Ajout de la permission "consulter tous les clients" dans le module commercial, afin
qu'un commercial puisse voir que les clients qui lui sont affects.
This commit is contained in:
Regis Houssin
parent
2b4c5a37bb
commit
19a5f266a3
@ -37,16 +37,33 @@ $langs->load("customers");
|
||||
$langs->load("suppliers");
|
||||
$langs->load("banks");
|
||||
|
||||
/*
|
||||
* Sécurité accés client
|
||||
*/
|
||||
|
||||
if ( !$user->rights->societe->creer)
|
||||
accessforbidden();
|
||||
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if (!$socid) accessforbidden();
|
||||
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid)
|
||||
{
|
||||
$sql = "SELECT sc.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
if($_GET["socid"] && $_GET["commid"])
|
||||
{
|
||||
if ($user->rights->societe->creer)
|
||||
|
||||
@ -36,6 +36,15 @@ $langs->load("customers");
|
||||
$langs->load("suppliers");
|
||||
$langs->load("banks");
|
||||
|
||||
$user->getrights('societe');
|
||||
$user->getrights('commercial');
|
||||
|
||||
if ( !$user->rights->societe->creer)
|
||||
accessforbidden();
|
||||
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if (!$socid) accessforbidden();
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
@ -43,6 +52,19 @@ if ($user->societe_id > 0)
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid)
|
||||
{
|
||||
$sql = "SELECT sc.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@ -35,10 +35,35 @@ $langs->load("companies");
|
||||
$langs->load("banks");
|
||||
|
||||
$user->getrights('societe');
|
||||
$user->getrights('commercial');
|
||||
|
||||
if ( !$user->rights->societe->creer)
|
||||
accessforbidden();
|
||||
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
if (!$socid) accessforbidden();
|
||||
|
||||
|
||||
// Sécurité accés client
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if (!$user->rights->commercial->client->voir && $socid)
|
||||
{
|
||||
$sql = "SELECT sc.rowid";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
llxHeader();
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user