PHP restrictedArea函数代码示例

// Load object
//include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Can't use generic include because when creating a project, ref is defined and we dont want error if fetch fails from ref.
if ($id > 0 || !empty($ref)) {
    $ret = $object->fetch($id, $ref);
    // If we create project, ref may be defined into POST but record does not yet exists into database
    if ($ret > 0) {
        $object->fetch_thirdparty();
        $id = $object->id;
    }
}
// Security check
$socid = GETPOST('socid');
if ($user->societe_id > 0) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'projet', $object->id);
// fetch optionals attributes and labels
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
$date_start = dol_mktime(0, 0, 0, GETPOST('projectstartmonth', 'int'), GETPOST('projectstartday', 'int'), GETPOST('projectstartyear', 'int'));
$date_end = dol_mktime(0, 0, 0, GETPOST('projectendmonth', 'int'), GETPOST('projectendday', 'int'), GETPOST('projectendyear', 'int'));
/*
 * Actions
 */
$parameters = array('id' => $socid, 'objcanvas' => $objcanvas);
$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action);
// Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
    setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}
if (empty($reshook)) {
    // Cancel

$langs->load("products");
$langs->load("stocks");
$langs->load("companies");
$action = GETPOST('action');
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
$id = GETPOST("id", 'int');
if (!$sortfield) {
    $sortfield = "p.ref";
}
if (!$sortorder) {
    $sortorder = "DESC";
}
$mesg = '';
// Security check
$result = restrictedArea($user, 'stock');
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('warehousecard'));
/*
 * Actions
 */
// Ajout entrepot
if ($action == 'add' && $user->rights->stock->creer) {
    $object = new Entrepot($db);
    $object->ref = $_POST["ref"];
    $object->libelle = $_POST["libelle"];
    $object->description = $_POST["desc"];
    $object->statut = $_POST["statut"];
    $object->lieu = $_POST["lieu"];
    $object->address = $_POST["address"];
    $object->zip = $_POST["zipcode"];

 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
/**
 *   \file       htdocs/loan/note.php
 *   \brief      Tab for notes on loan
 *   \ingroup    loan
 */
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/loan/class/loan.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/loan.lib.php';
$action = GETPOST('action');
$langs->load('loan');
// Security check
$id = GETPOST('id', 'int');
$result = restrictedArea($user, 'loan', $id, '&loan');
$object = new Loan($db);
if ($id > 0) {
    $object->fetch($id);
}
$permissionnote = $user->rights->loan->write;
// Used by the include of actions_setnotes.inc.php
/*
 *  Actions
 */
include DOL_DOCUMENT_ROOT . '/core/actions_setnotes.inc.php';
// Must be include, not include_once
/*
 *  View
 */
$form = new Form($db);

 */
/**
 *   \file       htdocs/societe/note.php
 *   \brief      Tab for notes on third party
 *   \ingroup    societe
 */
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/company.lib.php';
$action = GETPOST('action');
$langs->load("companies");
// Security check
$id = GETPOST('id') ? GETPOST('id', 'int') : GETPOST('socid', 'int');
if ($user->societe_id) {
    $id = $user->societe_id;
}
$result = restrictedArea($user, 'societe', $id, '&societe');
$object = new Societe($db);
if ($id > 0) {
    $object->fetch($id);
}
$permissionnote = $user->rights->societe->creer;
// Used by the include of actions_setnotes.inc.php
/*
 * Actions
 */
include DOL_DOCUMENT_ROOT . '/core/actions_setnotes.inc.php';
// Must be include, not includ_once
/*
 *	View
 */
$form = new Form($db);

}
// Define modetax (0 or 1)
// 0=normal, 1=option vat for services is on debit
$modetax = $conf->global->TAX_MODE;
if (isset($_REQUEST["modetax"])) {
    $modetax = $_REQUEST["modetax"];
}
if (empty($modetax)) {
    $modetax = 0;
}
// Security check
$socid = GETPOST('socid', 'int');
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'tax', '', '', 'charges');
/*
 * View
 */
$morequerystring = '';
$listofparams = array('date_startmonth', 'date_startyear', 'date_startday', 'date_endmonth', 'date_endyear', 'date_endday');
foreach ($listofparams as $param) {
    if (GETPOST($param) != '') {
        $morequerystring .= ($morequerystring ? '&' : '') . $param . '=' . GETPOST($param);
    }
}
llxHeader('', '', '', '', 0, 0, '', '', $morequerystring);
$form = new Form($db);
$company_static = new Societe($db);
$invoice_customer = new Facture($db);
$invoice_supplier = new FactureFournisseur($db);

