diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index 70866431808..059c904d3d8 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -84,11 +84,14 @@ if ($type == "f") */ $sql = "SELECT s.idp, s.nom, st.libelle as stcomm"; -$sql .= ", p.idp as cidp, p.name, p.firstname, p.email, p.phone "; +$sql .= ", p.idp as cidp, p.name, p.firstname, p.email, p.phone"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " , ".MAIN_DB_PREFIX."socpeople as p"; $sql .= " , ".MAIN_DB_PREFIX."c_stcomm as st"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE s.fk_stcomm = st.id AND s.idp = p.fk_soc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($type == "c") $sql .= " AND s.client = 1"; if ($type == "p") $sql .= " AND s.client = 2"; diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index e4932adf06c..756acfadfa8 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -85,8 +86,11 @@ if ($conf->propal->enabled) */ $sql = "SELECT count(*) as cc, st.libelle, st.id"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st "; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE s.fk_stcomm = st.id AND s.client=2"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " GROUP BY st.id"; $sql .= " ORDER BY st.id"; @@ -123,8 +127,11 @@ if ($resql) if ($conf->propal->enabled && $user->rights->propale->lire) { $sql = "SELECT p.rowid, p.ref, p.price, s.nom"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."societe as s"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_statut = 0 and p.fk_soc = s.idp"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $resql=$db->query($sql); if ($resql) @@ -169,8 +176,11 @@ if ($conf->propal->enabled && $user->rights->propale->lire) print ''; $sql = "SELECT a.id, ".$db->pdate("a.datea")." as da, c.code, c.libelle, a.fk_user_author, s.nom as sname, s.idp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a, ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.id=a.fk_action AND a.percent < 100 AND s.idp = a.fk_soc AND a.fk_user_action = $user->id"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY a.datea DESC"; $resql=$db->query($sql); @@ -217,8 +227,11 @@ else if ($conf->propal->enabled && $user->rights->propale->lire) { $sql = "SELECT s.nom, s.idp, p.rowid as propalid, p.price, p.ref,".$db->pdate("p.datep")." as dp, c.label as statut, c.id as statutid"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_soc = s.idp AND p.fk_statut = c.id AND p.fk_statut = 1"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) $sql .= " AND s.idp = $socidp"; $sql .= " ORDER BY p.rowid DESC"; $sql .= $db->plimit(5, 0); @@ -263,8 +276,11 @@ if ($conf->propal->enabled && $user->rights->propale->lire) * */ $sql = "SELECT s.nom, s.idp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE s.fk_stcomm = 1"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY s.tms ASC"; $sql .= $db->plimit(15, 0); diff --git a/htdocs/comm/prospect/prospects.php b/htdocs/comm/prospect/prospects.php index a8d0152a6c7..bcecb58fb78 100644 --- a/htdocs/comm/prospect/prospects.php +++ b/htdocs/comm/prospect/prospects.php @@ -78,9 +78,12 @@ if ($_GET["action"] == 'cstc') $sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, st.libelle as stcomm, s.prefix_comm, s.fk_stcomm "; $sql .= ", d.nom as departement"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " LEFT join ".MAIN_DB_PREFIX."c_departements as d on d.rowid = s.fk_departement"; $sql .= " WHERE s.fk_stcomm = st.id AND s.client=2"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if (isset($_GET["stcomm"])) {