sb']))
- $supl_hidden.=HtmlInput::hidden('sb', $_REQUEST['sb']);
-$supl_hidden.=HtmlInput::hidden('ac', $_REQUEST['ac']);
+ $supl_hidden.=HtmlInput::hidden('sb', $http->request("sb"));
+$supl_hidden.=HtmlInput::hidden('ac', $http->request("ac"));
+
$correction = 0;
$error_id=0;
-$http=new HttpInput();
+
/*-----------------------------------------------------------------------------*/
/* For other action
/*-----------------------------------------------------------------------------*/
@@ -210,18 +212,23 @@ if ($sub_action == 'detail')
if ($g_user->can_write_action($ag_id) == true)
{
- echo '<form enctype="multipart/form-data"
id="action_common_frm" class="print" action="do.php" method="post" >';
- echo $supl_hidden;
- echo HtmlInput::hidden('ac', $_REQUEST['ac']);
- echo dossier::hidden();
- echo $act->Display('UPD', false, $base, $retour);
- echo '<input type="hidden" name="sa" value="update">';
- echo '<input type="hidden" id="delete" name="delete"
value="0">';
- echo HtmlInput::submit("save", "Sauve",'
onclick="$(\'delete\').value=0"');
- echo HtmlInput::submit("add_action_here", _("Ajoute un
événement à celui-ci"),' onclick="$(\'delete\').value=0"');
- echo HtmlInput::submit("delete_bt", _("Efface cet événement "),
' onclick="$(\'delete\').value=1;return confirm_box(\'action_common_frm\',\''.
_("Vous confirmez l\'effacement") . '\')" ');
- echo $retour;
- echo '</form>';
+ echo '<form enctype="multipart/form-data" id="action_common_frm"
class="print" action="do.php" method="post" >';
+ echo $supl_hidden;
+ echo HtmlInput::hidden('ac', $http->request('ac'));
+ echo dossier::hidden();
+ echo $act->Display('UPD', false, $base, $retour);
+ echo '<input type="hidden" name="sa" value="update">';
+ echo '<input type="hidden" id="delete" name="delete" value="0">';
+ echo HtmlInput::submit("save", "Sauve",'
onclick="$(\'delete\').value=0"');
+ echo HtmlInput::submit("add_action_here", _("Ajoute un événement à
celui-ci"),' onclick="$(\'delete\').value=0"');
+ //
+ if ($g_user->can_delete_action($ag_id))
+ {
+ echo HtmlInput::submit("delete_bt", _("Efface cet événement
"),
+ ' onclick="$(\'delete\').value=1;return
confirm_box(\'action_common_frm\',\''. _("Vous confirmez l\'effacement") .
'\')" ');
+ }
+ echo $retour;
+ echo '</form>';
}
else if ($g_user->can_read_action($ag_id) == true || $act->ag_dest ==
-1)
{
@@ -245,7 +252,7 @@ if ($sub_action == 'delete')
$act = new Follow_Up($cn);
$act->ag_id =$http->request("ag_id","number") ;
$act->get();
- if ($g_user->can_write_action($act->ag_id)==true) $act->remove();
+ if ($g_user->can_delete_action($act->ag_id)==true) $act->remove();
$sub_action = "list";
$cn->commit();
Follow_Up::show_action_list($cn, $base);
diff --git a/include/action.inc.php b/include/action.inc.php
index 5709845..9f61297 100644
--- a/include/action.inc.php
+++ b/include/action.inc.php
@@ -22,6 +22,8 @@
*/
if ( ! defined ('ALLOWED') ) die('Appel direct ne sont pas permis');
global $g_user;
+$http=new HttpInput();
+
$retour=HtmlInput::button_anchor(_('Retour liste'),
HtmlInput::request_to_string(array("closed_action","remind_date_end","remind_date","sag_ref","only_internal","state","ac","gDossier","qcode","ag_dest_query","action_query","tdoc","date_start","date_end","hsstate","searchtag")),
"","","smallbutton");
@@ -47,12 +49,13 @@ require_once NOALYSS_INCLUDE.'/class/follow_up.class.php';
// propose to add one
// permit also a search
// show detail
-$sub_action=(isset($_REQUEST['sa']))?$_REQUEST['sa']:"";
+$sub_action=$http->request("sa","string","");
/* if ag_id is set then we give it otherwise we have problem
* with the generation of document
*/
-$ag_id=(isset($_REQUEST['ag_id']))?$_REQUEST['ag_id']:0;
-$ac=$_REQUEST['ac'];
+$ag_id=$http->request("ag_id","string","0");
+
+$ac=$http->request("ac");
$base=HtmlInput::request_to_string(array('ac','gDossier'),"");
require_once NOALYSS_INCLUDE.'/action.common.inc.php';
diff --git a/include/ajax/ajax_anc_search.php b/include/ajax/ajax_anc_search.php
index 00c114e..c8364d7 100644
--- a/include/ajax/ajax_anc_search.php
+++ b/include/ajax/ajax_anc_search.php
@@ -72,7 +72,7 @@ if ( isset($_REQUEST['go']))
$sql="select po_name , po_description from poste_analytique ".
