[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpcompta-dev] r4582 - in phpcompta/trunk: html html/js include sql
|
From: |
phpcompta-dev |
|
Subject: |
[Phpcompta-dev] r4582 - in phpcompta/trunk: html html/js include sql |
|
Date: |
Thu, 8 Dec 2011 00:10:29 +0100 (CET) |
Author: danydb
Date: 2011-12-08 00:10:27 +0100 (Thu, 08 Dec 2011)
New Revision: 4582
Modified:
phpcompta/trunk/html/ajax_misc.php
phpcompta/trunk/html/export.php
phpcompta/trunk/html/js/scripts.js
phpcompta/trunk/include/ajax_add_menu.php
phpcompta/trunk/include/ajax_get_menu_detail.php
phpcompta/trunk/include/ajax_mod_menu.php
phpcompta/trunk/include/class_acc_ledger.php
phpcompta/trunk/include/class_pre_operation.php
phpcompta/trunk/include/impress_jrn.inc.php
phpcompta/trunk/include/menu.inc.php
phpcompta/trunk/include/profile.inc.php
phpcompta/trunk/sql/upgrade.sql
Log:
fix bug in menu, profile and security for PRINTJRN
Modified: phpcompta/trunk/html/ajax_misc.php
===================================================================
--- phpcompta/trunk/html/ajax_misc.php 2011-12-07 20:54:02 UTC (rev 4581)
+++ phpcompta/trunk/html/ajax_misc.php 2011-12-07 23:10:27 UTC (rev 4582)
@@ -537,7 +537,7 @@
case 'create_menu';
require_once 'ajax_create_menu.php';
break;
- case 'mod_menu';
+ case 'modify_menu';
require_once 'ajax_mod_menu.php';
break;
default:
Modified: phpcompta/trunk/html/export.php
===================================================================
--- phpcompta/trunk/html/export.php 2011-12-07 20:54:02 UTC (rev 4581)
+++ phpcompta/trunk/html/export.php 2011-12-07 23:10:27 UTC (rev 4582)
@@ -26,17 +26,17 @@
*
*/
-
+global $g_user;
require_once('class_database.php');
require_once('class_user.php');
$gDossier=dossier::id();
$cn=new Database($gDossier);
-$user=new User($cn);
-$user->Check();
-$action=$user->check_dossier($gDossier);
+$g_user=new User($cn);
+$g_user->Check();
+$action=$g_user->check_dossier($gDossier);
-if ( $action=='X' || ! isset($_GET['act']) ||
$user->check_print($_GET['act'])==0 )
+if ( $action=='X' || ! isset($_GET['act']) ||
$g_user->check_print($_GET['act'])==0 )
{
echo alert('Accès interdit');
redirect("do.php?".dossier::get());
Modified: phpcompta/trunk/html/js/scripts.js
===================================================================
--- phpcompta/trunk/html/js/scripts.js 2011-12-07 20:54:02 UTC (rev 4581)
+++ phpcompta/trunk/html/js/scripts.js 2011-12-07 23:10:27 UTC (rev 4582)
@@ -1302,11 +1302,11 @@
}
);
}
-function mod_menu(p_dossier,me_code)
+function modify_menu(p_dossier,me_code)
{
waiting_box();
removeDiv('divmenu');
- var qs="op=mod_menu&gDossier="+p_dossier+"&ctl=divmenu&me_code="+me_code;
+ var
qs="op=modify_menu&gDossier="+p_dossier+"&ctl=divmenu&me_code="+me_code;
var action=new Ajax.Request ( 'ajax_misc.php',
{
Modified: phpcompta/trunk/include/ajax_add_menu.php
===================================================================
--- phpcompta/trunk/include/ajax_add_menu.php 2011-12-07 20:54:02 UTC (rev
4581)
+++ phpcompta/trunk/include/ajax_add_menu.php 2011-12-07 23:10:27 UTC (rev
4582)
@@ -29,8 +29,9 @@
select me_code,me_code||' '||me_menu||' '||coalesce(me_description,'')
from
menu_ref
where
- me_file is null and me_javascript is null and me_type<>'PR'
- UNION ALL
+ me_file is null and me_javascript is null and me_url is null and
me_type<>'PR' and me_type <> 'SP'
+ and me_code in (select me_code from profile_menu where
p_id=".sql_string($p_id).")".
