From 3782742aad00d5f9aab6349e60ce3d38f997c9a4 Mon Sep 17 00:00:00 2001 From: KreizIT Date: Sat, 15 Mar 2014 10:28:01 +0100 Subject: [PATCH] - add batch management on supplier dispatch product - SECURITY FIX : replace $_GET and $_POST by GETPOST in dispatch.php --- htdocs/core/js/lib_batch.js | 34 ++++++ .../class/fournisseur.commande.class.php | 8 +- htdocs/fourn/commande/dispatch.php | 105 ++++++++++++++---- htdocs/fourn/commande/fiche.php | 3 +- htdocs/langs/fr_FR/productbatch.lang | 2 +- 5 files changed, 127 insertions(+), 25 deletions(-) create mode 100644 htdocs/core/js/lib_batch.js diff --git a/htdocs/core/js/lib_batch.js b/htdocs/core/js/lib_batch.js new file mode 100644 index 00000000000..65c138b73aa --- /dev/null +++ b/htdocs/core/js/lib_batch.js @@ -0,0 +1,34 @@ +// Copyright (C) 2014 Cedric GROSS +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . +// or see http://www.gnu.org/ + +// +// \file htdocs/core/js/lib_batch.js +// \brief File that include javascript functions used when dispatching batch-enabled product +// + +function AddLineBatch(index) { + var nme = 'dluo_0_'+index; + $row=$("tr[name='"+nme+"']").clone(true); + $row.find("input[name^='qty']").val(''); + var trs = $("tr[name^='dluo_'][name$='_"+index+"']"); + var newrow=$row.html().replace(/_0_/g,"_"+(trs.length)+"_"); + $row.html(newrow); + //clear value + $row.find("input[name^='qty']").val(''); + //change name of row + $row.attr('name','dluo_'+trs.length+'_'+index); + $("tr[name^='dluo_'][name$='_"+index+"']:last").after($row); +} \ No newline at end of file diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index ed9cd323597..4de4092691b 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -31,6 +31,7 @@ include_once DOL_DOCUMENT_ROOT.'/core/class/commonorder.class.php'; require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php'; +if (! empty($conf->productbatch->enabled)) require_once DOL_DOCUMENT_ROOT.'/product/class/productbatch.class.php'; /** @@ -1233,9 +1234,12 @@ class CommandeFournisseur extends CommonOrder * @param int $entrepot Id of warehouse to add product * @param double $price Unit Price for PMP value calculation (Unit price without Tax and taking into account discount) * @param string $comment Comment for stock movement + * @param date $eatby eat-by date + * @param date $sellby sell-by date + * @param string $batch Lot number * @return int <0 if KO, >0 if OK */ - function DispatchProduct($user, $product, $qty, $entrepot, $price=0, $comment='') + function DispatchProduct($user, $product, $qty, $entrepot, $price=0, $comment='', $eatby='', $sellby='', $batch='') { global $conf; $error = 0; @@ -1288,7 +1292,7 @@ class CommandeFournisseur extends CommonOrder if ($product > 0) { // $price should take into account discount (except if option STOCK_EXCLUDE_DISCOUNT_FOR_PMP is on) - $result=$mouv->reception($user, $product, $entrepot, $qty, $price, $comment); + $result=$mouv->reception($user, $product, $entrepot, $qty, $price, $comment, $eatby, $sellby, $batch); if ($result < 0) { $this->error=$mouv->error; diff --git a/htdocs/fourn/commande/dispatch.php b/htdocs/fourn/commande/dispatch.php index 4bc7a22b06b..c9d6b0f3ad7 100644 --- a/htdocs/fourn/commande/dispatch.php +++ b/htdocs/fourn/commande/dispatch.php @@ -4,6 +4,7 @@ * Copyright (C) 2005 Eric Seigne * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2010 Juanjo Menent + * Copyright (C) 2014 Cédric Gross * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -40,6 +41,7 @@ $langs->load('bills'); $langs->load('deliveries'); $langs->load('products'); $langs->load('stocks'); +if (! empty($conf->productbatch->enabled)) $langs->load('productbatch'); // Security check $id = GETPOST("id",'int'); @@ -53,7 +55,7 @@ if (empty($conf->stock->enabled)) // Recuperation de l'id de projet $projectid = 0; -if ($_GET["projectid"]) $projectid = $_GET["projectid"]; +if ($_GET["projectid"]) $projectid = GETPOST("projectid",'int'); $mesg=''; @@ -76,9 +78,9 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece $qty = "qty_".$reg[1]; $ent = "entrepot_".$reg[1]; $pu = "pu_".