[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 04/05: Task #1120 - Ajouter option sécurité
|
From: |
Dany De Bontridder |
|
Subject: |
[Noalyss-commit] [noalyss] 04/05: Task #1120 - Ajouter option sécurité : effacement opération comptable #1120 : new privilege -> remove accountancy writing privilege write , override ledger acces -> remove receipt (document)override ledger acces |
|
Date: |
Mon, 18 May 2015 17:16:33 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 0d2971db938e425d896ee6cbb5b0bd628697dd26
Author: Dany De Bontridder <address@hidden>
Date: Mon May 18 18:41:39 2015 +0200
Task #1120 - Ajouter option sécurité : effacement opération comptable
#1120 : new privilege
-> remove accountancy writing privilege write , override ledger acces
-> remove receipt (document)override ledger acces
---
html/ajax_ledger.php | 95 +++++++++++++----------------
include/constant.security.php | 2 +
include/template/ledger_detail_bottom.php | 3 +-
include/template/security_list_action.php | 22 +++++--
sql/upgrade.sql | 26 ++++++++-
5 files changed, 88 insertions(+), 60 deletions(-)
diff --git a/html/ajax_ledger.php b/html/ajax_ledger.php
index b9a84f9..8468a5f 100644
--- a/html/ajax_ledger.php
+++ b/html/ajax_ledger.php
@@ -160,7 +160,7 @@ switch ($action)
// remove op
///////////////////////////////////////////////////////////////////////////
case 'rmop':
- if ( $access=='W')
+ if ( $access=='W' && $g_user->check_action(RMOPER) == 1)
{
ob_start();
/* get the ledger */
@@ -181,6 +181,10 @@ case 'rmop':
$html=ob_get_contents();
ob_end_clean();
}
+ else
+ {
+ $html= _("Effacement refusé");
+ }
break;
//////////////////////////////////////////////////////////////////////
// DE Detail
@@ -227,22 +231,21 @@ case 'de':
case 'file':
$op->get();
$obj=$op->get_quant(); /* return an obj. ACH / FIN or VEN or null if
nothing is found*/
+
+ $repo = new Database();
+ $theme = $repo->get_value("select the_filestyle from theme where
the_name=$1", array($_SESSION['g_theme']));
+ html_min_page_start($theme);
+ // if there is a receipt document
if ( $obj->det->jr_pj_name=='')
{
- echo "<html><head>";
- $repo=new Database();
- $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION['g_theme']));
- echo "<LINK REL=\"stylesheet\" type=\"text/css\" href=\"$theme\"
media=\"screen\">";
- if ( ! isset($_REQUEST['ajax']) ) {
- echo "<body class=\"op_detail_frame\">";
- echo '<div class="op_detail_frame">';
- }else {
- echo "<body>";
- echo "<div>";
+ if ( ! isset($_REQUEST['ajax']) ) {
+ echo '<div class="op_detail_frame">';
+ }else {
+ echo "<div>";
- }
- echo "<h1 class=\"legend\">Document</h1>";
+ }
+ echo "<h1 class=\"legend\">Document</h1>";
if ( $access=='W')
{
echo '<FORM METHOD="POST" ENCTYPE="multipart/form-data"
id="form_file">';
@@ -261,50 +264,37 @@ case 'file':
}
else
{
- echo "<html><head>";
- if (!isset($_REQUEST['ajax']))
- {
- echo "<body class=\"op_detail_frame\">";
- echo '<div class="op_detail_frame">';
- }
- else
- {
- echo "<body>";
- echo "<div>";
- }
- $repo = new Database();
- $theme = $repo->get_value("select the_filestyle
from theme where the_name=$1", array($_SESSION['g_theme']));
- echo " <LINK REL=\"stylesheet\"
type=\"text/css\" href=\"$theme\" media=\"screen\">";
- echo "</head>";
- echo '<div class="op_detail_frame">';
-
- echo _('Aucun fichier');
- }
- echo '</div>';
- echo '</body></html>';
- exit();
+ if (!isset($_REQUEST['ajax']))
+ {
+ echo '<div class="op_detail_frame">';
+ }
+ else
+ {
+ echo "<div>";
+ }
+
+
+ echo _('Aucun fichier');
+ }
+ echo '</div>';
+ exit();
}
else
{
- echo "<html><head>";
- $repo=new Database();
- $theme=$repo->get_value("select the_filestyle from theme where