+ " UNION ALL
select me_code,me_code||' '||me_menu||'
'||coalesce(me_description,'') from menu_ref
where
me_code='EXT'
Modified: phpcompta/trunk/include/ajax_get_menu_detail.php
===================================================================
--- phpcompta/trunk/include/ajax_get_menu_detail.php 2011-12-07 20:54:02 UTC
(rev 4581)
+++ phpcompta/trunk/include/ajax_get_menu_detail.php 2011-12-07 23:10:27 UTC
(rev 4582)
@@ -29,13 +29,18 @@
// retrieve data
$profile=$cn->get_value("select p_id from profile_menu where
pm_id=$1",array($pm_id));
$a_value=$cn->make_array("select me_code,me_code||' '||me_menu||'
'||coalesce(me_description,'') from menu_ref",0);
-$a_value_null=$cn->make_array("select me_code,me_code||' '||me_menu||'
'||coalesce(me_description,'') from menu_ref
+$ame_code_dep=$cn->make_array("
+ select me_code,me_code||' '||me_menu||' '||coalesce(me_description,'')
from
+ menu_ref
where
- me_code in (select me_code from profile_menu where p_id=$profile and
p_type_display<>'P' and pm_id <> $pm_id)
- UNION ALL
+ me_file is null and me_javascript is null and me_url is null and
me_type<>'PR' and me_type <> 'SP'
+ and me_code in (select me_code from profile_menu where
p_id=".sql_string($profile).")".
+ " UNION ALL
select me_code,me_code||' '||me_menu||'
'||coalesce(me_description,'') from menu_ref
where
- me_code='EXT'",1);
+ me_code='EXT'
+ order by 1
+ ",1);
$a_type=$cn->make_array("select pm_type,pm_desc from profile_menu_type",1);
$array=$cn->get_array("select
p_id,pm_id,me_code,me_code_dep,p_order,p_type_display,pm_default
@@ -54,7 +59,7 @@
$me_code->selected=$array[0]['me_code'];
$me_code_dep=new ISelect('me_code_dep');
-$me_code_dep->value=$a_value_null;
+$me_code_dep->value=$ame_code_dep;
$me_code_dep->selected=$array[0]['me_code_dep'];
$p_order=new Inum('p_order',$array[0]['p_order']);
Modified: phpcompta/trunk/include/ajax_mod_menu.php
===================================================================
--- phpcompta/trunk/include/ajax_mod_menu.php 2011-12-07 20:54:02 UTC (rev
4581)
+++ phpcompta/trunk/include/ajax_mod_menu.php 2011-12-07 23:10:27 UTC (rev
4582)
@@ -5,7 +5,7 @@
echo '<form method="POST" onsubmit="return confirm(\'Vous confirmez ?\')">';
require_once 'template/menu_detail.php';
-echo HtmlInput::submit('mod_menu','Sauver');
+echo HtmlInput::submit('modify_menu','Sauver');
echo HtmlInput::button_close('divmenu');
echo '</form>';
?>
Modified: phpcompta/trunk/include/class_acc_ledger.php
===================================================================
--- phpcompta/trunk/include/class_acc_ledger.php 2011-12-07 20:54:02 UTC
(rev 4581)
+++ phpcompta/trunk/include/class_acc_ledger.php 2011-12-07 23:10:27 UTC
(rev 4582)
@@ -340,6 +340,7 @@
*/
function get_row($p_from,$p_to,$p_limit=-1,$p_offset=-1)
{
+ global $g_user;
$periode=sql_filter_per($this->db,$p_from,$p_to,'p_id','jr_tech_per');
$cond_limite=($p_limit!=-1)?" limit ".$p_limit." offset ".$p_offset:"";
@@ -379,7 +380,10 @@
jr_montant,
j_qcode,
jr_rapt as oc, j_tech_per as periode from
jrnx left join jrn on ".
- "jr_grpt_id=j_grpt left join tmp_pcmn on
pcm_val=j_poste where ".
+ "jr_grpt_id=j_grpt left join tmp_pcmn on
pcm_val=j_poste
+
join jrn_def on (jr_def_id=jrn_def_id)
+
where ".
+
$g_user->get_ledger_sql()." and ".
" ".$periode." order by
j_date::date,substring(jr_pj_number,'\\\\d+$') asc,j_grpt,j_debit desc ".
