[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 09/38: Task #2321: Sécurité : empêcher change
From: |
dwm |
Subject: |
[Noalyss-commit] [noalyss] 09/38: Task #2321: Sécurité : empêcher changement de numéro de pièce |
Date: |
Sun, 18 Feb 2024 07:30:42 -0500 (EST) |
sparkyx pushed a commit to branch devel
in repository noalyss.
commit 86048860341801f88d708dc22aa87232cae9b8a8
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Fri Feb 2 16:11:18 2024 +0100
Task #2321: Sécurité : empêcher changement de numéro de pièce
---
include/ajax/ajax_ledger.php | 821 +++++++++++++---------------
include/class/acc_ledger.class.php | 50 +-
include/class/acc_ledger_purchase.class.php | 29 +-
include/class/acc_ledger_sale.class.php | 23 +-
include/company.inc.php | 12 +-
include/constant.security.php | 1 +
include/template/ledger_detail_ach.php | 2 +
include/template/ledger_detail_misc.php | 3 +
include/template/ledger_detail_ven.php | 2 +
sql/upgrade.sql | 2 +
10 files changed, 479 insertions(+), 466 deletions(-)
diff --git a/include/ajax/ajax_ledger.php b/include/ajax/ajax_ledger.php
index 5a636d361..001ef0ac0 100644
--- a/include/ajax/ajax_ledger.php
+++ b/include/ajax/ajax_ledger.php
@@ -29,26 +29,23 @@
- update of analytic content
*
*/
-if ( ! defined('ALLOWED')) die(_('Non authorisé'));
+if (!defined('ALLOWED')) die(_('Non authorisé'));
-$http=new HttpInput();
+$http = new HttpInput();
/**
* Check if we receive the needed data (jr_id...)
*/
-global $g_user,$cn,$g_parameter;
+global $g_user, $cn, $g_parameter;
mb_internal_encoding("UTF-8");
-try
-{
- $action=$http->request('act');
- $jr_id=$http->request('jr_id');
- $div=$http->request('div'); /* the div source and target
for javascript */
- $gDossier=dossier::id();
-
-}
-catch (Exception $exc)
-{
+try {
+ $action = $http->request('act');
+ $jr_id = $http->request('jr_id');
+ $div = $http->request('div'); /* the div source and target for
javascript */
+ $gDossier = dossier::id();
+
+} catch (Exception $exc) {
error_log($exc->getTraceAsString());
return;
}
@@ -57,18 +54,17 @@ catch (Exception $exc)
*if $_SESSION[SESSION_KEY.'g_user'] is not set : echo a warning
*/
-$cn=Dossier::connect();
-$g_parameter=new Noalyss_Parameter_Folder($cn);
+$cn = Dossier::connect();
+$g_parameter = new Noalyss_Parameter_Folder($cn);
$g_user->check();
-if ( $g_user->check_dossier(dossier::id(),true)=='X' )
-{
+if ($g_user->check_dossier(dossier::id(), true) == 'X') {
ob_start();
- require_once NOALYSS_TEMPLATE.'/ledger_detail_forbidden.php';
- echo HtmlInput::button_close($div);
- $html=ob_get_contents();
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_forbidden.php';
+ echo HtmlInput::button_close($div);
+ $html = ob_get_contents();
ob_end_clean();
- $html=escape_xml($html);
+ $html = escape_xml($html);
header('Content-type: text/xml; charset=UTF-8');
echo <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
@@ -83,21 +79,24 @@ EOF;
// check if the user can access the ledger where the operation is (view) and
// if he can modify it
-$op=new Acc_Operation($cn);
-$op->jr_id=$jr_id;
-$ledger=$op->get_ledger();
-if ($ledger=="")
-{
+$op = new Acc_Operation($cn);
+$op->jr_id = $jr_id;
+$ledger = $op->get_ledger();
+if ($ledger == "") {
ob_start();
- echo HtmlInput::title_box(_("Information"), $div);
- require_once NOALYSS_TEMPLATE.'/ledger_detail_forbidden.php';
- echo HtmlInput::button_close($div);
- $html=ob_get_contents();
+ echo HtmlInput::title_box(_("Information"), $div);
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_forbidden.php';
+ echo HtmlInput::button_close($div);
+ $html = ob_get_contents();
ob_end_clean();
- $html=escape_xml($html);
- if ( ! headers_sent()) { header('Content-type: text/xml;
charset=UTF-8');} else { echo "HTML".unescape_xml($html);}
+ $html = escape_xml($html);
+ if (!headers_sent()) {
+ header('Content-type: text/xml; charset=UTF-8');
+ } else {
+ echo "HTML" . unescape_xml($html);
+ }
echo <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<data>
@@ -108,16 +107,15 @@ EOF;
exit();
}
-$access=$g_user->get_ledger_access($ledger);
-if ( $access == 'X' )
-{
+$access = $g_user->get_ledger_access($ledger);
+if ($access == 'X') {
ob_start();
- echo HtmlInput::title_box(_("Information"), $div);
- require_once NOALYSS_TEMPLATE.'/ledger_detail_forbidden.php';
- echo HtmlInput::button_close($div);
- $html=ob_get_contents();
+ echo HtmlInput::title_box(_("Information"), $div);
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_forbidden.php';
+ echo HtmlInput::button_close($div);
+ $html = ob_get_contents();
ob_end_clean();
- $html=escape_xml($html);
+ $html = escape_xml($html);
header('Content-type: text/xml; charset=UTF-8');
echo <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
@@ -128,474 +126,421 @@ if ( $access == 'X' )
EOF;
exit();
}
-$html=var_export($_REQUEST,true);
-switch ($action)
-{
+$html = var_export($_REQUEST, true);
+switch ($action) {
///////////////////////////////////////////////////////////////////////////
// remove op
///////////////////////////////////////////////////////////////////////////
-case 'rmop':
- if ( $access=='W' && $g_user->check_action(RMOPER) == 1)
- {
+ case 'rmop':
+ if ($access == 'W' && $g_user->check_action(RMOPER) == 1) {
ob_start();
/* get the ledger */
- try
- {
+ try {
$cn->start();
- $oLedger=new Acc_Ledger($cn,$ledger);
- $oLedger->jr_id=$jr_id=$http->request('jr_id',"number");
+ $oLedger = new Acc_Ledger($cn, $ledger);
+ $oLedger->jr_id = $jr_id = $http->request('jr_id', "number");
$oLedger->delete();
