From 012be8e4003f26e58930f0d2feef935d718971f2 Mon Sep 17 00:00:00 2001
From: gauthier <gauthier.verdol@atm-consulting.fr>
Date: Fri, 14 Oct 2016 12:42:42 +0200
Subject: [PATCH] NEW : security check to avoid adding a parent warehouse chich
 is already a child of current one

---
 htdocs/langs/en_US/main.lang                  |  1 +
 htdocs/product/stock/class/entrepot.class.php | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index fa9a4eec9e2..05a754eb317 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -62,6 +62,7 @@ ErrorCantLoadUserFromDolibarrDatabase=Failed to find user <b>%s</b> in Dolibarr
 ErrorNoVATRateDefinedForSellerCountry=Error, no vat rates defined for country '%s'.
 ErrorNoSocialContributionForSellerCountry=Error, no social/fiscal taxes type defined for country '%s'.
 ErrorFailedToSaveFile=Error, failed to save file.
+ErrorCannotAddThisParentWarehouse=You are trying to add a parent warehouse which is already a child of current one
 NotAuthorized=You are not authorized to do that.
 SetDate=Set date
 SelectDate=Select a date
diff --git a/htdocs/product/stock/class/entrepot.class.php b/htdocs/product/stock/class/entrepot.class.php
index 0132ec68fab..452d9a59b69 100644
--- a/htdocs/product/stock/class/entrepot.class.php
+++ b/htdocs/product/stock/class/entrepot.class.php
@@ -172,6 +172,16 @@ class Entrepot extends CommonObject
 	 */
 	function update($id, $user)
 	{
+		// Check if new parent is already a child of current warehouse
+		if(!empty($this->fk_parent)) {
+			$TChildWarehouses = array();
+			$TChildWarehouses = $this->get_children_warehouses($this->id, $TChildWarehouses);
+			if(in_array($this->fk_parent, $TChildWarehouses)) {
+				$this->error = 'ErrorCannotAddThisParentWarehouse';
+				return -2;
+			}
+		}
+		
 		$this->libelle=trim($this->libelle);
 		$this->description=trim($this->description);
 
@@ -634,5 +644,23 @@ class Entrepot extends CommonObject
 		 return implode(' >> ', array_reverse($TArbo));
 		
 	}
+	
+	function get_children_warehouses($id, &$TChildWarehouses) {
+		
+		$sql = 'SELECT rowid
+				FROM '.MAIN_DB_PREFIX.'entrepot
+				WHERE fk_parent = '.$id;
+		
+		$resql = $this->db->query($sql);
+		if($resql) {
+			while($res = $this->db->fetch_object($resql)) {
+				$TChildWarehouses[] = $res->rowid;
+				$this->get_children_warehouses($res->rowid, $TChildWarehouses);
+			}
+		}
+		
+		return $TChildWarehouses;
+		
+	}
 
 }