368function restrictedArea(
User $user, $features,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
378 if ($objectid ==
"-1") {
382 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', (
string) $objectid);
391 $parentfortableentity =
'';
394 $originalfeatures = $features;
395 if ($features ==
'agenda') {
396 $tableandshare =
'actioncomm&societe';
397 $feature2 =
'myactions|allactions';
400 if ($features ==
'bank') {
401 $features =
'banque';
403 if ($features ==
'facturerec') {
404 $features =
'facture';
406 if ($features ==
'supplier_invoicerec') {
407 $features =
'fournisseur';
408 $feature2 =
'facture';
410 if ($features ==
'mo') {
413 if ($features ==
'member') {
414 $features =
'adherent';
416 if ($features ==
'subscription') {
417 $features =
'adherent';
418 $feature2 =
'cotisation';
420 if ($features ==
'website' && is_object(
$object) &&
$object->element ==
'websitepage') {
421 $parentfortableentity =
'fk_website@website';
423 if ($features ==
'project') {
424 $features =
'projet';
426 if ($features ==
'product') {
427 $features =
'produit';
429 if ($features ==
'productbatch') {
430 $features =
'produit';
432 if ($features ==
'tax') {
433 $feature2 =
'charges';
435 if ($features ==
'workstation') {
436 $feature2 =
'workstation';
438 if ($features ==
'fournisseur') {
439 $features =
'fournisseur';
440 if (is_object(
$object) &&
$object->element ==
'invoice_supplier') {
441 $feature2 =
'facture';
442 } elseif (is_object(
$object) &&
$object->element ==
'order_supplier') {
443 $feature2 =
'commande';
446 if ($features ==
'payment_sc') {
447 $tableandshare =
'paiementcharge';
448 $parentfortableentity =
'fk_charge@chargesociales';
454 $parameters = array(
'features' => $features,
'originalfeatures' => $originalfeatures,
'objectid' => $objectid,
'dbt_select' => $dbt_select,
'idtype' => $dbt_select,
'isdraft' => $isdraft);
455 if (!empty($hookmanager)) {
456 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
458 if (isset($hookmanager->resArray[
'result'])) {
459 if ($hookmanager->resArray[
'result'] == 0) {
473 $featuresarray = array($features);
474 if (preg_match(
'/&/', $features)) {
475 $featuresarray = explode(
"&", $features);
476 } elseif (preg_match(
'/\|/', $features)) {
477 $featuresarray = explode(
"|", $features);
481 if (!empty($feature2)) {
482 $feature2 = explode(
"|", $feature2);
490 foreach ($featuresarray as $feature) {
491 $featureforlistofmodule = $feature;
492 if ($featureforlistofmodule ==
'produit') {
493 $featureforlistofmodule =
'product';
495 if ($featureforlistofmodule ==
'supplier_proposal') {
496 $featureforlistofmodule =
'supplierproposal';
498 if (!empty($user->socid) &&
getDolGlobalString(
'MAIN_MODULES_FOR_EXTERNAL') && !in_array($featureforlistofmodule, $listofmodules)) {
504 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
505 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
509 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
510 if (!$user->hasRight(
'societe',
'contact',
'lire')) {
514 } elseif ($feature ==
'produit|service') {
515 if (!$user->hasRight(
'produit',
'lire') && !$user->hasRight(
'service',
'lire')) {
519 } elseif ($feature ==
'prelevement') {
520 if (!$user->hasRight(
'prelevement',
'bons',
'lire')) {
524 } elseif ($feature ==
'cheque') {
525 if (!$user->hasRight(
'banque',
'cheque')) {
529 } elseif ($feature ==
'projet') {
530 if (!$user->hasRight(
'projet',
'lire') && !$user->hasRight(
'projet',
'all',
'lire')) {
534 } elseif ($feature ==
'payment') {
535 if (!$user->hasRight(
'facture',
'lire')) {
539 } elseif ($feature ==
'payment_supplier') {
540 if (!$user->hasRight(
'fournisseur',
'facture',
'lire')) {
544 } elseif ($feature ==
'payment_sc') {
545 if (!$user->hasRight(
'tax',
'charges',
'lire')) {
549 } elseif (!empty($feature2)) {
551 foreach ($feature2 as $subfeature) {
552 if ($subfeature ==
'user' && $user->id == $objectid) {
555 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
560 if (!empty($subfeature) && !$user->hasRight($feature, $subfeature,