$cn->commit();
echo _("Opération Effacée");
- }
- catch (Exception $e)
- {
- record_log($e);
+ } catch (Exception $e) {
+ record_log($e);
$e->getMessage();
$cn->rollback();
}
- $html=ob_get_contents();
+ $html = ob_get_contents();
ob_end_clean();
+ } else {
+ $html = _("Effacement refusé");
}
- else
- {
- $html= _("Effacement refusé");
- }
- break;
+ break;
//////////////////////////////////////////////////////////////////////
// DE Detail
//////////////////////////////////////////////////////////////////////
-case 'de':
- ob_start();
+ case 'de':
+ ob_start();
- try
- {
- /* get detail op (D/C) */
- $op->get();
- /* return an obj. ACH / FIN or VEN or null if nothing is found*/
- $obj=$op->get_quant();
-
- $oLedger=new Acc_Ledger($cn,$ledger);
- if ( $obj==null || $obj->signature == 'ODS' )
- {
- /* only the details */
- require_once NOALYSS_TEMPLATE.'/ledger_detail_misc.php';
- }
- elseif ( $obj->signature=='ACH')
- {
- require_once NOALYSS_TEMPLATE.'/ledger_detail_ach.php';
- }
- elseif ($obj->signature=='FIN')
- {
- require_once NOALYSS_TEMPLATE.'/ledger_detail_fin.php';
- }
- elseif ( $obj->signature=='VEN')
- {
- require_once NOALYSS_TEMPLATE.'/ledger_detail_ven.php';
+ try {
+ /* get detail op (D/C) */
+ $op->get();
+ /* return an obj. ACH / FIN or VEN or null if nothing is found*/
+ $obj = $op->get_quant();
+
+ $oLedger = new Acc_Ledger($cn, $ledger);
+ if ($obj == null || $obj->signature == 'ODS') {
+ /* only the details */
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_misc.php';
+ } elseif ($obj->signature == 'ACH') {
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_ach.php';
+ } elseif ($obj->signature == 'FIN') {
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_fin.php';
+ } elseif ($obj->signature == 'VEN') {
+ require_once NOALYSS_TEMPLATE . '/ledger_detail_ven.php';
+ }
+ } catch (Exception $e) {
+ record_log($e);
+ echo Icon_Action::close($div);
+ echo '<h2 class="error">' . _("Désolé il y a une erreur") .
'</h2>';
}
- }
- catch (Exception $e)
- {
- record_log($e);
- echo Icon_Action::close($div);
- echo '<h2 class="error">'._("Désolé il y a une erreur").'</h2>';
- }
- $html=ob_get_contents();
- ob_end_clean();
+ $html = ob_get_contents();
+ ob_end_clean();
- break;
+ break;
/////////////////////////////////////////////////////////////////////////////
// form for the file
/////////////////////////////////////////////////////////////////////////////
-case 'file':
- $op->get();
- $obj=$op->get_quant(); /* return an obj. ACH / FIN or VEN or null if
nothing is found*/
-
- $repo = new Database();
- html_min_page_start($_SESSION[SESSION_KEY.'g_theme']);
-
- // if there is a receipt document
- if ( $obj->det->jr_pj_name=='')
- {
- if ( ! isset($_REQUEST['ajax']) ) {
- echo '<div class="op_detail_frame">';
- }else {
- echo "<div>";
+ case 'file':
+ $op->get();
+ $obj = $op->get_quant(); /* return an obj. ACH / FIN or VEN or null
if nothing is found*/
- }
- if ( $access=='W')
- {
- $check_receipt=sprintf("check_receipt_size('%s','file%s')",
- MAX_FILE_SIZE,$div);
- echo '<FORM METHOD="POST" ENCTYPE="multipart/form-data"
id="form_file" >';
-
- $sp=new ISpan('file'.$div);
-
$sp->style="display:none;background-color:red;color:white;font-size:12px";
- $sp->value=_("Chargement");
- echo $sp->input();
- echo HtmlInput::hidden('act','loadfile');
- echo dossier::hidden();
- echo HtmlInput::hidden('jr_id',$jr_id);
- echo HtmlInput::hidden('div',$div);
- echo '<INPUT TYPE="FILE" id="receipt_id" name="pj"
onchange="'.$check_receipt.'">';
+ $repo = new Database();
+ html_min_page_start($_SESSION[SESSION_KEY . 'g_theme']);
- echo '<p id="receipt_info_id" class="error"></p>';
+ // if there is a receipt document
+ if ($obj->det->jr_pj_name == '') {
+ if (!isset($_REQUEST['ajax'])) {
+ echo '<div class="op_detail_frame">';
+ } else {
+ echo "<div>";
- echo '</FORM>';
- }
- else
- {
- if (!isset($_REQUEST['ajax']))
- {
- echo '<div class="op_detail_frame">';
}
- else
- {
+ if ($access == 'W') {
+ $check_receipt = sprintf("check_receipt_size('%s','file%s')",
+ MAX_FILE_SIZE, $div);
+ echo '<FORM METHOD="POST" ENCTYPE="multipart/form-data"
id="form_file" >';
+
+ $sp = new ISpan('file' . $div);
+ $sp->style =
"display:none;background-color:red;color:white;font-size:12px";
+ $sp->value = _("Chargement");
+ echo $sp->input();
+ echo HtmlInput::hidden('act', 'loadfile');
+ echo dossier::hidden();
+ echo HtmlInput::hidden('jr_id', $jr_id);
+ echo HtmlInput::hidden('div', $div);
+ echo '<INPUT TYPE="FILE" id="receipt_id" name="pj" onchange="'
. $check_receipt . '">';
+
+ echo '<p id="receipt_info_id" class="error"></p>';
+
+ echo '</FORM>';
+ } else {
+ if (!isset($_REQUEST['ajax'])) {
+ echo '<div class="op_detail_frame">';
+ } else {
echo "<div>";
- }
-
+ }
- echo _('Aucun fichier');
- }
- echo '</div>';
- exit();
- }
- else
- {
- // There is no document attached to this writing
- //
- if ( ! isset($_REQUEST['ajax']) ) {
+
+ echo _('Aucun fichier');
+ }
+ echo '</div>';
+ exit();
+ } else {
+ // There is no document attached to this writing
+ //
+ if (!isset($_REQUEST['ajax'])) {
echo '<div class="op_detail_frame">';
- }else {
+ } else {
echo "<div>";
+ }
+ echo '<div class="op_detail_frame">';
+ $x = '';
+ if ($access == 'W' && $g_user->check_action(RMRECEIPT) == 1) {
+ // Not possible to remove the file thanks a modal dialog box,
+ // because of the frameset
+
+ $x = Icon_Action::trash(uniqid(),
+ sprintf("if (confirm(content[47]))
{document.location.href='ajax_misc.php?op=ledger&gDossier=%d&div=%s&jr_id=%s&act=rmf'}",
