Ajout de la permission "consulter tous les clients" dans le module commercial, afin
qu'un commercial puisse voir que les clients qui lui sont affects.
This commit is contained in:
Regis Houssin
parent
c92ef745cf
commit
16d39809b9
@ -42,6 +42,33 @@ $user->getrights('contrat');
|
||||
if (!$user->rights->contrat->lire)
|
||||
accessforbidden();
|
||||
|
||||
// Sécurité accés client et commerciaux
|
||||
$contratid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socidp = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contratid)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, c.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
|
||||
$sql .= " WHERE c.rowid = ".$contratid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// les methodes locales
|
||||
/**
|
||||
@ -105,13 +132,6 @@ function select_type_contact($contrat, $defValue, $htmlname = 'type', $source)
|
||||
}
|
||||
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socidp = $user->societe_id;
|
||||
}
|
||||
|
||||
/*
|
||||
* Ajout d'un nouveau contact
|
||||
*/
|
||||
|
||||
@ -32,6 +32,36 @@ require_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
|
||||
|
||||
$langs->load("contracts");
|
||||
|
||||
$user->getrights('contrat');
|
||||
if (!$user->rights->contrat->lire)
|
||||
accessforbidden();
|
||||
|
||||
// Sécurité accés client et commerciaux
|
||||
$contratid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socidp = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contratid)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, c.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
|
||||
$sql .= " WHERE c.rowid = ".$contratid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
llxHeader();
|
||||
|
||||
|
||||
|
||||
@ -40,13 +40,32 @@ if (!$user->rights->contrat->lire)
|
||||
$langs->load("companies");
|
||||
$langs->load("contracts");
|
||||
|
||||
// Sécurité accés
|
||||
// Sécurité accés client et commerciaux
|
||||
$contratid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
unset($_GET["action"]);
|
||||
$socidp = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contratid)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, c.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
|
||||
$sql .= " WHERE c.rowid = ".$contratid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socidp;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
$contrat = new Contrat($db);
|
||||
$contrat->fetch($_GET["id"]);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user