lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- add batch management on supplier dispatch product

Browse Source 
- SECURITY FIX : replace $_GET and $_POST by GETPOST in dispatch.php
This commit is contained in:
KreizIT 2014-03-15 10:28:01 +01:00
parent 1d268c2e86
commit 3782742aad
5 changed files with 127 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
htdocs/core/js/lib_batch.js Normal file
View File

@ -0,0 +1,34 @@
// Copyright (C) 2014 Cedric GROSS <c.gross@kreiz-it.fr>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
// or see http://www.gnu.org/
//
// \file htdocs/core/js/lib_batch.js
// \brief File that include javascript functions used when dispatching batch-enabled product
//
function AddLineBatch(index) {
var nme = 'dluo_0_'+index;
$row=$("tr[name='"+nme+"']").clone(true);
$row.find("input[name^='qty']").val('');
var trs = $("tr[name^='dluo_'][name$='_"+index+"']");
var newrow=$row.html().replace(/_0_/g,"_"+(trs.length)+"_");
$row.html(newrow);
//clear value
$row.find("input[name^='qty']").val('');
//change name of row
$row.attr('name','dluo_'+trs.length+'_'+index);
$("tr[name^='dluo_'][name$='_"+index+"']:last").after($row);
}

8
htdocs/fourn/class/fournisseur.commande.class.php
View File

@ -31,6 +31,7 @@
include_once DOL_DOCUMENT_ROOT.'/core/class/commonorder.class.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
if (! empty($conf->productbatch->enabled)) require_once DOL_DOCUMENT_ROOT.'/product/class/productbatch.class.php';
/**
@ -1233,9 +1234,12 @@ class CommandeFournisseur extends CommonOrder
* @param int $entrepot Id of warehouse to add product
* @param double $price Unit Price for PMP value calculation (Unit price without Tax and taking into account discount)
* @param string $comment Comment for stock movement
* @param date $eatby eat-by date
* @param date $sellby sell-by date
* @param string $batch Lot number
* @return int <0 if KO, >0 if OK
*/
function DispatchProduct($user, $product, $qty, $entrepot, $price=0, $comment='')
function DispatchProduct($user, $product, $qty, $entrepot, $price=0, $comment='', $eatby='', $sellby='', $batch='')
{
global $conf;
$error = 0;
@ -1288,7 +1292,7 @@ class CommandeFournisseur extends CommonOrder
if ($product > 0)
{
// $price should take into account discount (except if option STOCK_EXCLUDE_DISCOUNT_FOR_PMP is on)
$result=$mouv->reception($user, $product, $entrepot, $qty, $price, $comment);
$result=$mouv->reception($user, $product, $entrepot, $qty, $price, $comment, $eatby, $sellby, $batch);
if ($result < 0)
{
$this->error=$mouv->error;

