Secu: Protge chaque lment du tableau de bord de travail pour restreindre visu des utilisateurs externes
This commit is contained in:
Laurent Destailleur
parent
2d35b0ae1b
commit
220d162376
@ -225,10 +225,11 @@ class ActionComm
|
||||
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \return int <0 si ko, >0 si ok
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -236,6 +237,7 @@ class ActionComm
|
||||
$sql = "SELECT a.id,".$this->db->pdate("a.datea")." as da";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
|
||||
$sql.= " WHERE a.percent < 100";
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
@ -21,7 +21,6 @@
|
||||
*
|
||||
* $Id$
|
||||
* $Source$
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -1326,12 +1325,15 @@ class Adherent
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if ($user->societe_id) return -1; // protection pour eviter appel par utilisateur externe
|
||||
|
||||
$this->nbtodo=$this->nbtodolate=0;
|
||||
$sql = "SELECT a.rowid,".$this->db->pdate("a.datefin")." as datefin";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."adherent as a";
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
*
|
||||
* $Id$
|
||||
* $Source$
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -850,10 +849,11 @@ class Commande
|
||||
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \return int <0 si ko, >0 si ok
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -861,6 +861,7 @@ class Commande
|
||||
$sql = "SELECT c.rowid,".$this->db->pdate("c.date_creation")." as datec";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."commande as c";
|
||||
$sql.= " WHERE c.fk_statut BETWEEN 1 AND 2";
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
@ -471,12 +471,15 @@ class Account
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
if ($user->societe_id) return -1; // protection pour eviter appel par utilisateur externe
|
||||
|
||||
$this->nbtodo=$this->nbtodolate=0;
|
||||
$sql = "SELECT b.rowid,".$this->db->pdate("b.datev")." as datefin";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."bank as b";
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
*
|
||||
* $Id$
|
||||
* $Source$
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -646,10 +645,11 @@ class Contrat
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \param mode "inactive" pour services à activer, "expired" pour services expirés
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board($mode)
|
||||
function load_board($user,$mode)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -669,6 +669,7 @@ class Contrat
|
||||
$sql.= " AND cd.statut = 4";
|
||||
$sql.= " AND cd.date_fin_validite < '".$this->db->idate(time())."'";
|
||||
}
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
@ -20,7 +20,6 @@
|
||||
*
|
||||
* $Id$
|
||||
* $Source$
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -1604,9 +1603,10 @@ class Facture
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -1614,6 +1614,7 @@ class Facture
|
||||
$sql = "SELECT f.rowid,".$this->db->pdate("f.date_lim_reglement")." as datefin";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture as f";
|
||||
$sql.= " WHERE f.paye=0 AND f.fk_statut = 1";
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
@ -19,7 +19,6 @@
|
||||
*
|
||||
* $Id$
|
||||
* $Source$
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
@ -509,9 +508,10 @@ class FactureFournisseur
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param user Objet user
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board()
|
||||
function load_board($user)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
@ -519,6 +519,7 @@ class FactureFournisseur
|
||||
$sql = "SELECT ff.rowid,".$this->db->pdate("ff.date_lim_reglement")." as datefin";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."facture_fourn as ff";
|
||||
$sql.= " WHERE ff.paye=0";
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
@ -108,7 +108,7 @@ if ($user->societe_id == 0)
|
||||
$conf->produit->enabled && $user->rights->produit->lire,
|
||||
$conf->service->enabled && $user->rights->produit->lire,
|
||||
$conf->telephonie->enabled && $user->rights->telephonie->ligne->lire_restreint);
|
||||
// Fichiers des classes qui contiennent la methode load_state_board pour chaque ligne
|
||||
// Fichier des classes qui contiennent la methode load_state_board pour chaque ligne
|
||||
$includes=array(DOL_DOCUMENT_ROOT."/client.class.php",
|
||||
DOL_DOCUMENT_ROOT."/client.class.php",
|
||||
DOL_DOCUMENT_ROOT."/fourn/fournisseur.class.php",
|
||||
@ -124,7 +124,7 @@ if ($user->societe_id == 0)
|
||||
'Product',
|
||||
'Service',
|
||||
'LigneTel');
|
||||
// Clé du tableau retourné par la methode laod_state_bord pour chaque ligne
|
||||
// Clé de tableau retourné par la methode load_state_bord pour chaque ligne
|
||||
$keys=array('customers',
|
||||
'prospects',
|
||||
'suppliers',
|
||||
@ -148,7 +148,7 @@ if ($user->societe_id == 0)
|
||||
$langs->trans("Products"),
|
||||
$langs->trans("Services"),
|
||||
$langs->trans("Lignes de téléphonie suivis"));
|
||||
// Liens des lignes du tableau de bord
|
||||
// Lien des lignes du tableau de bord
|
||||
$links=array(DOL_URL_ROOT.'/comm/clients.php',
|
||||
DOL_URL_ROOT.'/comm/prospect/prospects.php',
|
||||
DOL_URL_ROOT.'/fourn/liste.php',
|
||||
@ -205,7 +205,7 @@ if ($conf->commercial->enabled || $conf->compta->enabled)
|
||||
{
|
||||
include_once("./actioncomm.class.php");
|
||||
$board=new ActionComm($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
$board->warning_delay=$conf->actions->warning_delay/60/60/24;
|
||||
$board->label=$langs->trans("ActionsToDo");