$socid = GETPOST('socid', 'int');
// Category
$selected_cat = (int) GETPOST('search_categ', 'int');
$subcat = false;
if (GETPOST('subcat', 'alpha') === 'yes') {
    $subcat = true;
}
// Security check
if ($user->societe_id > 0) {
    $socid = $user->societe_id;
}
if (!empty($conf->comptabilite->enabled)) {
    $result = restrictedArea($user, 'compta', '', '', 'resultat');
}
if (!empty($conf->accounting->enabled)) {
    $result = restrictedArea($user, 'accounting', '', '', 'comptarapport');
}
// Date range
$year = GETPOST("year");
$month = GETPOST("month");
$date_startyear = GETPOST("date_startyear");
$date_startmonth = GETPOST("date_startmonth");
$date_startday = GETPOST("date_startday");
$date_endyear = GETPOST("date_endyear");
$date_endmonth = GETPOST("date_endmonth");
$date_endday = GETPOST("date_endday");
if (empty($year)) {
    $year_current = strftime("%Y", dol_now());
    $month_current = strftime("%m", dol_now());
    $year_start = $year_current;
} else {

// Get object canvas (By default, this is not defined, so standard usage of dolibarr)
$canvas = GETPOST("canvas");
$objcanvas = null;
if (!empty($canvas)) {
    require_once DOL_DOCUMENT_ROOT . '/core/class/canvas.class.php';
    $objcanvas = new Canvas($db, $action);
    $objcanvas->getCanvas('product', 'list', $canvas);
}
// Security check
if ($type == '0') {
    $result = restrictedArea($user, 'produit', '', '', '', '', '', $objcanvas);
} else {
    if ($type == '1') {
        $result = restrictedArea($user, 'service', '', '', '', '', '', $objcanvas);
    } else {
        $result = restrictedArea($user, 'produit|service', '', '', '', '', '', $objcanvas);
    }
}
// List of fields to search into when doing a "search in all"
$fieldstosearchall = array('p.ref' => "Ref", 'pfp.ref_fourn' => "RefSupplier", 'p.label' => "ProductLabel", 'p.description' => "Description", "p.note" => "Note");
// multilang
if (!empty($conf->global->MAIN_MULTILANGS)) {
    $fieldstosearchall['pl.label'] = 'ProductLabelTranslated';
    $fieldstosearchall['pl.description'] = 'ProductDescriptionTranslated';
    $fieldstosearchall['pl.note'] = 'ProductNoteTranslated';
}
if (!empty($conf->barcode->enabled)) {
    $fieldstosearchall['p.barcode'] = 'Gencod';
}
// Definition of fields for lists
$arrayfields = array('p.ref' => array('label' => $langs->trans("Ref"), 'checked' => 1), 'p.label' => array('label' => $langs->trans("Label"), 'checked' => 1), 'p.barcode' => array('label' => $langs->trans("Gencod"), 'checked' => $contextpage != 'servicelist', 'enabled' => !empty($conf->barcode->enabled)), 'p.duration' => array('label' => $langs->trans("Duration"), 'checked' => $contextpage != 'productlist', 'enabled' => !empty($conf->service->enabled)), 'p.sellprice' => array('label' => $titlesellprice, 'checked' => 1, 'enabled' => empty($conf->global->PRODUIT_MULTIPRICES)), 'p.minbuyprice' => array('label' => $langs->trans("BuyingPriceMinShort"), 'checked' => 1, 'enabled' => !empty($user->rights->fournisseur->lire)), 'p.desiredstock' => array('label' => $langs->trans("DesiredStock"), 'checked' => 1, 'enabled' => !empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service'), 'p.tobatch' => array('label' => $langs->trans("ManageLotSerial"), 'checked' => 0, 'enabled' => !empty($conf->productbatch->enabled)), 'p.stock' => array('label' => $langs->trans("PhysicalStock"), 'checked' => 1, 'enabled' => !empty($conf->stock->enabled) && $user->rights->stock->lire && $contextpage != 'service'), 'p.accountancy_code_sell' => array('label' => $langs->trans("ProductAccountancySellCode"), 'checked' => 0), 'p.accountancy_code_buy' => array('label' => $langs->trans("ProductAccountancyBuyCode"), 'checked' => 0), 'p.datec' => array('label' => $langs->trans("DateCreation"), 'checked' => 0, 'position' => 500), 'p.tms' => array('label' => $langs->trans("DateModificationShort"), 'checked' => 0, 'position' => 500), 'p.tosell' => array('label' => $langs->trans("Status") . ' (' . $langs->trans("Sell") . ')', 'checked' => 1, 'position' => 1000), 'p.tobuy' => array('label' => $langs->trans("Status") . ' (' . $langs->trans("Purchases") . ')', 'checked' => 1, 'position' => 1000));

