Fix: missing entity field in contract
Fix: multicompany compatibility
This commit is contained in:
Regis Houssin
parent
3b2159b34d
commit
1b350fafd1
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2002-2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2010 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2010 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -58,7 +58,7 @@ $sortfield="f.datef";
|
||||
|
||||
|
||||
// Create predefined invoice
|
||||
if ($_POST["action"] == 'add')
|
||||
if ($action == 'add')
|
||||
{
|
||||
$facturerec = new FactureRec($db);
|
||||
$facturerec->titre = $_POST["titre"];
|
||||
@ -71,17 +71,16 @@ if ($_POST["action"] == 'add')
|
||||
}
|
||||
else
|
||||
{
|
||||
$_GET["action"] = "create";
|
||||
$_GET["facid"] = $_POST["facid"];
|
||||
$action = "create";
|
||||
$mesg = '<div class="error">'.$facturerec->error.'</div>';
|
||||
}
|
||||
}
|
||||
|
||||
// Suppression
|
||||
if ($_REQUEST["action"] == 'delete' && $user->rights->facture->supprimer)
|
||||
if ($action == 'delete' && $user->rights->facture->supprimer)
|
||||
{
|
||||
$facrec = new FactureRec($db);
|
||||
$facrec->fetch(GETPOST('facid','int'));
|
||||
$facrec->fetch($facid);
|
||||
$facrec->delete();
|
||||
$facid = 0 ;
|
||||
}
|
||||
@ -99,7 +98,7 @@ $form = new Form($db);
|
||||
/*
|
||||
* Create mode
|
||||
*/
|
||||
if ($_GET["action"] == 'create')
|
||||
if ($action == 'create')
|
||||
{
|
||||
print_fiche_titre($langs->trans("CreateRepeatableInvoice"));
|
||||
|
||||
@ -108,7 +107,7 @@ if ($_GET["action"] == 'create')
|
||||
$facture = new Facture($db); // Source invoice
|
||||
$product_static=new Product($db);
|
||||
|
||||
if ($facture->fetch($_GET["facid"]) > 0)
|
||||
if ($facture->fetch($facid) > 0)
|
||||
{
|
||||
print '<form action="fiche-rec.php" method="post">';
|
||||
print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
|
||||
|
||||
@ -324,7 +324,11 @@ class Contrat extends CommonObject
|
||||
$sql.= " fk_commercial_signature, fk_commercial_suivi,";
|
||||
$sql.= " note as note_private, note_public, extraparams";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."contrat";
|
||||
if ($ref) $sql.= " WHERE ref='".$ref."'";
|
||||
if ($ref)
|
||||
{
|
||||
$sql.= " WHERE ref='".$ref."'";
|
||||
$sql.= " AND entity IN (".getEntity('contract').")";
|
||||
}
|
||||
else $sql.= " WHERE rowid=".$id;
|
||||
|
||||
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
|
||||
@ -624,13 +628,14 @@ class Contrat extends CommonObject
|
||||
// Insert contract
|
||||
$sql = "INSERT INTO ".MAIN_DB_PREFIX."contrat (datec, fk_soc, fk_user_author, date_contrat,";
|
||||
$sql.= " fk_commercial_signature, fk_commercial_suivi, fk_projet,";
|
||||
$sql.= " ref)";
|
||||
$sql.= " ref, entity)";
|
||||
$sql.= " VALUES (".$this->db->idate($now).",".$this->socid.",".$user->id;
|
||||
$sql.= ",".$this->db->idate($this->date_contrat);
|
||||
$sql.= ",".($this->commercial_signature_id>0?$this->commercial_signature_id:"NULL");
|
||||
$sql.= ",".($this->commercial_suivi_id>0?$this->commercial_suivi_id:"NULL");
|
||||
$sql.= ",".($this->fk_projet>0?$this->fk_projet:"NULL");
|
||||
$sql .= ", " . (dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
|
||||
$sql.= ", ".(dol_strlen($this->ref)<=0 ? "null" : "'".$this->ref."'");
|
||||
$sql.= ", ".$conf->entity;
|
||||
$sql.= ")";
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -38,9 +38,9 @@ $statut=isset($_GET["statut"])?$_GET["statut"]:1;
|
||||
|
||||
// Security check
|
||||
$socid=0;
|
||||
$contratid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
$id = GETPOST('id','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
$result = restrictedArea($user, 'contrat',$contratid,'');
|
||||
$result = restrictedArea($user, 'contrat',$id,'');
|
||||
|
||||
$staticcompany=new Societe($db);
|
||||
$staticcontrat=new Contrat($db);
|
||||
@ -104,7 +104,7 @@ $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
|
||||
$sql.= " AND (cd.statut != 4 OR (cd.statut = 4 AND (cd.date_fin_validite is null or cd.date_fin_validite >= '".$db->idate($now)."')))";
|
||||
$sql.= " AND c.entity = ".$conf->entity;
|
||||
$sql.= " AND c.entity IN (".getEntity('contract').")";
|
||||
if ($user->societe_id) $sql.=' AND c.fk_soc = '.$user->societe_id;
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
$sql.= " GROUP BY cd.statut";
|
||||
@ -141,7 +141,7 @@ $sql.= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
|
||||
$sql.= " AND (cd.statut = 4 AND cd.date_fin_validite < '".$db->idate($now)."')";
|
||||
$sql.= " AND c.entity = ".$conf->entity;
|
||||
$sql.= " AND c.entity IN (".getEntity('contract').")";
|
||||
if ($user->societe_id) $sql.=' AND c.fk_soc = '.$user->societe_id;
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
$sql.= " GROUP BY cd.statut";
|
||||
@ -230,7 +230,7 @@ if ($conf->contrat->enabled && $user->rights->contrat->lire)
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE s.rowid = c.fk_soc";
|
||||
$sql.= " AND c.entity = ".$conf->entity;
|
||||
$sql.= " AND c.entity IN (".getEntity('contract').")";
|
||||
$sql.= " AND c.statut = 0";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.fk_soc = ".$socid;
|
||||
@ -301,7 +301,7 @@ if (!$user->rights->societe->client->voir && !$socid) $sql.= " ".MAIN_DB_PREFIX.
