From 1afd1b6283b51c64cc38255a231a295964622e09 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Wed, 8 Mar 2006 15:04:37 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?=
 =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?=
 =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?=
 =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/comm/propal.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php
index e0c70631378..bbe2983c521 100644
--- a/htdocs/comm/propal.php
+++ b/htdocs/comm/propal.php
@@ -1235,10 +1235,16 @@ else
   $pagenext = $page + 1;
 
   $sql = 'SELECT s.nom, s.idp, s.client, p.rowid as propalid, p.price, p.ref, p.fk_statut, '.$db->pdate('p.datep').' as dp,'.$db->pdate('p.fin_validite').' as dfv';
+  if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
   $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'propal as p';
+  if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
   if ($sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'propaldet as pd ON p.rowid=pd.fk_propal';
   $sql.= ' WHERE p.fk_soc = s.idp';
-
+  
+  if (!$user->rights->commercial->client->voir) //restriction
+    {
+	    $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+    }
   if (!empty($_GET['search_ref']))
     {
       $sql .= " AND p.ref LIKE '%".addslashes($_GET['search_ref'])."%'";