105
htdocs/fourn/commande/dispatch.php
View File

@ -4,6 +4,7 @@
* Copyright (C) 2005 Eric Seigne <eric.seigne@ryxeo.com>
* Copyright (C) 2005-2009 Regis Houssin <regis.houssin@capnetworks.com>
* Copyright (C) 2010 Juanjo Menent <jmenent@2byte.es>
* Copyright (C) 2014 Cédric Gross <c.gross@kreiz-it.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -40,6 +41,7 @@ $langs->load('bills');
$langs->load('deliveries');
$langs->load('products');
$langs->load('stocks');
if (! empty($conf->productbatch->enabled)) $langs->load('productbatch');
// Security check
$id = GETPOST("id",'int');
@ -53,7 +55,7 @@ if (empty($conf->stock->enabled))
// Recuperation de l'id de projet
$projectid = 0;
if ($_GET["projectid"]) $projectid = $_GET["projectid"];
if ($_GET["projectid"]) $projectid = GETPOST("projectid",'int');
$mesg='';
@ -76,9 +78,9 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece
$qty = "qty_".$reg[1];
$ent = "entrepot_".$reg[1];
$pu = "pu_".$reg[1]; // This is unit price including discount
if ($_POST[$ent] > 0)
if (GETPOST($ent,'int') > 0)
{
$result = $commande->DispatchProduct($user, $_POST[$prod], $_POST[$qty], $_POST[$ent], $_POST[$pu], $_POST["comment"]);
$result = $commande->DispatchProduct($user, GETPOST($prod,'int'),GETPOST($qty), GETPOST($ent,'int'), GETPOST($pu), GETPOST("comment"));
}
else
{
@ -86,7 +88,33 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece
$text = $langs->transnoentities('Warehouse').', '.$langs->transnoentities('Line').'' .($reg[1]-1);
setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors');
}
} else if (preg_match('/^product_([0-9]+)_([0-9]+)$/i', $key, $reg)) {
//eat-by date dispatch
$prod = "product_".$reg[1]."_".$reg[2];
$qty = "qty_".$reg[1]."_".$reg[2];
$ent = "entrepot_".$reg[1]."_".$reg[2];
$pu = "pu_".$reg[1]."_".$reg[2];
$lot = "lot_number_".$reg[1]."_".$reg[2];
$dDLUO = dol_mktime(12, 0 , 0, $_POST['dluo_'.$reg[1]."_".$reg[2].'month'], $_POST['dluo_'.$reg[1]."_".$reg[2].'day'], $_POST['dluo_'.$reg[1]."_".$reg[2].'year']);
$dDLC = dol_mktime(12, 0 , 0, $_POST['dlc_'.$reg[1]."_".$reg[2].'month'], $_POST['dlc_'.$reg[1]."_".$reg[2].'day'], $_POST['dlc_'.$reg[1]."_".$reg[2].'year']);
if (! (GETPOST($ent,'int') > 0))
{
dol_syslog('No dispatch for line '.$key.' as no warehouse choosed');
$text = $langs->transnoentities('Warehouse').', '.$langs->transnoentities('Line').'' .($reg[1]-1);
setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors');
}
if (!((GETPOST($qty) > 0 ) && ( $_POST[$lot] or $dDLUO or $dDLC) ))
{
dol_syslog('No dispatch for line '.$key.' as qty is not set or eat-by date are not set');
$text = $langs->transnoentities('atleast1batchfield').', '.$langs->transnoentities('Line').'' .($reg[1]-1);
setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors');
} else {
$result = $commande->DispatchProduct($user, GETPOST($prod,'int'),GETPOST($qty), GETPOST($ent,'int'), GETPOST($pu), GETPOST("comment"), $dDLC, $dDLUO, GETPOST($lot));
}
}
}
if (! $notrigger)
@ -104,7 +132,7 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece
{
$db->commit();
header("Location: dispatch.php?id=".$_GET["id"]);
header("Location: dispatch.php?id=".$id);
exit;
}
else
@ -120,22 +148,27 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece
* View
*/
llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur");
if (!empty($conf->productbatch->enabled)) {
llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur",'',0,0,array('/core/js/lib_batch.js'));
} else {
llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur");
}
$form = new Form($db);
$warehouse_static = new Entrepot($db);
$now=dol_now();
$id = $_GET['id'];
$ref= $_GET['ref'];
$id = GETPOST('id','int');
$ref= GETPOST('ref');
if ($id > 0 || ! empty($ref))
{
//if ($mesg) print $mesg.'<br>';
$commande = new CommandeFournisseur($db);
$result=$commande->fetch($_GET['id'],$_GET['ref']);
$result=$commande->fetch($id,$ref);
if ($result >= 0)
{
$soc = new Societe($db);
@ -237,11 +270,11 @@ if ($id > 0 || ! empty($ref))
}
$sql = "SELECT l.fk_product, l.subprice, l.remise_percent, SUM(l.qty) as qty,";
$sql.= " p.ref, p.label";
$sql.= " p.ref, p.label, p.tobatch";
$sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid";
$sql.= " WHERE l.fk_commande = ".$commande->id;
$sql.= " GROUP BY p.ref, p.label, l.fk_product, l.subprice, l.remise_percent"; // Calculation of amount dispatched is done per fk_product so we must group by fk_product
$sql.= " GROUP BY p.ref, p.label, p.tobatch, l.fk_product, l.subprice, l.remise_percent"; // Calculation of amount dispatched is done per fk_product so we must group by fk_product
