372function restrictedArea(
User $user, $features,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'fk_soc', $dbt_select =
'rowid', $isdraft = 0, $mode = 0)
382 if ($objectid ==
"-1") {
386 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', (
string) $objectid);
395 $parentfortableentity =
'';
398 $originalfeatures = $features;
399 if ($features ==
'agenda') {
400 $tableandshare =
'actioncomm&societe';
401 $feature2 =
'myactions|allactions';
404 if ($features ==
'bank') {
405 $features =
'banque';
407 if ($features ==
'facturerec') {
408 $features =
'facture';
410 if ($features ==
'supplier_invoicerec') {
411 $features =
'fournisseur';
412 $feature2 =
'facture';
414 if ($features ==
'mo') {
417 if ($features ==
'member') {
418 $features =
'adherent';
420 if ($features ==
'subscription') {
421 $features =
'adherent';
422 $feature2 =
'cotisation';
424 if ($features ==
'website' && is_object(
$object) &&
$object->element ==
'websitepage') {
425 $parentfortableentity =
'fk_website@website';
427 if ($features ==
'project') {
428 $features =
'projet';
430 if ($features ==
'product') {
431 $features =
'produit';
433 if ($features ==
'productbatch') {
434 $features =
'produit';
436 if ($features ==
'tax') {
437 $feature2 =
'charges';
439 if ($features ==
'workstation') {
440 $feature2 =
'workstation';
442 if ($features ==
'fournisseur') {
443 $features =
'fournisseur';
444 if (is_object(
$object) &&
$object->element ==
'invoice_supplier') {
445 $feature2 =
'facture';
446 } elseif (is_object(
$object) &&
$object->element ==
'order_supplier') {
447 $feature2 =
'commande';
450 if ($features ==
'payment_sc') {
451 $tableandshare =
'paiementcharge';
452 $parentfortableentity =
'fk_charge@chargesociales';
458 $parameters = array(
'features' => $features,
'originalfeatures' => $originalfeatures,
'objectid' => $objectid,
'dbt_select' => $dbt_select,
'idtype' => $dbt_select,
'isdraft' => $isdraft);
459 if (!empty($hookmanager)) {
460 $reshook = $hookmanager->executeHooks(
'restrictedArea', $parameters);
462 if (isset($hookmanager->resArray[
'result'])) {
463 if ($hookmanager->resArray[
'result'] == 0) {
477 $featuresarray = array($features);
478 if (preg_match(
'/&/', $features)) {
479 $featuresarray = explode(
"&", $features);
480 } elseif (preg_match(
'/\|/', $features)) {
481 $featuresarray = explode(
"|", $features);
485 if (!empty($feature2)) {
486 $feature2 = explode(
"|", $feature2);
494 foreach ($featuresarray as $feature) {
495 $featureforlistofmodule = $feature;
496 if ($featureforlistofmodule ==
'produit') {
497 $featureforlistofmodule =
'product';
499 if ($featureforlistofmodule ==
'supplier_proposal') {
500 $featureforlistofmodule =
'supplierproposal';
502 if (!empty($user->socid) &&
getDolGlobalString(
'MAIN_MODULES_FOR_EXTERNAL') && !in_array($featureforlistofmodule, $listofmodules)) {
508 if ($feature ==
'societe' && (empty($feature2) || !in_array(
'contact', $feature2))) {
509 if (!$user->hasRight(
'societe',
'lire') && !$user->hasRight(
'fournisseur',
'lire')) {
513 } elseif (($feature ==
'societe' && (!empty($feature2) && in_array(
'contact', $feature2))) || $feature ==
'contact') {
514 if (!$user->hasRight(
'societe',
'contact',
'lire')) {
518 } elseif ($feature ==
'produit|service') {
519 if (!$user->hasRight(
'produit',
'lire') && !$user->hasRight(
'service',
'lire')) {
523 } elseif ($feature ==
'prelevement') {
524 if (!$user->hasRight(