+ $gDossier, $div, $jr_id));
+
+ }
+ $filename = $obj->det->jr_pj_name;
+ if (strlen($obj->det->jr_pj_name) > 60) {
+ $filename = mb_substr($obj->det->jr_pj_name, 0, 60);
+ }
+ echo HtmlInput::show_receipt_document($jr_id, h($filename));
+ echo $x;
+ echo '<p id="receipt_info_id" class="error"></p>';
+ echo '</div>';
+ echo '</body></html>';
+ exit();
}
- echo '<div class="op_detail_frame">';
- $x='';
- if ($access=='W' && $g_user->check_action (RMRECEIPT) == 1)
- {
- // Not possible to remove the file thanks a modal dialog box,
- // because of the frameset
-
- $x=Icon_Action::trash(uniqid(),
- sprintf("if (confirm(content[47]))
{document.location.href='ajax_misc.php?op=ledger&gDossier=%d&div=%s&jr_id=%s&act=rmf'}",
- $gDossier,$div,$jr_id));
-
- }
- $filename= $obj->det->jr_pj_name;
- if ( strlen($obj->det->jr_pj_name) > 60 )
- {
- $filename=mb_substr($obj->det->jr_pj_name,0,60);
- }
- echo HtmlInput::show_receipt_document($jr_id,h($filename));
- echo $x;
- echo '<p id="receipt_info_id" class="error"></p>';
- echo '</div>';
- echo '</body></html>';
- exit();
- }
/////////////////////////////////////////////////////////////////////////////
// load a file
/////////////////////////////////////////////////////////////////////////////
-case 'loadfile':
- if ( $access == 'W' && isset ($_FILES))
- {
- $cn->start();
- // remove the file
- $grpt=$cn->get_value('select jr_grpt_id from jrn where
jr_id=$1',array($jr_id));
- $cn->save_receipt($grpt);
- $cn->commit();
- // Show a link to the new file
- $op->get();
- $obj=$op->get_quant(); /* return an obj. ACH / FIN or VEN or null if
nothing is found*/
- html_min_page_start($_SESSION[SESSION_KEY.'g_theme']);
- if ( ! isset($_REQUEST['ajax']) ) echo "<body
class=\"op_detail_frame\">"; else echo "<body>";
- echo '<div class="op_detail_frame">';
- $x="";
- // check if the user can remove a document
- if ($g_user->check_action (RMRECEIPT) == 1) {
- // Not possible to remove the file thanks a modal dialog box,
- // because of the frameset
- $x=Icon_Action::trash(uniqid(),
+ case 'loadfile':
+ if ($access == 'W' && isset ($_FILES)) {
+ $cn->start();
+ // remove the file
+ $grpt = $cn->get_value('select jr_grpt_id from jrn where
jr_id=$1', array($jr_id));
+ $cn->save_receipt($grpt);
+ $cn->commit();
+ // Show a link to the new file
+ $op->get();
+ $obj = $op->get_quant(); /* return an obj. ACH / FIN or VEN or
null if nothing is found*/
+ html_min_page_start($_SESSION[SESSION_KEY . 'g_theme']);
+ if (!isset($_REQUEST['ajax'])) echo "<body
class=\"op_detail_frame\">"; else echo "<body>";
+ echo '<div class="op_detail_frame">';
+ $x = "";
+ // check if the user can remove a document
+ if ($g_user->check_action(RMRECEIPT) == 1) {
+ // Not possible to remove the file thanks a modal dialog box,
+ // because of the frameset
+ $x = Icon_Action::trash(uniqid(),
sprintf("if (confirm(content[47]))
{document.location.href='ajax_misc.php?op=ledger&gDossier=%d&div=%s&jr_id=%s&act=rmf'}",
- $gDossier,$div,$jr_id));
- }
- $filename= $obj->det->jr_pj_name;
- echo HtmlInput::show_receipt_document($jr_id,h($filename));
- echo $x;
+ $gDossier, $div, $jr_id));
+ }
+ $filename = $obj->det->jr_pj_name;
+ echo HtmlInput::show_receipt_document($jr_id, h($filename));
+ echo $x;
- echo '</div>';
- echo '</body></html>';
- }
- exit();
+ echo '</div>';
+ echo '</body></html>';
+ }
+ exit();
/////////////////////////////////////////////////////////////////////////////
// remove a file
/////////////////////////////////////////////////////////////////////////////
-case 'rmf':
- if ( $access == 'W' && $g_user->check_action (RMRECEIPT) == 1)
- {
- $repo=new Database();
- html_min_page_start($_SESSION[SESSION_KEY.'g_theme']);
- echo '<div class="op_detail_frame">';
- $check_receipt=sprintf("check_receipt_size('%s','file%s')",
- MAX_FILE_SIZE,$div);
- echo '<FORM METHOD="POST" ENCTYPE="multipart/form-data"
id="form_file">';
- $sp=new ISpan('file'.$div);
-
$sp->style="display:none;width:155px;height:15px;background-color:red;color:white;font-size:10px";
- $sp->value=_("Chargement");
- echo $sp->input();
-
- echo HtmlInput::hidden('act','loadfile');
- echo dossier::hidden();
- echo HtmlInput::hidden('jr_id',$jr_id);
- echo HtmlInput::hidden('div',$div);
-
- echo '<INPUT TYPE="FILE" id="receipt_id" name="pj"
onchange="'.$check_receipt.'">';
- echo '<p id="receipt_info_id" class="error"></p>';
- echo '</FORM>';
- $ret=$cn->exec_sql("select jr_pj from jrn where
jr_id=$1",array($jr_id));
- if (Database::num_row($ret) != 0)
- {
- $r=Database::fetch_array($ret,0);
- $old_oid=$r['jr_pj'];
- if (strlen($old_oid) != 0)
- {
- // check if this pj is used somewhere else
- $c=$cn->count_sql("select * from jrn where jr_pj=".$old_oid);
- if ( $c == 1 )
- $cn->lo_unlink($old_oid);
+ case 'rmf':
+ if ($access == 'W' && $g_user->check_action(RMRECEIPT) == 1) {
+ $repo = new Database();
+ html_min_page_start($_SESSION[SESSION_KEY . 'g_theme']);
+ echo '<div class="op_detail_frame">';
+ $check_receipt = sprintf("check_receipt_size('%s','file%s')",
+ MAX_FILE_SIZE, $div);
+ echo '<FORM METHOD="POST" ENCTYPE="multipart/form-data"
id="form_file">';
+ $sp = new ISpan('file' . $div);
+ $sp->style =
"display:none;width:155px;height:15px;background-color:red;color:white;font-size:10px";
+ $sp->value = _("Chargement");
+ echo $sp->input();
+
+ echo HtmlInput::hidden('act', 'loadfile');
+ echo dossier::hidden();
+ echo HtmlInput::hidden('jr_id', $jr_id);
+ echo HtmlInput::hidden('div', $div);
+
+ echo '<INPUT TYPE="FILE" id="receipt_id" name="pj" onchange="' .