$reg[1]; // This is unit price including discount - if ($_POST[$ent] > 0) + if (GETPOST($ent,'int') > 0) { - $result = $commande->DispatchProduct($user, $_POST[$prod], $_POST[$qty], $_POST[$ent], $_POST[$pu], $_POST["comment"]); + $result = $commande->DispatchProduct($user, GETPOST($prod,'int'),GETPOST($qty), GETPOST($ent,'int'), GETPOST($pu), GETPOST("comment")); } else { @@ -86,7 +88,33 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece $text = $langs->transnoentities('Warehouse').', '.$langs->transnoentities('Line').'' .($reg[1]-1); setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors'); } + } else if (preg_match('/^product_([0-9]+)_([0-9]+)$/i', $key, $reg)) { + //eat-by date dispatch + $prod = "product_".$reg[1]."_".$reg[2]; + $qty = "qty_".$reg[1]."_".$reg[2]; + $ent = "entrepot_".$reg[1]."_".$reg[2]; + $pu = "pu_".$reg[1]."_".$reg[2]; + $lot = "lot_number_".$reg[1]."_".$reg[2]; + $dDLUO = dol_mktime(12, 0 , 0, $_POST['dluo_'.$reg[1]."_".$reg[2].'month'], $_POST['dluo_'.$reg[1]."_".$reg[2].'day'], $_POST['dluo_'.$reg[1]."_".$reg[2].'year']); + $dDLC = dol_mktime(12, 0 , 0, $_POST['dlc_'.$reg[1]."_".$reg[2].'month'], $_POST['dlc_'.$reg[1]."_".$reg[2].'day'], $_POST['dlc_'.$reg[1]."_".$reg[2].'year']); + + if (! (GETPOST($ent,'int') > 0)) + { + dol_syslog('No dispatch for line '.$key.' as no warehouse choosed'); + $text = $langs->transnoentities('Warehouse').', '.$langs->transnoentities('Line').'' .($reg[1]-1); + setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors'); } + if (!((GETPOST($qty) > 0 ) && ( $_POST[$lot] or $dDLUO or $dDLC) )) + { + dol_syslog('No dispatch for line '.$key.' as qty is not set or eat-by date are not set'); + $text = $langs->transnoentities('atleast1batchfield').', '.$langs->transnoentities('Line').'' .($reg[1]-1); + setEventMessage($langs->trans('ErrorFieldRequired',$text), 'errors'); + } else { + $result = $commande->DispatchProduct($user, GETPOST($prod,'int'),GETPOST($qty), GETPOST($ent,'int'), GETPOST($pu), GETPOST("comment"), $dDLC, $dDLUO, GETPOST($lot)); + } + + } + } if (! $notrigger) @@ -104,7 +132,7 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece { $db->commit(); - header("Location: dispatch.php?id=".$_GET["id"]); + header("Location: dispatch.php?id=".$id); exit; } else @@ -120,22 +148,27 @@ if ($_POST["action"] == 'dispatch' && $user->rights->fournisseur->commande->rece * View */ -llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur"); + if (!empty($conf->productbatch->enabled)) { + llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur",'',0,0,array('/core/js/lib_batch.js')); + + } else { + llxHeader('',$langs->trans("OrderCard"),"CommandeFournisseur"); +} $form = new Form($db); $warehouse_static = new Entrepot($db); $now=dol_now(); -$id = $_GET['id']; -$ref= $_GET['ref']; +$id = GETPOST('id','int'); +$ref= GETPOST('ref'); if ($id > 0 || ! empty($ref)) { //if ($mesg) print $mesg.'
'; $commande = new CommandeFournisseur($db); - $result=$commande->fetch($_GET['id'],$_GET['ref']); + $result=$commande->fetch($id,$ref); if ($result >= 0) { $soc = new Societe($db); @@ -237,11 +270,11 @@ if ($id > 0 || ! empty($ref)) } $sql = "SELECT l.fk_product, l.subprice, l.remise_percent, SUM(l.qty) as qty,"; - $sql.= " p.ref, p.label"; + $sql.= " p.ref, p.label, p.tobatch"; $sql.= " FROM ".MAIN_DB_PREFIX."commande_fournisseurdet as l"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON l.fk_product=p.rowid"; $sql.= " WHERE l.fk_commande = ".$commande->id; - $sql.= " GROUP BY p.ref, p.label, l.fk_product, l.subprice, l.remise_percent"; // Calculation of amount dispatched is done per fk_product so we must group by fk_product + $sql.= " GROUP BY p.ref, p.label, p.tobatch, l.fk_product, l.subprice, l.remise_percent"; // Calculation of amount dispatched is done per fk_product so we must group by fk_product $sql.= " ORDER BY p.ref, p.label"; $resql = $db->query($sql); @@ -253,13 +286,23 @@ if ($id > 0 || ! empty($ref)) if ($num) { print ''; - print ''.$langs->trans("Description").''; + print ''.$langs->trans("Description").''; print ''.$langs->trans("QtyOrdered").''; print ''.$langs->trans("QtyDispatched").''; print ''.$langs->trans("QtyDelivered").''; print ''.