diff --git a/htdocs/projet/commandes.php b/htdocs/projet/commandes.php index 29a1fa94543..225f3b0d9ac 100644 --- a/htdocs/projet/commandes.php +++ b/htdocs/projet/commandes.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,9 +40,7 @@ $user->getrights('projet'); if (!$user->rights->projet->lire) accessforbidden(); -/* - * Sécurité accés client - */ +// Sécurité accés client $projetid=''; if ($_GET["id"]) { $projetid=$_GET["id"]; } @@ -56,16 +54,17 @@ if ($user->societe_id > 0) // Protection restriction commercial if ($projetid) { - $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; - if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } + $sql = "SELECT p.rowid, p.fk_soc"; + $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; + if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc "; + $sql.= " WHERE p.rowid = ".$projetid; + if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } } @@ -116,6 +115,8 @@ print ''.$langs->trans("Ref").''.$projet->ref.''; print ''.$langs->trans("Label").''.$projet->title.''; print ''; +print ''; + /* * Barre d'action * @@ -165,7 +166,6 @@ if (sizeof($commandes)>0 && is_array($commandes)) print ""; } -print ''; // Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent print '
'; diff --git a/htdocs/projet/facture.php b/htdocs/projet/facture.php index 521c0127a9f..de7b468a657 100644 --- a/htdocs/projet/facture.php +++ b/htdocs/projet/facture.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,9 +41,7 @@ $user->getrights('projet'); if (!$user->rights->projet->lire) accessforbidden(); -/* - * Sécurité accés client - */ +// Sécurité accés client $projetid=''; if ($_GET["id"]) { $projetid=$_GET["id"]; } @@ -57,16 +55,17 @@ if ($user->societe_id > 0) // Protection restriction commercial if ($projetid) { - $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; - if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } + $sql = "SELECT p.rowid, p.fk_soc"; + $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; + if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc "; + $sql.= " WHERE p.rowid = ".$projetid; + if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } } @@ -117,6 +116,8 @@ print ''.$langs->trans("Ref").''.$projet->ref.''; print ''.$langs->trans("Label").''.$projet->title.''; print ''; +print '
'; + /* * Barre d'action * @@ -164,7 +165,6 @@ if (sizeof($factures)>0 && is_array($factures)) print ""; } -print ''; // Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent print '
'; diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php index d72089e50b0..44c64d5f8da 100644 --- a/htdocs/projet/fiche.php +++ b/htdocs/projet/fiche.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,16 +50,17 @@ if ($user->societe_id > 0) // Protection restriction commercial if ($projetid) { - $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; - if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } + $sql = "SELECT p.rowid, p.fk_soc"; + $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; + if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc "; + $sql.= " WHERE p.rowid = ".$projetid; + if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } } @@ -148,7 +149,7 @@ if ($_GET["action"] == 'create' && $user->rights->projet->creer) print ''.$langs->trans("Ref").''; print ''.$langs->trans("Label").''; - print ''; + print ''; print ''; print ''; diff --git a/htdocs/projet/propal.php b/htdocs/projet/propal.php index eb602e023b2..f41a8e0bd2a 100644 --- a/htdocs/projet/propal.php +++ b/htdocs/projet/propal.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,9 +41,7 @@ $user->getrights('projet'); if (!$user->rights->projet->lire) accessforbidden(); -/* - * Sécurité accés client - */ +// Sécurité accés client $projetid=''; if ($_GET["id"]) { $projetid=$_GET["id"]; } @@ -57,16 +55,17 @@ if ($user->societe_id > 0) // Protection restriction commercial if ($projetid) { - $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p"; - $sql .= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; - if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } + $sql = "SELECT p.rowid, p.fk_soc"; + $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; + if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc "; + $sql.= " WHERE p.rowid = ".$projetid; + if (!$user->rights->commercial->client->voir) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".$user->id; + if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } } @@ -119,6 +118,8 @@ print ''.$langs->trans("Ref").''.$projet->ref.''; print ''.$langs->trans("Label").''.$projet->title.''; print ''; +print '
'; + /* * Barre d'action * @@ -164,11 +165,6 @@ if (sizeof($propales)>0 && is_array($propales)) print ''.$langs->trans("Currency".$conf->monnaie).''; } -print ''; - -// Juste pour éviter bug IE qui réorganise mal div précédents si celui-ci absent -print '
'; -print '
'; $db->close(); diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php index 6909c70634b..8b79a6b189f 100644 --- a/htdocs/projet/tasks/fiche.php +++ b/htdocs/projet/tasks/fiche.php @@ -1,5 +1,6 @@ +/* Copyright (C) 2005 Rodolphe Quiedeville + * Copyright (C) 2004-2006 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,14 +18,13 @@ * * $Id$ * $Source$ - * */ /** - \file htdocs/projet/tasks/fiche.php - \ingroup projet - \brief Fiche tâches d'un projet - \version $Revision$ + \file htdocs/projet/tasks/fiche.php + \ingroup projet + \brief Fiche tâches d'un projet + \version $Revision$ */ require("./pre.inc.php"); @@ -49,10 +49,10 @@ if ($user->societe_id > 0) // Protection restriction commercial if ($projetid) { - $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc"; + $sql = "SELECT p.rowid, p.fk_soc"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p"; $sql .= " WHERE p.rowid = ".$projetid; - if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; + if (!$user->rights->commercial->client->voir) $sql .= " AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id; if ($socidp) $sql .= " AND p.fk_soc = ".$socidp; if ( $db->query($sql) )