$check_receipt . '">';
+ echo '<p id="receipt_info_id" class="error"></p>';
+ echo '</FORM>';
+ $ret = $cn->exec_sql("select jr_pj from jrn where jr_id=$1",
array($jr_id));
+ if (Database::num_row($ret) != 0) {
+ $r = Database::fetch_array($ret, 0);
+ $old_oid = $r['jr_pj'];
+ if (strlen($old_oid) != 0) {
+ // check if this pj is used somewhere else
+ $c = $cn->count_sql("select * from jrn where jr_pj=" .
$old_oid);
+ if ($c == 1)
+ $cn->lo_unlink($old_oid);
+ }
+ $cn->exec_sql("update jrn set jr_pj=null, jr_pj_name=null, " .
+ "jr_pj_type=null where jr_id=$1", array($jr_id));
}
- $cn->exec_sql("update jrn set jr_pj=null, jr_pj_name=null, ".
- "jr_pj_type=null where jr_id=$1",array($jr_id));
}
- }
- echo '</div>';
- exit();
+ echo '</div>';
+ exit();
/////////////////////////////////////////////////////////////////////////////
// Save operation detail
/////////////////////////////////////////////////////////////////////////////
-case 'save':
- ob_start();
- $http=new HttpInput();
- try
- {
- $cn->start();
- if ( $access=="W")
- {
- if (isset($_POST['p_ech']) )
- {
- $ech=$http->post('p_ech');
- if ( trim($ech) != '' && isDate($ech) != null)
- {
- $cn->exec_sql("update jrn set jr_ech=to_date($1,'DD.MM.YYYY')
where jr_id=$2",
- array($ech,$jr_id));
-
- }
- else
- {
- $cn->exec_sql("update jrn set jr_ech=null where jr_id=$1",
- array($jr_id));
-
- }
- }
-
- if (isset($_POST['p_date_paid']) )
- {
- $ech=$http->post('p_date_paid');
- if ( trim($ech) != '' && isDate($ech) != null)
- {
- $cn->exec_sql("update jrn set
jr_date_paid=to_date($1,'DD.MM.YYYY') where jr_id=$2",
- array($ech,$jr_id));
-
- }
- else
- {
- $cn->exec_sql("update jrn set jr_date_paid=null where
jr_id=$1",
- array($jr_id));
-
- }
- }
-
- $cn->exec_sql("update jrn set
jr_comment=$1,jr_pj_number=$2,jr_date=to_date($4,'DD.MM.YYYY'),jr_optype=$5
where jr_id=$3",
-
array($http->post('lib'),$http->post('npj'),$jr_id,$http->post('p_date'),$http->post('jr_optype')));
- $cn->exec_sql("update jrnx set j_date=to_date($1,'DD.MM.YYYY')
where j_grpt in (select jr_grpt_id from jrn where jr_id=$2)",
- array($http->post('p_date'),$jr_id));
- $cn->exec_sql('update operation_analytique set oa_date=j_date from
jrnx
+ case 'save':
+ ob_start();
+ $http = new HttpInput();
+ try {
+ $cn->start();
+ if ($access == "W") {
+ if (isset($_POST['p_ech'])) {
+ $ech = $http->post('p_ech');
+ if (trim($ech) != '' && isDate($ech) != null) {
+ $cn->exec_sql("update jrn set
jr_ech=to_date($1,'DD.MM.YYYY') where jr_id=$2",
+ array($ech, $jr_id));
+
+ } else {
+ $cn->exec_sql("update jrn set jr_ech=null where
jr_id=$1",
+ array($jr_id));
+
+ }
+ }
+
+ if (isset($_POST['p_date_paid'])) {
+ $ech = $http->post('p_date_paid');
+ if (trim($ech) != '' && isDate($ech) != null) {
+ $cn->exec_sql("update jrn set
jr_date_paid=to_date($1,'DD.MM.YYYY') where jr_id=$2",
+ array($ech, $jr_id));
+
+ } else {
+ $cn->exec_sql("update jrn set jr_date_paid=null where
jr_id=$1",
+ array($jr_id));
+
+ }
+ }
+ $oLedger=new Acc_Ledger($cn,$ledger);
+ $npj=$http->post('npj');
+ // protect receipt number
+ if ( ($g_parameter->MY_PJ_SUGGEST ==
'A'||$g_user->check_action(UPDRECEIPT)==0) && $oLedger->get_type() !='FIN') {
+ $npj=$cn->get_value("select jr_pj_number from jrn where
jr_id=$1",[$jr_id]);
+ }
+ $cn->exec_sql("update jrn set
jr_comment=$1,jr_pj_number=$2,jr_date=to_date($4,'DD.MM.YYYY'),jr_optype=$5
where jr_id=$3",
+ array($http->post('lib'), $npj, $jr_id,
$http->post('p_date'), $http->post('jr_optype')));
+ $cn->exec_sql("update jrnx set j_date=to_date($1,'DD.MM.YYYY')
where j_grpt in (select jr_grpt_id from jrn where jr_id=$2)",
+ array($http->post('p_date'), $jr_id));
+ $cn->exec_sql('update operation_analytique set oa_date=j_date
from jrnx
where
operation_analytique.j_id=jrnx.j_id and
operation_analytique.j_id in (select j_id
from jrnx join jrn on
(j_grpt=jr_grpt_id)
where jr_id=$1)
- ',array($jr_id));
- $cn->exec_sql("select comptaproc.jrn_add_note($1,$2)",
- array($jr_id , $http->post('jrn_note') ));
- $rapt=$_POST['rapt'];
-
- if ( $g_parameter->MY_UPDLAB=='Y' && isset ($_POST['j_id']))
- {
- $a_rowid=$http->post("j_id");
- for ($e=0;$e<count($a_rowid);$e++)
- {
- $id="e_march".$a_rowid[$e]."_label";
- $cn->exec_sql('update jrnx set j_text=$1 where j_id=$2',
array($http->post($id),$a_rowid[$e]));
+ ', array($jr_id));
+ $cn->exec_sql("select comptaproc.jrn_add_note($1,$2)",
+ array($jr_id, $http->post('jrn_note')));
+ $rapt = $_POST['rapt'];
+
+ if ($g_parameter->MY_UPDLAB == 'Y' && isset ($_POST['j_id'])) {
+ $a_rowid = $http->post("j_id");
+ for ($e = 0; $e < count($a_rowid); $e++) {
+ $id = "e_march" . $a_rowid[$e] . "_label";
+ $cn->exec_sql('update jrnx set j_text=$1 where
j_id=$2', array($http->post($id), $a_rowid[$e]));
+ }
}
- }
- if (trim($rapt) != '')
- {
- $rec=new Acc_Reconciliation ($cn);
- $rec->set_jr_id($jr_id);
-
- if (strpos($rapt,",") != 0 )
- {
- $aRapt=explode(',',$rapt);
- /* reconcialition */
- foreach ($aRapt as $rRapt)
- {
- if ( isNumber($rRapt) == 1 )
- {
- // Add a "concerned operation to bound these
op.together
- $rec->insert($rRapt);
