From 082195b249da3da052d85bdd44db8931c4d085ee Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Apr 2024 18:49:48 +0200 Subject: [PATCH 1/7] Fix #yogosha21569 --- htdocs/accountancy/bookkeeping/card.php | 122 +++++++++++------- .../accountancy/class/bookkeeping.class.php | 8 +- 2 files changed, 76 insertions(+), 54 deletions(-) diff --git a/htdocs/accountancy/bookkeeping/card.php b/htdocs/accountancy/bookkeeping/card.php index 70309a0428da3..8f08f1c1d2fd2 100644 --- a/htdocs/accountancy/bookkeeping/card.php +++ b/htdocs/accountancy/bookkeeping/card.php @@ -90,6 +90,8 @@ accessforbidden(); } +$permissiontoadd = $user->hasRight('accounting', 'mouvements', 'creer'); + /* * Actions @@ -106,7 +108,7 @@ exit; } - if ($action == "confirm_update") { + if ($action == "confirm_update" && $permissiontoadd) { $error = 0; if (((float) $debit != 0.0) && ((float) $credit != 0.0)) { @@ -162,7 +164,7 @@ } } } - } elseif ($action == "add") { + } elseif ($action == "add" && $permissiontoadd) { $error = 0; if (((float) $debit != 0.0) && ((float) $credit != 0.0)) { @@ -221,7 +223,7 @@ $action = ''; } } - } elseif ($action == "confirm_delete") { + } elseif ($action == "confirm_delete" && $permissiontoadd) { $object = new BookKeeping($db); $result = $object->fetch($id, null, $mode); @@ -238,7 +240,7 @@ } } $action = ''; - } elseif ($action == "confirm_create") { + } elseif ($action == "confirm_create" && $permissiontoadd) { $error = 0; $object = new BookKeeping($db); @@ -287,7 +289,7 @@ } } - if ($action == 'setdate') { + if ($action == 'setdate' && $permissiontoadd) { $datedoc = dol_mktime(0, 0, 0, GETPOSTINT('doc_datemonth'), GETPOSTINT('doc_dateday'), GETPOSTINT('doc_dateyear')); $result = $object->updateByMvt($piece_num, 'doc_date', $db->idate($datedoc), $mode); if ($result < 0) { @@ -300,7 +302,7 @@ } } - if ($action == 'setjournal') { + if ($action == 'setjournal' && $permissiontoadd) { $result = $object->updateByMvt($piece_num, 'code_journal', $journal_code, $mode); $result = $object->updateByMvt($piece_num, 'journal_label', $journal_label, $mode); if ($result < 0) { @@ -313,7 +315,7 @@ } } - if ($action == 'setdocref') { + if ($action == 'setdocref' && $permissiontoadd) { $refdoc = GETPOST('doc_ref', 'alpha'); $result = $object->updateByMvt($piece_num, 'doc_ref', $refdoc, $mode); if ($result < 0) { @@ -327,7 +329,7 @@ } // Validate transaction - if ($action == 'valid') { + if ($action == 'valid' && $permissiontoadd) { $result = $object->transformTransaction(0, $piece_num); if ($result < 0) { setEventMessages($object->error, $object->errors, 'errors'); @@ -338,9 +340,12 @@ } } + + /* * View */ + $form = new Form($db); $formaccounting = new FormAccounting($db); @@ -460,12 +465,16 @@ print $langs->trans('Docdate'); print ''; if ($action != 'editdate') { - print 'piece_num)).'&mode='.urlencode((string) ($mode)).'">'.img_edit($langs->transnoentitiesnoconv('SetDate'), 1).''; + print ''; + if ($permissiontoadd) { + print 'piece_num).'&mode='.urlencode((string) $mode).'">'.img_edit($langs->transnoentitiesnoconv('SetDate'), 1).''; + } + print ''; } print ''; print ''; if ($action == 'editdate') { - print '
