2 年之前 · 6bb8badfdf
--- a/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
+++ b/htdocs/adherents/canvas/default/tpl/adherentcard_view.tpl.php
@@ -128,7 +128,7 @@ if (empty($user->socid)) {
 
				 		echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=edit&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans('Modify').'</a>';
			
 
				 	}
			
 
				 
			
 
				-	if (!$this->control->tpl['user_id'] && $user->rights->user->user->creer) {
			
 
				+	if (!$this->control->tpl['user_id'] && $user->hasRight('user', 'user', 'creer')) {
			
 
				 		echo '<a class="butAction" href="'.$_SERVER["PHP_SELF"].'?id='.$this->control->tpl['id'].'&action=create_user&token='.newToken().'&canvas='.$canvas.'">'.$langs->trans("CreateDolibarrLogin").'</a>';
			
 
				 	}
			
 
				 
			
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -342,7 +342,7 @@ if (empty($reshook)) {
 
				 			// Check if we need to also synchronize user information
			
 
				 			$nosyncuser = 0;
			
 
				 			if ($object->user_id) {	// If linked to a user
			
 
				-				if ($user->id != $object->user_id && empty($user->rights->user->user->creer)) {
			
 
				+				if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'creer')) {
			
 
				 					$nosyncuser = 1; // Disable synchronizing
			
 
				 				}
			
 
				 			}
			
@@ -350,7 +350,7 @@ if (empty($reshook)) {
 
				 			// Check if we need to also synchronize password information
			
 
				 			$nosyncuserpass = 0;
			
 
				 			if ($object->user_id) {	// If linked to a user
			
 
				-				if ($user->id != $object->user_id && empty($user->rights->user->user->password)) {
			
 
				+				if ($user->id != $object->user_id && !$user->hasRight('user', 'user', 'password')) {
			
 
				 					$nosyncuserpass = 1; // Disable synchronizing
			
 
				 				}
			
 
				 			}
			
--- a/htdocs/adherents/ldap.php
+++ b/htdocs/adherents/ldap.php
@@ -51,14 +51,14 @@ if ($id > 0 || !empty($ref)) {
 
				 	$result = $object->fetch($id, $ref);
			
 
				 
			
 
				 	// Define variables to know what current user can do on users
			
 
				-	$canadduser = (!empty($user->admin) || !empty($user->rights->user->user->creer));
			
 
				+	$canadduser = (!empty($user->admin) || $user->hasRight('user', 'user', 'creer'));
			
 
				 	// Define variables to know what current user can do on properties of user linked to edited member
			
 
				 	if ($object->user_id) {
			
 
				 		// $User is the user who edits, $object->user_id is the id of the related user in the edited member
			
 
				 		$caneditfielduser = ((($user->id == $object->user_id) && !empty($user->rights->user->self->creer))
			
 
				-			|| (($user->id != $object->user_id) && !empty($user->rights->user->user->creer)));
			
 
				+			|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'creer')));
			
 
				 		$caneditpassworduser = ((($user->id == $object->user_id) && $user->rights->user->self->password)
			
 
				-			|| (($user->id != $object->user_id) && !empty($user->rights->user->user->password)));
			
 
				+			|| (($user->id != $object->user_id) && $user->hasRight('user', 'user', 'password')));
			
 
				 	}
			
 
				 }
			
 
				 
			
--- a/htdocs/adherents/list.php
+++ b/htdocs/adherents/list.php
@@ -262,7 +262,7 @@ if (empty($reshook)) {
 
				 	}
			
 
				 
			
 
				 	// Create external user
			
 
				-	if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->rights->user->user->creer) {
			
 
				+	if ($massaction == 'createexternaluser' && $user->hasRight('adherent', 'creer') && $user->hasRight('user', 'user', 'creer')) {
			
 
				 		$tmpmember = new Adherent($db);
			
 
				 		$error = 0;
			
 
				 		$nbcreated = 0;
			
--- a/htdocs/adherents/partnership.php
+++ b/htdocs/adherents/partnership.php
@@ -76,13 +76,13 @@ foreach ($object->fields as $key => $val) {
 
				 // Load object
			
 
				 include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php'; // Must be include, not include_once.
			
