lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX : in salary stats and payment list, we must check right perms as well as salary list

Browse Source
This commit is contained in:
Gauthier PC portable 024 2022-05-06 11:24:53 +02:00
parent f3a630fd30
commit 2256f8811d
3 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
htdocs/salaries/class/salariesstats.class.php
View File

@ -23,7 +23,7 @@
* \brief Fichier de la classe de gestion des stats des salaires
*/
include_once DOL_DOCUMENT_ROOT.'/core/class/stats.class.php';
include_once DOL_DOCUMENT_ROOT.'/salaries/class/paymentsalary.class.php';
include_once DOL_DOCUMENT_ROOT.'/salaries/class/salary.class.php';
/**
* Classe permettant la gestion des stats des salaires
@ -58,7 +58,7 @@ class SalariesStats extends Stats
$this->socid = $socid;
$this->userid = $userid;
$object = new PaymentSalary($this->db);
$object = new Salary($this->db);
$this->from = MAIN_DB_PREFIX.$object->table_element;
$this->field = 'amount';
@ -81,7 +81,7 @@ class SalariesStats extends Stats
*/
public function getNbByYear()
{
$sql = "SELECT YEAR(datep) as dm, count(*)";
$sql = "SELECT YEAR(dateep) as dm, count(*)";
$sql .= " FROM ".$this->from;
$sql .= " WHERE ".$this->where;
$sql .= " GROUP BY dm DESC";
@ -99,9 +99,9 @@ class SalariesStats extends Stats
*/
public function getNbByMonth($year, $format = 0)
{
$sql = "SELECT MONTH(datep) as dm, count(*)";
$sql = "SELECT MONTH(dateep) as dm, count(*)";
$sql .= " FROM ".$this->from;
$sql .= " WHERE YEAR(datep) = ".((int) $year);
$sql .= " WHERE YEAR(dateep) = ".((int) $year);
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -121,9 +121,9 @@ class SalariesStats extends Stats
*/
public function getAmountByMonth($year, $format = 0)
{
$sql = "SELECT date_format(datep,'%m') as dm, sum(".$this->field.")";
$sql = "SELECT date_format(dateep,'%m') as dm, sum(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(datep,'%Y') = '".$this->db->escape($year)."'";
$sql .= " WHERE date_format(dateep,'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -141,9 +141,9 @@ class SalariesStats extends Stats
*/
public function getAverageByMonth($year)
{
$sql = "SELECT date_format(datep,'%m') as dm, avg(".$this->field.")";
$sql = "SELECT date_format(dateep,'%m') as dm, avg(".$this->field.")";
$sql .= " FROM ".$this->from;
$sql .= " WHERE date_format(datep,'%Y') = '".$this->db->escape($year)."'";
$sql .= " WHERE date_format(dateep,'%Y') = '".$this->db->escape($year)."'";
$sql .= " AND ".$this->where;
$sql .= " GROUP BY dm";
$sql .= $this->db->order('dm', 'DESC');
@ -158,7 +158,7 @@ class SalariesStats extends Stats
*/
public function getAllByYear()
{
$sql = "SELECT date_format(datep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
$sql = "SELECT date_format(dateep,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
$sql .= " WHERE ".$this->where;
$sql .= " GROUP BY year";

2
htdocs/salaries/payments.php
View File

@ -234,7 +234,7 @@ $sql .= " ".MAIN_DB_PREFIX."user as u";
$sql .= " WHERE u.rowid = sal.fk_user";
$sql .= " AND s.entity IN (".getEntity('payment_salaries').")";
if (empty($user->rights->salaries->readall)) {
$sql .= " AND s.fk_user IN (".$db->sanitize(join(',', $childids)).")";
$sql .= " AND sal.fk_user IN (".$db->sanitize(join(',', $childids)).")";
}
// Search criteria

6
htdocs/salaries/stats/index.php
View File

@ -74,6 +74,10 @@ dol_mkdir($dir);
$useridtofilter = $userid; // Filter from parameters
if (empty($user->rights->salaries->readall) && empty($useridtofilter)) {
$useridtofilter = $user->getAllChildIds(1);
}
$stats = new SalariesStats($db, $socid, $useridtofilter);
@ -204,7 +208,7 @@ print '<tr class="liste_titre"><td class="liste_titre" colspan="2">'.$langs->tra
// User
print '<tr><td>'.$langs->trans("Employee").'</td><td>';
print img_picto('', 'user', 'class="pictofixedwidth"');
print $form->select_dolusers(($userid ? $userid : -1), 'userid', 1, '', 0, '', '', 0, 0, 0, '', 0, '', 'widthcentpercentminusx maxwidth300');
print $form->select_dolusers(($userid ? $userid : -1), 'userid', 1, '', 0, empty($user->rights->salaries->readall) ? 'hierarchyme' : '', '', 0, 0, 0, '', 0, '', 'widthcentpercentminusx maxwidth300');
print '</td></tr>';
// Year
print '<tr><td>'.$langs->trans("Year").'</td><td>';