'lire') && !$user->hasRight($feature, $subfeature,
'read')) {
562 } elseif (empty($subfeature) && !$user->hasRight($feature,
'lire') && !$user->hasRight($feature,
'read')) {
573 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
574 if (!$user->hasRight($feature,
'lire')
575 && !$user->hasRight($feature,
'read')
576 && !$user->hasRight($feature,
'run')) {
584 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
600 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
601 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
603 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
604 foreach ($featuresarray as $feature) {
605 if ($feature ==
'contact') {
606 if (!$user->hasRight(
'societe',
'contact',
'creer')) {
610 } elseif ($feature ==
'produit|service') {
611 if (!$user->hasRight(
'produit',
'creer') && !$user->hasRight(
'service',
'creer')) {
615 } elseif ($feature ==
'prelevement') {
616 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
620 } elseif ($feature ==
'commande_fournisseur') {
621 if (!$user->hasRight(
'fournisseur',
'commande',
'creer') || !$user->hasRight(
'supplier_order',
'creer')) {
625 } elseif ($feature ==
'banque') {
626 if (!$user->hasRight(
'banque',
'modifier')) {
630 } elseif ($feature ==
'cheque') {
631 if (!$user->hasRight(
'banque',
'cheque')) {
635 } elseif ($feature ==
'import') {
636 if (!$user->hasRight(
'import',
'run')) {
640 } elseif ($feature ==
'ecm') {
641 if (!$user->hasRight(
'ecm',
'upload')) {
645 } elseif ($feature ==
'modulebuilder') {
646 if (!$user->hasRight(
'modulebuilder',
'run')) {
650 } elseif (!empty($feature2)) {
651 foreach ($feature2 as $subfeature) {
652 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
655 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
658 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
662 if (!$user->hasRight($feature, $subfeature,
'creer')
663 && !$user->hasRight($feature, $subfeature,
'write')
664 && !$user->hasRight($feature, $subfeature,
'create')) {
673 } elseif (!empty($feature)) {
675 if (!$user->hasRight($feature,
'creer')
676 && !$user->hasRight($feature,
'write')
677 && !$user->hasRight($feature,
'create')) {
685 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
689 if ($wemustcheckpermissionforcreate && !$createok) {
701 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
702 if (!$user->hasRight(
'user',
'user',
'creer')) {
706 if (!$createuserok) {
719 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
720 foreach ($featuresarray as $feature) {
721 if ($feature ==
'bookmark') {
722 if (!$user->hasRight(
'bookmark',
'supprimer')) {
723 if ($user->id !=
$object->fk_user || !$user->hasRight(
'bookmark',
'creer')) {
727 } elseif ($feature ==
'contact') {
728 if (!$user->hasRight(
'societe',
'contact',
'supprimer')) {
731 } elseif ($feature ==
'produit|service') {
732 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
735 } elseif ($feature ==
'commande_fournisseur') {
736 if (!$user->hasRight(
'fournisseur',
'commande',
'supprimer')) {
739 } elseif ($feature ==
'payment_supplier') {
740 if (!$user->hasRight(
'fournisseur',
'facture',
'creer')) {
743 } elseif ($feature ==
'payment') {
744 if (!$user->hasRight(
'facture',
'paiement')) {
747 } elseif ($feature ==
'payment_sc') {
748 if (!$user->hasRight(
'tax',
'charges',
'creer')) {
751 } elseif ($feature ==
'banque') {
752 if (!$user->hasRight(
'banque',
'modifier')) {
755 } elseif ($feature ==
'cheque') {
756 if (!$user->hasRight(
'banque',
'cheque')) {
759 } elseif ($feature ==
'ecm') {
760 if (!$user->hasRight(
'ecm',
'upload')) {
763 } elseif ($feature ==
'ftp') {
764 if (!$user->hasRight(
'ftp',
'write')) {
767 } elseif ($feature ==
'salaries') {
768 if (!$user->hasRight(
'salaries',
'delete')) {
771 } elseif ($feature ==
'adherent') {
772 if (!$user->hasRight(
'adherent',
'supprimer')) {
775 } elseif ($feature ==
'paymentbybanktransfer') {
776 if (!$user->hasRight(
'paymentbybanktransfer',
'create')) {
779 } elseif ($feature ==
'prelevement') {
780 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
