diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php
index 3cb552c91ac..4fcc525d067 100644
--- a/htdocs/product/stats/commande.php
+++ b/htdocs/product/stats/commande.php
@@ -51,11 +51,11 @@ if (! $sortfield) $sortfield="c.date_creation";
if ($user->societe_id > 0)
{
$action = '';
- $socid = $user->societe_id;
+ $socidp = $user->societe_id;
}
else
{
- $socid = 0;
+ $socidp = 0;
}
@@ -181,7 +181,7 @@ if ($_GET["id"])
// Propals
if ($conf->propal->enabled)
{
- $ret=$product->load_stats_propale($socid);
+ $ret=$product->load_stats_propale($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("propal");
print '| ';
@@ -198,7 +198,7 @@ if ($_GET["id"])
// Commandes
if ($conf->commande->enabled)
{
- $ret=$product->load_stats_commande($socid);
+ $ret=$product->load_stats_commande($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("orders");
print ' |
| ';
@@ -215,7 +215,7 @@ if ($_GET["id"])
// Contrats
if ($conf->contrat->enabled)
{
- $ret=$product->load_stats_contrat($socid);
+ $ret=$product->load_stats_contrat($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("contracts");
print ' |
| ';
@@ -232,7 +232,7 @@ if ($_GET["id"])
// Factures
if ($conf->facture->enabled)
{
- $ret=$product->load_stats_facture($socid);
+ $ret=$product->load_stats_facture($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("bills");
print ' |
| ';
@@ -254,12 +254,15 @@ if ($_GET["id"])
$sql = "SELECT distinct(s.nom), s.idp, s.code_client, c.rowid, c.total_ht as amount, c.ref,";
$sql.= " ".$db->pdate("c.date_creation")." as date, c.fk_statut as statut, c.rowid as commandeid";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user ";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."commandedet as d";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.fk_soc = s.idp";
$sql.= " AND d.fk_commande = c.rowid AND d.fk_product =".$product->id;
- if ($socid)
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if ($socidp)
{
- $sql .= " AND c.fk_soc = $socid";
+ $sql .= " AND c.fk_soc = $socidp";
}
$sql.= " ORDER BY $sortfield $sortorder ";
$sql.= $db->plimit($conf->liste_limit +1, $offset);
diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php
index ab821a6a63e..e30ac0d93a7 100644
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@@ -48,10 +48,10 @@ if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datef";
// Securite
-$socid = 0;
+$socidp = 0;
if ($user->societe_id > 0)
{
- $socid = $user->societe_id;
+ $socidp = $user->societe_id;
}
@@ -186,7 +186,7 @@ if ($_GET["id"] || $_GET["ref"])
// Propals
if ($conf->propal->enabled)
{
- $ret=$product->load_stats_propale($socid);
+ $ret=$product->load_stats_propale($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("propal");
print ' |
| ';
@@ -203,7 +203,7 @@ if ($_GET["id"] || $_GET["ref"])
// Commandes
if ($conf->commande->enabled)
{
- $ret=$product->load_stats_commande($socid);
+ $ret=$product->load_stats_commande($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("orders");
print ' |
| ';
@@ -220,7 +220,7 @@ if ($_GET["id"] || $_GET["ref"])
// Contrats
if ($conf->contrat->enabled)
{
- $ret=$product->load_stats_contrat($socid);
+ $ret=$product->load_stats_contrat($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("contracts");
print ' |
| ';
@@ -237,7 +237,7 @@ if ($_GET["id"] || $_GET["ref"])
// Factures
if ($conf->facture->enabled)
{
- $ret=$product->load_stats_facture($socid);
+ $ret=$product->load_stats_facture($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("bills");
print ' |
| ';
@@ -259,12 +259,15 @@ if ($_GET["id"] || $_GET["ref"])
$sql = "SELECT distinct(s.nom), s.idp, s.code_client, f.facnumber, f.amount as amount,";
$sql.= " ".$db->pdate("f.datef")." as date, f.paye, f.fk_statut as statut, f.rowid as facid";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user ";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."facturedet as d";
- $sql.= " WHERE f.fk_soc = s.idp";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+ $sql.= " WHERE f.fk_soc = s.idp";
$sql.= " AND d.fk_facture = f.rowid AND d.fk_product =".$product->id;
- if ($socid)
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if ($socidp)
{
- $sql .= " AND f.fk_soc = $socid";
+ $sql .= " AND f.fk_soc = $socidp";
}
$sql.= " ORDER BY $sortfield $sortorder ";
$sql.= $db->plimit($conf->liste_limit +1, $offset);
diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php
index 1319ac28710..7a7bb294f57 100644
--- a/htdocs/product/stats/propal.php
+++ b/htdocs/product/stats/propal.php
@@ -48,11 +48,11 @@ if (! $sortfield) $sortfield="p.datec";
if ($user->societe_id > 0)
{
$action = '';
- $socid = $user->societe_id;
+ $socidp = $user->societe_id;
}
else
{
- $socid = 0;
+ $socidp = 0;
}
@@ -177,7 +177,7 @@ if ($_GET["id"])
// Propals
if ($conf->propal->enabled)
{
- $ret=$product->load_stats_propale($socid);
+ $ret=$product->load_stats_propale($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("propal");
print ' |
| ';
@@ -194,7 +194,7 @@ if ($_GET["id"])
// Commandes
if ($conf->commande->enabled)
{
- $ret=$product->load_stats_commande($socid);
+ $ret=$product->load_stats_commande($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("orders");
print ' |
| ';
@@ -211,7 +211,7 @@ if ($_GET["id"])
// Contrats
if ($conf->contrat->enabled)
{
- $ret=$product->load_stats_contrat($socid);
+ $ret=$product->load_stats_contrat($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("contracts");
print ' |
| ';
@@ -228,7 +228,7 @@ if ($_GET["id"])
// Factures
if ($conf->facture->enabled)
{
- $ret=$product->load_stats_facture($socid);
+ $ret=$product->load_stats_facture($socidp);
if ($ret < 0) dolibarr_print_error($db);
$langs->load("bills");
print ' |
| ';
@@ -250,12 +250,15 @@ if ($_GET["id"])
$sql = "SELECT distinct(s.nom), s.idp, p.rowid as propalid, p.ref, p.total as amount,";
$sql.= $db->pdate("p.datec")." as date, p.fk_statut as statut";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user ";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."propaldet as d";
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE p.fk_soc = s.idp";
$sql.= " AND d.fk_propal = p.rowid AND d.fk_product =".$product->id;
- if ($socid)
+ if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+ if ($socidp)
{
- $sql .= " AND p.fk_soc = $socid";
+ $sql .= " AND p.fk_soc = $socidp";
}
$sql .= " ORDER BY $sortfield $sortorder ";
$sql.= $db->plimit($conf->liste_limit +1, $offset);
|