$sql.= " ORDER BY p.ref, p.label";
$resql = $db->query($sql);
@ -253,13 +286,23 @@ if ($id > 0 || ! empty($ref))
if ($num)
{
print '<tr class="liste_titre">';
print '<td>'.$langs->trans("Description").'</td>';
print '<td colspan="4" width="40%">'.$langs->trans("Description").'</td>';
print '<td align="right">'.$langs->trans("QtyOrdered").'</td>';
print '<td align="right">'.$langs->trans("QtyDispatched").'</td>';
print '<td align="right">'.$langs->trans("QtyDelivered").'</td>';
print '<td align="right">'.$langs->trans("Warehouse").'</td>';
print "</tr>\n";
if (!empty($conf->productbatch->enabled)) {
print '<tr class="liste_titre">';
print '<td width="5%">&nbsp;</td>';
print '<td>'.$langs->trans("l_eatby").'</td>';
print '<td>'.$langs->trans("l_sellby").'</td>';
print '<td>'.$langs->trans("batch_number").'</td>';
print '<td colspan="4" width="50%">&nbsp;</td>';
print "</tr>\n";
}
}
$nbfreeproduct=0;
@ -285,35 +328,57 @@ if ($id > 0 || ! empty($ref))
$var=!$var;
print "<tr ".$bc[$var].">";
print '<td>';
print '<td colspan="4">';
print '<a href="'.DOL_URL_ROOT.'/product/fournisseurs.php?id='.$objp->fk_product.'">'.img_object($langs->trans("ShowProduct"),'product').' '.$objp->ref.'</a>';
print ' - '.$objp->label."\n";
// To show detail cref and description value, we must make calculation by cref
//print ($objp->cref?' ('.$objp->cref.')':'');
//if ($objp->description) print '<br>'.nl2br($objp->description);
print '<input name="product_'.$i.'" type="hidden" value="'.$objp->fk_product.'">'."\n";
if ((empty($conf->productbatch->enabled)) || $objp->tobatch==0) {
$suffix='_'.$i;
} else {
$suffix='_0_'.$i;
}
$up_ht_disc=$objp->subprice;
if (! empty($objp->remise_percent) && empty($conf->global->STOCK_EXCLUDE_DISCOUNT_FOR_PMP)) $up_ht_disc=price2num($up_ht_disc * (100 - $objp->remise_percent) / 100, 'MU');
$up_ht_disc=$objp->subprice;
if (! empty($objp->remise_percent) && empty($conf->global->STOCK_EXCLUDE_DISCOUNT_FOR_PMP)) $up_ht_disc=price2num($up_ht_disc * (100 - $objp->remise_percent) / 100, 'MU');
print '<input name="pu_'.$i.'" type="hidden" value="'.$up_ht_disc.'">'."<!-- This is a up including discount -->\n";
print "</td>\n";
print '<td align="right">'.$objp->qty.'</td>';
print '<td align="right">'.$products_dispatched[$objp->fk_product].'</td>';
if ( !(empty($conf->productbatch->enabled)) && $objp->tobatch==1) {
print '<td colspan="2" align="center">'.img_picto_common($langs->trans('add_dispatch_batch'),'treemenu/plustop2.gif','onClick="AddLineBatch('.$i.')"').'</td>';
print '</tr>';
print '<tr '.$bc[$var].' name="dluo'.$suffix.'"><td width="5%">';
print '<input name="product'.$suffix.'" type="hidden" value="'.$objp->fk_product.'">';
print '<input name="pu'.$suffix.'" type="hidden" value="'.$up_ht_disc.'"><!-- This is a up including discount -->';
print '</td><td>';
$form->select_date('','dlc'.$suffix,'','',1,"");
print '</td><td>';
$form->select_date('','dluo'.$suffix,'','',1,"");
print '</td><td>';
print '<input type="text" name="lot_number'.$suffix.'" size="40" value="">';
print '</td>';
print '<td colspan="2">&nbsp</td>';
} else {
print '<input name="product'.$suffix.'" type="hidden" value="'.$objp->fk_product.'">';
print '<input name="pu'.$suffix.'" type="hidden" value="'.$up_ht_disc.'"><!-- This is a up including discount -->';
}
// Dispatch
print '<td align="right"><input name="qty_'.$i.'" type="text" size="8" value="'.($remaintodispatch).'"></td>';
print '<td align="right"><input name="qty'.$suffix.'" type="text" size="8" value="'.($remaintodispatch).'"></td>';
// Warehouse
print '<td align="right">';
if (count($listwarehouses)>1)
{
print $form->selectarray("entrepot_".$i, $listwarehouses, '', 1, 0, 0, '', 0, 0, $disabled);
print $form->selectarray("entrepot".$suffix, $listwarehouses, '', 1, 0, 0, '', 0, 0, $disabled);
}
elseif (count($listwarehouses)==1)
{
print $form->selectarray("entrepot_".$i, $listwarehouses, '', 0, 0, 0, '', 0, 0, $disabled);
print $form->selectarray("entrepot".$suffix, $listwarehouses, '', 0, 0, 0, '', 0, 0, $disabled);
}
else
{
@ -339,7 +404,7 @@ if ($id > 0 || ! empty($ref))
{
print $langs->trans("Comment").' : ';
print '<input type="text" size="60" maxlength="128" name="comment" value="';
print $_POST["comment"]?$_POST["comment"]:$langs->trans("DispatchSupplierOrder",$commande->ref);
print $_POST["comment"]?GETPOST("comment"):$langs->trans("DispatchSupplierOrder",$commande->ref);
// print ' / '.$commande->ref_supplier; // Not yet available
print '" class="flat"><br><br>';

