wip #5873 @0.5

diff --git a/inc/ws/Controlleur/class.ws.ajax.php b/inc/ws/Controlleur/class.ws.ajax.php
index b690949ab08499b711185482379f34bbf0908d57..9326999c0db686988828798e6a9493b8684ced6c 100644 (file)
--- a/inc/ws/Controlleur/class.ws.ajax.php
+++ b/inc/ws/Controlleur/class.ws.ajax.php
@@ -6,6 +6,9 @@ class wsAjax extends cubeAjax
     public static function formClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         if ($args[1] == 'new') {
             $extra = '';
         } else {
@@ -27,6 +30,9 @@ class wsAjax extends cubeAjax
     public static function saveClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         // Creation de l'entreprise
         if ($_POST['entreprise_id'] == 'new') {
@@ -67,6 +73,9 @@ class wsAjax extends cubeAjax
     public static function saveContact($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOClient($core->con);
         $client = $dao->sauve($_POST);
         $x->addClosePopup();
@@ -88,6 +97,9 @@ class wsAjax extends cubeAjax
     public static function supprimeClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
 
         $dao = new commonDAOEntreprise($core->con);
         $dao->supprime($args[1]);
@@ -99,11 +111,17 @@ class wsAjax extends cubeAjax
 
     public static function searchClients($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function sortClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::sort('clients_ws', $args[1]);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
@@ -116,18 +134,27 @@ class wsAjax extends cubeAjax
 
     public static function pageClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::page('clients_ws', $args[1]);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function parPageClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::parPage('clients_ws', $_POST['par_page']);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function filtreClients($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         if (isset($args[1]) && $args[1] == 'efface') {
             commonAjax::filtre('clients_ws');
             $x->addReload();

diff --git a/inc/ws/Controlleur/class.ws.droits.php b/inc/ws/Controlleur/class.ws.droits.php
index 714816e6d7302470f266e949841eca7a3b64e63a..c2d58bdb3ee32c8a318a39f847d494d15b1f79d7 100644 (file)
--- a/inc/ws/Controlleur/class.ws.droits.php
+++ b/inc/ws/Controlleur/class.ws.droits.php
@@ -6,6 +6,8 @@ class wsDroits
     public static $creation = array(2, 4, 5);\r
     public static $revendeur = 3;\r
     public static $admin = 5;\r
+    public static $disableClientsManagement = [94];\r
+\r
 \r
     public static function navigation()\r
     {\r
@@ -25,7 +27,7 @@ class wsDroits
         if ($core->user->ws_grade >= 5) {\r
             $nav[__('Collections')] = 'collections';\r
         }\r
-        if ($core->user->ws_grade >= 3) {\r
+        if ($core->user->ws_grade >= 3 && self::canManageClients()) {\r
             $nav[__('Clients')] = 'clients';\r
         }\r
         if ($core->user->ws_grade >= 5) {\r
@@ -38,6 +40,12 @@ class wsDroits
         return $nav;\r
     }\r
 \r
+    public static function canManageClients()\r
+    {\r
+        global $core;\r
+        return !in_array($core->user->entreprise, self::$disableClientsManagement);\r
+    }\r
+\r
     public static function getDroits()\r
     {\r
         $res = new stdClass();\r
@@ -140,6 +148,7 @@ class wsDroits
         if (self::admin()) {\r
             return true;\r
         }\r
+\r
         $daoBook = new wsDAOBook($core->con);\r
         $books = $daoBook->getListe(null, null, null, $core->user);\r
         foreach ($books as $book) {\r

diff --git a/inc/ws/Controlleur/class.ws.url.php b/inc/ws/Controlleur/class.ws.url.php
index 754d6feb95be3104ca3d605aaa9ef0602598a53f..677d14cd2d46a61ac858e67aa629e803724b2381 100644 (file)
--- a/inc/ws/Controlleur/class.ws.url.php
+++ b/inc/ws/Controlleur/class.ws.url.php
@@ -1507,6 +1507,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
         cubePage::autoComplete();
         cubePage::emptyfield();
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $settings = $core->user->getSettings('clients_ws');
 
         $shortcuts = array();
@@ -1533,6 +1536,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $settings = is_null($settings) ? $core->user->getSettings('clients_ws') : $settings;
         $change = is_null($dashboard) ? 'Client' : 'Dashboard/' . $dashboard;
 
@@ -1620,6 +1626,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         $daoUtilisateur = new commonDAOUtilisateur($core->con);
         if ($entreprise_id == 'new') {
@@ -1692,6 +1701,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         $contacts = $dao->getContacts($entreprise_id);
 
@@ -1714,7 +1726,7 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     public static function formCollection($collection_id = 'new')
     {
         global $core;
-        commonDroits::min(3);
+        commonDroits::min(5);
         $dao = new wsDAOCollection($core->con);
         if ($collection_id != 'new') {
             $collection = $dao->selectById($collection_id);
@@ -1731,6 +1743,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
 
         $dao = new commonDAOClient($core->con);
         if ($client_id == 'new') {
@@ -1769,6 +1784,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
 
     public static function demandes()
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         http::redirect('https://toolbox.fluidbook.com/fluidbook-quote');
         exit;
     }