From 17bab0885c2f8894222b9c865ee5c8b74099c791 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 15:55:12 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/expedition/index.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index f593011a9de..1b20294e44e 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,12 +51,18 @@ print "
\n"; * Expeditions à valider */ $sql = "SELECT e.rowid, e.ref, s.nom, s.idp, c.ref as commande_ref, c.rowid as commande_id"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."expedition as e, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE e.fk_commande = c.rowid AND c.fk_soc = s.idp AND e.fk_statut = 0"; if ($socidp) { $sql .= " AND c.fk_soc = $socidp"; } +if (!$user->rights->commercial->client->voir) //restriction +{ + $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +} $resql=$db->query($sql); if ($resql) { @@ -85,8 +92,11 @@ if ($resql) * Commandes à traiter */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.idp AND c.fk_statut = 1"; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid ASC"; if ( $db->query($sql) ) @@ -124,8 +134,12 @@ print ''; /* * Commandes en traitement */ -$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +$sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 2"; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $resql = $db->query($sql); if ( $resql ) { @@ -157,8 +171,11 @@ if ( $resql ) * Expeditions à valider */ $sql = "SELECT e.rowid, e.ref, s.nom, s.idp, c.ref as commande_ref, c.rowid as commande_id"; -$sql.= " FROM ".MAIN_DB_PREFIX."expedition as e, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; -$sql.= " WHERE e.fk_commande = c.rowid AND c.fk_soc = s.idp AND e.fk_statut = 1"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .= " FROM ".MAIN_DB_PREFIX."expedition as e, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql .= " WHERE e.fk_commande = c.rowid AND c.fk_soc = s.idp AND e.fk_statut = 1"; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY e.date_expedition DESC"; $sql .= $db->plimit(5, 0);