'; + print ''; if ($optioncss != '') { print ''; } @@ -487,12 +496,16 @@ print $langs->trans('Codejournal'); print ''; if ($action != 'editjournal') { - print 'piece_num)).'&mode='.urlencode((string) ($mode)).'">'.img_edit($langs->transnoentitiesnoconv('Edit'), 1).''; + print ''; + if ($permissiontoadd) { + print 'piece_num).'&mode='.urlencode((string) $mode).'">'.img_edit($langs->transnoentitiesnoconv('Edit'), 1).''; + } + print ''; } print ''; print ''; if ($action == 'editjournal') { - print ''; + print ''; if ($optioncss != '') { print ''; } @@ -514,12 +527,16 @@ print $langs->trans('Piece'); print ''; if ($action != 'editdocref') { - print 'piece_num)).'&mode='.urlencode((string) ($mode)).'">'.img_edit($langs->transnoentitiesnoconv('Edit'), 1).''; + print ''; + if ($permissiontoadd) { + print 'piece_num).'&mode='.urlencode((string) $mode).'">'.img_edit($langs->transnoentitiesnoconv('Edit'), 1).''; + } + print ''; } print ''; print ''; if ($action == 'editdocref') { - print ''; + print ''; if ($optioncss != '') { print ''; } @@ -692,20 +709,20 @@ } foreach ($object->linesmvt as $line) { - print ''; $total_debit += $line->debit; $total_credit += $line->credit; if ($action == 'update' && $line->id == $id) { + print ''; print ''; print ''; print $formaccounting->select_account((GETPOSTISSET("accountingaccount_number") ? GETPOST("accountingaccount_number", "alpha") : $line->numero_compte), 'accountingaccount_number', 1, array(), 1, 1, 'minwidth200 maxwidth500'); print ''; print ''; // TODO For the moment we keep a free input text instead of a combo. The select_auxaccount has problem because: - // It does not use the setup of "key pressed" to select a thirdparty and this hang browser on large databases. - // Also, it is not possible to use a value that is not in the list. - // Also, the label is not automatically filled when a value is selected. + // - It does not use the setup of "key pressed" to select a thirdparty and this hang browser on large databases. + // - Also, it is not possible to use a value that is not in the list. + // - Also, the label is not automatically filled when a value is selected. if (getDolGlobalString('ACCOUNTANCY_COMBO_FOR_AUX')) { print $formaccounting->select_auxaccount((GETPOSTISSET("subledger_account") ? GETPOST("subledger_account", "alpha") : $line->subledger_account), 'subledger_account', 1, 'maxwidth250', '', 'subledger_label'); } else { @@ -715,14 +732,16 @@ print '
subledger_label).'" placeholder="'.dol_escape_htmltag($langs->trans("SubledgerAccountLabel")).'">'; print ''; print 'label_operation).'">'; - print 'debit)).'">'; - print 'credit)).'">'; + print 'debit)).'">'; + print 'credit)).'">'; print ''; print ''."\n"; print ''; print ''; + print "\n"; } elseif (empty($line->numero_compte) || (empty($line->debit) && empty($line->credit))) { - if ($action == "" || $action == 'add') { + if (($action == "" || $action == 'add') && $permissiontoadd) { + print ''; print ''; print ''; print $formaccounting->select_account('', 'accountingaccount_number', 1, array(), 1, 1, 'minwidth200 maxwidth500'); @@ -739,24 +758,26 @@ } print '
'; print ''; - print ''; - print ''; - print ''; + print ''; + print ''; + print ''; print ''; + print "\n"; } } else { + print ''; print ''; $resultfetch = $accountingaccount->fetch(null, $line->numero_compte, true); print ''; if ($resultfetch > 0) { print $accountingaccount->getNomUrl(0, 1, 1, '', 0); } else { - print $line->numero_compte.' ('.$langs->trans("AccountRemovedFromCurrentChartOfAccount").')'; + print dol_escape_htmltag($line->numero_compte).' ('.$langs->trans("AccountRemovedFromCurrentChartOfAccount").')'; } print ''; print ''.length_accounta($line->subledger_account); if ($line->subledger_label) { - print ' - '.$line->subledger_label.''; + print ' - '.dol_escape_htmltag($line->subledger_label).''; } print ''; print ''.$line->label_operation.''; @@ -764,34 +785,35 @@ print ''.