lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: bug #16564 overview: Accs refus sur le module projet

Browse Source
This commit is contained in:
Laurent Destailleur 2006-05-13 00:52:13 +00:00
parent c42da94226
commit 0d8499ac0b
5 changed files with 66 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
htdocs/projet/commandes.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -40,9 +40,7 @@ $user->getrights('projet');
if (!$user->rights->projet->lire) accessforbidden();
/*
* Sécurité accés client
*/
// Sécurité accés client
$projetid='';
if ($_GET["id"]) { $projetid=$_GET["id"]; }
@ -56,16 +54,17 @@ if ($user->societe_id > 0)
// Protection restriction commercial
if ($projetid)
{
$sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
$sql .= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
$sql = "SELECT p.rowid, p.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
$sql.= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
@ -116,6 +115,8 @@ print '<tr><td>'.$langs->trans("Ref").'</td><td>'.$projet->ref.'</td></tr>';
print '<tr><td>'.$langs->trans("Label").'</td><td>'.$projet->title.'</td></tr>';
print '</table>';
print '</div>';
/*
* Barre d'action
*
@ -165,7 +166,6 @@ if (sizeof($commandes)>0 && is_array($commandes))
print "</table>";
}
print '</div>';
// Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent
print '<div class="tabsAction">';

30
htdocs/projet/facture.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -41,9 +41,7 @@ $user->getrights('projet');
if (!$user->rights->projet->lire) accessforbidden();
/*
* Sécurité accés client
*/
// Sécurité accés client
$projetid='';
if ($_GET["id"]) { $projetid=$_GET["id"]; }
@ -57,16 +55,17 @@ if ($user->societe_id > 0)
// Protection restriction commercial
if ($projetid)
{
$sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
$sql .= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
$sql = "SELECT p.rowid, p.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
$sql.= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
@ -117,6 +116,8 @@ print '<tr><td>'.$langs->trans("Ref").'</td><td>'.$projet->ref.'</td></tr>';
print '<tr><td>'.$langs->trans("Label").'</td><td>'.$projet->title.'</td></tr>';
print '</table>';
print '</div>';
/*
* Barre d'action
*
@ -164,7 +165,6 @@ if (sizeof($factures)>0 && is_array($factures))
print "</table>";
}
print '</div>';
// Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent
print '<div class="tabsAction">';

25
htdocs/projet/fiche.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -50,16 +50,17 @@ if ($user->societe_id > 0)
// Protection restriction commercial
if ($projetid)
{
$sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
$sql .= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
$sql = "SELECT p.rowid, p.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
$sql.= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
@ -148,7 +149,7 @@ if ($_GET["action"] == 'create' && $user->rights->projet->creer)
print '<tr><td>'.$langs->trans("Ref").'</td><td><input size="10" type="text" name="ref"></td></tr>';
print '<tr><td>'.$langs->trans("Label").'</td><td><input size="30" type="text" name="title"></td></tr>';
print '<tr><td colspan="2" align="center"><input type="submit" value="'.$langs->trans("Create").'"></td></tr>';
print '<tr><td colspan="2" align="center"><input type="submit" class="button" value="'.$langs->trans("Create").'"></td></tr>';
print '</table>';
print '</form>';

34
htdocs/projet/propal.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -41,9 +41,7 @@ $user->getrights('projet');
if (!$user->rights->projet->lire) accessforbidden();
/*
* Sécurité accés client
*/
// Sécurité accés client
$projetid='';
if ($_GET["id"]) { $projetid=$_GET["id"]; }
@ -57,16 +55,17 @@ if ($user->societe_id > 0)
// Protection restriction commercial
if ($projetid)
{
$sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
$sql .= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
$sql = "SELECT p.rowid, p.fk_soc";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
$sql.= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )
{
if ( $db->num_rows() == 0) accessforbidden();
}
}
@ -119,6 +118,8 @@ print '<tr><td>'.$langs->trans("Ref").'</td><td>'.$projet->ref.'</td></tr>';
print '<tr><td>'.$langs->trans("Label").'</td><td>'.$projet->title.'</td></tr>';
print '</table>';
print '</div>';
/*
* Barre d'action
*
@ -164,11 +165,6 @@ if (sizeof($propales)>0 && is_array($propales))
print '<td align="left">'.$langs->trans("Currency".$conf->monnaie).'</td></tr></table>';
}
print '</div>';
// Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent
print '<div class="tabsAction">';
print '</div>';
$db->close();

16
htdocs/projet/tasks/fiche.php
View File

@ -1,5 +1,6 @@
<?php
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
/* Copyright (C) 2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -17,14 +18,13 @@
*
* $Id$
* $Source$
*
*/
/**
\file htdocs/projet/tasks/fiche.php
\ingroup projet
\brief Fiche tâches d'un projet
\version $Revision$
\file htdocs/projet/tasks/fiche.php
\ingroup projet
\brief Fiche tâches d'un projet
\version $Revision$
*/
require("./pre.inc.php");
@ -49,10 +49,10 @@ if ($user->societe_id > 0)
// Protection restriction commercial
if ($projetid)
{
$sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
$sql = "SELECT p.rowid, p.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
$sql .= " WHERE p.rowid = ".$projetid;
if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if (!$user->rights->commercial->client->voir) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
if ($socidp) $sql .= " AND p.fk_soc = ".$socidp;
if ( $db->query($sql) )