diff --git a/src/app/action/controllers/ActionMethodController.php b/src/app/action/controllers/ActionMethodController.php
index 19ae0dcb842c761e2a53a632f024dd46df09d73a..fb7c3977169d0b4dd27c69e8dcffa315e59769d7 100644
--- a/src/app/action/controllers/ActionMethodController.php
+++ b/src/app/action/controllers/ActionMethodController.php
@@ -84,7 +84,7 @@ class ActionMethodController
ValidatorModel::notEmpty($aArgs, ['resId']);
ValidatorModel::intVal($aArgs, ['resId']);
- ResModel::updateExt(['set' => ['closing_date' => 'CURRENT_TIMESTAMP'], 'where' => ['res_id = ?'], 'data' => [$aArgs['resId']]]);
+ ResModel::updateExt(['set' => ['closing_date' => 'CURRENT_TIMESTAMP'], 'where' => ['res_id = ?', 'closing_date is null'], 'data' => [$aArgs['resId']]]);
if (CurlModel::isEnabled(['curlCallId' => 'closeResource'])) {
$bodyData = [];
@@ -165,7 +165,7 @@ class ActionMethodController
ValidatorModel::notEmpty($aArgs, ['resId']);
ValidatorModel::intVal($aArgs, ['resId']);
- ResModel::update(['set' => ['departure_date' => 'CURRENT_TIMESTAMP'], 'where' => ['res_id = ?', 'departure_date is null'], 'data' => [$aArgs['resId']]]);
+ ResModel::update(['set' => ['departure_date' => 'CURRENT_TIMESTAMP'], 'where' => ['res_id = ?', 'departure_date is null'], 'data' => [$aArgs['resId']]]);
return true;
}
diff --git a/src/app/note/controllers/NoteController.php b/src/app/note/controllers/NoteController.php
index 787b84d95a52a5c5c414ea4b91c668277b956fda..861e991a00a8ea117948f37a2f861659ae29b145 100755
--- a/src/app/note/controllers/NoteController.php
+++ b/src/app/note/controllers/NoteController.php
@@ -31,9 +31,13 @@ class NoteController
{
public function getByResId(Request $request, Response $response, array $aArgs)
{
- $check = Validator::intVal()->validate($aArgs['resId']);
+ $check = Validator::intVal()->notEmpty()->validate($aArgs['resId']);
if (!$check) {
- return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
+ return $response->withStatus(400)->withJson(['errors' => 'resId is empty or not an integer']);
+ }
+
+ if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
$aNotes = NoteModel::getByResId(['select' => ['notes.id', 'firstname', 'lastname', 'entity_label', 'note_text', 'creation_date'], 'resId' => $aArgs['resId'], 'orderBy' => ['creation_date DESC']]);
@@ -47,12 +51,16 @@ class NoteController
$check = Validator::stringType()->notEmpty()->validate($data['note_text']);
if (!$check) {
- return $response->withStatus(400)->withJson(['errors' => 'Bad Request note text']);
+ return $response->withStatus(400)->withJson(['errors' => 'note_text is empty or not a string']);
+ }
+
+ if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
if (isset($data['entities_chosen'])) {
if (!Validator::arrayType()->validate($data['entities_chosen'])) {
- return $response->withStatus(400)->withJson(['errors' => 'Bad Request entities chosen']);
+ return $response->withStatus(400)->withJson(['errors' => 'entities_chosen is not an array']);
}
foreach ($data['entities_chosen'] as $entityId) {
if ($entityId == null) {
@@ -66,10 +74,6 @@ class NoteController
}
}
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
- return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
- }
-
$noteId = NoteModel::create([
'resId' => $aArgs['resId'],
'login' => $GLOBALS['userId'],
diff --git a/src/app/note/models/NoteModel.php b/src/app/note/models/NoteModel.php
index 10bbc60a7904b4ccc42758e53d513f2da038b7d9..39432bf0f8baf80ada27cebdcf67480bf910c14c 100755
--- a/src/app/note/models/NoteModel.php
+++ b/src/app/note/models/NoteModel.php
@@ -135,7 +135,7 @@ class NoteModel
'select' => empty($aArgs['select']) ? ['*'] : $aArgs['select'],
'table' => ['notes', 'users', 'users_entities', 'entities'],
'left_join' => ['notes.user_id = users.user_id', 'users.user_id = users_entities.user_id', 'users_entities.entity_id = entities.entity_id'],
- 'where' => ['notes.identifier = ?', 'users_entities.primary_entity=\'Y\''],
+ 'where' => ['notes.identifier = ?', '(users_entities.primary_entity=\'Y\' or notes.user_id = \'superadmin\')'],
'data' => [$aArgs['resId']],
'order_by' => empty($aArgs['orderBy']) ? ['creation_date'] : $aArgs['orderBy']
]);
@@ -169,5 +169,4 @@ class NoteModel
return $aReturn;
}
-
-}
\ No newline at end of file
+}
diff --git a/src/frontend/lang/lang-fr.ts b/src/frontend/lang/lang-fr.ts
index 0cd26d929f0e4d2f1959ed3e8ec36e33638a1823..19c5b44ceebfcec18490c561855f9d01acc52ebd 100755
--- a/src/frontend/lang/lang-fr.ts
+++ b/src/frontend/lang/lang-fr.ts
@@ -879,11 +879,11 @@ export const LANG_FR = {
"addNote" : "Ajouter une annotation",
"makeActionOn" : "Voulez-vous effectuer cette action sur",
"tooMuchDatas" : "Trop de données à exporter",
- "warnTooMuchSelect" : "seul les 500 premiers éléments seront pris en compte si une action est lancé",
+ "warnTooMuchSelect" : "seul les 500 premiers éléments seront pris en compte si une action est lancée",
"elements" : "élément(s)",
"done" : "effectuée",
"noAction" : "Aucune action",
- "warnLockRes" : "courrier(s) verrouillé(s) par un autre utilisateur.\n\nL\'action prendra en compte UNIQUEMENT les courriers NON verouillés",
+ "warnLockRes" : "courrier(s) verrouillé(s) par un autre utilisateur.\n\nL\'action prendra en compte UNIQUEMENT les courriers NON verrouillés",
"paperTemplate" : "Modèle papier",
"electronicTemplate" : "Modèle électronique",
"updateClosingDate" : "Cela actualisera la <b class=\"highlight\">date de clôture</b> des courriers.",