From 403116898fab7ee3fa05b9c43693828d475cc359 Mon Sep 17 00:00:00 2001 From: bgenere Date: Mon, 21 May 2018 16:55:35 +0200 Subject: [PATCH 1/3] Fix cherry-pick From 9f2437fa0482534b1222e075da06717840606d79 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 20 Jun 2018 17:59:01 +0200 Subject: [PATCH 2/3] Fix missing field --- htdocs/fourn/class/fournisseur.product.class.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/htdocs/fourn/class/fournisseur.product.class.php b/htdocs/fourn/class/fournisseur.product.class.php index 74da470c04c..bd73699dd9c 100644 --- a/htdocs/fourn/class/fournisseur.product.class.php +++ b/htdocs/fourn/class/fournisseur.product.class.php @@ -392,8 +392,8 @@ class ProductFournisseur extends Product function fetch_product_fournisseur_price($rowid, $ignore_expression = 0) { global $conf; - $sql = "SELECT pfp.rowid, pfp.price, pfp.quantity, pfp.unitprice, pfp.remise_percent, pfp.remise, pfp.tva_tx, pfp.default_vat_code, pfp.fk_availability,"; - $sql.= " pfp.fk_soc, pfp.ref_fourn, pfp.fk_product, pfp.charges, pfp.unitcharges, pfp.fk_supplier_price_expression, pfp.delivery_time_days,"; // , pfp.recuperableonly as fourn_tva_npr"; FIXME this field not exist in llx_product_fournisseur_price + $sql = "SELECT pfp.rowid, pfp.price, pfp.quantity, pfp.unitprice, pfp.remise_percent, pfp.remise, pfp.tva_tx, pfp.default_vat_code, pfp.info_bits as fourn_tva_npr, pfp.fk_availability,"; + $sql.= " pfp.fk_soc, pfp.ref_fourn, pfp.fk_product, pfp.charges, pfp.unitcharges, pfp.fk_supplier_price_expression, pfp.delivery_time_days,"; $sql.= " pfp.supplier_reputation"; $sql.= " FROM ".MAIN_DB_PREFIX."product_fournisseur_price as pfp"; $sql.= " WHERE pfp.rowid = ".$rowid; @@ -420,8 +420,7 @@ class ProductFournisseur extends Product $this->fourn_unitprice = $obj->unitprice; $this->fourn_unitcharges = $obj->unitcharges; // deprecated $this->fourn_tva_tx = $obj->tva_tx; - // TODO - // $this->fourn_tva_npr = $obj->fourn_tva_npr; // TODO this field not exist in llx_product_fournisseur_price. We should add it ? + $this->fourn_tva_npr = $obj->fourn_tva_npr; // Add also localtaxes $this->fk_availability = $obj->fk_availability; $this->delivery_time_days = $obj->delivery_time_days; From 714057d435d6ef8e1fec80a54f73bd3c7077efc7 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 20 Jun 2018 21:31:37 +0200 Subject: [PATCH 3/3] Fix stats on project. Must use assignement on project as filter. --- htdocs/projet/class/projectstats.class.php | 161 ++++++++++++--------- 1 file changed, 93 insertions(+), 68 deletions(-) diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 5643533239f..f839d970be7 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -57,10 +57,15 @@ class ProjectStats extends Stats $sql = "SELECT"; $sql .= " SUM(t.opp_amount), t.fk_opp_status, cls.code, cls.label"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->socid) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->socid) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); + // For external user, no check is done on company permission because readability is managed by public status of project and assignement. + //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; $sql .= " AND t.fk_statut <> 0"; // We want historic also, so all projects not draft $sql .= " GROUP BY t.fk_opp_status, cls.code, cls.label"; @@ -78,22 +83,22 @@ class ProjectStats extends Stats $row = $this->db->fetch_row($resql); if ($i < $limit || $num == $limit) { - $label = (($langs->trans("OppStatus".$row[2]) != "OppStatus".$row[2]) ? $langs->trans("OppStatus".$row[2]) : $row[2]); + $label = (($langs->trans("OppStatus".$row[2]) != "OppStatus".$row[2]) ? $langs->trans("OppStatus".