lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: forged select for stats where wrong when filtering on a thirdparty

Browse Source
This commit is contained in:
Laurent Destailleur 2013-07-18 15:25:25 +02:00
parent 36b8527bf3
commit 1b70ecdb26
3 changed files with 63 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
htdocs/comm/propal/class/propalestats.class.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (c) 2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (c) 2005-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (c) 2011 Juanjo Menent <jmenent@2byte.es>
*
@ -30,8 +30,7 @@ include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
/**
* \class PropaleStats
* \brief Classe permettant la gestion des stats des propales
* Class to manage proposal statistics
*/
class PropaleStats extends Stats
{
@ -49,7 +48,7 @@ class PropaleStats extends Stats
* Constructor
*
* @param DoliDB $db Database handler
* @param int $socid Id third party
* @param int $socid Id third party for filter
* @param int $userid Id user for filter (creation user)
*/
function __construct($db, $socid=0, $userid=0)
@ -63,16 +62,17 @@ class PropaleStats extends Stats
$object=new Propal($this->db);
$this->from = MAIN_DB_PREFIX.$object->table_element." as p";
$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
$this->field='total_ht';
$this->where.= " p.fk_statut > 0";
$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->societe_id) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
//$this->where.= " AND p.fk_soc = s.rowid AND p.entity = ".$conf->entity;
$this->where.= " AND p.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if($this->socid)
{
$this->where .= " AND p.fk_soc = ".$this->socid;
$this->where.=" AND p.fk_soc = ".$this->socid;
}
if ($this->userid > 0) $this->where.=' AND fk_user_author = '.$this->userid;
}
@ -81,14 +81,14 @@ class PropaleStats extends Stats
/**
* Return propals number by month for a year
*
* @param int $year year for stats
* @return array array with number by month
* @param int $year Year to scan
* @return array Array with number by month
*/
function getNbByMonth($year)
{
global $user;
$sql = "SELECT date_format(p.datep,'%m') as dm, count(*)";
$sql = "SELECT date_format(p.datep,'%m') as dm, COUNT(*) as nb";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -96,22 +96,23 @@ class PropaleStats extends Stats
$sql.= " GROUP BY dm";
$sql.= $this->db->order('dm','DESC');
return $this->_getNbByMonth($year, $sql);
$res=$this->_getNbByMonth($year, $sql);
return $res;
}
/**
* Return propals number by year
* Return propals number per year
*
* @return array array with number by year
* @return array Array with number by year
*
*/
function getNbByYear()
{
global $user;
$sql = "SELECT date_format(p.datep,'%Y') as dm, count(*)";
$sql = "SELECT date_format(p.datep,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE ".$this->where;
$sql.= " GROUP BY dm";
$sql.= $this->db->order('dm','DESC');
@ -122,22 +123,23 @@ class PropaleStats extends Stats
/**
* Return the propals amount by month for a year
*
* @param int $year year for stats
* @return array array with number by month
* @param int $year Year to scan
* @return array Array with amount by month
*/
function getAmountByMonth($year)
{
global $user;
$sql = "SELECT date_format(p.datep,'%m') as dm, sum(p.".$this->field.")";
$sql = "SELECT date_format(p.datep,'%m') as dm, SUM(p.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
$sql.= " AND ".$this->where;
$sql.= " GROUP BY dm";
$sql.= $this->db->order('dm','DESC');
return $this->_getAmountByMonth($year, $sql);
$res=$this->_getAmountByMonth($year, $sql);
return $res;
}
/**
@ -150,7 +152,7 @@ class PropaleStats extends Stats
{
global $user;
$sql = "SELECT date_format(p.datep,'%m') as dm, avg(p.".$this->field.")";
$sql = "SELECT date_format(p.datep,'%m') as dm, AVG(p.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -170,7 +172,7 @@ class PropaleStats extends Stats
{
global $user;
$sql = "SELECT date_format(p.datep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
$sql = "SELECT date_format(p.datep,'%Y') as year, COUNT(*) as nb, SUM(".$this->field.") as total, AVG(".$this->field.") as avg";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE ".$this->where;