($line->credit != 0 ? price($line->credit) : '').''; print ''; - if (empty($line->date_export) && empty($line->date_validation)) { - print 'id . '&piece_num=' . urlencode($line->piece_num) . '&mode=' . urlencode($mode) . '&token=' . urlencode(newToken()) . '">'; - print img_edit('', 0, 'class="marginrightonly"'); - print '  '; - } else { - print ''; - print img_edit($langs->trans("ForbiddenTransactionAlreadyExported"), 0, 'class="marginrightonly"'); - print '  '; - } - - if (empty($line->date_validation)) { - $actiontodelete = 'delete'; - if ($mode == '_tmp' || $action != 'delmouv') { - $actiontodelete = 'confirm_delete'; + if ($permissiontoadd) { + if (empty($line->date_export) && empty($line->date_validation)) { + print 'id . '&piece_num=' . urlencode($line->piece_num) . '&mode=' . urlencode((string) $mode) . '&token=' . urlencode(newToken()) . '">'; + print img_edit('', 0, 'class="marginrightonly"'); + print '  '; + } else { + print ''; + print img_edit($langs->trans("ForbiddenTransactionAlreadyExported"), 0, 'class="marginrightonly"'); + print '  '; } - print ''; - print img_delete(); - print ''; - } else { - print ''; - print img_delete($langs->trans("ForbiddenTransactionAlreadyValidated")); - print ''; - } + if (empty($line->date_validation)) { + $actiontodelete = 'delete'; + if ($mode == '_tmp' || $action != 'delmouv') { + $actiontodelete = 'confirm_delete'; + } + print ''; + print img_delete(); + print ''; + } else { + print ''; + print img_delete($langs->trans("ForbiddenTransactionAlreadyValidated")); + print ''; + } + } print ''; + print "\n"; } - print "\n"; } $total_debit = price2num($total_debit, 'MT'); @@ -804,7 +826,7 @@ print ''; print ''; - if ($mode == '_tmp' && $action == '') { + if ($mode == '_tmp' && $action == '' && $permissiontoadd) { print '
'; print '
'; if ($total_debit == $total_credit) { diff --git a/htdocs/accountancy/class/bookkeeping.class.php b/htdocs/accountancy/class/bookkeeping.class.php index 8a1c9facc24b5..e38bcd94993e4 100644 --- a/htdocs/accountancy/class/bookkeeping.class.php +++ b/htdocs/accountancy/class/bookkeeping.class.php @@ -1422,7 +1422,7 @@ public function update(User $user, $notrigger = 0, $mode = '') $this->piece_num = (int) $this->piece_num; } - $result = $this->canModifyBookkeeping($this->id); + $result = $this->canModifyBookkeeping($this->id, $mode); if ($result < 0) { return -1; } elseif ($result == 0) { @@ -2397,13 +2397,13 @@ public function canModifyBookkeeping($id, $mode = '') $bookkeeping = new BookKeeping($this->db); $result = $bookkeeping->fetch($id, null, $mode); + if ($result <= 0) { return $result; } - if (!empty($conf->cache['active_fiscal_period_cached']) && is_array($conf->cache['active_fiscal_period_cached'])) { foreach ($conf->cache['active_fiscal_period_cached'] as $fiscal_period) { - if ($fiscal_period['date_start'] <= $bookkeeping->doc_date && $bookkeeping->doc_date <= $fiscal_period['date_end']) { + if (!empty($fiscal_period['date_start']) && $fiscal_period['date_start'] <= $bookkeeping->doc_date && (empty($fiscal_period['date_end']) || $bookkeeping->doc_date <= $fiscal_period['date_end'])) { return 1; } } @@ -2447,7 +2447,7 @@ public function validBookkeepingDate($date) if (!empty($conf->cache['active_fiscal_period_cached']) && is_array($conf->cache['active_fiscal_period_cached'])) { foreach ($conf->cache['active_fiscal_period_cached'] as $fiscal_period) { - if ($fiscal_period['date_start'] <= $date && $date <= $fiscal_period['date_end']) { + if (!empty($fiscal_period['date_start']) && $fiscal_period['date_start'] <= $date && (empty($fiscal_period['date_end']) || $date <= $fiscal_period['date_end'])) { return 1; } } From 3ad4fdc44eb12c6e1808fa8e8b2a1a59b4f52557 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Apr 2024 19:10:22 +0200 