From 19a5f266a3a4052340bd5f16c65bb68f82a845e1 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 13 Mar 2006 18:15:45 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/societe/commerciaux.php | 25 +++++++++++++++++++++---- htdocs/societe/lien.php | 22 ++++++++++++++++++++++ htdocs/societe/rib.php | 25 +++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 4 deletions(-) diff --git a/htdocs/societe/commerciaux.php b/htdocs/societe/commerciaux.php index 6da75f28811..4f7cd4a07b2 100644 --- a/htdocs/societe/commerciaux.php +++ b/htdocs/societe/commerciaux.php @@ -37,16 +37,33 @@ $langs->load("customers"); $langs->load("suppliers"); $langs->load("banks"); -/* - * Sécurité accés client - */ - +if ( !$user->rights->societe->creer) + accessforbidden(); + +$socid = isset($_GET["socid"])?$_GET["socid"]:''; +if (!$socid) accessforbidden(); + + +// Sécurité accés client if ($user->societe_id > 0) { $action = ''; $socid = $user->societe_id; } +// Protection restriction commercial +if (!$user->rights->commercial->client->voir && $socid) +{ + $sql = "SELECT sc.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } +} + if($_GET["socid"] && $_GET["commid"]) { if ($user->rights->societe->creer) diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php index 188ecca766f..aa42425d6b1 100644 --- a/htdocs/societe/lien.php +++ b/htdocs/societe/lien.php @@ -36,6 +36,15 @@ $langs->load("customers"); $langs->load("suppliers"); $langs->load("banks"); +$user->getrights('societe'); +$user->getrights('commercial'); + +if ( !$user->rights->societe->creer) + accessforbidden(); + +$socid = isset($_GET["socid"])?$_GET["socid"]:''; +if (!$socid) accessforbidden(); + // Sécurité accés client if ($user->societe_id > 0) { @@ -43,6 +52,19 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } +// Protection restriction commercial +if (!$user->rights->commercial->client->voir && $socid) +{ + $sql = "SELECT sc.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } +} + /* * Actions diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php index 45412cdd1ba..46ada883a1d 100644 --- a/htdocs/societe/rib.php +++ b/htdocs/societe/rib.php @@ -35,10 +35,35 @@ $langs->load("companies"); $langs->load("banks"); $user->getrights('societe'); +$user->getrights('commercial'); if ( !$user->rights->societe->creer) accessforbidden(); +$socid = isset($_GET["socid"])?$_GET["socid"]:''; +if (!$socid) accessforbidden(); + + +// Sécurité accés client +if ($user->societe_id > 0) +{ + $action = ''; + $socid = $user->societe_id; +} + +// Protection restriction commercial +if (!$user->rights->commercial->client->voir && $socid) +{ + $sql = "SELECT sc.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } +} + llxHeader();