783 } elseif (!empty($feature2)) {
784 foreach ($feature2 as $subfeature) {
785 if (!$user->hasRight($feature, $subfeature,
'supprimer') && !$user->hasRight($feature, $subfeature,
'delete')) {
792 } elseif (!empty($feature)) {
794 if (!$user->hasRight($feature,
'supprimer')
795 && !$user->hasRight($feature,
'delete')
796 && !$user->hasRight($feature,
'run')) {
803 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
807 if (!$deleteok && !($isdraft && $createok)) {
819 if (!empty($objectid) && $objectid > 0) {
821 $params = array(
'objectid' => $objectid,
'features' => implode(
',', $featuresarray),
'features2' => $feature2);
852function checkUserAccessToObject($user, array $featuresarray,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
861 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
868 $params = explode(
'&', $tableandshare);
869 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
870 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
872 foreach ($featuresarray as $feature) {
878 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
879 $feature =
'contact';
882 if ($feature ==
'member') {
883 $feature =
'adherent';
885 if ($feature ==
'project') {
888 if ($feature ==
'task') {
889 $feature =
'projet_task';
891 if ($feature ==
'eventorganization') {
893 $dbtablename =
'actioncomm';
895 if ($feature ==
'payment_sc' && empty($parenttableforentity)) {
897 $parenttableforentity =
'';
898 $dbtablename =
"chargesociales";
899 $feature =
"chargesociales";
900 $objectid =
$object->fk_charge;
903 $checkonentitydone = 0;
906 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'payment_sc',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales',
'knowledgemanagement');
907 $checksoc = array(
'societe');
908 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
909 $checkproject = array(
'projet',
'project');
910 $checktask = array(
'projet_task');
911 $checkhierarchy = array(
'expensereport',
'holiday');
912 $checkuser = array(
'bookmark');
913 $nocheck = array(
'barcode',
'stock');
918 if (empty($dbtablename)) {
919 $dbtablename = $feature;
920 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
924 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
925 $objectid =
"'".$objectid.
"'";
928 if (in_array($feature, $check) && $objectid > 0) {
929 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
930 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
931 if (($feature ==
'user' || $feature ==
'usergroup') && isModEnabled(
'multicompany')) {
933 if ($conf->entity == 1 && $user->admin && !$user->entity) {
934 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
935 $sql .=
" AND dbt.entity IS NOT NULL";
937 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
938 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
939 $sql .=
" AND ((ug.fk_user = dbt.rowid";
940 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
941 $sql .=
" OR dbt.entity = 0)";
944 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
945 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
949 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
950 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
951 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
952 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
954 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
955 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
958 $checkonentitydone = 1;
960 if (in_array($feature, $checksoc) && $objectid > 0) {
962 if ($user->socid > 0) {
963 if ($user->socid != $objectid) {
966 } elseif (isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
968 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
969 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
970 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
971 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
972 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
974 $userschilds = $user->getAllChildIds();
975 $sql .=
" OR sc.fk_user IN (".$db->sanitize(implode(
',', $userschilds)).