+ if (trim($rapt) != '') {
+ $rec = new Acc_Reconciliation ($cn);
+ $rec->set_jr_id($jr_id);
+
+ if (strpos($rapt, ",") != 0) {
+ $aRapt = explode(',', $rapt);
+ /* reconcialition */
+ foreach ($aRapt as $rRapt) {
+ if (isNumber($rRapt) == 1) {
+ // Add a "concerned operation to bound these
op.together
+ $rec->insert($rRapt);
+ }
+ }
+ } else
+ if (isNumber($rapt) == 1) {
+ $rec->insert($rapt);
}
- }
}
- else
- if ( isNumber($rapt) == 1 )
- {
- $rec->insert($rapt);
- }
- }
- if ( isset($_POST['ipaid']))
- {
- $cn->exec_sql("update jrn set jr_rapt='paid' where
jr_id=$1",array($jr_id));
- }
- else
- {
- $cn->exec_sql("update jrn set jr_rapt=null where
jr_id=$1",array($jr_id));
- }
- ////////////////////////////////////////////////////
- // CA
- //////////////////////////////////////////////////
- $owner = new Noalyss_Parameter_Folder($cn);
- if ( $owner->MY_ANALYTIC != "nu" && isset ($_POST['op']) )
- {
- // for each item, insert into operation_analytique */
- $opanc=new Anc_Operation($cn);
- $opanc->save_update_form($_POST);
- }
- //////////////////////////////////////////////////////////////////
- //Save other info
- //////////////////////////////////////////////////////////////////
- $op->save_info($http->post('OTHER'),'OTHER');
- $op->save_info($http->post('BON_COMMANDE'),'BON_COMMANDE');
-
- ///////////////////////////////////////////////////////////////////
- // Save related
- //////////////////////////////////////////////////////////////////
- $related=$http->post("related","string");
- if ($related=="0")
- {
- throw new Exception('Parameter not send ->
related'.__FILE__.__LINE__, 10);
+ if (isset($_POST['ipaid'])) {
+ $cn->exec_sql("update jrn set jr_rapt='paid' where
jr_id=$1", array($jr_id));
+ } else {
+ $cn->exec_sql("update jrn set jr_rapt=null where
jr_id=$1", array($jr_id));
+ }
+ ////////////////////////////////////////////////////
+ // CA
+ //////////////////////////////////////////////////
+ $owner = new Noalyss_Parameter_Folder($cn);
+ if ($owner->MY_ANALYTIC != "nu" && isset ($_POST['op'])) {
+ // for each item, insert into operation_analytique */
+ $opanc = new Anc_Operation($cn);
+ $opanc->save_update_form($_POST);
+ }
+
//////////////////////////////////////////////////////////////////
+ //Save other info
+
//////////////////////////////////////////////////////////////////
+ $op->save_info($http->post('OTHER'), 'OTHER');
+ $op->save_info($http->post('BON_COMMANDE'), 'BON_COMMANDE');
+
+
///////////////////////////////////////////////////////////////////
+ // Save related
+
//////////////////////////////////////////////////////////////////
+ $related = $http->post("related", "string");
+ if ($related == "0") {
+ throw new Exception('Parameter not send -> related' .
__FILE__ . __LINE__, 10);
+ }
+ $op->insert_related_action($related);
+
}
- $op->insert_related_action($related);
+ echo 'OK';
+ $cn->commit();
+ } catch (Exception $e) {
+ $html = ob_get_contents();
+ ob_end_clean();
+ record_log($e);
+ record_log($html);
+ if (DEBUGNOALYSS > 0) echo $e->getMessage();
+ echo _("Changement impossible: on ne peut pas changer la date dans
une période fermée");
+ return;
}
- echo 'OK';
- $cn->commit();
- }
- catch (Exception $e)
- {
- $html=ob_get_contents();
- ob_end_clean();
- record_log($e);
- record_log($html);
-
- if ( DEBUGNOALYSS > 0 ) echo $e->getMessage();
- echo _( "Changement impossible: on ne peut pas changer la date dans une
période fermée");
- return;
- }
- $html=ob_get_contents();
- ob_end_clean();
+ $html = ob_get_contents();
+ ob_end_clean();
- break;
+ break;
////////////////////////////////////////////////////////////////////////////
// remove a reconciliation
////////////////////////////////////////////////////////////////////////////
-case 'rmr':
- if ( $access=='W')
- {
- $rec=new Acc_Reconciliation($cn);
- $rec->set_jr_id($jr_id);
- $rec->remove($_GET['jr_id2']);
- }
- break;
+ case 'rmr':
+ if ($access == 'W') {
+ $rec = new Acc_Reconciliation($cn);
+ $rec->set_jr_id($jr_id);
+ $rec->remove($_GET['jr_id2']);
+ }
+ break;
////////////////////////////////////////////////////////////////////////////
// ask for a date for reversing the operation
////////////////////////////////////////////////////////////////////////////
-case 'ask_extdate':
- $date=new IDate('p_date');
- $html.="<form id=\"form_".$div."\" onsubmit=\"return
reverseOperation(this);\">";
- $html.=HtmlInput::hidden('jr_id',$_REQUEST['jr_id']).
- HtmlInput::hidden('div',$div).
- dossier::hidden().
- HtmlInput::hidden('act','reverseop');
-
- $html.='<h2 class="info">'._('entrez une date').' </H2>'.$date->input();
- $html.=HtmlInput::submit('x','accepter');
- $html.=HtmlInput::button_close($div);
- $html.='</form>';
- break;
+ case 'ask_extdate':
+ $date = new IDate('p_date');
+ $html .= "<form id=\"form_" . $div . "\" onsubmit=\"return
reverseOperation(this);\">";
+ $html .= HtmlInput::hidden('jr_id', $_REQUEST['jr_id']) .
+ HtmlInput::hidden('div', $div) .
+ dossier::hidden() .
+ HtmlInput::hidden('act', 'reverseop');
+
+ $html .= '<h2 class="info">' . _('entrez une date') . ' </H2>' .