$row[2]) : $row[2]); $result[$i] = array( - $label. ' (' . price(price2num($row[0], 'MT'), 1, $langs, 1, -1, -1, $conf->currency) . ')', - $row[0] + $label. ' (' . price(price2num($row[0], 'MT'), 1, $langs, 1, -1, -1, $conf->currency) . ')', + $row[0] ); } else $other += $row[1]; - $i++; + $i++; } if ($num > $limit) $result[$i] = array ( - $langs->transnoentitiesnoconv("Other"), - $other + $langs->transnoentitiesnoconv("Other"), + $other ); - $this->db->free($resql); + $this->db->free($resql); } else { $this->error = "Error " . $this->db->lasterror(); dol_syslog(get_class($this) . '::' . __METHOD__ . ' ' . $this->error, LOG_ERR); @@ -119,9 +124,14 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb, SUM(t.opp_amount) as total, AVG(t.opp_amount) as avg,"; $sql.= " SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100) as weighted"; $sql.= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls ON cls.rowid = t.fk_opp_status"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql.= $this->buildWhere(); + // For external user, no check is done on company permission because readability is managed by public status of project and assignement. + //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql.= " GROUP BY year"; $sql.= $this->db->order('year', 'DESC'); @@ -136,35 +146,45 @@ class ProjectStats extends Stats */ public function buildWhere() { + global $user; + $sqlwhere_str = ''; $sqlwhere = array(); + // Get list of project id allowed to user (in a string list separated by coma) + $object = new Project($this->db); + $projectsListId=''; + if (! $user->rights->projet->all->lire) $projectsListId = $object->getProjectsAuthorizedForUser($user,0,1,$user->socid); + $sqlwhere[] = ' t.entity IN (' . getEntity('project') . ')'; if (! empty($this->userid)) $sqlwhere[] = ' t.fk_user_resp=' . $this->userid; - if (! empty($this->socid)) - $sqlwhere[] = ' t.fk_soc=' . $this->socid; - if (! empty($this->year) && empty($this->yearmonth)) - $sqlwhere[] = " date_format(t.datec,'%Y')='" . $this->db->escape($this->year) . "'"; - if (! empty($this->yearmonth)) - $sqlwhere[] = " t.datec BETWEEN '" . $this->db->idate(dol_get_first_day($this->yearmonth)) . "' AND '" . $this->db->idate(dol_get_last_day($this->yearmonth)) . "'"; + // Forced filter on socid is similar to forced filter on project. TODO Use project assignement to allow to not use filter on project + if (! empty($this->socid)) + $sqlwhere[] = ' t.fk_soc=' . $this->socid; + if (! empty($this->year) && empty($this->yearmonth)) + $sqlwhere[] = " date_format(t.datec,'%Y')='" . $this->db->escape($this->year) . "'"; + if (! empty($this->yearmonth)) + $sqlwhere[] = " t.datec BETWEEN '" . $this->db->idate(dol_get_first_day($this->yearmonth)) . "' AND '" . $this->db->idate(dol_get_last_day($this->yearmonth)) . "'"; - if (! empty($this->status)) - $sqlwhere[] = " t.fk_opp_status IN (" . $this->status . ")"; + if (! empty($this->status)) + $sqlwhere[] = " t.fk_opp_status IN (" . $this->status . ")"; - if (count($sqlwhere) > 0) { - $sqlwhere_str = ' WHERE ' . implode(' AND ', $sqlwhere); - } + if (! $user->rights->projet->all->lire) $sqlwhere[] = " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users - return $sqlwhere_str; + if (count($sqlwhere) > 0) { + $sqlwhere_str = ' WHERE ' . implode(' AND ', $sqlwhere); + } + + return $sqlwhere_str; } /** * Return Project number by month for a year * * @param int $year Year to scan - * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month + * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month * @return array Array of values */ function getNbByMonth($year, $format=0) @@ -175,8 +195,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -192,7 +213,7 @@ class