From: vincent@cubedesigners.com <vincent@cubedesigners.com@f5622870-0f3c-0410-866d-9cb505b7a8ef>
Date: Mon, 24 Apr 2023 16:24:53 +0000 (+0000)
Subject: wip #5873 @0.5
X-Git-Url: http://git.cubedesigners.com/?a=commitdiff_plain;h=abb4afe240de06d5b4041166c550ec5339df76c1;p=cubeextranet.git

wip #5873 @0.5
---

diff --git a/inc/ws/Controlleur/class.ws.ajax.php b/inc/ws/Controlleur/class.ws.ajax.php
index b690949ab..9326999c0 100644
--- a/inc/ws/Controlleur/class.ws.ajax.php
+++ b/inc/ws/Controlleur/class.ws.ajax.php
@@ -6,6 +6,9 @@ class wsAjax extends cubeAjax
     public static function formClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         if ($args[1] == 'new') {
             $extra = '';
         } else {
@@ -27,6 +30,9 @@ class wsAjax extends cubeAjax
     public static function saveClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         // Creation de l'entreprise
         if ($_POST['entreprise_id'] == 'new') {
@@ -67,6 +73,9 @@ class wsAjax extends cubeAjax
     public static function saveContact($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOClient($core->con);
         $client = $dao->sauve($_POST);
         $x->addClosePopup();
@@ -88,6 +97,9 @@ class wsAjax extends cubeAjax
     public static function supprimeClient($args, &$x)
     {
         global $core;
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
 
         $dao = new commonDAOEntreprise($core->con);
         $dao->supprime($args[1]);
@@ -99,11 +111,17 @@ class wsAjax extends cubeAjax
 
     public static function searchClients($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function sortClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::sort('clients_ws', $args[1]);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
@@ -116,18 +134,27 @@ class wsAjax extends cubeAjax
 
     public static function pageClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::page('clients_ws', $args[1]);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function parPageClient($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         commonAjax::parPage('clients_ws', $_POST['par_page']);
         $x->addContent('listeClients', wsUrl::listeClients());
     }
 
     public static function filtreClients($args, &$x)
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         if (isset($args[1]) && $args[1] == 'efface') {
             commonAjax::filtre('clients_ws');
             $x->addReload();
diff --git a/inc/ws/Controlleur/class.ws.droits.php b/inc/ws/Controlleur/class.ws.droits.php
index 714816e6d..c2d58bdb3 100644
--- a/inc/ws/Controlleur/class.ws.droits.php
+++ b/inc/ws/Controlleur/class.ws.droits.php
@@ -6,6 +6,8 @@ class wsDroits
     public static $creation = array(2, 4, 5);
     public static $revendeur = 3;
     public static $admin = 5;
+    public static $disableClientsManagement = [94];
+
 
     public static function navigation()
     {
@@ -25,7 +27,7 @@ class wsDroits
         if ($core->user->ws_grade >= 5) {
             $nav[__('Collections')] = 'collections';
         }
-        if ($core->user->ws_grade >= 3) {
+        if ($core->user->ws_grade >= 3 && self::canManageClients()) {
             $nav[__('Clients')] = 'clients';
         }
         if ($core->user->ws_grade >= 5) {
@@ -38,6 +40,12 @@ class wsDroits
         return $nav;
     }
 
+    public static function canManageClients()
+    {
+        global $core;
+        return !in_array($core->user->entreprise, self::$disableClientsManagement);
+    }
+
     public static function getDroits()
     {
         $res = new stdClass();
@@ -140,6 +148,7 @@ class wsDroits
         if (self::admin()) {
             return true;
         }
+
         $daoBook = new wsDAOBook($core->con);
         $books = $daoBook->getListe(null, null, null, $core->user);
         foreach ($books as $book) {
diff --git a/inc/ws/Controlleur/class.ws.url.php b/inc/ws/Controlleur/class.ws.url.php
index 754d6feb9..677d14cd2 100644
--- a/inc/ws/Controlleur/class.ws.url.php
+++ b/inc/ws/Controlleur/class.ws.url.php
@@ -1507,6 +1507,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
         cubePage::autoComplete();
         cubePage::emptyfield();
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $settings = $core->user->getSettings('clients_ws');
 
         $shortcuts = array();
@@ -1533,6 +1536,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $settings = is_null($settings) ? $core->user->getSettings('clients_ws') : $settings;
         $change = is_null($dashboard) ? 'Client' : 'Dashboard/' . $dashboard;
 
@@ -1620,6 +1626,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         $daoUtilisateur = new commonDAOUtilisateur($core->con);
         if ($entreprise_id == 'new') {
@@ -1692,6 +1701,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         $dao = new commonDAOEntreprise($core->con);
         $contacts = $dao->getContacts($entreprise_id);
 
@@ -1714,7 +1726,7 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     public static function formCollection($collection_id = 'new')
     {
         global $core;
-        commonDroits::min(3);
+        commonDroits::min(5);
         $dao = new wsDAOCollection($core->con);
         if ($collection_id != 'new') {
             $collection = $dao->selectById($collection_id);
@@ -1731,6 +1743,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
     {
         global $core;
         commonDroits::min(3);
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
 
         $dao = new commonDAOClient($core->con);
         if ($client_id == 'new') {
@@ -1769,6 +1784,9 @@ html,body{height:100%;cursor: wait;font-family: "Open Sans", Arial;background-co
 
     public static function demandes()
     {
+        if(!wsDroits::canManageClients()){
+            commonDroits::error();
+        }
         http::redirect('https://toolbox.fluidbook.com/fluidbook-quote');
         exit;
     }