$search_societe = GETPOST('search_societe', 'alpha');
$search_montant_ht = GETPOST('search_montant_ht', 'alpha');
$search_montant_ttc = GETPOST('search_montant_ttc', 'alpha');
$origin = GETPOST('origin', 'alpha');
$originid = GETPOST('originid', 'int') ? GETPOST('originid', 'int') : GETPOST('origin_id', 'int');
// For backward compatibility
// PDF
$hidedetails = GETPOST('hidedetails', 'int') ? GETPOST('hidedetails', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0);
$hidedesc = GETPOST('hidedesc', 'int') ? GETPOST('hidedesc', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0);
$hideref = GETPOST('hideref', 'int') ? GETPOST('hideref', 'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0);
// Security check
$fieldid = !empty($ref) ? 'facnumber' : 'rowid';
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'facture', $id, '', '', 'fk_soc', $fieldid);
// Nombre de ligne pour choix de produit/service predefinis
$NBLINES = 4;
$usehm = !empty($conf->global->MAIN_USE_HOURMIN_IN_DATE_RANGE) ? $conf->global->MAIN_USE_HOURMIN_IN_DATE_RANGE : 0;
$object = new Facture($db);
$extrafields = new ExtraFields($db);
// Load object
if ($id > 0 || !empty($ref)) {
    $ret = $object->fetch($id, $ref);
}
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('invoicecard', 'globalcard'));
$permissionnote = $user->rights->facture->creer;
// Used by the include of actions_setnotes.inc.php
$permissiondellink = $user->rights->facture->creer;
// Used by the include of actions_dellink.inc.php

 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */
/**
 *	\file       htdocs/societe/index.php
 *  \ingroup    societe
 *  \brief      Home page for third parties area
 */
require '../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/societe/class/societe.class.php';
$langs->load("companies");
$socid = GETPOST('socid', 'int');
if ($user->societe_id) {
    $socid = $user->societe_id;
}
// Security check
$result = restrictedArea($user, 'societe', 0, '', '', '', '');
$thirdparty_static = new Societe($db);
/*
 * View
 */
$transAreaType = $langs->trans("ThirdPartiesArea");
$helpurl = 'EN:Module_Third_Parties|FR:Module_Tiers|ES:M&oacute;dulo_Terceros';
llxHeader("", $langs->trans("ThirdParties"), $helpurl);
$linkback = '';
print load_fiche_titre($transAreaType, $linkback, 'title_companies.png');
//print '<table border="0" width="100%" class="notopnoleftnoright">';
//print '<tr><td valign="top" width="30%" class="notopnoleft">';
print '<div class="fichecenter"><div class="fichethirdleft">';
// Search thirdparty
if (!empty($conf->societe->enabled) && $user->rights->societe->lire) {
    $listofsearchfields['search_thirdparty'] = array('text' => 'ThirdParty');

 *   \ingroup    compta
 *   \brief      Page list of cheque deposits
 */
require '../../../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/compta/paiement/cheque/class/remisecheque.class.php';
require_once DOL_DOCUMENT_ROOT . '/compta/bank/class/account.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/class/html.formother.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
$langs->load("banks");
$langs->load("categories");
$langs->load("bills");
// Security check
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'banque', '', '');
$search_ref = GETPOST('search_ref', 'int');
$search_account = GETPOST('search_account', 'int');
$search_amount = GETPOST('search_amount', 'alpha');
$sortfield = GETPOST("sortfield", 'alpha');
$sortorder = GETPOST("sortorder", 'alpha');
$page = GETPOST("page", 'int');
if ($page == -1) {
    $page = 0;
}
$offset = $conf->liste_limit * $page;
$pageprev = $page - 1;
$pagenext = $page + 1;
$limit = $conf->liste_limit;
if (!$sortorder) {
    $sortorder = "DESC";

$contactid = GETPOST('contactid', 'int');
$origin = GETPOST('origin', 'alpha');
$originid = GETPOST('originid', 'int');
$confirm = GETPOST('confirm', 'alpha');
$fulldayevent = GETPOST('fullday');
$datep = dol_mktime($fulldayevent ? '00' : GETPOST("aphour"), $fulldayevent ? '00' : GETPOST("apmin"), 0, GETPOST("apmonth"), GETPOST("apday"), GETPOST("apyear"));
$datef = dol_mktime($fulldayevent ? '23' : GETPOST("p2hour"), $fulldayevent ? '59' : GETPOST("p2min"), $fulldayevent ? '59' : '0', GETPOST("p2month"), GETPOST("p2day"), GETPOST("p2year"));
// Security check
$socid = GETPOST('socid', 'int');
$id = GETPOST('id', 'int');
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'agenda', $id, 'actioncomm&societe', 'myactions|allactions', 'fk_soc', 'id');
if ($user->societe_id && $socid) {
    $result = restrictedArea($user, 'societe', $socid);
}
$error = GETPOST("error");
$donotclearsession = GETPOST('donotclearsession') ? GETPOST('donotclearsession') : 0;
$cactioncomm = new CActionComm($db);
$object = new ActionComm($db);
$contact = new Contact($db);
$extrafields = new ExtraFields($db);
$formfile = new FormFile($db);
$form = new Form($db);
$formfile = new FormFile($db);
$formactions = new FormActions($db);
// fetch optionals attributes and labels
$extralabels = $extrafields->fetch_name_optionals_label($object->table_element);
//var_dump($_POST);
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array

