[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 08/21: Task #1127 - Ajout évenement depuis t
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 08/21: Task #1127 - Ajout évenement depuis tableau de bord ou agenda #1127 add security |
Date: |
Wed, 19 Aug 2015 22:59:29 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 36b21ccde4ebe244a14d5e7d4bf7c3264a4ef486
Author: Dany De Bontridder <address@hidden>
Date: Sat Aug 15 08:41:47 2015 +0200
Task #1127 - Ajout évenement depuis tableau de bord ou agenda
#1127 add security
---
include/action.common.inc.php | 8 ++++----
include/ajax_gestion.php | 10 +++++++++-
include/class_follow_up.php | 12 +++++++++++-
include/class_user.php | 21 ++++++++++++++++++++-
4 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/include/action.common.inc.php b/include/action.common.inc.php
index 9e29f9a..df9943e 100644
--- a/include/action.common.inc.php
+++ b/include/action.common.inc.php
@@ -203,8 +203,8 @@ if ($sub_action == 'detail')
echo $act->Display('UPD', false, $base, $retour);
echo '<input type="hidden" name="sa" value="update">';
echo HtmlInput::submit("save", "Sauve");
- echo HtmlInput::submit("add_action_here", _("Ajoute une action
à celle-ci"));
- echo HtmlInput::submit("delete", _("Efface cette action"), '
onclick="return confirm(\'' . _("Vous confirmez l\'effacement") . '\')" ');
+ echo HtmlInput::submit("add_action_here", _("Ajoute un
événement à celui-ci"));
+ echo HtmlInput::submit("delete", _("Efface cet événement "), '
onclick="return confirm(\'' . _("Vous confirmez l\'effacement") . '\')" ');
echo $retour;
echo '</form>';
}
@@ -269,11 +269,11 @@ if ($sub_action == "save_action_st2")
// insert into action_gestion
echo $act->save();
$url = "?$base&sa=detail&ag_id=" . $act->ag_id . '&' . dossier::get();
- echo '<p><a class="mtitle" href="' . $url . '">' . hb(_('Action
Sauvée').' : ' . $act->ag_ref) . '</a></p>';
+ echo '<p><a class="mtitle" href="' . $url . '">' . hb(_('Evènement
Sauvée').' : ' . $act->ag_ref) . '</a></p>';
Follow_Up::show_action_list($cn,$base);
$url = "?$base&sa=detail&ag_id=" . $act->ag_id . '&' . dossier::get();
- echo '<p><a class="mtitle" href="' . $url . '">' . hb(_('Action
Sauvée').' : ' . $act->ag_ref) . '</a></p>';
+ echo '<p><a class="mtitle" href="' . $url . '">' . hb(_('Evènement
Sauvée').' : ' . $act->ag_ref) . '</a></p>';
} catch (Exception $e)
{
echo '<span class="notice">';
diff --git a/include/ajax_gestion.php b/include/ajax_gestion.php
index 67aee1f..830acd9 100644
--- a/include/ajax_gestion.php
+++ b/include/ajax_gestion.php
@@ -106,7 +106,15 @@ if ($op=='action_save')
$gestion->dt_id=$type_event;
$gestion->ag_comment=h($summary);
$gestion->ag_timestamp=$date_event;
- $gestion->save_short();
+ $content=_('Sauvé');
+ $status='OK';
+ try {
+ $gestion->save_short();
+ } catch (Exception $ex)
+ {
+ $content=$ex->getMessage();
+ $status='NOK';
+ }
header('Content-type: text/xml; charset=UTF-8');
$dom=new DOMDocument('1.0', 'UTF-8');
$xml_content=$dom->createElement('content', _("Sauvé"));
diff --git a/include/class_follow_up.php b/include/class_follow_up.php
index bb66082..474ea1f 100644
--- a/include/class_follow_up.php
+++ b/include/class_follow_up.php
@@ -1765,10 +1765,20 @@ class Follow_Up
include 'template/action_display_short.php';
}
/**
- *
+ * Add an event , with the minimum of informations,
+ * used in Dashboard and Scheduler
*/
function save_short()
{
+ global $g_user;
+ // check if we can add
+ if ($g_user->can_add_action($this->ag_dest) == FALSE )
+ {
+ throw new Exception(_('SECURITE : Ajout impossible'));
+ }
+
+
+
// Get The sequence id,
$seq_name="seq_doc_type_".$this->dt_id;
$str_file="";
diff --git a/include/class_user.php b/include/class_user.php
index 30a3f5c..8852440 100644
--- a/include/class_user.php
+++ b/include/class_user.php
@@ -1114,6 +1114,25 @@ class User
return $profile;
}
/**
+ * Check if the current user can add an action in the profile given
+ * in parameter
+ * @param type $p_profile profile.p_id = action_gestion.ag_dest
+ * @return boolean
+ */
+ function can_add_action($p_profile)
+ {
+ $r=$this->db->get_value (' select count(*)
+ from user_sec_action_profile
+ where p_granted=$1
+ and p_id=$2',
+ array($this->get_profile(),$p_profile));
+ if ($r == 0 )
+ {
+ return false;
+ }
+ return true;
+ }
+ /**
*Check if the profile of the user can write for this profile
* @param $dtoc action_gestion.ag_id
* @return true if he can write otherwise false
@@ -1122,7 +1141,7 @@ class User
{
if ( $this->Admin() == 1 ) return true;
$profile = $this->get_profile();
- $r = $this->db->get_value(" select count(*) from action_gestion
where ag_id=$1 and ag_dest in
+ $r = $this->db->get_value(" select count(*) from
action_gestion where ag_id=$1 and ag_dest in
(select p_granted from user_sec_action_profile
where ua_right='W' and p_id=$2) ", array($dtoc, $profile));
if ($r == 0)
return false;
- [Noalyss-commit] [noalyss] branch master updated (df8521e -> 83523a1), Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 02/21: cosmetic : size of button, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 01/21: forgotten quote in path Use a variable for an absolute path for performance reason NOALYSS_INCLUDE NOALYSS_HOME NOALYSS_PLUGIN, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 03/21: Add invisible image for menu, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 04/21: remove dead code, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 06/21: Fix bug for dedicated server, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 07/21: Move system parameter to config.inc.php, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 09/21: New logo cosmetic, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 10/21: Task #1151 - Amélioration configuration des menus #1151 show only menu and no printing for dependency, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 05/21: cosmetic, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 08/21: Task #1127 - Ajout évenement depuis tableau de bord ou agenda #1127 add security,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 17/21: translation, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 12/21: code documentation, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 11/21: translation, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 14/21: #1151 Hide or show the detail of a profile or the list of profile, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 13/21: translation, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 15/21: Task #1151 - Amélioration configuration des menus #1151 Hide or show the detail of a profile or the list of profile, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 18/21: Add a constant BUTTONADD, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 20/21: Task #1151 - Amélioration configuration des menus Ergonomy change easily the menu and configuration + SQL for upgrade, Dany De Bontridder, 2015/08/19
- [Noalyss-commit] [noalyss] 19/21: remove debug, Dany De Bontridder, 2015/08/20
- [Noalyss-commit] [noalyss] 16/21: cosmetic, Dany De Bontridder, 2015/08/20