the_name=$1",array($_SESSION['g_theme']));
- echo " <LINK REL=\"stylesheet\" type=\"text/css\" href=\"$theme\"
media=\"screen\">";
- echo "</head>";
- if ( ! isset($_REQUEST['ajax']) ) {
- echo "<body class=\"op_detail_frame\">";
- echo '<div class="op_detail_frame">';
- }else {
- echo "<body>";
- echo "<div>";
+ // There is no document attached to this writing
+ //
+ if ( ! isset($_REQUEST['ajax']) ) {
+ echo '<div class="op_detail_frame">';
+ }else {
+ echo "<div>";
- }
+ }
echo '<div class="op_detail_frame">';
$x='';
- if ($access=='W' && $g_user->check_action (RMDOC) == 1)
- $x=sprintf('<a class="notice"
style="margin-left:12;margin-right:12"
href="ajax_ledger.php?gDossier=%d&div=%s&jr_id=%s&act=rmf" onclick="return
confirm(\'Effacer le document ?\')">'._('enlever').'</a>',
+ if ($access=='W' && $g_user->check_action (RMRECEIPT) == 1)
+ $x=sprintf('<a class="smallbutton"
style="margin-left:12;margin-right:12"
href="ajax_ledger.php?gDossier=%d&div=%s&jr_id=%s&act=rmf" onclick="return
confirm(\'Effacer le document ?\')">ⵝ</a>',
$gDossier,$div,$jr_id);
- echo $x;
+
$filename= $obj->det->jr_pj_name;
if ( strlen($obj->det->jr_pj_name) > 20 )
{
@@ -313,6 +303,7 @@ case 'file':
$h=sprintf('<a class="mtitle"
href="show_pj.php?gDossier=%d&jrn=%d&jr_grpt_id=%d">%s</a>',
$gDossier,$ledger,$obj->det->jr_grpt_id,h( $filename));
echo $h;
+ echo $x;
echo '</div>';
echo '</body></html>';
exit();
@@ -342,8 +333,8 @@ case 'loadfile':
echo '<div class="op_detail_frame">';
// check if the user can remove a document
- if ($g_user->check_action (RMDOC) == 1) {
- $x=sprintf('<a class="mtitle" class="notice"
style="margin-left:12;margin-right:12px"
href="ajax_ledger.php?gDossier=%d&div=%s&jr_id=%s&act=rmf" onclick="return
confirm(\'Effacer le document ?\')">'._('enlever').'</a>',
+ if ($g_user->check_action (RMRECEIPT) == 1) {
+ $x=sprintf('<a class="mtitle" class="notice"
style="margin-left:12;margin-right:12px"
href="ajax_ledger.php?gDossier=%d&div=%s&jr_id=%s&act=rmf" onclick="return
confirm(\'Effacer le document ?\')">'."ⵝ".'</a>',
$gDossier,$div,$jr_id);
echo $x;
}
@@ -359,7 +350,7 @@ case 'loadfile':
// remove a file
/////////////////////////////////////////////////////////////////////////////
case 'rmf':
- if ( $access == 'W' && $g_user->check_action (RMDOC) == 1)
+ if ( $access == 'W' && $g_user->check_action (RMRECEIPT) == 1)
{
echo "<html><head>";
$repo=new Database();
diff --git a/include/constant.security.php b/include/constant.security.php
index bcd5797..15426d8 100644
--- a/include/constant.security.php
+++ b/include/constant.security.php
@@ -24,5 +24,7 @@ define ("FICCAT",910); //création, modification et
effacement de catégorie de
define ('RMDOC',1020); // Effacement de document pour follow up &
comptabilité
define ('VIEWDOC',1010); // Voir document pour follow up
define ('PARCATDOC',1050); // modifier type document pour follow up
+define ('RMRECEIPT',1110); // Effacer un document d'une pièce comptable
+define ('RMOPER',1120); // Effacer une opération comptable
global $audit; $audit=false;
?>
diff --git a/include/template/ledger_detail_bottom.php
b/include/template/ledger_detail_bottom.php
index bfaeafe..8fe7c78 100644
--- a/include/template/ledger_detail_bottom.php
+++ b/include/template/ledger_detail_bottom.php
@@ -285,7 +285,8 @@ if ( $div != 'popup' ) {
}
$per=new Periode($cn,$obj->det->jr_tech_per);
- if ( $per->is_closed() == 0 && $owner->MY_STRICT=='N'){
+ if ( $per->is_closed() == 0 && $owner->MY_STRICT=='N' &&
$g_user->check_action(RMOPER)==1)
+ {
$remove=new IButton('Effacer');
$remove->label=_('Effacer');
$remove->javascript="if ( confirm('Vous confirmez effacement ?'))
