dinislage/PrestaShop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

// Stock controllers : added permissions check on employees

Browse Source
This commit is contained in:
bMancone
2011-10-26 12:35:28 +00:00
parent 51310f9f4b
commit 3d46b57d4b
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controllers/admin/AdminStockManagementController.php
+18
View File
@@ -513,6 +513,17 @@ class AdminStockManagementControllerCore extends AdminController
{
parent::postProcess();
// Checks access
if (Tools::isSubmit('addStock') && !($this->tabAccess['add'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to add stock.');
if (Tools::isSubmit('removeStock') && !($this->tabAccess['delete'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to delete stock.');
if (Tools::isSubmit('transferStock') && !($this->tabAccess['edit'] === '1'))
$this->_errors[] = Tools::displayError('You do not have the required permission to transfer stock.');
if (count($this->_errors))
return;
// Global checks when add / remove / transfer product
if ((Tools::isSubmit('addstock') || Tools::isSubmit('removestock') || Tools::isSubmit('transferstock') ) && Tools::isSubmit('is_post'))
{
@@ -785,6 +796,13 @@ class AdminStockManagementControllerCore extends AdminController
// specify actions in function of stock
$this->skipActionByStock($item, false);
}
// Checks access
if (!($this->tabAccess['add'] === '1'))
$this->addRowActionSkipList('addstock', array($item['id']));
if (!($this->tabAccess['delete'] === '1'))
$this->addRowActionSkipList('removestock', array($item['id']));
if (!($this->tabAccess['edit'] === '1'))
$this->addRowActionSkipList('transferstock', array($item['id']));
}
}
}
controllers/admin/AdminStockMvtController.php
+4
View File
@@ -163,6 +163,10 @@ class AdminStockMvtControllerCore extends AdminController
$this->displayInformation($this->l('This interface allows you to display the stock movements for a selected warehouse.').'<br />');
$this->displayInformation($this->l('Also, it allows you to add and edit your own stock movement reasons.'));
// access
if (!($this->tabAccess['add'] === '1'))
$this->no_add = true;
//no link on list rows
$this->list_no_link = true;
controllers/admin/AdminWarehousesController.php
+11
View File
@@ -78,6 +78,10 @@ class AdminWarehousesControllerCore extends AdminController
*/
public function initList()
{
// Checks access
if (!($this->tabAccess['add'] === '1'))
$this->no_add = true;
$this->list_no_link = true;
$this->addRowAction('edit');
$this->addRowAction('details');
@@ -328,6 +332,13 @@ class AdminWarehousesControllerCore extends AdminController
*/
public function postProcess()
{
// Checks access
if (Tools::isSubmit('submitAdd'.$this->table) && !($this->tabAccess['add'] === '1'))
{
$this->_errors[] = Tools::displayError('You do not have the required permission to add warehouses.');
return parent::postProcess();
}
if (Tools::isSubmit('submitAdd'.$this->table))
{
if (!($obj = $this->loadObject(true)))