dolibarr 20.0.0
loadinplace.php
Go to the documentation of this file.
1<?php
2/* Copyright (C) 2011-2014 Regis Houssin <regis.houssin@inodbox.com>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
23if (!defined('NOTOKENRENEWAL')) {
24 define('NOTOKENRENEWAL', '1'); // Disables token renewal
25}
26if (!defined('NOREQUIREMENU')) {
27 define('NOREQUIREMENU', '1');
28}
29if (!defined('NOREQUIREAJAX')) {
30 define('NOREQUIREAJAX', '1');
31}
32if (!defined('NOREQUIRESOC')) {
33 define('NOREQUIRESOC', '1');
34}
35
36// Load Dolibarr environment
37require '../../main.inc.php';
38require_once DOL_DOCUMENT_ROOT.'/core/class/genericobject.class.php';
39
40$field = GETPOST('field', 'alpha');
41$element = GETPOST('element', 'alpha');
42$table_element = GETPOST('table_element', 'alpha');
43$fk_element = GETPOST('fk_element', 'alpha');
44$id = $fk_element;
45
46// Load object according to $id and $element
47$object = fetchObjectByElement($id, $element);
48
49$module = $object->module;
50$element = $object->element;
51$usesublevelpermission = ($module != $element ? $element : '');
52if ($usesublevelpermission && !$user->hasRight($module, $element)) { // There is no permission on object defined, we will check permission on module directly
53 $usesublevelpermission = '';
54}
55
56//print $object->id.' - '.$object->module.' - '.$object->element.' - '.$object->table_element.' - '.$usesublevelpermission."\n";
57
58// Security check
59$result = restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission, 'fk_soc', 'rowid', 0, 1); // Call with mode return
60if (!$result) {
61 httponly_accessforbidden('Not allowed by restrictArea');
62}
63
64if (!getDolGlobalString('MAIN_USE_JQUERY_JEDITABLE')) {
65 httponly_accessforbidden('Can be used only when option MAIN_USE_JQUERY_JEDITABLE is set');
66}
67
68
69/*
70 * View
71 */
72
74
75//print '<!-- Ajax page called with url '.dol_escape_htmltag($_SERVER["PHP_SELF"]).'?'.dol_escape_htmltag($_SERVER["QUERY_STRING"]).' -->'."\n";
76
77// Load original field value
78if (!empty($field) && !empty($element) && !empty($table_element) && !empty($fk_element)) {
79 $ext_element = GETPOST('ext_element', 'alpha');
80 $field = substr($field, 8); // remove prefix val_
81 $type = GETPOST('type', 'alpha');
82 $loadmethod = (GETPOST('loadmethod', 'alpha') ? GETPOST('loadmethod', 'alpha') : 'getValueFrom');
83
84 if ($element != 'order_supplier' && $element != 'invoice_supplier' && preg_match('/^([^_]+)_([^_]+)/i', $element, $regs)) {
85 $element = $regs[1];
86 $subelement = $regs[2];
87 }
88
89 if ($element == 'propal') {
90 $element = 'propale';
91 } elseif ($element == 'fichinter') {
92 $element = 'ficheinter';
93 } elseif ($element == 'product') {
94 $element = 'produit';
95 } elseif ($element == 'member') {
96 $element = 'adherent';
97 } elseif ($element == 'order_supplier') {
98 $element = 'fournisseur';
99 $subelement = 'commande';
100 } elseif ($element == 'invoice_supplier') {
101 $element = 'fournisseur';
102 $subelement = 'facture';
103 }
104
105 if ($user->hasRight($element, 'lire') || $user->hasRight($element, 'read')
106 || (isset($subelement) && ($user->hasRight($element, $subelement, 'lire') || $user->hasRight($element, $subelement, 'read')))
107 || ($element == 'payment' && $user->hasRight('facture', 'lire'))
108 || ($element == 'payment_supplier' && $user->hasRight('fournisseur', 'facture', 'lire'))) {
109 if ($type == 'select') {
110 $methodname = 'load_cache_'.$loadmethod;
111 $cachename = 'cache_'.GETPOST('loadmethod', 'alpha');
112
113 $form = new Form($db);
114 if (method_exists($form, $methodname)) {
115 $ret = $form->$methodname();
116 if ($ret > 0) {
117 echo json_encode($form->$cachename);
118 }
119 } elseif (!empty($ext_element)) {
120 $module = $subelement = $ext_element;
121 $regs = array();
122 if (preg_match('/^([^_]+)_([^_]+)/i', $ext_element, $regs)) {
123 $module = $regs[1];
124 $subelement = $regs[2];
125 }
126
127 dol_include_once('/'.$module.'/class/actions_'.$subelement.'.class.php');
128 $classname = 'Actions'.ucfirst($subelement);
129 $object = new $classname($db);
130 $ret = $object->$methodname($fk_element);
131 if ($ret > 0) {
132 echo json_encode($object->$cachename);
133 }
134 }
135 } else {
136 $object = new GenericObject($db);
137 $value = $object->$loadmethod($table_element, $fk_element, $field);
138 echo $value;
139 }
140 } else {
141 echo $langs->transnoentities('NotEnoughPermissions');
142 }
143}
if( $user->socid > 0) if(! $user->hasRight('accounting', 'chartofaccount')) $object
Definition card.php:58
Class to manage generation of HTML components Only common components must be here.
Class of a generic business object.
if(!function_exists( 'dol_getprefix')) dol_include_once($relpath, $classname='')
Make an include_once using default root and alternate root if it fails.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
fetchObjectByElement($element_id, $element_type, $element_ref='', $useCache=0, $maxCacheByType=10)
Fetch an object from its id and element_type Inclusion of classes is automatic.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
httponly_accessforbidden($message='1', $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.