ProjectStats extends Stats * Return the Project amount by month for a year * * @param int $year Year to scan - * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month + * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month * @return array Array with amount by month */ function getAmountByMonth($year, $format=0) @@ -203,8 +224,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -229,45 +251,45 @@ class ProjectStats extends Stats { global $conf,$user,$langs; - if ($startyear > $endyear) return -1; + if ($startyear > $endyear) return -1; - $datay=array(); + $datay=array(); - // Search into cache - if (! empty($cachedelay)) - { - include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; - include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php'; - } + // Search into cache + if (! empty($cachedelay)) + { + include_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php'; + include_once DOL_DOCUMENT_ROOT.'/core/lib/json.lib.php'; + } - $newpathofdestfile=$conf->user->dir_temp.'/'.get_class($this).'_'.__FUNCTION__.'_'.(empty($this->cachefilesuffix)?'':$this->cachefilesuffix.'_').$langs->defaultlang.'_user'.$user->id.'.cache'; - $newmask='0644'; + $newpathofdestfile=$conf->user->dir_temp.'/'.get_class($this).'_'.__FUNCTION__.'_'.(empty($this->cachefilesuffix)?'':$this->cachefilesuffix.'_').$langs->defaultlang.'_user'.$user->id.'.cache'; + $newmask='0644'; - $nowgmt = dol_now(); + $nowgmt = dol_now(); - $foundintocache=0; - if ($cachedelay > 0) - { - $filedate=dol_filemtime($newpathofdestfile); - if ($filedate >= ($nowgmt - $cachedelay)) - { - $foundintocache=1; + $foundintocache=0; + if ($cachedelay > 0) + { + $filedate=dol_filemtime($newpathofdestfile); + if ($filedate >= ($nowgmt - $cachedelay)) + { + $foundintocache=1; - $this->_lastfetchdate[get_class($this).'_'.__FUNCTION__]=$filedate; - } - else - { - dol_syslog(get_class($this).'::'.__FUNCTION__." cache file ".$newpathofdestfile." is not found or older than now - cachedelay (".$nowgmt." - ".$cachedelay.") so we can't use it."); - } - } + $this->_lastfetchdate[get_class($this).'_'.__FUNCTION__]=$filedate; + } + else + { + dol_syslog(get_class($this).'::'.__FUNCTION__." cache file ".$newpathofdestfile." is not found or older than now - cachedelay (".$nowgmt." - ".$cachedelay.") so we can't use it."); + } + } - // Load file into $data - if ($foundintocache) // Cache file found and is not too old - { - dol_syslog(get_class($this).'::'.__FUNCTION__." read data from cache file ".$newpathofdestfile." ".$filedate."."); - $data = json_decode(file_get_contents($newpathofdestfile), true); - } - else + // Load file into $data + if ($foundintocache) // Cache file found and is not too old + { + dol_syslog(get_class($this).'::'.__FUNCTION__." read data from cache file ".$newpathofdestfile." ".$filedate."."); + $data = json_decode(file_get_contents($newpathofdestfile), true); + } + else { $year=$startyear; while($year <= $endyear) @@ -326,8 +348,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX.'c_lead_status as cls ON t.fk_opp_status = cls.rowid'; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -424,7 +447,7 @@ class ProjectStats extends Stats * Return the Project transformation rate by month for a year * * @param int $year Year to scan - * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month + * @param int $format 0=Label of absiss is a translated text, 1=Label of absiss is month number, 2=Label of absiss is first letter of month * @return array Array with amount by month */ function getTransformRateByMonth($year, $format=0) @@ -435,8 +458,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -447,8 +471,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC');