il y a 2 ans · e0cf29b122
--- a/htdocs/ecm/dir_add_card.php
+++ b/htdocs/ecm/dir_add_card.php
@@ -94,13 +94,16 @@ if (!empty($section)) {
 
				 
			
 
				 // Permissions
			
 
				 $permissiontoadd = 0;
			
 
				+$permissiontodelete = 0;
			
 
				 $permissiontoupload = 0;
			
 
				 if ($module == 'ecm') {
			
 
				 	$permissiontoadd = $user->rights->ecm->setup;
			
 
				+	$permissiontodelete = $user->rights->ecm->setup;
			
 
				 	$permissiontoupload = $user->rights->ecm->upload;
			
 
				 }
			
 
				 if ($module == 'medias') {
			
 
				 	$permissiontoadd = ($user->rights->mailing->creer || $user->rights->website->write);
			
 
				+	$permissiontodelete = ($user->rights->mailing->creer || $user->rights->website->write);
			
 
				 	$permissiontoupload = ($user->rights->mailing->creer || $user->rights->website->write);
			
 
				 }
			
 
				 
			
@@ -189,7 +192,7 @@ if ($action == 'add' && $permissiontoadd) {
 
				 			exit;
			
 
				 		}
			
 
				 	}
			
 
				-} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontoadd) {
			
 
				+} elseif ($action == 'confirm_deletesection' && $confirm == 'yes' && $permissiontodelete) {
			
 
				 	// Deleting file
			
 
				 	$result = $ecmdir->delete($user);
			
 
				 	setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
			
@@ -231,7 +234,8 @@ if ($action == 'create') {
 
				 	print '<table class="border centpercent">';
			
 
				 
			
 
				 	// Label
			
 
				-	print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td><input name="label" class="minwidth100" maxlength="32" value="'.(GETPOST("label", 'alpha') ? GETPOST("label", 'alpha') : $ecmdir->label).'" autofocus></td></tr>'."\n";
			
 
				+	print '<tr><td class="titlefieldcreate fieldrequired">'.$langs->trans("Label").'</td><td>';
			
 
				+	print '<input name="label" class="minwidth100" maxlength="32" value="'.GETPOST("label", 'alpha').'" autofocus></td></tr>'."\n";
			
 
				 
			
 
				 	print '<tr><td>'.$langs->trans("AddIn").'</td><td>';
			
 
				 	print $formecm->selectAllSections((GETPOST("catParent", 'alpha') ? GETPOST("catParent", 'alpha') : $ecmdir->fk_parent), 'catParent', $module);
			
--- a/htdocs/ecm/index.php
+++ b/htdocs/ecm/index.php
@@ -83,6 +83,12 @@ if ($user->socid) {
 
				 }
			
 
				 $result = restrictedArea($user, 'ecm', 0);
			
 
				 
			
 
				+$permissiontoread = $user->hasRight('ecm', 'read');
			
 
				+$permissiontocreate = $user->hasRight('ecm', 'upload');
			
 
				+$permissiontocreatedir = $user->hasRight('ecm', 'setup');
			
 
				+$permissiontodelete = $user->hasRight('ecm', 'upload');
			
 
				+$permissiontodeletedir = $user->hasRight('ecm', 'setup');
			
 
				+
			
 
				 
			
 
				 /*
			
 
				  *	Actions
			
@@ -93,7 +99,7 @@ $result = restrictedArea($user, 'ecm', 0);
 
				 //include DOL_DOCUMENT_ROOT.'/core/actions_linkedfiles.inc.php';
			
 
				 
			
 
				 // Upload file (code similar but different than actions_linkedfiles.inc.php)
			
 
				-if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC)) {
			
 
				+if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC) && $permissiontocreate) {
			
 
				 	// Define relativepath and upload_dir
			
 
				 	$relativepath = '';
			
 
				 	if ($ecmdir->id) {
			
@@ -130,7 +136,7 @@ if (GETPOST("sendit", 'alphanohtml') && !empty($conf->global->MAIN_UPLOAD_DOC))
 
				 }
			
 
				 
			
 
				 // Remove file (code similar but different than actions_linkedfiles.inc.php)
			
 
				-if ($action == 'confirm_deletefile') {
			
 
				+if ($action == 'confirm_deletefile' && $permissiontodelete) {
			
 
				 	if (GETPOST('confirm') == 'yes') {
			
 
				 		// GETPOST('urlfile','alpha') is full relative URL from ecm root dir. Contains path of all sections.
			
