diff --git a/ChangeLog b/ChangeLog index 218d68c4ed8a8..19385820457af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ For users: ---------- +* NEW: Ajout de la permission "Consulter les prix d'achat" pour permettre la consultation des prix fournisseurs sans droit de création. For developers: --------------- diff --git a/htdocs/core/lib/product.lib.php b/htdocs/core/lib/product.lib.php index d0e937722c44d..8807a1fde2d59 100644 --- a/htdocs/core/lib/product.lib.php +++ b/htdocs/core/lib/product.lib.php @@ -43,13 +43,14 @@ function product_prepare_head($object) $langs->load("products"); $label = $langs->trans('Product'); - $usercancreadprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('product', 'product_advance', 'read_prices') : $user->hasRight('product', 'read'); - $usercancreadsupplierprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('product', 'product_advance', 'read_supplier_prices') : $user->hasRight('product', 'read'); + $usercancreadprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('product', 'product_advance', 'read_prices') : $user->hasRight('product', 'read'); + // Allow supplier price consultation with dedicated permission when advanced rights are enabled / Permet la consultation des prix fournisseurs avec la permission dédiée lorsque les droits avancés sont activés + $usercancreadsupplierprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? ($user->hasRight('product', 'product_advance', 'read_supplier_prices') || $user->hasRight('product', 'product_advance', 'consult_supplier_prices')) : $user->hasRight('product', 'read'); if ($object->isService()) { $label = $langs->trans('Service'); - $usercancreadprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('service', 'service_advance', 'read_prices') : $user->hasRight('service', 'read'); - $usercancreadsupplierprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('service', 'service_advance', 'read_supplier_prices') : $user->hasRight('service', 'read'); + $usercancreadprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? $user->hasRight('service', 'service_advance', 'read_prices') : $user->hasRight('service', 'read'); + $usercancreadsupplierprice = getDolGlobalString('MAIN_USE_ADVANCED_PERMS') ? ($user->hasRight('service', 'service_advance', 'read_supplier_prices') || $user->hasRight('service', 'service_advance', 'consult_supplier_prices')) : $user->hasRight('service', 'read'); } $h = 0; diff --git a/htdocs/core/modules/modProduct.class.php b/htdocs/core/modules/modProduct.class.php index 77f7e4909edcf..e0d63ef142525 100644 --- a/htdocs/core/modules/modProduct.class.php +++ b/htdocs/core/modules/modProduct.class.php @@ -138,13 +138,22 @@ public function __construct($db) $this->rights[$r][5] = 'read_prices'; $r++; - $this->rights[$r][0] = 35; // id de la permission - $this->rights[$r][1] = 'Read supplier prices'; // libelle de la permission - $this->rights[$r][2] = 'w'; // type de la permission (deprecated) - $this->rights[$r][3] = 0; // La permission est-elle une permission par default - $this->rights[$r][4] = 'product_advance'; - $this->rights[$r][5] = 'read_supplier_prices'; - $r++; + $this->rights[$r][0] = 35; // id de la permission + $this->rights[$r][1] = 'Read supplier prices'; // libelle de la permission + $this->rights[$r][2] = 'w'; // type de la permission (deprecated) + $this->rights[$r][3] = 0; // La permission est-elle une permission par default + $this->rights[$r][4] = 'product_advance'; + $this->rights[$r][5] = 'read_supplier_prices'; + $r++; + + // Allow consulting supplier buying prices when advanced rights are enabled / Permet de consulter les prix d'achat fournisseurs quand les droits avancés sont activés + $this->rights[$r][0] = 36; // id de la permission + $this->rights[$r][1] = 'PermissionConsultSupplierBuyingPrices'; // libelle de la permission + $this->rights[$r][2] = 'r'; // type de la