Subject: [PATCH 2/7] Trans --- htdocs/langs/en_US/errors.lang | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/langs/en_US/errors.lang b/htdocs/langs/en_US/errors.lang index dec04d18cd5d8..be828aa2b19aa 100644 --- a/htdocs/langs/en_US/errors.lang +++ b/htdocs/langs/en_US/errors.lang @@ -55,8 +55,8 @@ ErrorFoundBadEmailInFile=Found incorrect email syntax for %s lines in file (exam ErrorUserCannotBeDelete=User cannot be deleted. Maybe it is associated to Dolibarr entities. ErrorFieldsRequired=Some required fields have been left blank. ErrorSubjectIsRequired=The email subject is required -ErrorInAddAttachmentsImageBaseOnMedia=Error in add attachments image base in on media -ErrorInAddAttachmentsImageBaseIsSrcData=Error in add attachments image base source is in data +ErrorInAddAttachmentsImageBaseOnMedia=Error in creating image files into media directory for attachment +ErrorInAddAttachmentsImageBaseIsSrcData=Error in creating image files (found as data:) into temp directory for attachment ErrorFailedToCreateDir=Failed to create a directory. Check that Web server user has permissions to write into Dolibarr documents directory. If parameter safe_mode is enabled on this PHP, check that Dolibarr php files owns to web server user (or group). ErrorNoMailDefinedForThisUser=No mail defined for this user ErrorSetupOfEmailsNotComplete=Setup of emails is not complete From ce2b69a1ab11053c74aa172bc7ef6f30b96fc570 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Apr 2024 19:17:59 +0200 Subject: [PATCH 3/7] Trans --- htdocs/langs/en_US/interventions.lang | 2 +- htdocs/langs/en_US/main.lang | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/langs/en_US/interventions.lang b/htdocs/langs/en_US/interventions.lang index 6de7a8f617e8a..92ab1d5a236ea 100644 --- a/htdocs/langs/en_US/interventions.lang +++ b/htdocs/langs/en_US/interventions.lang @@ -74,5 +74,5 @@ NextDateToIntervention=Date for next intervention generation NoIntervention=No intervention TypeContact_fichinter_internal_INTERREPFOLL=Responsible for intervention follow-up TypeContact_fichinter_internal_INTERVENING=Intervenant -TypeContact_fichinter_external_BILLING=Contact customer of intervention billing +TypeContact_fichinter_external_BILLING=Customer contact of intervention billing TypeContact_fichinter_external_CUSTOMER=Customer contact of intervention follow-up diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang index 24e96d2a6a19d..f6bbc42efd069 100644 --- a/htdocs/langs/en_US/main.lang +++ b/htdocs/langs/en_US/main.lang @@ -1226,8 +1226,8 @@ ConfirmAllocateCommercialQuestion=Are you sure you want to assign the %s selecte ConfirmUnallocateCommercialQuestion=Are you sure you want to unassign the selected %s record(s)? CommercialsAffected=Sales representatives assigned CommercialAffected=Sales representative assigned -CommercialsDisaffected=Sales representatives disassigned -CommercialDisaffected=Sales representative disassigned +CommercialsDisaffected=Sales representatives unlinked +CommercialDisaffected=Sales representative unlinked YourMessage=Your message YourMessageHasBeenReceived=Your message has been received. We will answer or contact you as soon as possible. UrlToCheck=Url to check From ac63bd9b56d467bc9e709a0b4abc19ebd0abe0f7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 9 Apr 2024 19:36:39 +0200 Subject: [PATCH 4/7] Debug v20 --- htdocs/fourn/facture/card.