$date->input();
+ $html .= HtmlInput::submit('x', 'accepter');
+ $html .= HtmlInput::button_close($div);
+ $html .= '</form>';
+ break;
////////////////////////////////////////////////////////////////////////////
// Reverse an operation
////////////////////////////////////////////////////////////////////////////
-case 'reverseop':
- if ( $access=='W')
- {
- ob_start();
- try
- {
- $ext_date=$http->request("ext_date","date");
- $ext_label=$http->request("ext_label");
- $cn->start();
- $oLedger=new Acc_Ledger($cn,$ledger);
- $oLedger->jr_id=$jr_id;
- if ( trim($ext_label) == "" ) {
- $ext_label=_("Extourne").$cn->get_value("select jr_comment
from jrn where jr_id=$1",[$jr_id]);
+ case 'reverseop':
+ if ($access == 'W') {
+ ob_start();
+ try {
+ $ext_date = $http->request("ext_date", "date");
+ $ext_label = $http->request("ext_label");
+ $cn->start();
+ $oLedger = new Acc_Ledger($cn, $ledger);
+ $oLedger->jr_id = $jr_id;
+ if (trim($ext_label) == "") {
+ $ext_label = _("Extourne") . $cn->get_value("select
jr_comment from jrn where jr_id=$1", [$jr_id]);
+ }
+ $oLedger->reverse($ext_date, $ext_label);
+ $cn->commit();
+ echo _("Opération extournée");
+ } catch (Exception $e) {
+ record_log($e);
+ echo $e->getMessage();
+ $cn->rollback();
}
- $oLedger->reverse($ext_date,$ext_label);
- $cn->commit();
- echo _("Opération extournée");
}
- catch (Exception $e)
- {
- record_log($e);
- echo $e->getMessage();
- $cn->rollback();
- }
- }
- $html=ob_get_contents();
- ob_end_clean();
- break;
-
-case 'duplicateop':
-
///////////////////////////////////////////////////////////////////////////////////////////////////////////
- // Duplicate operation
-
///////////////////////////////////////////////////////////////////////////////////////////////////////////
- $operation=new Acc_Operation($cn);
- $operation->jr_id=$jr_id;
- ob_start();
- echo HtmlInput::title_box(_("Dupliquer une opération"), $div);
- echo $operation->form_clone_operation("cloneit");
-
- $html=ob_get_contents();
- ob_end_clean();
-
-
- break;
+ $html = ob_get_contents();
+ ob_end_clean();
+ break;
+
+ case 'duplicateop':
+
///////////////////////////////////////////////////////////////////////////////////////////////////////////
+ // Duplicate operation
+
///////////////////////////////////////////////////////////////////////////////////////////////////////////
+ $operation = new Acc_Operation($cn);
+ $operation->jr_id = $jr_id;
+ ob_start();
+ echo HtmlInput::title_box(_("Dupliquer une opération"), $div);
+ echo $operation->form_clone_operation("cloneit");
+
+ $html = ob_get_contents();
+ ob_end_clean();
+
+
+ break;
}
-$html=escape_xml($html);
- if ( ! headers_sent()) { header('Content-type: text/xml;
charset=UTF-8');} else { echo "HTML".unescape_xml($html);}
-
- echo <<<EOF
+$html = escape_xml($html);
+if (!headers_sent()) {
+ header('Content-type: text/xml; charset=UTF-8');
+} else {
+ echo "HTML" . unescape_xml($html);
+}
+
+echo <<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<data>
<ctl>$div</ctl>
diff --git a/include/class/acc_ledger.class.php
b/include/class/acc_ledger.class.php
index dd6b85c2a..9f773de79 100644
--- a/include/class/acc_ledger.class.php
+++ b/include/class/acc_ledger.class.php
@@ -656,7 +656,13 @@ class Acc_Ledger extends jrn_def_sql
$ret.="<tr><td>";
$ret.=_('Note').'</td><td><pre>'.
h($p_array['jrn_note_input']).'</pre>';
$ret.="</td></tr>";
- $ret.="<tr><td>"._('PJ Num')." </td><td>".h($e_pj)."</td></tr>";
+ $span=$this->warn_manual_receipt($p_array);
+ if (
$g_parameter->MY_PJ_SUGGEST=="A"||$g_user->check_action(UPDRECEIPT)==0)
+ {
+ $e_pj=$this->guess_pj();
+ $span="";
+ }
+ $ret.="<tr><td>"._('PJ Num')." </td><td>".h($e_pj).$span."</td></tr>";
$ret.='</table>';
$ret.="<table class=\"result\">";
$ret.="<tr>";
@@ -831,7 +837,7 @@ class Acc_Ledger extends jrn_def_sql
if ($p_array!=null)
extract($p_array, EXTR_SKIP);
$add_js="";
- if ($g_parameter->MY_PJ_SUGGEST=='Y')
+ if ($g_parameter->MY_PJ_SUGGEST !='N')
{
$add_js="update_pj();";
}
@@ -926,11 +932,18 @@ class Acc_Ledger extends jrn_def_sql
/* suggest PJ ? */
$default_pj='';
- if ($g_parameter->MY_PJ_SUGGEST=='Y')
+ if ($g_parameter->MY_PJ_SUGGEST != 'N')
{
$default_pj=$this->guess_pj();
}
- $wPJ->value=(isset($e_pj))?$e_pj:$default_pj;
+ if ( $g_parameter->MY_PJ_SUGGEST=='A' ||
$g_user->check_action(UPDRECEIPT)==0)
+ {
+ $wPJ->setReadOnly(true);
+ $wPJ->value=$default_pj;
+ $wPJ->id="e_pj";
+ } else {
+ $wPJ->value=(isset($e_pj))?$e_pj:$default_pj;
+ }
$ret.='</tr>';
$ret.='<tr >';
$ret.='<td style="width:auto"> '._('Pièce').' </td> ';
@@ -3527,6 +3540,35 @@ EOF;
return true;
}
+
+ /**
+ * @brief compare given receipt number and suggested one, if different ,
it means that the user enters a receipt number
+ * if e_pj or e_pj_suggest is not set or empty , or if both are equals
then will return true,
+ * it returns only if they exist and are different
+ * @param $p_array same structure as input
+ * @return void
+ */
+ protected function verify_autonumber($p_array)
+ {
+ if (empty($p_array['e_pj'])) return true;