'prelevement',
'bons',
'lire')) {
528 } elseif ($feature ==
'cheque') {
529 if (!$user->hasRight(
'banque',
'cheque')) {
533 } elseif ($feature ==
'projet') {
534 if (!$user->hasRight(
'projet',
'lire') && !$user->hasRight(
'projet',
'all',
'lire')) {
538 } elseif ($feature ==
'payment') {
539 if (!$user->hasRight(
'facture',
'lire')) {
543 } elseif ($feature ==
'payment_supplier') {
544 if (!$user->hasRight(
'fournisseur',
'facture',
'lire')) {
548 } elseif ($feature ==
'payment_sc') {
549 if (!$user->hasRight(
'tax',
'charges',
'lire')) {
553 } elseif (!empty($feature2)) {
555 foreach ($feature2 as $subfeature) {
556 if ($subfeature ==
'user' && $user->id == $objectid) {
559 if ($subfeature ==
'fiscalyear' && $user->hasRight(
'accounting',
'fiscalyear',
'write')) {
564 if (!empty($subfeature) && !$user->hasRight($feature, $subfeature,
'lire') && !$user->hasRight($feature, $subfeature,
'read')) {
566 } elseif (empty($subfeature) && !$user->hasRight($feature,
'lire') && !$user->hasRight($feature,
'read')) {
577 } elseif (!empty($feature) && ($feature !=
'user' && $feature !=
'usergroup')) {
578 if (!$user->hasRight($feature,
'lire')
579 && !$user->hasRight($feature,
'read')
580 && !$user->hasRight($feature,
'run')) {
588 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
604 $wemustcheckpermissionforcreate = (
GETPOST(
'sendit',
'alpha') ||
GETPOST(
'linkit',
'alpha') || in_array(
GETPOST(
'action',
'aZ09'), array(
'create',
'update',
'set',
'upload',
'add_element_resource',
'confirm_deletebank',
'confirm_delete_linked_resource')) ||
GETPOST(
'roworder',
'alpha', 2));
605 $wemustcheckpermissionfordeletedraft = ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete');
607 if ($wemustcheckpermissionforcreate || $wemustcheckpermissionfordeletedraft) {
608 foreach ($featuresarray as $feature) {
609 if ($feature ==
'contact') {
610 if (!$user->hasRight(
'societe',
'contact',
'creer')) {
614 } elseif ($feature ==
'produit|service') {
615 if (!$user->hasRight(
'produit',
'creer') && !$user->hasRight(
'service',
'creer')) {
619 } elseif ($feature ==
'prelevement') {
620 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
624 } elseif ($feature ==
'commande_fournisseur') {
625 if (!$user->hasRight(
'fournisseur',
'commande',
'creer') || !$user->hasRight(
'supplier_order',
'creer')) {
629 } elseif ($feature ==
'banque') {
630 if (!$user->hasRight(
'banque',
'modifier')) {
634 } elseif ($feature ==
'cheque') {
635 if (!$user->hasRight(
'banque',
'cheque')) {
639 } elseif ($feature ==
'import') {
640 if (!$user->hasRight(
'import',
'run')) {
644 } elseif ($feature ==
'ecm') {
645 if (!$user->hasRight(
'ecm',
'upload')) {
649 } elseif ($feature ==
'modulebuilder') {
650 if (!$user->hasRight(
'modulebuilder',
'run')) {
654 } elseif (!empty($feature2)) {
655 foreach ($feature2 as $subfeature) {
656 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'creer')) {
659 if ($subfeature ==
'user' && $user->id == $objectid && $user->hasRight(
'user',
'self',
'password')) {
662 if ($subfeature ==
'user' && $user->id != $objectid && $user->hasRight(
'user',
'user',
'password')) {
666 if (!$user->hasRight($feature, $subfeature,
'creer')
667 && !$user->hasRight($feature, $subfeature,
'write')
668 && !$user->hasRight($feature, $subfeature,
'create')) {
677 } elseif (!empty($feature)) {
679 if (!$user->hasRight($feature,
'creer')
680 && !$user->hasRight($feature,