3
htdocs/fourn/commande/fiche.php
View File

@ -194,7 +194,7 @@ else if ($action == 'addline' && $user->rights->fournisseur->commande->creer)
|| (! GETPOST('dp_desc') && ! GETPOST('addline_predefined') && GETPOST('idprod', 'int')>0) // we push enter onto qty field
)
{
$predef=(($conf->global->MAIN_FEATURES_LEVEL < 2) ? '_predef' : '');
$predef= '_predef';
$idprod=GETPOST('idprod', 'int');
$product_desc = (GETPOST('product_desc')?GETPOST('product_desc'):(GETPOST('np_desc')?GETPOST('np_desc'):''));
$price_ht = '';
@ -202,7 +202,6 @@ else if ($action == 'addline' && $user->rights->fournisseur->commande->creer)
}
$qty = GETPOST('qty'.$predef);
$remise_percent=GETPOST('remise_percent'.$predef);
if (GETPOST('addline_libre') && GETPOST('pu') < 0 && $qty < 0)
{
setEventMessage($langs->trans('ErrorBothFieldCantBeNegative', $langs->transnoentitiesnoconv('UnitPrice'), $langs->transnoentitiesnoconv('Qty')), 'errors');

2
htdocs/langs/fr_FR/productbatch.lang
View File

@ -15,4 +15,4 @@ printBatch= Lot: %s
printEatby= DLC: %s
printSellby= DLUO: %s
printQty= Qté: %d
add_dispatch_batch= Ajouter une ligne de dispatch DLUO