{removeOperation('".$obj->det->jr_id."',".dossier::id().",'".$div."')}";
diff --git a/include/template/security_list_action.php
b/include/template/security_list_action.php
index 19512b4..1c1c54d 100644
--- a/include/template/security_list_action.php
+++ b/include/template/security_list_action.php
@@ -49,9 +49,19 @@
}// end function
?>
- <?php $array=$cn->get_array("select ac_id,
ac_description from action where ac_id >=$1 and ac_id <=$2 order by ac_id ",
- array(800,1000));
-
display_security_fieldset(_('Fiche'),$array,$sec_User); ?>
- <?php $array=$cn->get_array("select ac_id,
ac_description from action where ac_id >=$1 and ac_id <=$2 order by ac_id ",
- array(1001,1100));
- display_security_fieldset(_('Suivi &
Comptabilité'),$array,$sec_User); ?>
+<?php
+// Security Card
+$array=$cn->get_array("select ac_id, ac_description from action where ac_id
>=$1 and ac_id <=$2 order by ac_id ",
+ array(800,1000));
+ display_security_fieldset(_('Fiche'),$array,$sec_User); ?>
+<?php
+// Security follow-up
+$array=$cn->get_array("select ac_id, ac_description from action where ac_id
>=$1 and ac_id <=$2 order by ac_id ",
+ array(1001,1100));
+ display_security_fieldset(_('Suivi'),$array,$sec_User); ?>
+
+<?php
+// Security Accountancy
+ $array=$cn->get_array("select ac_id, ac_description from action where ac_id
>=$1 and ac_id <=$2 order by ac_id ",
+ array(1101,1200));
+ display_security_fieldset(_('Comptabilité'),$array,$sec_User); ?>
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index 0203ef8..e438d64 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -1,4 +1,9 @@
-update action set ac_description = 'Effacer un document de la comptabilité ou
du suivi' where ac_id=1020;
+INSERT INTO action(
+ ac_id, ac_description, ac_module, ac_code)
+ VALUES (1110, 'Enlever une pièce justificative', 'compta', 'RMRECEIPT');
+INSERT INTO action(
+ ac_id, ac_description, ac_module, ac_code)
+ VALUES (1120, 'Effacer une opération ', 'compta', 'RMOPER');
CREATE TABLE todo_list_shared (id serial primary key, todo_list_id int4 NOT
NULL, use_login int4 NOT NULL, CONSTRAINT unique_todo_list_id_login
@@ -11,3 +16,22 @@ comment on column todo_list_shared.todo_list_id is 'fk to
todo_list';
comment on column todo_list_shared.use_login is 'user login';
+/**
+Arbre dépendance
+ with recursive t (ag_id,ag_ref_ag_id,ag_title,depth) as (
+ select
+ ag_id , ag_ref_ag_id, ag_title , 1
+ from
+ action_gestion
+ where ag_id=55
+ union all
+ select
+ p2.ag_id,p2.ag_ref_ag_id,p2.ag_title,depth + 1
+ from
+ t as p1, action_gestion as p2
+ where
+ p1.ag_ref_ag_id is not null and
+ p1.ag_id = p2.ag_ref_ag_id
+) select * from t;
+
+*/
\ No newline at end of file
- [Noalyss-commit] [noalyss] branch master updated (375a66e -> eec7628), Dany De Bontridder, 2015/05/18
- [Noalyss-commit] [noalyss] 01/05: Task #1118 - Partage de notes via le Pense-bête #1118 , Share todo list with other user, create table, Dany De Bontridder, 2015/05/18
- [Noalyss-commit] [noalyss] 02/05: Indentation, Dany De Bontridder, 2015/05/18
- [Noalyss-commit] [noalyss] 03/05: Indentation, Dany De Bontridder, 2015/05/18
- [Noalyss-commit] [noalyss] 05/05: Task #1120 - Ajouter option sécurité : effacement opération comptable #1120 : new privilege -> remove accountancy writing privilege write , override ledger acces -> remove receipt (document)override ledger acces, Dany De Bontridder, 2015/05/18
- [Noalyss-commit] [noalyss] 04/05: Task #1120 - Ajouter option sécurité : effacement opération comptable #1120 : new privilege -> remove accountancy writing privilege write , override ledger acces -> remove receipt (document)override ledger acces,
Dany De Bontridder <=