'write')
681 && !$user->hasRight($feature,
'create')) {
689 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
693 if ($wemustcheckpermissionforcreate && !$createok) {
705 if (
GETPOST(
'action',
'aZ09') ==
'confirm_create_user' &&
GETPOST(
"confirm",
'aZ09') ==
'yes') {
706 if (!$user->hasRight(
'user',
'user',
'creer')) {
710 if (!$createuserok) {
723 if ((
GETPOST(
"action",
"aZ09") ==
'confirm_delete' &&
GETPOST(
"confirm",
"aZ09") ==
'yes') ||
GETPOST(
"action",
"aZ09") ==
'delete') {
724 foreach ($featuresarray as $feature) {
725 if ($feature ==
'bookmark') {
726 if (!$user->hasRight(
'bookmark',
'supprimer')) {
727 if ($user->id !=
$object->fk_user || !$user->hasRight(
'bookmark',
'creer')) {
731 } elseif ($feature ==
'contact') {
732 if (!$user->hasRight(
'societe',
'contact',
'supprimer')) {
735 } elseif ($feature ==
'produit|service') {
736 if (!$user->hasRight(
'produit',
'supprimer') && !$user->hasRight(
'service',
'supprimer')) {
739 } elseif ($feature ==
'commande_fournisseur') {
740 if (!$user->hasRight(
'fournisseur',
'commande',
'supprimer')) {
743 } elseif ($feature ==
'payment_supplier') {
744 if (!$user->hasRight(
'fournisseur',
'facture',
'creer')) {
747 } elseif ($feature ==
'payment') {
748 if (!$user->hasRight(
'facture',
'paiement')) {
751 } elseif ($feature ==
'payment_sc') {
752 if (!$user->hasRight(
'tax',
'charges',
'creer')) {
755 } elseif ($feature ==
'banque') {
756 if (!$user->hasRight(
'banque',
'modifier')) {
759 } elseif ($feature ==
'cheque') {
760 if (!$user->hasRight(
'banque',
'cheque')) {
763 } elseif ($feature ==
'ecm') {
764 if (!$user->hasRight(
'ecm',
'upload')) {
767 } elseif ($feature ==
'ftp') {
768 if (!$user->hasRight(
'ftp',
'write')) {
771 } elseif ($feature ==
'salaries') {
772 if (!$user->hasRight(
'salaries',
'delete')) {
775 } elseif ($feature ==
'adherent') {
776 if (!$user->hasRight(
'adherent',
'supprimer')) {
779 } elseif ($feature ==
'paymentbybanktransfer') {
780 if (!$user->hasRight(
'paymentbybanktransfer',
'create')) {
783 } elseif ($feature ==
'prelevement') {
784 if (!$user->hasRight(
'prelevement',
'bons',
'creer')) {
787 } elseif (!empty($feature2)) {
788 foreach ($feature2 as $subfeature) {
789 if (!$user->hasRight($feature, $subfeature,
'supprimer') && !$user->hasRight($feature, $subfeature,
'delete')) {
796 } elseif (!empty($feature)) {
798 if (!$user->hasRight($feature,
'supprimer')
799 && !$user->hasRight($feature,
'delete')
800 && !$user->hasRight($feature,
'run')) {
807 if (preg_match(
'/\|/', $features) && $nbko < count($featuresarray)) {
811 if (!$deleteok && !($isdraft && $createok)) {
823 if (!empty($objectid) && $objectid > 0) {
825 $params = array(
'objectid' => $objectid,
'features' => implode(
',', $featuresarray),
'features2' => $feature2);
856function checkUserAccessToObject($user, array $featuresarray,
$object = 0, $tableandshare =
'', $feature2 =
'', $dbt_keyfield =
'', $dbt_select =
'rowid', $parenttableforentity =
'')
865 $objectid = preg_replace(
'/[^0-9\.\,]/',
'', $objectid);
872 $params = explode(
'&', $tableandshare);
873 $dbtablename = (!empty($params[0]) ? $params[0] :
'');
874 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
876 foreach ($featuresarray as $feature) {
882 if ($feature ==
'societe' && !empty($feature2) && is_array($feature2) && in_array(
'contact', $feature2)) {
883 $feature =
'contact';
886 if ($feature ==
'member') {
887 $feature =
