diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php
index 44a82024e54..34fa9187a50 100644
--- a/htdocs/commande/index.php
+++ b/htdocs/commande/index.php
@@ -69,9 +69,13 @@ print "
\n";
/*
* Commandes à valider
*/
-$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+$sql = "SELECT c.rowid, c.ref, s.nom, s.idp";
+if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 0";
if ($socidp) $sql .= " AND c.fk_soc = ".$socidp;
+if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
if ( $db->query($sql) )
{
@@ -99,9 +103,13 @@ if ( $db->query($sql) )
/*
* Commandes à traiter
*/
-$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+$sql = "SELECT c.rowid, c.ref, s.nom, s.idp";
+if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql .=" FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 1";
if ($socidp) $sql .= " AND c.fk_soc = ".$socidp;
+if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql .= " ORDER BY c.rowid DESC";
if ( $db->query($sql) )
@@ -135,9 +143,13 @@ print '';
/*
* Commandes en cours
*/
-$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+$sql = "SELECT c.rowid, c.ref, s.nom, s.idp";
+if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 2 ";
if ($socidp) $sql .= " AND c.fk_soc = ".$socidp;
+if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql .= " ORDER BY c.rowid DESC";
if ( $db->query($sql) )
@@ -171,9 +183,12 @@ $max=5;
$sql = "SELECT c.rowid, c.ref, s.nom, s.idp,";
$sql.= " ".$db->pdate("date_cloture")." as datec";
+if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
$sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
+if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.fk_soc = s.idp and c.fk_statut > 2";
if ($socidp) $sql .= " AND c.fk_soc = ".$socidp;
+if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql.= " ORDER BY c.tms DESC";
$sql.= $db->plimit($max, 0);
diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index 0894ddad9b7..cbbf14874d1 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -62,9 +62,15 @@ if (! $sortorder) $sortorder='DESC';
$limit = $conf->liste_limit;
$offset = $limit * $_GET['page'] ;
-$sql = 'SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,'.$db->pdate('c.date_commande').' as date_commande, c.fk_statut' ;
+$sql = 'SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,'.$db->pdate('c.date_commande').' as date_commande, c.fk_statut';
+if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user";
$sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'commande as c';
+if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ' WHERE c.fk_soc = s.idp';
+if (!$user->rights->commercial->client->voir) //restriction
+{
+ $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+}
if ($sref)
{
$sql .= " AND c.ref like '%".addslashes($sref)."%'";
|