|
||||
$sql.= " ".MAIN_DB_PREFIX."contrat as c";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
|
||||
$sql.= " WHERE c.fk_soc = s.rowid";
|
||||
$sql.= " AND c.entity = ".$conf->entity;
|
||||
$sql.= " AND c.entity IN (".getEntity('contract').")";
|
||||
$sql.= " AND c.statut > 0";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
@ -373,7 +373,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
|
||||
$sql.= ") LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
|
||||
$sql.= " WHERE c.entity = ".$conf->entity;
|
||||
$sql.= " WHERE c.entity IN (".getEntity('contract').")";
|
||||
$sql.= " AND cd.fk_contrat = c.rowid";
|
||||
$sql.= " AND c.fk_soc = s.rowid";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
@ -451,7 +451,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
|
||||
$sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
|
||||
$sql.= " WHERE c.entity = ".$conf->entity;
|
||||
$sql.= " WHERE c.entity IN (".getEntity('contract').")";
|
||||
$sql.= " AND c.statut = 1";
|
||||
$sql.= " AND cd.statut = 0";
|
||||
$sql.= " AND cd.fk_contrat = c.rowid";
|
||||
@ -530,7 +530,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ", ".MAIN_DB_PREFIX."contratdet as cd";
|
||||
$sql.= " ) LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
|
||||
$sql.= " WHERE c.entity = ".$conf->entity;
|
||||
$sql.= " WHERE c.entity IN (".getEntity('contract').")";
|
||||
$sql.= " AND c.statut = 1";
|
||||
$sql.= " AND cd.statut = 4";
|
||||
$sql.= " AND cd.date_fin_validite < '".$db->idate($now)."'";
|
||||
|
||||
@ -377,6 +377,13 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature
|
||||
$tmparray=explode(',',$tmps);
|
||||
if (! in_array($objectid,$tmparray)) accessforbidden();
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "SELECT dbt.".$dbt_select;
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
|
||||
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
}
|
||||
else if (! in_array($feature,$nocheck)) // By default we check with link to third party
|
||||
{
|
||||
|
||||
@ -240,8 +240,12 @@ class Project extends CommonObject
|
||||
$sql = "SELECT rowid, ref, title, description, public, datec";
|
||||
$sql.= ", tms, dateo, datee, fk_soc, fk_user_creat, fk_statut, note_private, note_public";
|
||||
$sql.= " FROM " . MAIN_DB_PREFIX . "projet";
|
||||
if ($ref) $sql.= " WHERE ref='" . $ref . "'";
|
||||
else $sql.= " WHERE rowid=" . $id;
|
||||
if ($ref)
|
||||
{
|
||||
$sql.= " WHERE ref='".$ref."'";
|
||||
$sql.= " AND entity IN (".getEntity('project').")";
|
||||
}
|
||||
else $sql.= " WHERE rowid=".$id;
|
||||
|
||||
dol_syslog(get_class($this)."::fetch sql=" . $sql, LOG_DEBUG);
|
||||
$resql = $this->db->query($sql);
|
||||
@ -813,8 +817,6 @@ class Project extends CommonObject
|
||||
*/
|
||||
function getProjectsAuthorizedForUser($user, $mode=0, $list=0, $socid=0)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
$projects = array();
|
||||
$temp = array();
|
||||
|
||||
@ -825,7 +827,7 @@ class Project extends CommonObject
|
||||
$sql.= ", " . MAIN_DB_PREFIX . "element_contact as ec";
|
||||
$sql.= ", " . MAIN_DB_PREFIX . "c_type_contact as ctc";
|
||||
}
|
||||
$sql.= " WHERE p.entity = " . $conf->entity;
|
||||
$sql.= " WHERE p.entity IN (".getEntity('project').")";
|
||||
// Internal users must see project he is contact to even if project linked to a third party he can't see.
|
||||
//if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
|
||||
if ($socid > 0) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = " . $socid . ")";
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2011 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
||||
Loading…
Reference in New Issue
Block a user