'adherent';
889 if ($feature ==
'project') {
892 if ($feature ==
'task') {
893 $feature =
'projet_task';
895 if ($feature ==
'eventorganization') {
897 $dbtablename =
'actioncomm';
899 if ($feature ==
'payment_sc' && empty($parenttableforentity)) {
901 $parenttableforentity =
'';
902 $dbtablename =
"chargesociales";
903 $feature =
"chargesociales";
904 $objectid =
$object->fk_charge;
907 $checkonentitydone = 0;
910 $check = array(
'adherent',
'banque',
'bom',
'don',
'mrp',
'user',
'usergroup',
'payment',
'payment_supplier',
'payment_sc',
'product',
'produit',
'service',
'produit|service',
'categorie',
'resource',
'expensereport',
'holiday',
'salaries',
'website',
'recruitment',
'chargesociales',
'knowledgemanagement');
911 $checksoc = array(
'societe');
912 $checkparentsoc = array(
'agenda',
'contact',
'contrat');
913 $checkproject = array(
'projet',
'project');
914 $checktask = array(
'projet_task');
915 $checkhierarchy = array(
'expensereport',
'holiday');
916 $checkuser = array(
'bookmark');
917 $nocheck = array(
'barcode',
'stock');
922 if (empty($dbtablename)) {
923 $dbtablename = $feature;
924 $sharedelement = (!empty($params[1]) ? $params[1] : $dbtablename);
928 if ($dbt_select !=
'rowid' && $dbt_select !=
'id') {
929 $objectid =
"'".$objectid.
"'";
932 if (in_array($feature, $check) && $objectid > 0) {
933 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
934 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
935 if (($feature ==
'user' || $feature ==
'usergroup') && isModEnabled(
'multicompany')) {
937 if ($conf->entity == 1 && $user->admin && !$user->entity) {
938 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
939 $sql .=
" AND dbt.entity IS NOT NULL";
941 $sql .=
",".MAIN_DB_PREFIX.
"usergroup_user as ug";
942 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
943 $sql .=
" AND ((ug.fk_user = dbt.rowid";
944 $sql .=
" AND ug.entity IN (".getEntity(
'usergroup').
"))";
945 $sql .=
" OR dbt.entity = 0)";
948 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
949 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
953 if ($parenttableforentity && preg_match(
'/(.*)@(.*)/', $parenttableforentity, $reg)) {
954 $sql .=
", ".MAIN_DB_PREFIX.$reg[2].
" as dbtp";
955 $sql .=
" WHERE dbt.".$reg[1].
" = dbtp.rowid AND dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
956 $sql .=
" AND dbtp.entity IN (".getEntity($sharedelement, 1).
")";
958 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
959 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
962 $checkonentitydone = 1;
964 if (in_array($feature, $checksoc) && $objectid > 0) {
966 if ($user->socid > 0) {
967 if ($user->socid != $objectid) {
970 } elseif (isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
972 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
973 $sql .=
" FROM (".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
974 $sql .=
", ".MAIN_DB_PREFIX.
"societe as s)";
975 $sql .=
" WHERE sc.fk_soc IN (".$db->sanitize($objectid, 1).
")";
976 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
978 $userschilds = $user->getAllChildIds();
979 $sql .=
" OR sc.fk_user IN (".$db->sanitize(implode(
',', $userschilds)).
")";
982 $sql .=
" AND sc.fk_soc = s.rowid";
983 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
984 } elseif (isModEnabled(
'multicompany')) {
986 $sql =
"SELECT COUNT(s.rowid) as nb";
987 $sql .=
" FROM ".MAIN_DB_PREFIX.