$langs->trans("Warehouse").''; print "\n"; + if (!empty($conf->productbatch->enabled)) { + print ''; + print ' '; + print ''.$langs->trans("l_eatby").''; + print ''.$langs->trans("l_sellby").''; + print ''.$langs->trans("batch_number").''; + print ' '; + print "\n"; + } + } $nbfreeproduct=0; @@ -285,35 +328,57 @@ if ($id > 0 || ! empty($ref)) $var=!$var; print ""; - print ''; + print ''; print ''.img_object($langs->trans("ShowProduct"),'product').' '.$objp->ref.''; print ' - '.$objp->label."\n"; // To show detail cref and description value, we must make calculation by cref //print ($objp->cref?' ('.$objp->cref.')':''); //if ($objp->description) print '
'.nl2br($objp->description); - print ''."\n"; + if ((empty($conf->productbatch->enabled)) || $objp->tobatch==0) { + $suffix='_'.$i; + } else { + $suffix='_0_'.$i; + } - $up_ht_disc=$objp->subprice; - if (! empty($objp->remise_percent) && empty($conf->global->STOCK_EXCLUDE_DISCOUNT_FOR_PMP)) $up_ht_disc=price2num($up_ht_disc * (100 - $objp->remise_percent) / 100, 'MU'); + $up_ht_disc=$objp->subprice; + if (! empty($objp->remise_percent) && empty($conf->global->STOCK_EXCLUDE_DISCOUNT_FOR_PMP)) $up_ht_disc=price2num($up_ht_disc * (100 - $objp->remise_percent) / 100, 'MU'); - print ''."\n"; print "\n"; print ''.$objp->qty.''; print ''.$products_dispatched[$objp->fk_product].''; + if ( !(empty($conf->productbatch->enabled)) && $objp->tobatch==1) { + print ''.img_picto_common($langs->trans('add_dispatch_batch'),'treemenu/plustop2.gif','onClick="AddLineBatch('.$i.')"').''; + print ''; + print ''; + print ''; + print ''; + print ''; + $form->select_date('','dlc'.$suffix,'','',1,""); + print ''; + $form->select_date('','dluo'.$suffix,'','',1,""); + print ''; + print ''; + print ''; + print ' '; + } else { + print ''; + print ''; + } + // Dispatch - print ''; + print ''; // Warehouse print ''; if (count($listwarehouses)>1) { - print $form->selectarray("entrepot_".$i, $listwarehouses, '', 1, 0, 0, '', 0, 0, $disabled); + print $form->selectarray("entrepot".$suffix, $listwarehouses, '', 1, 0, 0, '', 0, 0, $disabled); } elseif (count($listwarehouses)==1) { - print $form->selectarray("entrepot_".$i, $listwarehouses, '', 0, 0, 0, '', 0, 0, $disabled); + print $form->selectarray("entrepot".$suffix, $listwarehouses, '', 0, 0, 0, '', 0, 0, $disabled); } else { @@ -339,7 +404,7 @@ if ($id > 0 || ! empty($ref)) { print $langs->trans("Comment").' : '; print 'trans("DispatchSupplierOrder",$commande->ref); + print $_POST["comment"]?GETPOST("comment"):$langs->trans("DispatchSupplierOrder",$commande->ref); // print ' / '.$commande->ref_supplier; // Not yet available print '" class="flat">

'; diff --git a/htdocs/fourn/commande/fiche.php b/htdocs/fourn/commande/fiche.php index 93897eefadc..743988b3195 100644 --- a/htdocs/fourn/commande/fiche.php +++ b/htdocs/fourn/commande/fiche.php @@ -194,7 +194,7 @@ else if ($action == 'addline' && $user->rights->fournisseur->commande->creer) || (! GETPOST('dp_desc') && ! GETPOST('addline_predefined') && GETPOST('idprod', 'int')>0) // we push enter onto qty field ) { - $predef=(($conf->global->MAIN_FEATURES_LEVEL < 2) ? '_predef' : ''); + $predef= '_predef'; $idprod=GETPOST('idprod', 'int'); $product_desc = (GETPOST('product_desc')?GETPOST('product_desc'):(GETPOST('np_desc')?GETPOST('np_desc'):'')); $price_ht = ''; @@ -202,7 +202,6 @@ else if ($action == 'addline' && $user->rights->fournisseur->commande->creer) } $qty = GETPOST('qty'.$predef); $remise_percent=GETPOST('remise_percent'.$predef); - if (GETPOST('addline_libre') && GETPOST('pu') < 0 && $qty < 0) { setEventMessage($langs->trans('ErrorBothFieldCantBeNegative', $langs->transnoentitiesnoconv('UnitPrice'), $langs->transnoentitiesnoconv('Qty')), 'errors'); diff --git a/htdocs/langs/fr_FR/productbatch.lang b/htdocs/langs/fr_FR/productbatch.lang index 081ea1ba291..a5c72da3aaa 100644 --- a/htdocs/langs/fr_FR/productbatch.lang +++ b/htdocs/langs/fr_FR/productbatch.lang @@ -15,4 +15,4 @@ printBatch= Lot: %s printEatby= DLC: %s printSellby= DLUO: %s printQty= Qté: %d - +add_dispatch_batch= Ajouter une ligne de dispatch DLUO