Modif s�curit� acc�s client

2004-07-29 14:04:05 +00:00 · 2004-07-29 14:04:05 +00:00 · 0e31046c07
commit 0e31046c07
parent 81a6799218
4 changed files with 90 additions and 44 deletions
--- a/htdocs/product.class.php
+++ b/htdocs/product.class.php
@ -286,11 +286,15 @@ class Product
   *
   *
   */
-  Function count_propale()
+  Function count_propale($socid=0)
    {
      $sql = "SELECT pd.fk_propal";
-      $sql .= " FROM ".MAIN_DB_PREFIX."propaldet as pd, ".MAIN_DB_PREFIX."product as p";
-      $sql .= " WHERE p.rowid = pd.fk_product AND p.rowid = ".$this->id;
+      $sql .= " FROM ".MAIN_DB_PREFIX."propaldet as pd, ".MAIN_DB_PREFIX."product as p, ".MAIN_DB_PREFIX."propal as pr";
+      $sql .= " WHERE pr.rowid = pd.fk_propal AND p.rowid = pd.fk_product AND p.rowid = ".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND pr.fk_soc = $socid";
+	}
      $sql .= " GROUP BY pd.fk_propal";

      $result = $this->db->query($sql) ;
@ -308,11 +312,15 @@ class Product
   *
   *
   */
-  Function count_propale_client()
+  Function count_propale_client($socid=0)
    {
      $sql = "SELECT pr.fk_soc";
      $sql .= " FROM ".MAIN_DB_PREFIX."propaldet as pd, ".MAIN_DB_PREFIX."product as p, ".MAIN_DB_PREFIX."propal as pr";
      $sql .= " WHERE p.rowid = pd.fk_product AND pd.fk_propal = pr.rowid AND p.rowid = ".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND pr.fk_soc = $socid";
+	}
      $sql .= " GROUP BY pr.fk_soc";

      $result = $this->db->query($sql) ;
@ -330,11 +338,16 @@ class Product
   *
   *
   */
-  Function count_facture()
+  Function count_facture($socid=0)
    {
      $sql = "SELECT pd.fk_facture";
      $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as pd, ".MAIN_DB_PREFIX."product as p";
-      $sql .= " WHERE p.rowid = pd.fk_product AND p.rowid = ".$this->id;
+      $sql .= ", ".MAIN_DB_PREFIX."facture as f";
+      $sql .= " WHERE f.rowid = pd.fk_facture AND p.rowid = pd.fk_product AND p.rowid = ".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND f.fk_soc = $socid";
+	}
      $sql .= " GROUP BY pd.fk_facture";

      $result = $this->db->query($sql) ;
@ -403,11 +416,15 @@ class Product
   *
   *
   */
-  Function get_nb_vente()
+  Function get_nb_vente($socid=0)
    {
      $sql = "SELECT sum(d.qty), date_format(f.datef, '%Y%m') ";
      $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as d, ".MAIN_DB_PREFIX."facture as f";
-      $sql .= " WHERE f.rowid = d.fk_facture and f.paye = 1 and d.fk_product =".$this->id;
+      $sql .= " WHERE f.rowid = d.fk_facture and d.fk_product =".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND f.fk_soc = $socid";
+	}
      $sql .= " GROUP BY date_format(f.datef,'%Y%m') DESC ;";

      return $this->_get_stats($sql);
@ -416,11 +433,15 @@ class Product
   *Renvoie le nombre de facture dans lesquelles figure le produit
   *
   */
-  Function get_num_vente()
+  Function get_num_vente($socid=0)
    {
      $sql = "SELECT count(*), date_format(f.datef, '%Y%m') ";
      $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as d, ".MAIN_DB_PREFIX."facture as f";
-      $sql .= " WHERE f.rowid = d.fk_facture and f.paye = 1 and d.fk_product =".$this->id;
+      $sql .= " WHERE f.rowid = d.fk_facture AND d.fk_product =".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND f.fk_soc = $socid";
+	}
      $sql .= " GROUP BY date_format(f.datef,'%Y%m') DESC ;";

      return $this->_get_stats($sql);
@ -429,11 +450,15 @@ class Product
   *Renvoie le nombre de proaple dans lesquelles figure le produit
   *
   */
-  Function get_num_propal()
-    {
+  Function get_num_propal($socid=0)
+  {
      $sql = "SELECT count(*), date_format(p.datep, '%Y%m') ";
      $sql .= " FROM ".MAIN_DB_PREFIX."propaldet as d, ".MAIN_DB_PREFIX."propal as p";
      $sql .= " WHERE p.rowid = d.fk_propal and d.fk_product =".$this->id;
+      if ($socid > 0)
+	{
+	  $sql .= " AND p.fk_soc = $socid";
+	}
      $sql .= " GROUP BY date_format(p.datep,'%Y%m') DESC ;";

      return $this->_get_stats($sql);
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@ -51,9 +51,9 @@ if ($_GET["id"])
      print '<td><a href="fiche.php?id='.$product->id.'">Statistiques</a></td></tr>';
      print "<tr><td>Libellé</td><td>$product->libelle</td>";
      print '<td valign="top" rowspan="2">';
-      print "Propositions commerciales : ".$product->count_propale();
-      print "<br>Proposé à <b>".$product->count_propale_client()."</b> clients";
-      print "<br>Factures : ".$product->count_facture();
+      print "Propositions commerciales : ".$product->count_propale($socid);
+      print "<br>Proposé à <b>".$product->count_propale_client($socid)."</b> clients";
+      print "<br>Factures : ".$product->count_facture($socid);
      print '</td></tr>';
      print '<tr><td>Prix de vente</td><td>'.price($product->price).'</td></tr>';
      print "</table>";
--- a/htdocs/product/stats/fiche.php
+++ b/htdocs/product/stats/fiche.php
@ -1,5 +1,5 @@
 <?PHP
-/* Copyright (C) 2001-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
 * Copyright (c) 2004      Laurent Destailleur  <eldy@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
@ -23,6 +23,17 @@
 require("./pre.inc.php");
 require("../../propal.class.php");