")";
978 $sql .=
" AND sc.fk_soc = s.rowid";
979 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
980 } elseif (isModEnabled(
'multicompany')) {
982 $sql =
"SELECT COUNT(s.rowid) as nb";
983 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
984 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
985 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
988 $checkonentitydone = 1;
990 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
992 if ($user->socid > 0) {
993 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
994 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
995 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
996 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
997 } elseif (isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
999 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1000 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1001 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
1002 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1003 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
1004 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1005 } elseif (isModEnabled(
'multicompany')) {
1007 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1008 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1009 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1010 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1013 $checkonentitydone = 1;
1015 if (in_array($feature, $checkproject) && $objectid > 0) {
1016 if (isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1017 $projectid = $objectid;
1019 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1020 $projectstatic =
new Project($db);
1021 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1023 $tmparray = explode(
',', $tmps);
1024 if (!in_array($projectid, $tmparray)) {
1028 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1029 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1030 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1031 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1033 $checkonentitydone = 1;
1035 if (in_array($feature, $checktask) && $objectid > 0) {
1036 if (isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1037 $task =
new Task($db);
1038 $task->fetch($objectid);
1039 $projectid = $task->fk_project;
1041 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1042 $projectstatic =
new Project($db);
1043 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1045 $tmparray = explode(
',', $tmps);
1046 if (!in_array($projectid, $tmparray)) {
1050 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1051 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1052 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1053 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1056 $checkonentitydone = 1;
1060 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1062 if ($user->socid > 0) {
1063 if (empty($dbt_keyfield)) {
1064 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1066 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1067 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1068 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1069 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1070 } elseif (isModEnabled(
"societe") && !$user->hasRight(
'societe',
'client',
'voir')) {
1072 if ($feature !=
'ticket') {
1073 if (empty($dbt_keyfield)) {
1074 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1076 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1077 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1078 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1079 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1080 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1081 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1082 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
1084 $userschilds = $user->getAllChildIds();
1085 foreach ($userschilds as $key => $value) {
1086 $sql .=
' OR sc.fk_user = '.((int) $value);
1092 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1093 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1094 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1095 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1096 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1097 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1099 } elseif (isModEnabled(
'multicompany')) {
1101 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1102 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1103 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1104 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1109 if ($feature ===
'agenda' && $objectid > 0) {
1111 if ($objectid > 0 && !$user->hasRight(
'agenda',
'allactions',
'read')) {
1112 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1114 $action->fetch($objectid);
1115 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1123 if (in_array($feature, $checkhierarchy) && is_object(
$object) && $objectid > 0) {
1124 $childids = $user->getAllChildIds(1);
1126 if ($feature ==
'holiday') {
1127 $useridtocheck =
$object->fk_user;
1128 if (!$user->hasRight(
'holiday',
'readall') && !in_array($useridtocheck, $childids) && !in_array(
$object->fk_validator, $childids)) {
1132 if ($feature ==
'expensereport') {
1133 $useridtocheck =
$object->fk_user_author;
1134 if (!$user->hasRight(
'expensereport',
'readall')) {
1135 if (!in_array($useridtocheck, $childids)) {
1144 if (in_array($feature, $checkuser) && is_object(
$object) && $objectid > 0) {
1145 $useridtocheck =
$object->fk_user;
1146 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1152 $resql = $db->query($sql);
1154 $obj = $db->fetch_object($resql);
1155 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1159 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1207function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1209 global $conf, $db, $user, $langs, $hookmanager;
1212 if (!is_object($langs)) {
1213 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1215 $langs->setDefaultLang();
1218 $langs->loadLangs(array(
"main",
"errors"));
1220 if ($printheader && !defined(
'NOHEADERNOFOOTER')) {
1221 if (function_exists(
"llxHeader")) {
1223 } elseif (function_exists(
"llxHeaderVierge")) {
1226 print
'<div style="padding: 20px">';
1228 print
'<div class="error">';
1229 if (empty($message)) {
1230 print $langs->trans(
"ErrorForbidden");
1232 print $langs->trans($message);
1236 if (empty($showonlymessage)) {
1237 if (empty($hookmanager)) {
1238 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1241 $hookmanager->initHooks(array(
'main'));
1244 $parameters = array(
'message' => $message,
'params' => $params);
1245 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters,
$object, $action);
1246 print $hookmanager->resPrint;
1247 if (empty($reshook)) {
1248 $langs->loadLangs(array(
"errors"));
1250 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1251 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1252 print $langs->trans(
"ErrorForbidden4");
1254 print $langs->trans(
"ErrorForbidden3");
1258 if ($printfooter && !defined(
'NOHEADERNOFOOTER') && function_exists(
"llxFooter")) {
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.