 
				 
			
 
				-$permissiontoread 		= $user->rights->partnership->read;
			
 
				-$permissiontoadd 		= $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
			
 
				-$permissiontodelete 	= $user->rights->partnership->delete || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
			
 
				-$permissionnote 		= $user->rights->partnership->write; // Used by the include of actions_setnotes.inc.php
			
 
				-$permissiondellink 		= $user->rights->partnership->write; // Used by the include of actions_dellink.inc.php
			
 
				-$usercanclose 			= $user->rights->partnership->write; // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
			
 
				-$upload_dir 			= $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1];
			
 
				+$permissiontoread = $user->hasRight('partnership', 'read');
			
 
				+$permissiontoadd = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
			
 
				+$permissiontodelete = $user->hasRight('partnership', 'delete') || ($permissiontoadd && isset($object->status) && $object->status == $object::STATUS_DRAFT);
			
 
				+$permissionnote = $user->hasRight('partnership', 'write'); // Used by the include of actions_setnotes.inc.php
			
 
				+$permissiondellink = $user->hasRight('partnership', 'write'); // Used by the include of actions_dellink.inc.php
			
 
				+$usercanclose = $user->hasRight('partnership', 'write'); // Used by the include of actions_addupdatedelete.inc.php and actions_lineupdown.inc.php
			
 
				+$upload_dir = $conf->partnership->multidir_output[isset($object->entity) ? $object->entity : 1];
			
 
				 
			
 
				 
			
 
				 if (getDolGlobalString('PARTNERSHIP_IS_MANAGED_FOR') != 'member') {
			
--- a/htdocs/adherents/subscription.php
+++ b/htdocs/adherents/subscription.php
@@ -151,9 +151,9 @@ if (empty($reshook) && $action == 'confirm_create_thirdparty' && $confirm == 'ye
 
				 	}
			
 
				 }
			
 
				 
			
 
				-if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->rights->user->user->creer)) {
			
 
				+if (empty($reshook) && $action == 'setuserid' && ($user->rights->user->self->creer || $user->hasRight('user', 'user', 'creer'))) {
			
 
				 	$error = 0;
			
 
				-	if (empty($user->rights->user->user->creer)) {    // If can edit only itself user, we can link to itself only
			
 
				+	if (!$user->hasRight('user', 'user', 'creer')) {    // If can edit only itself user, we can link to itself only
			
 
				 		if (GETPOST("userid", 'int') != $user->id && GETPOST("userid", 'int') != $object->user_id) {
			
 
				 			$error++;
			
 
				 			setEventMessages($langs->trans("ErrorUserPermissionAllowsToLinksToItselfOnly"), null, 'errors');
			
--- a/htdocs/adherents/vcard.php
+++ b/htdocs/adherents/vcard.php
@@ -35,14 +35,14 @@ $id = GETPOST('id', 'int');
 
				 $ref = GETPOST('ref', 'alphanohtml');
			
 
				 
			
 
				 $object = new adherent($db);
			
 
				-global $user;
			
 
				+
			
 
				 // Fetch object
			
 
				 if ($id > 0 || !empty($ref)) {
			
 
				 	// Load member
			
 
				 	$result = $object->fetch($id, $ref);
			
 
				 
			
 
				 	// Define variables to know what current user can do on users
			
 
				-	$canadduser = ($user->admin || $user->rights->user->user->creer);
			
 
				+	$canadduser = ($user->admin || $user->hasRight('user', 'user', 'creer'));
			
 
				 	// Define variables to know what current user can do on properties of user linked to edited member
			
 
				 	if ($object->user_id) {
			
 
				 		// $User is the user who edits, $object->user_id is the id of the related user in the edited member