From 31a5a97e69eebe4b253b432ea31d06f6f84ae873 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 15:41:19 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/commande/index.php | 21 ++++++++++++++++++--- htdocs/commande/liste.php | 8 +++++++- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 44a82024e54..34fa9187a50 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -69,9 +69,13 @@ print "
\n"; /* * Commandes à valider */ -$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +$sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 0"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ( $db->query($sql) ) { @@ -99,9 +103,13 @@ if ( $db->query($sql) ) /* * Commandes à traiter */ -$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +$sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .=" FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 1"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY c.rowid DESC"; if ( $db->query($sql) ) @@ -135,9 +143,13 @@ print ''; /* * Commandes en cours */ -$sql = "SELECT c.rowid, c.ref, s.nom, s.idp FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +$sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 2 "; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY c.rowid DESC"; if ( $db->query($sql) ) @@ -171,9 +183,12 @@ $max=5; $sql = "SELECT c.rowid, c.ref, s.nom, s.idp,"; $sql.= " ".$db->pdate("date_cloture")." as datec"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.idp and c.fk_statut > 2"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; +if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.tms DESC"; $sql.= $db->plimit($max, 0); diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index 0894ddad9b7..cbbf14874d1 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -62,9 +62,15 @@ if (! $sortorder) $sortorder='DESC'; $limit = $conf->liste_limit; $offset = $limit * $_GET['page'] ; -$sql = 'SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,'.$db->pdate('c.date_commande').' as date_commande, c.fk_statut' ; +$sql = 'SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,'.$db->pdate('c.date_commande').' as date_commande, c.fk_statut'; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'commande as c'; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= ' WHERE c.fk_soc = s.idp'; +if (!$user->rights->commercial->client->voir) //restriction +{ + $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +} if ($sref) { $sql .= " AND c.ref like '%".addslashes($sref)."%'";