"societe as s";
988 $sql .=
" WHERE s.rowid IN (".$db->sanitize($objectid, 1).
")";
989 $sql .=
" AND s.entity IN (".getEntity($sharedelement, 1).
")";
992 $checkonentitydone = 1;
994 if (in_array($feature, $checkparentsoc) && $objectid > 0) {
996 if ($user->socid > 0) {
997 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
998 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
999 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1000 $sql .=
" AND dbt.fk_soc = ".((int) $user->socid);
1001 } elseif (isModEnabled(
"societe") && ($user->hasRight(
'societe',
'lire') && !$user->hasRight(
'societe',
'client',
'voir'))) {
1003 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1004 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1005 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
1006 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1007 $sql .=
" AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)";
1008 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1009 } elseif (isModEnabled(
'multicompany')) {
1011 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1012 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1013 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1014 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1017 $checkonentitydone = 1;
1019 if (in_array($feature, $checkproject) && $objectid > 0) {
1020 if (isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1021 $projectid = $objectid;
1023 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1024 $projectstatic =
new Project($db);
1025 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1027 $tmparray = explode(
',', $tmps);
1028 if (!in_array($projectid, $tmparray)) {
1032 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1033 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1034 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1035 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1037 $checkonentitydone = 1;
1039 if (in_array($feature, $checktask) && $objectid > 0) {
1040 if (isModEnabled(
'project') && !$user->hasRight(
'projet',
'all',
'lire')) {
1041 $task =
new Task($db);
1042 $task->fetch($objectid);
1043 $projectid = $task->fk_project;
1045 include_once DOL_DOCUMENT_ROOT.
'/projet/class/project.class.php';
1046 $projectstatic =
new Project($db);
1047 $tmps = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, 0);
1049 $tmparray = explode(
',', $tmps);
1050 if (!in_array($projectid, $tmparray)) {
1054 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1055 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1056 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1057 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1060 $checkonentitydone = 1;
1064 if (!$checkonentitydone && !in_array($feature, $nocheck) && $objectid > 0) {
1066 if ($user->socid > 0) {
1067 if (empty($dbt_keyfield)) {
1068 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1070 $sql =
"SELECT COUNT(dbt.".$dbt_keyfield.
") as nb";
1071 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1072 $sql .=
" WHERE dbt.rowid IN (".$db->sanitize($objectid, 1).
")";
1073 $sql .=
" AND dbt.".$dbt_keyfield.
" = ".((int) $user->socid);
1074 } elseif (isModEnabled(
"societe") && !$user->hasRight(
'societe',
'client',
'voir')) {
1076 if ($feature !=
'ticket') {
1077 if (empty($dbt_keyfield)) {
1078 dol_print_error(
null,
'Param dbt_keyfield is required but not defined');
1080 $sql =
"SELECT COUNT(sc.fk_soc) as nb";
1081 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1082 $sql .=
", ".MAIN_DB_PREFIX.
"societe_commerciaux as sc";
1083 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1084 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1085 $sql .=
" AND sc.fk_soc = dbt.".$dbt_keyfield;
1086 $sql .=
" AND (sc.fk_user = ".((int) $user->id);
1088 $userschilds = $user->getAllChildIds();
1089 foreach ($userschilds as $key => $value) {
1090 $sql .=
' OR sc.fk_user = '.((int) $value);
1096 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1097 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1098 $sql .=
" LEFT JOIN ".MAIN_DB_PREFIX.
"societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield.
" AND sc.fk_user = ".((int) $user->id);
1099 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1100 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1101 $sql .=
" AND (sc.fk_user = ".((int) $user->id).
" OR sc.fk_user IS NULL)";
1103 } elseif (isModEnabled(
'multicompany')) {
1105 $sql =
"SELECT COUNT(dbt.".$dbt_select.
") as nb";
1106 $sql .=
" FROM ".MAIN_DB_PREFIX.$dbtablename.