+ if (empty($p_array['e_pj_suggest'])) return true;
+ if (
noalyss_trim($p_array['e_pj'])===noalyss_trim($p_array['e_pj_suggest'])) {
return true; }
+ return false;
+ }
+ /**
+ * @brief warn if the suggested receipt and receipt are different , it
means that the user tried to
+ * number himself
+ * @param $p_array same structure as input
+ * @see Acc_Ledger::input()
+ * @see Acc_Ledger::confirm()
+ * @return void
+ */
+ protected function warn_manual_receipt($p_array)
+ {
+ if ( $this->verify_autonumber($p_array) == false) {
+ return span (_("Attention ! Numéro de Pièce non automatique mais
forcée"),'class="warning"');
+ }
+ }
}
?>
diff --git a/include/class/acc_ledger_purchase.class.php
b/include/class/acc_ledger_purchase.class.php
index 6f32d645c..9722f4ee7 100644
--- a/include/class/acc_ledger_purchase.class.php
+++ b/include/class/acc_ledger_purchase.class.php
@@ -505,7 +505,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
*/
public function insert($p_array=null)
{
- global $g_parameter;
+ global $g_parameter,$g_user;
extract ($p_array, EXTR_SKIP);
$this->verify($p_array) ;
if ( !isset($p_array['jrn_note_input']))
{$p_array['jrn_note_input']='';}
@@ -1218,10 +1218,10 @@ class Acc_Ledger_Purchase extends Acc_Ledger
//--
/* if we suggest the next pj, then we need a javascript */
$add_js="";
- if ( $g_parameter->MY_PJ_SUGGEST=='Y')
+ if ( $g_parameter->MY_PJ_SUGGEST !='N')
{
$add_js="update_pj();";
-}
+ }
if ($g_parameter->MY_DATE_SUGGEST == 'Y')
{
$add_js.='get_last_date();';
@@ -1253,7 +1253,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
//--
/* suggest PJ ? */
$default_pj='';
- if ( $g_parameter->MY_PJ_SUGGEST=='Y')
+ if ( $g_parameter->MY_PJ_SUGGEST !='N')
{
$default_pj=$this->guess_pj();
}
@@ -1261,7 +1261,11 @@ class Acc_Ledger_Purchase extends Acc_Ledger
$pj=new IText();
$pj->value=(isset($e_pj))?$e_pj:$default_pj;
-
+ if ( $g_parameter->MY_PJ_SUGGEST=='A' ||
$g_user->check_action(UPDRECEIPT)==0)
+ {
+ $pj->setReadOnly(true);
+ $pj->id="e_pj";
+ }
$pj->table=0;
$pj->name="e_pj";
$pj->size=10;
@@ -1507,7 +1511,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
/* if we suggest the pj n# the run the script */
- if ( $g_parameter->MY_PJ_SUGGEST=='Y')
+ if ( $g_parameter->MY_PJ_SUGGEST !='N')
{
$r.='<script> update_pj();</script>';
}
@@ -1527,7 +1531,7 @@ class Acc_Ledger_Purchase extends Acc_Ledger
*/
function confirm($p_array,$p_summary=false)
{
- global $g_parameter;
+ global $g_parameter,$g_user;
extract ($p_array,EXTR_SKIP);
if ( !isset($p_array['jrn_note_input']))
{$p_array['jrn_note_input']='';}
// we don't need to verify if we need only a feedback
@@ -1571,16 +1575,19 @@ class Acc_Ledger_Purchase extends Acc_Ledger
$r.="</tr>";
}
$r.='<tr>';
+
+ $span=$this->warn_manual_receipt($p_array);
if ( ! $p_summary) {
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($e_pj) . '</td>';
+ $r.='<td>' . _('Numéro Pièce') .$span.'</td><td>'. hb($e_pj) .
'</td>';
} else {
-
+ if ( $g_parameter->MY_PJ_SUGGEST=="A" ||
$g_user->check_action(UPDRECEIPT)==0) $e_pj=$this->pj;
+
if ( strcmp($this->pj,$e_pj) != 0 )
{
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($this->pj) .
+ $r.='<td>' . _('Numéro Pièce').$span .'</td><td>'.
hb($this->pj) .
'<span class="notice"> '._('Attention numéro pièce
existante, elle a du être adaptée').'</span></td>';
} else {
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($this->pj) .
'</td>';
+ $r.='<td>' . _('Numéro Pièce') .$span.'</td><td>'.
hb($this->pj) . '</td>';
}
}
$r.='</tr>';
diff --git a/include/class/acc_ledger_sale.class.php
b/include/class/acc_ledger_sale.class.php
index 69da7c3aa..bfee92fa6 100644
--- a/include/class/acc_ledger_sale.class.php
+++ b/include/class/acc_ledger_sale.class.php
@@ -256,7 +256,7 @@ class Acc_Ledger_Sale extends Acc_Ledger {
*/
public function insert($p_array = null) {
- global $g_parameter;
+ global $g_parameter,$g_user;
// load ledger definition
$this->load();
extract($p_array, EXTR_SKIP);
@@ -816,7 +816,7 @@ class Acc_Ledger_Sale extends Acc_Ledger {
*/
function confirm($p_array, $p_summary = false) {
- global $g_parameter;
+ global $g_parameter,$g_user;
extract($p_array, EXTR_SKIP);
if ( !isset($p_array['jrn_note_input']))
{$p_array['jrn_note_input']='';}
// don't need to verify for a summary
@@ -859,16 +859,18 @@ class Acc_Ledger_Sale extends Acc_Ledger {
$r.="</tr>";
}
$r.='<tr>';
+ $span=$this->warn_manual_receipt($p_array);
if ( ! $p_summary) {
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($e_pj) . '</td>';
+ $r.='<td>' . _('Numéro Pièce') .$span.'</td><td>'. hb($e_pj) .
'</td>';
} else {
-
+ if ( $g_parameter->MY_PJ_SUGGEST=="A"
||$g_user->check_action(UPDRECEIPT)==0)
+ $e_pj=$this->pj;
if ( strcmp($this->pj,$e_pj) != 0 )
{
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($this->pj) .
+ $r.='<td>' . _('Numéro Pièce') .$span.'</td><td>'.
hb($this->pj) .
'<span class="notice"> '._('Attention numéro pièce
existante, elle a du être adaptée').'</span></td>';
} else {
- $r.='<td>' . _('Numéro Pièce') .'</td><td>'. hb($this->pj) .