 
				 
			
@@ -152,7 +158,7 @@ if ($action == 'confirm_deletefile') {
 
				 }
			
 
				 
			
 
				 // Add directory
			
 
				-if ($action == 'add' && $user->rights->ecm->setup) {
			
 
				+if ($action == 'add' && $permissiontocreatedir) {
			
 
				 	$ecmdir->ref                = 'NOTUSEDYET';
			
 
				 	$ecmdir->label              = GETPOST("label");
			
 
				 	$ecmdir->description        = GETPOST("desc");
			
@@ -170,7 +176,7 @@ if ($action == 'add' && $user->rights->ecm->setup) {
 
				 }
			
 
				 
			
 
				 // Remove directory
			
 
				-if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes') {
			
 
				+if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes' && $permissiontodeletedir) {
			
 
				 	$result = $ecmdir->delete($user);
			
 
				 	setEventMessages($langs->trans("ECMSectionWasRemoved", $ecmdir->label), null, 'mesgs');
			
 
				 
			
@@ -180,7 +186,7 @@ if ($action == 'confirm_deletesection' && GETPOST('confirm', 'alpha') == 'yes')
 
				 // Refresh directory view
			
 
				 // This refresh list of dirs, not list of files (for preformance reason). List of files is refresh only if dir was not synchronized.
			
 
				 // To refresh content of dir with cache, just open the dir in edit mode.
			
 
				-if ($action == 'refreshmanual') {
			
 
				+if ($action == 'refreshmanual' && $permissiontoread) {
			
 
				 	$ecmdirtmp = new EcmDirectory($db);
			
 
				 
			
 
				 	// This part of code is same than into file ecm/ajax/ecmdatabase.php TODO Remove duplicate
			
--- a/htdocs/ecm/index_auto.php
+++ b/htdocs/ecm/index_auto.php
@@ -34,12 +34,6 @@ require_once DOL_DOCUMENT_ROOT.'/ecm/class/ecmdirectory.class.php';
 
				 // Load translation files required by the page
			
 
				 $langs->loadLangs(array("ecm", "companies", "other", "users", "orders", "propal", "bills", "contracts"));
			
 
				 
			
 
				-// Security check
			
 
				-if ($user->socid) {
			
 
				-	$socid = $user->socid;
			
 
				-}
			
 
				-$result = restrictedArea($user, 'ecm', 0);
			
 
				-
			
 
				 // Get parameters
			
 
				 $socid = GETPOST('socid', 'int');
			
 
				 $action = GETPOST('action', 'aZ09');
			
@@ -87,6 +81,12 @@ $userstatic = new User($db);
 
				 
			
 
				 $error = 0;
			
 
				 
			
 
				+// Security check
			
 
				+if ($user->socid) {
			
 
				+	$socid = $user->socid;
			
 
				+}
			
 
				+$result = restrictedArea($user, 'ecm', 0);
			
 
				+
			
 
				 
			
 
				 /*
			
 
				  *	Actions
			
--- a/htdocs/langs/en_US/ecm.lang
+++ b/htdocs/langs/en_US/ecm.lang
@@ -19,7 +19,7 @@ ECMArea=DMS/ECM area
 
				 ECMAreaDesc=The DMS/ECM (Document Management System / Electronic Content Management) area allows you to save, share and search quickly all kind of documents in Dolibarr.
			
 
				 ECMAreaDesc2a=* Manual directories can be used to save documents not linked to a particular element.
			
 
				 ECMAreaDesc2b=* Automatic directories are filled automatically when adding documents from the page of an element.
			
 
				-ECMAreaDesc3=* Medias directories are files into the subdirectory <b>/medias</b> of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files from emailing or website module.
			
 
				+ECMAreaDesc3=* Medias directories are files into the subdirectory <b>/medias</b> of documents directory, readable by everybody with no need to be logged and no need to have the file shared explicitely. It is used to store image files for the emailing or website module for example.
			
 
				 ECMSectionWasRemoved=Directory <b>%s</b> has been deleted.
			
 
				 ECMSectionWasCreated=Directory <b>%s</b> has been created.
			
 
				 ECMSearchByKeywords=Search by keywords