From 1988dbe83b1fc717e4a3ad55f03ee94856678445 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 13 Mar 2006 15:25:17 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?=
 =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?=
 =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?=
 =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/product.class.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/htdocs/product.class.php b/htdocs/product.class.php
index 1318594b5f0..904ac2cff5e 100644
--- a/htdocs/product.class.php
+++ b/htdocs/product.class.php
@@ -1027,9 +1027,14 @@ class Product
 	 
   function get_nb_vente($socid=0)
     {
+    	global $conf;
+    	global $user;
+    	
       $sql = "SELECT sum(d.qty), date_format(f.datef, '%Y%m') ";
       $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as d, ".MAIN_DB_PREFIX."facture as f";
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
       $sql .= " WHERE f.rowid = d.fk_facture and d.fk_product =".$this->id;
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
       if ($socid > 0)
 	{
 	  $sql .= " AND f.fk_soc = $socid";
@@ -1048,9 +1053,14 @@ class Product
 	 
   function get_num_vente($socid=0)
     {
+    	global $conf;
+    	global $user;
+    	
       $sql = "SELECT count(*), date_format(f.datef, '%Y%m') ";
       $sql .= " FROM ".MAIN_DB_PREFIX."facturedet as d, ".MAIN_DB_PREFIX."facture as f";
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
       $sql .= " WHERE f.rowid = d.fk_facture AND d.fk_product =".$this->id;
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
       if ($socid > 0)
 	{
 	  $sql .= " AND f.fk_soc = $socid";
@@ -1069,9 +1079,14 @@ class Product
 	 
   function get_num_propal($socid=0)
   {
+  	  global $conf;
+    	global $user;
+    	
       $sql = "SELECT count(*), date_format(p.datep, '%Y%m') ";
       $sql .= " FROM ".MAIN_DB_PREFIX."propaldet as d, ".MAIN_DB_PREFIX."propal as p";
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
       $sql .= " WHERE p.rowid = d.fk_propal and d.fk_product =".$this->id;
+      if (!$user->rights->commercial->client->voir && !$socid) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
       if ($socid > 0)
 	{
 	  $sql .= " AND p.fk_soc = $socid";