Merging latest changes from stable branch up to 2.3.24

[fa-stable.git] / includes / access_levels.inc
diff --git a/includes/access_levels.inc b/includes/access_levels.inc

index 797f374e010ca1eefe0428c92d5d7109e4b03747..fc3d48df8e4e4b87d3ef9521e7301e749c9cb823 100644 (file)
--- a/includes/access_levels.inc
+++ b/includes/access_levels.inc
@@ -66,7 +66,7 @@ $security_sections = array(
   SS_ITEMS => _("Inventory operations"),
   SS_ITEMS_A => _("Inventory analytics"),
   SS_MANUF_C => _("Manufacturing configuration"),
- SS_MANUF => _("Manufacturing transations"),
+ SS_MANUF => _("Manufacturing transactions"),
   SS_MANUF_A => _("Manufacturing analytics"),
   SS_DIM_C => _("Dimensions configuration"),
   SS_DIM => _("Dimensions"),
@@ -110,6 +110,7 @@ $security_areas =array(
         'SA_INVENTORYMOVETYPE'  => array(SS_SETUP|11, _("Inventory movement types")),
         'SA_WORKCENTRES' => array(SS_SETUP|12, _("Manufacture work centres")),
         'SA_FORMSETUP' => array(SS_SETUP|13, _("Forms setup")),
+       'SA_CRMCATEGORY' => array(SS_SETUP|14, _("Contact categories")),
  //
  // Special and common functions
  //
@@ -117,9 +118,9 @@ $security_areas =array(
         'SA_BACKUP' => array(SS_SPEC|2, _("Database backup/restore")),
         'SA_VIEWPRINTTRANSACTION' => array(SS_SPEC|3, _("Common view/print transactions interface")),
         'SA_ATTACHDOCUMENT' => array(SS_SPEC|4, _("Attaching documents")),
-       'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")), //???
-       'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")), //???
-
+       'SA_SETUPDISPLAY' => array(SS_SPEC|5, _("Display preferences")),
+       'SA_CHGPASSWD' => array(SS_SPEC|6, _("Password changes")),
+       'SA_EDITOTHERSTRANS' => array(SS_SPEC|7, _("Edit other users transactions")),
  //
  // Sales related functionality
  //
@@ -226,6 +227,9 @@ $security_areas =array(
         'SA_FISCALYEARS' => array(SS_GL_C|9, _("Fiscal years maintenance")),
         'SA_GLSETUP' => array(SS_GL_C|10, _("Company GL setup")),
         'SA_GLACCOUNTTAGS' => array(SS_GL_C|11, _("GL Account tags")),
+       'SA_GLCLOSE' => array(SS_GL_C|14, _("Closing GL transactions")),
+       'SA_GLREOPEN' => array(SS_GL_C|15, _("Reopening GL transactions")), // see below
+       'SA_MULTIFISCALYEARS' => array(SS_GL_C|13, _("Allow entry on non closed Fiscal years")),
  
         'SA_BANKTRANSVIEW' => array(SS_GL|1, _("Bank transactions view")),
         'SA_GLTRANSVIEW' => array(SS_GL|2, _("GL postings view")),
@@ -238,12 +242,16 @@ $security_areas =array(
         'SA_BANKJOURNAL' => array(SS_GL|11, _("Journal entries to bank related accounts")),
         'SA_BUDGETENTRY' => array(SS_GL|9, _("Budget edition")),
         'SA_STANDARDCOST' => array(SS_GL|10, _("Item standard costs")),
+       'SA_ACCRUALS' => array(SS_GL|12, _("Revenue / Cost Accruals")),
  
         'SA_GLANALYTIC' => array(SS_GL_A|1, _("GL analytical reports and inquiries")),
         'SA_TAXREP' => array(SS_GL_A|2, _("Tax reports and inquiries")),
         'SA_BANKREP' => array(SS_GL_A|3, _("Bank reports and inquiries")),
         'SA_GLREP' => array(SS_GL_A|4, _("GL reports and inquiries")),
  );
+
+if (!@$SysPrefs->allow_gl_reopen)
+       unset($security_areas['SA_GLREOPEN']);
  /*
         This function should be called whenever we want to extend core access level system
         with new security areas and/or sections i.e.: 
@@ -257,9 +265,11 @@ function add_access_extensions()
         global $security_areas, $security_sections, $installed_extensions;
  
         foreach($installed_extensions as $extid => $ext) {
+               $accext = hook_invoke($ext['package'], 'install_access', $dummy);
+               if ($accext == null) continue;
+
                 $scode = 100;
                 $acode = 100;
-               $accext = get_access_extensions($extid);
                 $extsections = $accext[1];
                 $extareas = $accext[0];
                 $extcode = $extid<<16;
@@ -290,6 +300,7 @@ function add_access_extensions()
  /*
         Helper function to retrieve extension access definitions in isolated environment.
  */
+/*
  function get_access_extensions($id) {
         global $path_to_root, $installed_extensions;
         
@@ -298,9 +309,44 @@ function get_access_extensions($id) {
         $security_sections = $security_areas = array();
         
         if (isset($ext['acc_file']))
-               include($path_to_root.($ext['type'] == 'plugin' ? '/modules/':'/').$ext['path'].'/'.$ext['acc_file']);
+               include_once($path_to_root.'/'.$ext['path'].'/'.$ext['acc_file']);
  
         return array($security_areas, $security_sections);
  }
+*/
+
+function check_edit_access($name)
+{
+       global $input_security;
+
+       $access = @$input_security[$name];
+
+       if (!$access)
+               $access = @$input_security['']; // default access level
+
+       if (!$access)
+               return true; // if constraint is not defined edit access is allowed
+
+       return  user_check_access($access);
+}
+/*
+       Returns POST value or null if edit access to $name control is forbidden.
+*/
+function access_post($name, $dflt=null)
+{
+       if (!check_edit_access($name))
+               return $dflt;
+       else
+               return get_post($name, $dflt);
+}
  
-?>
-\ No newline at end of file
+/*
+       Returns numeric input value or null if edit access to $name control is forbidden.
+*/
+function access_num($name, $dflt=null)
+{
+       if (!check_edit_access($name))
+               return $dflt;
+       else
+               return input_num($name, $dflt);
+}