" as dbt";
1107 $sql .=
" WHERE dbt.".$dbt_select.
" IN (".$db->sanitize($objectid, 1).
")";
1108 $sql .=
" AND dbt.entity IN (".getEntity($sharedelement, 1).
")";
1113 if ($feature ===
'agenda' && $objectid > 0) {
1115 if ($objectid > 0 && !$user->hasRight(
'agenda',
'allactions',
'read')) {
1116 require_once DOL_DOCUMENT_ROOT.
'/comm/action/class/actioncomm.class.php';
1118 $action->fetch($objectid);
1119 if ($action->authorid != $user->id && $action->userownerid != $user->id && !(array_key_exists($user->id, $action->userassigned))) {
1127 if (in_array($feature, $checkhierarchy) && is_object(
$object) && $objectid > 0) {
1128 $childids = $user->getAllChildIds(1);
1130 if ($feature ==
'holiday') {
1131 $useridtocheck =
$object->fk_user;
1132 if (!$user->hasRight(
'holiday',
'readall') && !in_array($useridtocheck, $childids) && !in_array(
$object->fk_validator, $childids)) {
1136 if ($feature ==
'expensereport') {
1137 $useridtocheck =
$object->fk_user_author;
1138 if (!$user->hasRight(
'expensereport',
'readall')) {
1139 if (!in_array($useridtocheck, $childids)) {
1148 if (in_array($feature, $checkuser) && is_object(
$object) && $objectid > 0) {
1149 $useridtocheck =
$object->fk_user;
1150 if (!empty($useridtocheck) && $useridtocheck > 0 && $useridtocheck != $user->id && empty($user->admin)) {
1156 $resql = $db->query($sql);
1158 $obj = $db->fetch_object($resql);
1159 if (!$obj || $obj->nb < count(explode(
',', $objectid))) {
1163 dol_syslog(
"Bad forged sql in checkUserAccessToObject", LOG_WARNING);
1211function accessforbidden($message =
'', $printheader = 1, $printfooter = 1, $showonlymessage = 0, $params =
null)
1213 global $conf, $db, $user, $langs, $hookmanager;
1216 if (!is_object($langs)) {
1217 include_once DOL_DOCUMENT_ROOT.
'/core/class/translate.class.php';
1219 $langs->setDefaultLang();
1222 $langs->loadLangs(array(
"main",
"errors"));
1224 if ($printheader && !defined(
'NOHEADERNOFOOTER')) {
1225 if (function_exists(
"llxHeader")) {
1227 } elseif (function_exists(
"llxHeaderVierge")) {
1230 print
'<div style="padding: 20px">';
1232 print
'<div class="error">';
1233 if (empty($message)) {
1234 print $langs->trans(
"ErrorForbidden");
1236 print $langs->trans($message);
1240 if (empty($showonlymessage)) {
1241 if (empty($hookmanager)) {
1242 include_once DOL_DOCUMENT_ROOT.
'/core/class/hookmanager.class.php';
1245 $hookmanager->initHooks(array(
'main'));
1248 $parameters = array(
'message' => $message,
'params' => $params);
1249 $reshook = $hookmanager->executeHooks(
'getAccessForbiddenMessage', $parameters,
$object, $action);
1250 print $hookmanager->resPrint;
1251 if (empty($reshook)) {
1252 $langs->loadLangs(array(
"errors"));
1254 print $langs->trans(
"CurrentLogin").
': <span class="error">'.$user->login.
'</span><br>';
1255 print $langs->trans(
"ErrorForbidden2", $langs->transnoentitiesnoconv(
"Home"), $langs->transnoentitiesnoconv(
"Users"));
1256 print $langs->trans(
"ErrorForbidden4");
1258 print $langs->trans(
"ErrorForbidden3");
1262 if ($printfooter && !defined(
'NOHEADERNOFOOTER') && function_exists(
"llxFooter")) {
if(!defined( 'NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.