$cond_limite);
@@ -494,9 +498,10 @@
*/
function get_rowSimple($p_from,$p_to,$trunc=0,$p_limit=-1,$p_offset=-1)
{
+ global $g_user;
// Grand-livre : id= 0
//---
- $jrn=($this->id == 0 )?"":"and jrn_def_id = ".$this->id;
+ $jrn=($this->id == 0 )?"and ".$g_user->get_ledger_sql():"and
jrn_def_id = ".$this->id;
$periode=sql_filter_per($this->db,$p_from,$p_to,'p_id','jr_tech_per');
@@ -2679,13 +2684,14 @@
*/
function get_operation($p_from,$p_to)
{
- $jrn=($this->id==0)?'':' and jr_def_id = '.$this->id;
+ global $g_user;
+ $jrn=($this->id==0)?'and '.$g_user->get_ledger_sql():' and jr_def_id =
'.$this->id;
$sql="select jr_id as id ,jr_internal as internal, ".
"jr_pj_number as pj,jr_grpt_id,".
" to_char(jr_date,'DDMMYY') as date_fmt, ".
" jr_comment as comment, jr_montant as montant ,".
" jr_grpt_id,jr_def_id".
- " from jrn where ".
+ " from jrn join jrn_def on (jr_def_id=jrn_def_id) where ".
" jr_date >= (select p_start from parm_periode where
p_id = $1)
and jr_date <= (select p_end from
parm_periode where p_id = $2)" .
' '.$jrn.' order by
jr_date,substring(jr_pj_number,\'\\\d+$\')::numeric asc';
Modified: phpcompta/trunk/include/class_pre_operation.php
===================================================================
--- phpcompta/trunk/include/class_pre_operation.php 2011-12-07 20:54:02 UTC
(rev 4581)
+++ phpcompta/trunk/include/class_pre_operation.php 2011-12-07 23:10:27 UTC
(rev 4582)
@@ -184,7 +184,7 @@
$this->db=$p_cn;
$this->operation=new Pre_operation($this->db);
$this->valid=array('ledger'=>'jrn_def_id','ledger_type'=>'jrn_type','direct'=>'od_direct');
-
+ $this->jrn_def_id=-1;
}
@@ -224,6 +224,7 @@
}
public function get_operation()
{
+ if ( $this->jrn_def_id=='') return array();
$value=$this->db->make_array("select od_id,od_name from op_predef ".
" where
jrn_def_id=".sql_string($this->jrn_def_id).
" and od_direct
='".sql_string($this->od_direct)."'".
Modified: phpcompta/trunk/include/impress_jrn.inc.php
===================================================================
--- phpcompta/trunk/include/impress_jrn.inc.php 2011-12-07 20:54:02 UTC (rev
4581)
+++ phpcompta/trunk/include/impress_jrn.inc.php 2011-12-07 23:10:27 UTC (rev
4582)
@@ -42,7 +42,7 @@
join user_sec_jrn on uj_jrn_id=jrn_def_id
where
uj_login='$g_user->login'
- and uj_priv !='X'
+ and uj_priv in ('R','W')
";
$ret=$cn->make_array($sql);
}
@@ -52,7 +52,6 @@
from jrn_def join jrn_type on
jrn_def_type=jrn_type_id");
}
-
// Count the forbidden journaux
$NoPriv=$cn->count_sql("select
jrn_def_id,jrn_def_name,jrn_def_class_deb,jrn_def_class_cred,jrn_type_id,jrn_desc,uj_priv,
jrn_deb_max_line,jrn_cred_max_line
@@ -63,7 +62,7 @@
and uj_priv ='X'
");
// Pour voir tout les journal ?