+if ($user->societe_id > 0)
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+else
+{
+  $socid = 0;
+}
+
+
 llxHeader();

 $mesg = '';
@ -48,31 +59,29 @@ if ($_GET["id"])
 	      $mesg = "Impossible de créer $dir !";
 	    }
 	}
-
-      $filenbpropal = $dir . "/propal12mois.png";
+      $img_propal_name = "propal12mois.png";
+      $filenbpropal = $dir . "/" . $img_propal_name;
      $filenbvente  = $dir . "/vente12mois.png";
      $filenbpiece  = $dir . "/vendu12mois.png";
        
-      if (! file_exists($filenbvente) or $_GET["action"] == 'recalcul')
-        {
+
+      $px = new BarGraph();
+      $mesg = $px->isGraphKo();
+      if (! $mesg)
+	{
+	  $graph_data = $product->get_num_vente($socid);
+	  $px->draw($filenbvente, $graph_data);
+	  
 	  $px = new BarGraph();
-	  $mesg = $px->isGraphKo();
-	  if (! $mesg)
-	    {
-	      $graph_data = $product->get_num_vente();
-	      $px->draw($filenbvente, $graph_data);
+	  $graph_data = $product->get_nb_vente($socid);
+	  $px->draw($filenbpiece, $graph_data);
+	  
+	  $px = new BarGraph();
+	  $graph_data = $product->get_num_propal($socid);
+	  $px->draw($filenbpropal, $graph_data);

-	      $px = new BarGraph();
-	      $graph_data = $product->get_nb_vente();
-	      $px->draw($filenbpiece, $graph_data);
-
-	      $px = new BarGraph();
-	      $graph_data = $product->get_num_propal();
-	      $px->draw($filenbpropal, $graph_data);
-
-	      $mesg = "Graphiques générés";
-	    }
-        }
+	  $mesg = "Graphiques générés";
+	}

      // Zone recherche
      print '<table border="0" width="100%" cellspacing="0" cellpadding="4">';
@ -100,9 +109,9 @@ if ($_GET["id"])
      print '<td>Statistiques</td></tr>';
      print "<tr><td>Libellé</td><td>$product->libelle</td>";
      print '<td valign="top" rowspan="2">';
-      print '<a href="propal.php?id='.$product->id.'">Propositions commerciales</a> : '.$product->count_propale();
-      print "<br>Proposé à <b>".$product->count_propale_client()."</b> clients";
-      print '<br><a href="facture.php?id='.$product->id.'">Factures</a> : '.$product->count_facture();
+      print '<a href="propal.php?id='.$product->id.'">Propositions commerciales</a> : '.$product->count_propale($socid);
+      print "<br>Proposé à <b>".$product->count_propale_client($socid)."</b> clients";
+      print '<br><a href="facture.php?id='.$product->id.'">Factures</a> : '.$product->count_facture($socid);
      print '</td></tr>';
      print '<tr><td>Prix actuel</td><td>'.price($product->price).'</td></tr>';
      print "</table>";
@ -142,7 +151,7 @@ if ($_GET["id"])
      print '<td align="center" width="50%" colspan="2">-</td></tr>';
      print '<tr><td align="center" colspan="2">';

-      print '<img src="'.DOL_URL_ROOT.'/document/produit/'.$product->id.'/propal12mois.png" alt="Propales sur les 12 derniers mois">';
+      print '<img src="'.DOL_URL_ROOT.'/document/produit/'.$product->id.'/'.$img_propal_name.'" alt="Propales sur les 12 derniers mois">';
      
      print '</td><td align="center" colspan="2">TODO AUTRE GRAPHIQUE';

--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@ -22,6 +22,12 @@

 require("./pre.inc.php");

+if ($user->societe_id > 0)
+{
+  $action = '';
+  $socid = $user->societe_id;
+}
+
 llxHeader();

 $mesg = '';
@ -45,9 +51,9 @@ if ($_GET["id"])
      print '<td><a href="fiche.php?id='.$product->id.'">Statistiques</a></td></tr>';
      print "<tr><td>Libellé</td><td>$product->libelle</td>";
      print '<td valign="top" rowspan="2">';
-      print "Propositions commerciales : ".$product->count_propale();
-      print "<br>Proposé à <b>".$product->count_propale_client()."</b> clients";
-      print "<br>Factures : ".$product->count_facture();
+      print "Propositions commerciales : ".$product->count_propale($socid);
+      print "<br>Proposé à <b>".$product->count_propale_client($socid)."</b> clients";
+      print "<br>Factures : ".$product->count_facture($socid);
      print '</td></tr>';
      print '<tr><td>Prix de vente</td><td>'.price($product->price).'</td></tr>';
      print "</table>";
@ -73,7 +79,13 @@ if ($_GET["id"])
      $sql = "SELECT distinct(p.rowid), s.nom,s.idp, p.ref,".$db->pdate("p.datep")." as df,p.rowid as facid";
      $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."propaldet as d WHERE p.fk_soc = s.idp";
      $sql .= " AND d.fk_propal = p.rowid AND d.fk_product =".$product->id;
-      $sql .= " ORDER BY $sortfield $sortorder ";
+ 
+      if ($socid)
+	{
+	  $sql .= " AND p.fk_soc = $socid";
+	}
+
+     $sql .= " ORDER BY $sortfield $sortorder ";
      $sql .= $db->plimit( $limit ,$offset);

      $result = $db->query($sql);