permission (deprecated) + $this->rights[$r][3] = 0; // La permission est-elle une permission par default + $this->rights[$r][4] = 'product_advance'; + $this->rights[$r][5] = 'consult_supplier_prices'; + $r++; $this->rights[$r][0] = 34; // id de la permission $this->rights[$r][1] = 'Delete products'; // libelle de la permission diff --git a/htdocs/langs/en_US/products.lang b/htdocs/langs/en_US/products.lang index 37b8e002c13da..721682f11c33c 100644 --- a/htdocs/langs/en_US/products.lang +++ b/htdocs/langs/en_US/products.lang @@ -170,6 +170,7 @@ ProductIsUsed=This product is used NewRefForClone=Ref. of new product/service SellingPrices=Selling prices BuyingPrices=Buying prices +PermissionConsultSupplierBuyingPrices=View supplier buying prices CustomerPrices=Customer prices SuppliersPrices=Vendor prices SuppliersPricesOfProductsOrServices=Vendor prices (of products or services) diff --git a/htdocs/langs/fr_FR/products.lang b/htdocs/langs/fr_FR/products.lang index 7428ceb4fc879..8744e0f49dad6 100644 --- a/htdocs/langs/fr_FR/products.lang +++ b/htdocs/langs/fr_FR/products.lang @@ -175,6 +175,7 @@ ProductIsUsed=Ce produit est utilisé NewRefForClone=Réf. du nouveau produit/service SellingPrices=Prix de vente BuyingPrices=Prix d'achat +PermissionConsultSupplierBuyingPrices=Consulter les prix d'achat CustomerPrices=Prix clients SuppliersPrices=Prix fournisseurs SuppliersPricesOfProductsOrServices=Prix fournisseurs (des produits ou services) diff --git a/htdocs/product/price_suppliers.php b/htdocs/product/price_suppliers.php index 6c5884dd55f97..27c02da55647b 100644 --- a/htdocs/product/price_suppliers.php +++ b/htdocs/product/price_suppliers.php @@ -121,16 +121,37 @@ $usercanread = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'lire')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'lire'))); $usercancreate = (($object->type == Product::TYPE_PRODUCT && $user->hasRight('produit', 'creer')) || ($object->type == Product::TYPE_SERVICE && $user->hasRight('service', 'creer'))); +// Allow supplier price consultation right without creation capability / Permet la consultation des prix fournisseurs sans droit de création +$usercanconsultsuppliers = (bool) $usercancreate; +if ($prod->id > 0) { + if ($prod->type == Product::TYPE_PRODUCT) { + if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) { + $usercanconsultsuppliers = $usercanconsultsuppliers || $user->hasRight('product', 'product_advance', 'read_supplier_prices') || $user->hasRight('product', 'product_advance', 'consult_supplier_prices'); + } else { + $usercanconsultsuppliers = $usercanconsultsuppliers || $user->hasRight('produit', 'lire'); + } + } elseif ($prod->type == Product::TYPE_SERVICE) { + if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS')) { + $usercanconsultsuppliers = $usercanconsultsuppliers || $user->hasRight('service', 'service_advance', 'read_supplier_prices') || $user->hasRight('service', 'service_advance', 'consult_supplier_prices'); + } else { + $usercanconsultsuppliers = $usercanconsultsuppliers || $user->hasRight('service', 'lire'); + } + } +} if ($object->id > 0) { - if ($object->type == $object::TYPE_PRODUCT) { - restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); - } - if ($object->type == $object::TYPE_SERVICE) { - restrictedArea($user, 'service', $object->id, 'product&product', '', ''); - } + if ($object->type == $object::TYPE_PRODUCT) { + restrictedArea($user, 'produit', $object->id, 'product&product', '', ''); + } + if ($object->type == $object::TYPE_SERVICE) { + restrictedArea($user, 'service', $object->id, 'product&product', '', ''); + } } else { - restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); + restrictedArea($user, 'produit|service', $fieldvalue, 'product&product', '', '', $fieldtype); +} + +if (getDolGlobalString('MAIN_USE_ADVANCED_PERMS') && empty($usercanconsultsuppliers)) { + accessforbidden(); }