51
htdocs/commande/class/commandestats.class.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (c) 2005 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (c) 2005-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2012 Marcos García <marcosgdf@gmail.com>
*
@ -30,7 +30,7 @@ include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
/**
* Class to manage order statistics
* Class to manage order statistics (customer and supplier)
*/
class CommandeStats extends Stats
{
@ -49,7 +49,7 @@ class CommandeStats extends Stats
*
* @param DoliDB $db Database handler
* @param int $socid Id third party for filter
* @param string $mode Option
* @param string $mode Option ('customer', 'supplier')
* @param int $userid Id user for filter (creation user)
*/
function __construct($db, $socid, $mode, $userid=0)
@ -60,12 +60,13 @@ class CommandeStats extends Stats
$this->socid = ($socid > 0 ? $socid : 0);
$this->userid = $userid;
$this->cachefilesuffix = $mode;
if ($mode == 'customer')
{
$object=new Commande($this->db);
$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
$this->field='total_ht';
$this->where.= " c.fk_statut > 0"; // Not draft and not cancelled
}
@ -73,16 +74,16 @@ class CommandeStats extends Stats
{
$object=new CommandeFournisseur($this->db);
$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
$this->field='total_ht';
$this->where.= " c.fk_statut > 2"; // Only approved & ordered
}
$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
$this->where.= " AND c.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if($this->socid)
if ($this->socid)
{
$this->where .= " AND c.fk_soc = ".$this->socid;
$this->where.=" AND c.fk_soc = ".$this->socid;
}
if ($this->userid > 0) $this->where.=' AND c.fk_user_author = '.$this->userid;
}
@ -90,14 +91,14 @@ class CommandeStats extends Stats
/**
* Return orders number by month for a year
*
* @param int $year year for stats
* @return array array with number by month
* @param int $year Year to scan
* @return array Array with number by month
*/
function getNbByMonth($year)
{
global $user;
$sql = "SELECT date_format(c.date_commande,'%m') as dm, count(*) nb";
$sql = "SELECT date_format(c.date_commande,'%m') as dm, COUNT(*) as nb";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -105,20 +106,21 @@ class CommandeStats extends Stats
$sql.= " GROUP BY dm";
$sql.= $this->db->order('dm','DESC');
return $this->_getNbByMonth($year, $sql);
$res=$this->_getNbByMonth($year, $sql);
return $res;
}
/**
* Return orders number by year
* Return orders number per year
*
* @return array array with number by year
* @return array Array with number by year
*
*/
function getNbByYear()
{
global $user;
$sql = "SELECT date_format(c.date_commande,'%Y') as dm, count(*), sum(c.".$this->field.")";
$sql = "SELECT date_format(c.date_commande,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE ".$this->where;
@ -131,14 +133,14 @@ class CommandeStats extends Stats
/**
* Return the orders amount by month for a year
*
* @param int $year year for stats
* @return array array with number by month
* @param int $year Year to scan
* @return array Array with amount by month
*/
function getAmountByMonth($year)
{
global $user;
$sql = "SELECT date_format(c.date_commande,'%m') as dm, sum(c.".$this->field.")";
$sql = "SELECT date_format(c.date_commande,'%m') as dm, SUM(c.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -146,7 +148,8 @@ class CommandeStats extends Stats
$sql.= " GROUP BY dm";
$sql.= $this->db->order('dm','DESC');
return $this->_getAmountByMonth($year, $sql);
$res=$this->_getAmountByMonth($year, $sql);
return $res;
}
/**
@ -159,7 +162,7 @@ class CommandeStats extends Stats
{
global $user;
$sql = "SELECT date_format(c.date_commande,'%m') as dm, avg(c.".$this->field.")";
$sql = "SELECT date_format(c.date_commande,'%m') as dm, AVG(c.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -179,7 +182,7 @@ class CommandeStats extends Stats
{
global $user;
$sql = "SELECT date_format(c.date_commande,'%Y') as year, count(*) as nb, sum(c.".$this->field.") as total, avg(".$this->field.") as avg";
$sql = "SELECT date_format(c.date_commande,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE ".$this->where;
@ -190,4 +193,4 @@ class CommandeStats extends Stats
}
}
?>
?>

23
htdocs/compta/facture/class/facturestats.class.php
View File

@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (c) 2005-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (c) 2005-2013 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@capnetworks.com>
*
* This program is free software; you can redistribute it and/or modify
@ -45,10 +45,9 @@ class FactureStats extends Stats
* Constructor
*
* @param DoliDB $db Database handler
* @param int $socid Id third party
* @param int $socid Id third party for filter
* @param string $mode Option ('customer', 'supplier')
* @param int $userid Id user for filter (creation user)
* @return FactureStats
*/
function __construct($db, $socid, $mode, $userid=0)
{
@ -74,7 +73,7 @@ class FactureStats extends Stats
$this->where = " f.fk_statut > 0";
$this->where.= " AND f.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->societe_id) $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($mode == 'customer') $this->where.=" AND (f.fk_statut <> 3 OR f.close_code <> 'replaced')"; // Exclude replaced invoices as they are duplicated (we count closed invoices for other reasons)
if ($this->socid)
{
@ -85,7 +84,7 @@ class FactureStats extends Stats
/**
* Renvoie le nombre de facture par mois pour une annee donnee
* Return orders number by month for a year
*
* @param int $year Year to scan
* @return array Array of values
@ -94,7 +93,7 @@ class FactureStats extends Stats
{
global $user;
$sql = "SELECT MONTH(f.datef) as dm, COUNT(*)";
$sql = "SELECT date_format(f.datef,'%m') as dm, COUNT(*) as nb";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -109,15 +108,15 @@ class FactureStats extends Stats
/**
* Renvoie le nombre de facture par annee
* Return invoices number per year
*
* @return array Array of values
* @return array Array with number by year
*/
function getNbByYear()
{
global $user;
$sql = "SELECT YEAR(f.datef) as dm, COUNT(*)";
$sql = "SELECT date_format(f.datef,'%Y') as dm, COUNT(*), SUM(c.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE ".$this->where;
@ -129,10 +128,10 @@ class FactureStats extends Stats
/**
* Renvoie le montant de facture par mois pour une annee donnee
* Return the invoices amount by month for a year
*
* @param int $year Year to scan
* @return array Array of values
* @return array Array with amount by month
*/
function getAmountByMonth($year)
{
@ -140,7 +139,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(datef,'%m') as dm, SUM(f.".$this->field.")";
$sql.= " FROM ".$this->from;
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
$sql.= " AND ".$this->where;
$sql.= " GROUP BY dm";