"where pa_id=$1 and ".
" (po_name ~* $2 or po_description ~* $3) order by po_name";
- $array=$cn->get_array($sql,array($_c2,$plabel,$plabel));
+ $array=$cn->get_array($sql,array($c2,$plabel,$plabel));
if (empty($array) == true)
{
diff --git a/include/class/profile_menu.class.php
b/include/class/profile_menu.class.php
index 145f5fd..96b06ca 100644
--- a/include/class/profile_menu.class.php
+++ b/include/class/profile_menu.class.php
@@ -244,7 +244,8 @@ class Profile_Menu extends Profile_Menu_sql
", array($this->p_id));
$aright_value=array(
array('value'=>'R', 'label'=>_('Lecture')),
- array('value'=>'W', 'label'=>_('Ecriture')),
+ array('value'=>'W', 'label'=>_('Ecriture et suppression')),
+ array('value'=>'O', 'label'=>_('Ecriture')),
array('value'=>'X', 'label'=>_('Aucun accès'))
);
require_once NOALYSS_TEMPLATE.'/user_sec_profile.php';
diff --git a/include/class/user.class.php b/include/class/user.class.php
index d258120..f48f794 100644
--- a/include/class/user.class.php
+++ b/include/class/user.class.php
@@ -1192,6 +1192,22 @@ class User
if ( $this->get_status_security_action()==0) return
TRUE;
$profile = $this->get_profile();
$r = $this->db->get_value(" select count(*) from
action_gestion where ag_id=$1 and ag_dest in
+ (select p_granted from user_sec_action_profile
where ua_right in ('W','O') and p_id=$2) ", array($dtoc, $profile));
+ if ($r == 0)
+ return FALSE;
+ return true;
+ }
+ /**
+ *Check if the profile of the user can write AND delete for this
profile
+ * @param $dtoc action_gestion.ag_id
+ * @return true if he can write otherwise false
+ */
+ function can_delete_action($dtoc)
+ {
+ if ( $this->Admin() == 1 ) return TRUE;
+ if ( $this->get_status_security_action()==0) return
TRUE;
+ $profile = $this->get_profile();
+ $r = $this->db->get_value(" select count(*) from
action_gestion where ag_id=$1 and ag_dest in
(select p_granted from user_sec_action_profile
where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
if ($r == 0)
return FALSE;
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index fb36c0d..8dac206 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -1,3 +1,4 @@
+
CREATE OR REPLACE FUNCTION comptaproc.jrn_check_periode()
RETURNS trigger
LANGUAGE plpgsql
@@ -40,5 +41,11 @@ if comptaproc.is_closed (ljr_tech_per,ljr_def_id) = true then
end if;
return lreturn;
-end;$function$
-;
\ No newline at end of file
+end;
+$function$;
+LANGUAGE plpgsql;
+
+-- New right for action : delete
+ALTER TABLE public.user_sec_action_profile drop CONSTRAINT
user_sec_action_profile_ua_right_check;
+ALTER TABLE public.user_sec_action_profile ADD CONSTRAINT
user_sec_action_profile_ua_right_check check (ua_right in ('R','W','X','O'));
+
- [Noalyss-commit] [noalyss] 22/119: ManageTable : you can set the style of the dialog box, (continued)
- [Noalyss-commit] [noalyss] 22/119: ManageTable : you can set the style of the dialog box, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 23/119: Rewriting of Predefined Operation. You can add new Predefined Operation, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 43/119: Documentation, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 50/119: Follow-up search : show the closing status, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 60/119: FollowUp Deatil : add the amount + tva from card, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 74/119: Search concerned card with company , name , ... and export contact option to CSV, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 80/119: Follow Up : multiple card , search by category of card, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 15/119: doc, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 19/119: fix type, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 20/119: documentation, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 26/119: FollowUp : new right : delete action,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 40/119: ManageTable : you can set the style of the dialog box, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 36/119: javascript : add function to concat 2 json objects, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 32/119: Bug : syntax error, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 31/119: Bug : use ilike instead of tilde, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 46/119: Follow-up : tag enable when create doc, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 48/119: Action and Document Add missing files, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 57/119: Upgrade DB to 145, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 54/119: Contact option , allow to use option for contact, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 70/119: Card can be disable if not used anymore, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 73/119: Contact option : export CSV, Dany De Bontridder, 2020/10/26