 *  \brief      	Page to show a trip card
 */
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/trip.lib.php';
require_once DOL_DOCUMENT_ROOT . '/compta/deplacement/class/deplacement.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/class/html.formfile.class.php';
if (!empty($conf->projet->enabled)) {
    require_once DOL_DOCUMENT_ROOT . '/projet/class/project.class.php';
}
$langs->load("trips");
// Security check
$id = GETPOST('id', 'int');
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'deplacement', $id, '');
$action = GETPOST('action', 'alpha');
$confirm = GETPOST('confirm', 'alpha');
$object = new Deplacement($db);
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('tripsandexpensescard', 'globalcard'));
$permissionnote = $user->rights->deplacement->creer;
// Used by the include of actions_setnotes.inc.php
/*
 * Actions
 */
include DOL_DOCUMENT_ROOT . '/core/actions_setnotes.inc.php';
// Must be include, not includ_once
if ($action == 'validate' && $user->rights->deplacement->creer) {
    $object->fetch($id);
    if ($object->statut == 0) {

$HEIGHT = DolGraph::getDefaultGraphSizeForStats('height');
$userid = GETPOST('userid', 'int');
$socid = GETPOST('socid', 'int');
if ($socid < 0) {
    $socid = 0;
}
$id = GETPOST('id', 'int');
// Security check
if ($user->societe_id > 0) {
    $action = '';
    $socid = $user->societe_id;
}
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'expensereport', $id, '');
$nowyear = strftime("%Y", dol_now());
$year = GETPOST('year') > 0 ? GETPOST('year') : $nowyear;
//$startyear=$year-2;
$startyear = $year - 1;
$endyear = $year;
$mode = GETPOST("mode") ? GETPOST("mode") : 'customer';
/*
 * View
 */
$form = new Form($db);
llxHeader();
$title = $langs->trans("TripsAndExpensesStatistics");
$dir = $conf->expensereport->dir_temp;
print load_fiche_titre($title, $mesg);
dol_mkdir($dir);

require_once DOL_DOCUMENT_ROOT . '/compta/salaries/class/paymentsalary.class.php';
require_once DOL_DOCUMENT_ROOT . '/compta/bank/class/account.class.php';
require_once DOL_DOCUMENT_ROOT . '/core/lib/salaries.lib.php';
$langs->load("compta");
$langs->load("banks");
$langs->load("bills");
$langs->load("users");
$langs->load("salaries");
$id = GETPOST("id", 'int');
$action = GETPOST('action');
// Security check
$socid = GETPOST("socid", "int");
if ($user->societe_id) {
    $socid = $user->societe_id;
}
$result = restrictedArea($user, 'salaries', '', '', '');
$object = new PaymentSalary($db);
// Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
$hookmanager->initHooks(array('salarycard', 'globalcard'));
/**
 * Actions
 */
if ($_POST["cancel"] == $langs->trans("Cancel")) {
    header("Location: index.php");
    exit;
}
if ($action == 'add' && $_POST["cancel"] != $langs->trans("Cancel")) {
    $error = 0;
    $datep = dol_mktime(12, 0, 0, $_POST["datepmonth"], $_POST["datepday"], $_POST["datepyear"]);
    $datev = dol_mktime(12, 0, 0, $_POST["datevmonth"], $_POST["datevday"], $_POST["datevyear"]);
    $datesp = dol_mktime(12, 0, 0, $_POST["datespmonth"], $_POST["datespday"], $_POST["datespyear"]);

$month = GETPOST("month");
// Nombre de ligne pour choix de produit/service predefinis
$NBLINES = 4;
// Security check
$module = 'propal';
$dbtable = '';
$objectid = '';
if (!empty($user->societe_id)) {
    $socid = $user->societe_id;
}
if (!empty($socid)) {
    $objectid = $socid;
    $module = 'societe';
    $dbtable = '&societe';
}
$result = restrictedArea($user, $module, $objectid, $dbtable);
if (GETPOST("button_removefilter") || GETPOST("button_removefilter_x")) {
    $search_categ = '';
    $search_user = '';
    $search_sale = '';
    $search_ref = '';
    $search_refcustomer = '';
    $search_societe = '';
    $search_montant_ht = '';
    $search_author = '';
    $search_product_category = '';
    $search_town = '';
    $year = '';
    $month = '';
    $viewstatut = '';
    $object_statut = '';