[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 52/119: NEW Security : add tag
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 52/119: NEW Security : add tag |
Date: |
Mon, 26 Oct 2020 18:27:18 -0400 (EDT) |
sparkyx pushed a commit to branch master
in repository noalyss.
commit 5aba53e25f19a5b58cb0ce25bc12cdaa902c5311
Author: Dany De Bontridder <danydb@noalyss.eu>
AuthorDate: Mon Oct 5 16:58:26 2020 +0200
NEW Security : add tag
---
include/ajax/ajax_tag_detail.php | 4 +++-
include/ajax/ajax_tag_list.php | 2 +-
include/ajax/ajax_tag_save.php | 2 +-
include/constant.security.php | 1 +
include/template/tag_select.php | 2 +-
sql/upgrade.sql | 5 ++++-
6 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/include/ajax/ajax_tag_detail.php b/include/ajax/ajax_tag_detail.php
index cf6bec6..2004300 100644
--- a/include/ajax/ajax_tag_detail.php
+++ b/include/ajax/ajax_tag_detail.php
@@ -11,7 +11,9 @@ require_once NOALYSS_INCLUDE.'/lib/single_record.class.php';
require_once NOALYSS_INCLUDE.'/class/tag.class.php';
ob_start();
$tag=new Tag($cn);
-$tag->data->t_id=$_GET['tag'];
+$http=new HttpInput();
+$tag->data->t_id=$http->get("tag","number");
+if ($tag->data->t_id == -1 && $g_user->check_action(TAGADD) == 0 ) return;
$tag->data->load();
echo HtmlInput::title_box(_("Détail du dossier ou étiquette"),
"tag_div","close","","y");
diff --git a/include/ajax/ajax_tag_list.php b/include/ajax/ajax_tag_list.php
index 342a44b..5ce78c4 100644
--- a/include/ajax/ajax_tag_list.php
+++ b/include/ajax/ajax_tag_list.php
@@ -31,7 +31,7 @@ $tag->select();
//------------------- Propose to add a tag
$js=sprintf("onclick=\"show_tag('%s','%s','%s','j')\"",Dossier::id(),'','-1');
-echo HtmlInput::button("tag_add", _("Ajout d'un tag"), $js);
+if ( $g_user->check_action(TAGADD) == 1) { echo HtmlInput::button("tag_add",
_("Ajout d'un tag"), $js);}
echo HtmlInput::button_close("tag_div");
$response= ob_get_clean();
diff --git a/include/ajax/ajax_tag_save.php b/include/ajax/ajax_tag_save.php
index 59df25e..ade6981 100644
--- a/include/ajax/ajax_tag_save.php
+++ b/include/ajax/ajax_tag_save.php
@@ -12,7 +12,7 @@ $op=$http->request("op");
global $g_user;
$nDossier=Dossier::id();
///check security
-if ( $g_user->check_module('CFGTAG')==0)
+if ( $g_user->check_module('CFGTAG')==0 && $g_user->check_action(TAGADD) ==
0)
{
die(_("non permis"));
}
diff --git a/include/constant.security.php b/include/constant.security.php
index baf161e..c395bed 100644
--- a/include/constant.security.php
+++ b/include/constant.security.php
@@ -22,6 +22,7 @@ define ('FICADD',800); /* Ajout de fiche */
define ("FIC",805); //Création, modification et effacement de fiche
define ("FICCAT",910); //création, modification et effacement de catégorie de
fiche
define ('RMDOC',1020); // Effacement de document pour follow up &
comptabilité
+define ('TAGADD',1025); // Ajout de tag
define ('VIEWDOC',1010); // Voir document pour follow up
define ('PARCATDOC',1050); // modifier type document pour follow up
define ('RMRECEIPT',1110); // Effacer un document d'une pièce comptable
diff --git a/include/template/tag_select.php b/include/template/tag_select.php
index 709c9ff..475e959 100644
--- a/include/template/tag_select.php
+++ b/include/template/tag_select.php
@@ -27,8 +27,8 @@ if ( $max == 0 ) {
</tr>
<?php
$gDossier=Dossier::id();
-if (isNumber($_REQUEST['ag_id']) == 0 ) die ('ERROR : parameters invalid');
$ag_id=$http->request("ag_id","number");
+if (isNumber($ag_id) == 0 ) die ('ERROR : parameters invalid');
for ($i=0;$i<$max;$i++):
$row=Database::fetch_array($ret, $i);
?>
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index f311690..1b20b77 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -172,4 +172,7 @@ COMMENT ON TABLE public.jnt_tag_group_tag IS 'Many to Many
table betwwen tag and
-- public.jnt_tag_group_tag foreign keys
ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk
FOREIGN KEY (tag_id) REFERENCES tags(t_id) ON UPDATE CASCADE ON DELETE CASCADE;
-ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk_1
FOREIGN KEY (tag_group_id) REFERENCES tag_group(tg_id) ON UPDATE CASCADE ON
DELETE CASCADE;
\ No newline at end of file
+ALTER TABLE public.jnt_tag_group_tag ADD CONSTRAINT jnt_tag_group_tag_fk_1
FOREIGN KEY (tag_group_id) REFERENCES tag_group(tg_id) ON UPDATE CASCADE ON
DELETE CASCADE;
+
+
+insert into action values (1025,'Ajout d''étiquette','followup','TAGADD');
\ No newline at end of file
- [Noalyss-commit] [noalyss] 03/119: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss, (continued)
- [Noalyss-commit] [noalyss] 03/119: Merge branch 'master' of gitlab.noalyss.eu:noalyss/noalyss, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 01/119: Fix warning with empty array, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 10/119: Fix bug : cannot use % when searching NEW : space can be used now, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 14/119: doc, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 11/119: Improve use of the security, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 17/119: javascript : add function to concat 2 json objects, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 18/119: javascript: remove hardcoding of dialog box for manage_table, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 30/119: Bug 1834 : duplicate , cannot confirm an duplicated operation because the $_GET is taken in priority, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 29/119: Remove debug info, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 37/119: javascript: remove hardcoding of dialog box for manage_table, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 52/119: NEW Security : add tag,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 22/119: ManageTable : you can set the style of the dialog box, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 23/119: Rewriting of Predefined Operation. You can add new Predefined Operation, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 43/119: Documentation, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 50/119: Follow-up search : show the closing status, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 60/119: FollowUp Deatil : add the amount + tva from card, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 74/119: Search concerned card with company , name , ... and export contact option to CSV, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 80/119: Follow Up : multiple card , search by category of card, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 15/119: doc, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 19/119: fix type, Dany De Bontridder, 2020/10/26
- [Noalyss-commit] [noalyss] 20/119: documentation, Dany De Bontridder, 2020/10/26