'</td>';
+ $r.='<td>' . _('Numéro Pièce') .$span.'</td><td>'.
hb($this->pj) . '</td>';
}
}
$r.='</tr>';
@@ -1352,7 +1354,7 @@ EOF;
}
/* if we suggest the next pj, then we need a javascript */
$add_js = "";
- if ($g_parameter->MY_PJ_SUGGEST == 'Y') {
+ if ($g_parameter->MY_PJ_SUGGEST != 'N') {
$add_js = "update_pj();";
}
if ($g_parameter->MY_DATE_SUGGEST == 'Y') {
@@ -1387,11 +1389,16 @@ EOF;
//--
/* suggest PJ ? */
$default_pj = '';
- if ($g_parameter->MY_PJ_SUGGEST == 'Y') {
+ if ($g_parameter->MY_PJ_SUGGEST != 'N') {
$default_pj = $this->guess_pj();
}
$pj = new IText();
+ if (
$g_parameter->MY_PJ_SUGGEST=='A'||$g_user->check_action(UPDRECEIPT)==0)
+ {
+ $pj->setReadOnly(true);
+ $pj->id="e_pj";
+ }
$pj->table = 0;
$pj->name = "e_pj";
diff --git a/include/company.inc.php b/include/company.inc.php
index e8ce0b45f..da840f17c 100644
--- a/include/company.inc.php
+++ b/include/company.inc.php
@@ -259,7 +259,7 @@ $all->style=' class="input_text"';
<div class="form-group">
<label class="w-40" for="p_report">
- <?= _("L'exercice commence par un report des soldes)")
?></label>
+ <?= _("L'exercice commence par un report des soldes")
?></label>
<?=Icon_Action::infobulle(84)?>
<?= $report->input() ?>
</div>
@@ -298,13 +298,15 @@ echo Icon_Action::tips($anc_filter->title);
</div>
<div class="form-group">
- <label class="w-20" for="p_pj"><?= _("Suggérer le numéro de
pièce justificative") ?>
+ <label class="w-20" for="p_pj"><?= _("Le numéro de pièce
justificative") ?>
</label>
-<?= $pj_suggest->input("p_pj", $strict_array) ?>
+ <?php
+
$receipt_array=array(["label"=>"Suggérer","value"=>"Y"],["label"=>"Automatique","value"=>"A"],["label"=>"Manuel","value"=>"N"]);
+ ?>
+ <?= $pj_suggest->input("p_pj", $receipt_array) ?>
</div>
-
- <div class="form-group">
+ <div class="form-group">
<label class="w-20" for="p_date_suggest"><?= _("Suggérer la
date") ?></label>
<?= $date_suggest->input("p_date_suggest", $strict_array) ?>
</div>
diff --git a/include/constant.security.php b/include/constant.security.php
index fa8d3ef3d..b8a307e01 100644
--- a/include/constant.security.php
+++ b/include/constant.security.php
@@ -27,6 +27,7 @@ define ('VIEWDOC',1010); // Voir document pour follow up
define ('PARCATDOC',1050); // modifier type document pour follow up
define ('RMRECEIPT',1110); // Effacer un document d'une pièce comptable
define ('RMOPER',1120); // Effacer une opération comptable
+define ('UPDRECEIPT',1130); // change un numéro de pièce
define ('SHARENOTE',1210); // Can share a note
define ('SHARENOTEPUBLIC',1220); // Can create public note
define ('SHARENOTEREMOVE',1230); // Can drop drop of other
diff --git a/include/template/ledger_detail_ach.php
b/include/template/ledger_detail_ach.php
index 6285e910d..f10c09a3c 100644
--- a/include/template/ledger_detail_ach.php
+++ b/include/template/ledger_detail_ach.php
@@ -59,6 +59,8 @@ global $div,$g_parameter,$cn,$access,$jr_id,$obj;
<td>
<?php
$itext = new IText('npj');
+ if ($owner->MY_PJ_SUGGEST=='A' ||
$g_user->check_action(UPDRECEIPT)==0)
+ $itext->setReadOnly(true);
$itext->value =
strip_tags($obj->det->jr_pj_number);
echo td(_('Pièce')) . td($itext->input());
?>
diff --git a/include/template/ledger_detail_misc.php
b/include/template/ledger_detail_misc.php
index 0655bf92c..bbd7df138 100644
--- a/include/template/ledger_detail_misc.php
+++ b/include/template/ledger_detail_misc.php
@@ -8,6 +8,7 @@ require_once NOALYSS_TEMPLATE.'/ledger_detail_top.php';
// find out exercice
$periode_id=new Periode($cn,$obj->det->jr_tech_per);
$exercice=$periode_id->get_exercice();
+$owner = new Noalyss_Parameter_Folder($cn);
?>
<?php
?>
@@ -54,6 +55,8 @@ require_once NOALYSS_TEMPLATE.'/ledger_detail_top.php';
<td>
<?php
$itext=new IText('npj');
+ if ($owner->MY_PJ_SUGGEST=='A' ||
$g_user->check_action(UPDRECEIPT)==0)
+ $itext->setReadOnly(true);
$itext->value=strip_tags($obj->det->jr_pj_number??"");
echo td(_('Pièce')).td($itext->input());
?>
diff --git a/include/template/ledger_detail_ven.php
b/include/template/ledger_detail_ven.php
index 216d53a15..eeb76df98 100644
--- a/include/template/ledger_detail_ven.php
+++ b/include/template/ledger_detail_ven.php
@@ -71,6 +71,8 @@ $str_anc = "";
<?php
$itext = new IText('npj');
$itext->value =
strip_tags($obj->det->jr_pj_number);
+ if ($owner->MY_PJ_SUGGEST=='A' ||
$g_user->check_action(UPDRECEIPT)==0)
+ $itext->setReadOnly(true);
echo td(_('Pièce')) . td($itext->input());
?>
</td>
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index 8b1378917..517ad5398 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -1 +1,3 @@
+insert into action (ac_id,ac_description,ac_module,ac_code) values
(1130,'Modifier le numéro de pièce','compta','UPDRECEIPT');
+
- [Noalyss-commit] [noalyss] 17/38: FOLLOWUP : nom contact pas affiché, (continued)
- [Noalyss-commit] [noalyss] 17/38: FOLLOWUP : nom contact pas affiché, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 23/38: Merge branch 'devel', dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 13/38: FOLLOWUP : Cosmetic nombre pièces, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 22/38: Fix : auto numbering receipt, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 32/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 36/38: Fix : Bug cannot filter a list of element, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 27/38: Nouvelle fonction pour ajouter des attributs à un élément DOM, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 31/38: DB protect against JS Injection, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 24/38: Nouveau #00022980002298: detail fiche , historique du suivi, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 35/38: Merge devel, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 09/38: Task #2321: Sécurité : empêcher changement de numéro de pièce,
dwm <=
- [Noalyss-commit] [noalyss] 16/38: Follow-Up : bug ne peut pas ajouter fichier sur nouvel événement, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 18/38: Fix cosmetic bug : duplicate operation with autoreverse VAT has an VAT amount, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 20/38: Fix : auto numbering receipt, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 21/38: Merge branch 'devel', dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 25/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 37/38: Cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 38/38: Upgrade SQL, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 28/38: DB protect against JS Injection, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 07/38: SUIVI : ajout prénom, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 14/38: integre changement SQL, dwm, 2024/02/18