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 0a6ea8b1570e2..d75082f475bfb 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -3546,6 +3546,10 @@ function setRadioForTypeOfInvoice() { // Other attributes $cols = 2; + if ($object->status != $object::STATUS_DRAFT) { + $disableedit = 1; + $disableremove = 1; + } include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_view.tpl.php'; print ''; From 2eefffd36f87439674716eb9cb6da6fd8fee0705 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Tue, 9 Apr 2024 20:08:32 +0200 Subject: [PATCH 5/7] NEW possibility to define a completely inactive module (#29289) --- htdocs/conf/conf.php.example | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example index 4d8c4f8faddc2..525e588810d8e 100644 --- a/htdocs/conf/conf.php.example +++ b/htdocs/conf/conf.php.example @@ -304,6 +304,15 @@ $dolibarr_main_prod='1'; // $dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore, mariadb, mariadb-dump'; +// dolibarr_main_disabled_modules +// ================================== +// To restrict the activation and use of certain potentially security-sensitive modules. +// Default value: array('dav') +// Examples: +// $dolibarr_main_disabled_modules = array('dav'); +// +// $dolibarr_main_disabled_modules = array('dav'); + // dolibarr_main_restrict_ip // ========================= // To restrict access to backoffice to some ip addresses only. Use a comma to separate values. From 6212868aca056b60fa227444e44774cd1c634302 Mon Sep 17 00:00:00 2001 From: Vincent Maury Date: Tue, 9 Apr 2024 20:09:45 +0200 Subject: [PATCH 6/7] regl_mode on new command not set (#29293) When creating a new supplier order, even if the default reglement_mode is set for this supplier, the reglement_mode for the new order is not set. As It is for the cond_reglement I don't understand why my update is ok, but IT IS ! --- htdocs/fourn/commande/card.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/fourn/commande/card.php b/htdocs/fourn/commande/card.php index f56b77ae1399a..1593f25e08c47 100644 --- a/htdocs/fourn/commande/card.php +++ b/htdocs/fourn/commande/card.php @@ -1755,7 +1755,7 @@ // Payment mode print ''.$langs->trans('PaymentMode').''; print img_picto('', 'bank', 'class="pictofixedwidth"'); - $form->select_types_paiements((GETPOSTISSET('mode_reglement_id') && GETPOST('mode_reglement_id') != 0) ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id'); + $form->select_types_paiements((GETPOSTISSET('mode_reglement_id') && GETPOSTINT('mode_reglement_id') != 0) ? GETPOST('mode_reglement_id') : $mode_reglement_id, 'mode_reglement_id'); print ''; // Planned delivery date From 50458efffaf3d1cd7791632018a1318df2f83a39 Mon Sep 17 00:00:00 2001 From: Vincent Maury Date: Tue, 9 Apr 2024 20:19:38 +0200 Subject: [PATCH 7/7] NEW : display product and qty in stock_movement table in project overview (#29296) NEW : in project overview, stock movement section, we only stock movement ref, but not the product and not the quantity This PR solve this --- htdocs/projet/element.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php index 8c1d12569e450..2ef4256a94602 100644 --- a/htdocs/projet/element.php +++ b/htdocs/projet/element.php @@ -1149,6 +1149,11 @@ print ''; // Ref print ''.$langs->trans("Ref").''; + // Product and qty on stock_movement + if ('MouvementStock' == $classname) { + print ''.$langs->trans("Product").''; + print ''.$langs->trans("Qty").''; + } // Date print ''; if (in_array($tablename, array('projet_task'))) { @@ -1335,7 +1340,13 @@ } } print "\n"; - + // Product and qty on stock movement + if ('MouvementStock' == $classname) { + $mvsProd = new Product($element->db); + $mvsProd->fetch($element->product_id); + print ''.$mvsProd->getNomUrl(1).''; + print ''.$element->qty.''; + } // Date or TimeSpent $date = ''; $total_time_by_line = null;