NEW Add permission "export website"

htdocs/exports/export.php

@@ -154,6 +154,9 @@ $upload_dir = $conf->export->dir_temp.'/'.$user->id;
 //$usefilters=($conf->global->MAIN_FEATURES_LEVEL > 1);
 $usefilters = 1;
 
+// Security check
+$result = restrictedArea($user, 'export');
+
 
 /*
  * Actions

htdocs/exports/index.php

@@ -27,11 +27,12 @@ require_once DOL_DOCUMENT_ROOT.'/exports/class/export.class.php';
 // Load translation files required by the page
 $langs->load("exports");
 
+$export = new Export($db);
+$export->load_arrays($user);
+
 // Security check
 $result = restrictedArea($user, 'export');
 
-$export = new Export($db);
-$export->load_arrays($user);
 
 /*
  * View

htdocs/website/index.php

@@ -477,7 +477,7 @@ if ($massaction == 'setcategory' && GETPOST('confirmmassaction', 'alpha') && $us
 }
 
 // Replacement of string into pages
-if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha')) {
+if ($massaction == 'replace' && GETPOST('confirmmassaction', 'alpha') && $usercanedit) {
 	$replacestring = GETPOST('replacestring', 'none');
 
 	if (empty($user->rights->website->writephp)) {
@@ -567,7 +567,7 @@ if ($action == 'adddir' && $permtouploadfile)
 */
 
 // Add site
-if ($action == 'addsite') {
+if ($action == 'addsite' && $usercanedit) {
 	$db->begin();
 
 	if (GETPOST('virtualhost', 'alpha') && !preg_match('/^http/', GETPOST('virtualhost', 'alpha'))) {
@@ -625,7 +625,7 @@ if ($action == 'addsite') {
 }
 
 // Add page/container
-if ($action == 'addcontainer') {
+if ($action == 'addcontainer' && $usercanedit) {
 	dol_mkdir($pathofwebsite);
 
 	$db->begin();
@@ -1148,7 +1148,7 @@ if ($action == 'addcontainer') {
 }
 
 // Delete site
-if ($action == 'confirm_deletesite' && $confirm == 'yes') {
+if ($action == 'confirm_deletesite' && $confirm == 'yes' && $permissiontodelete) {
 	$error = 0;
 
 	$db->begin();
@@ -1276,7 +1276,7 @@ if (!GETPOSTISSET('pageid')) {
 }
 
 // Update css Update site properties
-if ($action == 'updatecss') {
+if ($action == 'updatecss' && $usercanedit) {
 	// If we tried to reload another site/page, we stay on editcss mode.
 	if (GETPOST('refreshsite') || GETPOST('refreshsite_x') || GETPOST('refreshsite.x') || GETPOST('refreshpage') || GETPOST('refreshpage_x') || GETPOST('refreshpage.x')) {
 		$action = 'editcss';
@@ -1523,7 +1523,7 @@ if ($action == 'updatecss') {
 }
 
 // Update page
-if ($action == 'setashome') {
+if ($action == 'setashome' && $usercanedit) {
 	$db->begin();
 	$object->fetch(0, $websitekey);
 	$website = $object;
@@ -1556,7 +1556,7 @@ if ($action == 'setashome') {
 }
 
 // Update page properties (meta)
-if ($action == 'updatemeta') {
+if ($action == 'updatemeta' && $usercanedit) {
 	$db->begin();
 
 	$result = $object->fetch(0, $websitekey);
@@ -1778,8 +1778,8 @@ if ($action == 'updatemeta') {
 }
 
 // Update page
-if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'confirm_createfromclone' || $action == 'confirm_createpagefromclone')
-	|| ($action == 'preview' && (GETPOST('refreshsite') || GETPOST('refreshpage') || GETPOST('preview')))) {
+if ($usercanedit && (($action == 'updatesource' || $action == 'updatecontent' || $action == 'confirm_createfromclone' || $action == 'confirm_createpagefromclone')
+	|| ($action == 'preview' && (GETPOST('refreshsite') || GETPOST('refreshpage') || GETPOST('preview'))))) {
 	$object->fetch(0, $websitekey);
 	$website = $object;
 
@@ -2041,7 +2041,7 @@ if (($action == 'updatesource' || $action == 'updatecontent' || $action == 'conf
 }
 
 // Export site
-if ($action == 'exportsite') {
+if ($action == 'exportsite' && !empty($user->rights->website->export)) {
 	$fileofzip = $object->exportWebSite();
 
 	if ($fileofzip) {
@@ -2060,7 +2060,7 @@ if ($action == 'exportsite') {
 }
 
 // Regenerate site
-if ($action == 'regeneratesite') {
+if ($action == 'regeneratesite' && $usercanedit) {
 	// Check symlink to medias and restore it if ko. Recreate also dir of website if not found.
 	$pathtomedias = DOL_DATA_ROOT.'/medias';
 	$pathtomediasinwebsite = $pathofwebsite.'/medias';
@@ -2085,7 +2085,7 @@ if ($action == 'regeneratesite') {
 }
 
 // Import site
-if ($action == 'importsiteconfirm') {
+if ($action == 'importsiteconfirm' && $usercanedit) {
 	if (empty($_FILES) && !GETPOSTISSET('templateuserfile')) {
 		setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("File")), null, 'errors');
 		$action = 'importsite';
@@ -2162,7 +2162,7 @@ $domainname = '0.0.0.0:8080';
 $tempdir = $conf->website->dir_output.'/'.$websitekey.'/';
 
 // Generate web site sitemaps
-if ($action == 'generatesitemaps') {
+if ($action == 'generatesitemaps' && $usercanedit) {
 	$domtree = new DOMDocument('1.0', 'UTF-8');
 	$root = $domtree->createElementNS('http://www.sitemaps.org/schemas/sitemap/0.9', 'urlset');
 	$domtree->formatOutput = true;
@@ -2331,6 +2331,10 @@ if (!GETPOST('hide_websitemenu')) {
 	if (empty($user->rights->website->write)) {
 		$disabled = ' disabled="disabled"';
 	}
+	$disabledexport = '';
+	if (empty($user->rights->website->export)) {
+		$disabledexport = ' disabled="disabled"';
+	}
 
 	if ($websitekey) {
 		$virtualurl = '';
@@ -2446,7 +2450,7 @@ if (!GETPOST('hide_websitemenu')) {
 			}
 
 			//print '<input type="submit" class="button"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("EditMenu")).'" name="editmenu">';
-			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
+			print '<input type="submit" class="button bordertransp"'.$disabledexport.' value="'.dol_escape_htmltag($exportlabel).'" name="exportsite">';
 
 			print '<input type="submit" class="button bordertransp"'.$disabled.' value="'.dol_escape_htmltag($langs->trans("CloneSite")).'" name="createfromclone">';