-if ( $NoPriv == 0 )
+if ( $NoPriv == 0 && $ret != null )
{
$a=count($ret);
$all=array('value'=>0,'label'=>'Tous les journaux');
Modified: phpcompta/trunk/include/menu.inc.php
===================================================================
--- phpcompta/trunk/include/menu.inc.php 2011-12-07 20:54:02 UTC (rev
4581)
+++ phpcompta/trunk/include/menu.inc.php 2011-12-07 23:10:27 UTC (rev
4582)
@@ -71,7 +71,7 @@
/**
* if post save then we save a new one
*/
-if ( isset($_POST['create_menu'])|| isset($_POST['mod_menu']))
+if ( isset($_POST['create_menu'])|| isset($_POST['modify_menu']))
{
extract($_POST);
$menu_ref=new Menu_Ref($cn);
@@ -90,7 +90,7 @@
{
$menu_ref->insert();
}
- elseif (isset($_POST['mod_menu']))
+ elseif (isset($_POST['modify_menu']))
{
if ($menu_ref->verify() == 0)
$menu_ref->update();
@@ -183,7 +183,7 @@
$js = sprintf('<A class="line" href="javascript:void(0)"
onclick="mod_plugin(\'%s\',\'%s\')">%s</A>', $gDossier, $row->me_code,
$row->me_code);
break;
case 'ME':
- $js = sprintf('<A class="line" href="javascript:void(0)"
onclick="mod_menu(\'%s\',\'%s\')">%s</A>', $gDossier, $row->me_code,
$row->me_code);
+ $js = sprintf('<A class="line" href="javascript:void(0)"
onclick="modify_menu(\'%s\',\'%s\')">%s</A>', $gDossier, $row->me_code,
$row->me_code);
break;
}
$class = ( $i % 2 == 0) ? $class = ' class="odd"' : $class = '
class="even"';
Modified: phpcompta/trunk/include/profile.inc.php
===================================================================
--- phpcompta/trunk/include/profile.inc.php 2011-12-07 20:54:02 UTC (rev
4581)
+++ phpcompta/trunk/include/profile.inc.php 2011-12-07 23:10:27 UTC (rev
4582)
@@ -118,11 +118,8 @@
try
{
$cn->start();
- $me_code_dep=$cn->get_value("select me_code from
profile_menu where
- pm_id=$1",array($pm_id));
- $cn->exec_sql("delete from profile_menu where pm_id in
- (select pm_id from profile_menu where
me_code_dep=$1 and p_id=$2)",
- array($me_code_dep,$p_id));
+ $cn->exec_sql("delete from profile_menu where pm_id in
(select * from get_menu_dependency($1)",
+ array($pm_id));
$cn->exec_sql("delete from profile_menu where pm_id=$1",
array($pm_id));
$cn->commit();
Modified: phpcompta/trunk/sql/upgrade.sql
===================================================================
--- phpcompta/trunk/sql/upgrade.sql 2011-12-07 20:54:02 UTC (rev 4581)
+++ phpcompta/trunk/sql/upgrade.sql 2011-12-07 23:10:27 UTC (rev 4582)
@@ -1,6 +1,28 @@
-update attr_def set ad_type='numeric' where ad_id=20;
-insert into tmp_pcmn (pcm_val,pcm_lib,pcm_val_parent,pcm_type) select
split_part(tva_poste,',',1),tva_comment,substring(split_part(tva_poste,',',1),1,3),'PAS'
from tva_rate where split_part(tva_poste,',',1) not in (select pcm_val from
tmp_pcmn);
-insert into tmp_pcmn (pcm_val,pcm_lib,pcm_val_parent,pcm_type) select
split_part(tva_poste,',',2),tva_comment,substring(split_part(tva_poste,',',2),1,3),'ACT'
from tva_rate where split_part(tva_poste,',',2) not in (select pcm_val from
tmp_pcmn);
-update attr_def set ad_type='numeric',ad_size=6 where ad_id=20;
-update attr_def set ad_type='poste' where ad_id=5;
-update attr_def set ad_size=10 where ad_type='poste';
+CREATE OR REPLACE FUNCTION comptaproc.get_menu_dependency(profile_menu_id int)
+ RETURNS SETOF int AS
+$BODY$
+declare
+ i int;
+ x int;
+ e int;
+begin
+ for x in select pm_id,me_code
+ from profile_menu
+ where me_code_dep in (select me_code from profile_menu
where pm_id=profile_menu_id)
+ and p_id = (select p_id from profile_menu where
pm_id=profile_menu_id)
+ loop
+ return next x;
+
+ for e in select * from comptaproc.get_menu_dependency_pm(x)
+ loop
+ return next e;
+ end loop;
+
+ end loop;
+ return;
+end;
+$BODY$
+LANGUAGE plpgsql;
+
+delete from profile_menu where p_id=2 and me_code_dep='DIVPARM';
+delete from profile_menu where p_id=2 and me_code_dep='MOD';
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpcompta-dev] r4582 - in phpcompta/trunk: html html/js include sql,
phpcompta-dev <=