|
||||
|
||||
@ -230,7 +230,7 @@ if ($conf->commande->enabled && $user->rights->commande->lire)
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT."/commande/commande.class.php");
|
||||
$board=new Commande($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Orders"),"order").'</td><td>'.$langs->trans("OrdersToProcess").'</td>';
|
||||
@ -253,7 +253,7 @@ if ($conf->propal->enabled && $user->rights->propale->lire)
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT."/propal.class.php");
|
||||
$board=new Propal($db);
|
||||
$board->load_board("opened");
|
||||
$board->load_board($user,"opened");
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Propals"),"propal").'</td><td>'.$langs->trans("PropalsToClose").'</td>';
|
||||
@ -276,7 +276,7 @@ if ($conf->propal->enabled && $user->rights->propale->lire)
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT."/propal.class.php");
|
||||
$board=new Propal($db);
|
||||
$board->load_board("signed");
|
||||
$board->load_board($user,"signed");
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Propals"),"propal").'</td><td>'.$langs->trans("PropalsToBill").'</td>';
|
||||
@ -301,7 +301,7 @@ if ($conf->contrat->enabled && $user->rights->contrat->lire)
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
|
||||
$board=new Contrat($db);
|
||||
$board->load_board("inactives");
|
||||
$board->load_board($user,"inactives");
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Contract"),"contract").'</td><td>'.$langs->trans("BoardNotActivatedServices").'</td>';
|
||||
@ -326,7 +326,7 @@ if ($conf->contrat->enabled && $user->rights->contrat->lire)
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
|
||||
$board=new Contrat($db);
|
||||
$board->load_board("expired");
|
||||
$board->load_board($user,"expired");
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Contract"),"contract").'</td><td>'.$langs->trans("BoardRunningServices").'</td>';
|
||||
@ -351,7 +351,7 @@ if ($conf->fournisseur->enabled && $conf->facture->enabled && $user->rights->fac
|
||||
|
||||
include_once("./fourn/fournisseur.facture.class.php");
|
||||
$board=new FactureFournisseur($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Bills"),"bill").'</td><td>'.$langs->trans("SupplierBillsToPay").'</td>';
|
||||
@ -374,7 +374,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire)
|
||||
{
|
||||
include_once(DOL_DOCUMENT_ROOT."/facture.class.php");
|
||||
$board=new Facture($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Bills"),"bill").'</td><td>'.$langs->trans("CustomerBillsUnpayed").'</td>';
|
||||
@ -393,13 +393,13 @@ if ($conf->facture->enabled && $user->rights->facture->lire)
|
||||
}
|
||||
|
||||
// Nbre ecritures à rapprocher
|
||||
if ($conf->banque->enabled && $user->rights->banque->lire)
|
||||
if ($conf->banque->enabled && $user->rights->banque->lire && ! $user->societe_id)
|
||||
{
|
||||
$langs->load("banks");
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT."/compta/bank/account.class.php");
|
||||
$board=new Account($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("TransactionsToConciliate"),"payment").'</td><td>'.$langs->trans("TransactionsToConciliate").'</td>';
|
||||
@ -418,13 +418,13 @@ if ($conf->banque->enabled && $user->rights->banque->lire)
|
||||
}
|
||||
|
||||
// Nbre adhérent valides (attente cotisation)
|
||||
if ($conf->adherent->enabled && $user->rights->adherent->lire)
|
||||
if ($conf->adherent->enabled && $user->rights->adherent->lire && ! $user->societe_id)
|
||||
{
|
||||
$langs->load("members");
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT."/adherents/adherent.class.php");
|
||||
$board=new Adherent($db);
|
||||
$board->load_board();
|
||||
$board->load_board($user);
|
||||
|
||||
$var=!$var;
|
||||
print '<tr '.$bc[$var].'><td width="16">'.img_object($langs->trans("Members"),"user").'</td><td>'.$langs->trans("Members").'</td>';
|
||||
|
||||
@ -68,7 +68,7 @@ class Propal
|
||||
|
||||
/**
|
||||
* \brief Constructeur
|
||||
* \param DB Handler d'accès base
|
||||
* \param DB Handler d'accès base
|
||||
*/
|
||||
function Propal($DB, $soc_idp="", $propalid=0)
|
||||
{
|
||||
@ -1000,7 +1000,7 @@ class Propal
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->error=$this->db->error();
|
||||
$this->error=$this->db->error();
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -1084,18 +1084,20 @@ class Propal
|
||||
|
||||
/**
|
||||
* \brief Charge indicateurs this->nbtodo et this->nbtodolate de tableau de bord
|
||||
* \param mode opened pour propal à fermer, signed pour propale à facturer
|
||||
* \param user Objet user
|
||||
* \param mode "opened" pour propal à fermer, "signed" pour propale à facturer
|
||||
* \return int <0 si ko, >0 si ok
|
||||
*/
|
||||
function load_board($mode)
|
||||
function load_board($user,$mode)
|
||||
{
|
||||
global $conf;
|
||||
|
||||
$this->nbtodo=$this->nbtodolate=0;
|
||||
$sql = "SELECT p.rowid,".$this->db->pdate("p.datec")." as datec,".$this->db->pdate("p.fin_validite")." as datefin";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."propal as p";
|
||||
if ($mode == 'opened') $sql.= " WHERE p.fk_statut = 1";
|
||||
if ($mode == 'signed') $sql.= " WHERE p.fk_statut = 2";
|
||||
$sql ="SELECT p.rowid,".$this->db->pdate("p.datec")." as datec,".$this->db->pdate("p.fin_validite")." as datefin";
|
||||
$sql.=" FROM ".MAIN_DB_PREFIX."propal as p";
|
||||
if ($mode == 'opened') $sql.=" WHERE p.fk_statut = 1";
|
||||
if ($mode == 'signed') $sql.=" WHERE p.fk_statut = 2";
|
||||
if ($user->societe_id) $sql.=" AND fk_soc = ".$user->societe_id;
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user