diff --git a/htdocs/comm/propal/contact.php b/htdocs/comm/propal/contact.php index 77ffe3bf06c..7e6c61ca60f 100644 --- a/htdocs/comm/propal/contact.php +++ b/htdocs/comm/propal/contact.php @@ -40,7 +40,7 @@ $langs->load("companies"); $propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'propale', $propalid, 'propal'); +$socid = restrictedArea($user, 'propale', $propalid, 'propal'); /* * Ajout d'un nouveau contact diff --git a/htdocs/commande/contact.php b/htdocs/commande/contact.php index 8b2c049de81..958ae3f4aa2 100644 --- a/htdocs/commande/contact.php +++ b/htdocs/commande/contact.php @@ -40,7 +40,7 @@ $langs->load("companies"); $commandeid = isset($_GET["id"])?$_GET["id"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'commande', $commandeid); +$socid = restrictedArea($user, 'commande', $commandeid); /* * Ajout d'un nouveau contact diff --git a/htdocs/compta/facture/contact.php b/htdocs/compta/facture/contact.php index 496ca7e1f91..4ee2c994a8c 100644 --- a/htdocs/compta/facture/contact.php +++ b/htdocs/compta/facture/contact.php @@ -38,7 +38,7 @@ $langs->load("companies"); $facid = isset($_GET["facid"])?$_GET["facid"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'facture', $facid); +$socid = restrictedArea($user, 'facture', $facid); /* * Ajout d'un nouveau contact diff --git a/htdocs/contrat/contact.php b/htdocs/contrat/contact.php index 4654afc73f3..d821dd02381 100644 --- a/htdocs/contrat/contact.php +++ b/htdocs/contrat/contact.php @@ -39,7 +39,7 @@ $langs->load("companies"); $contratid = isset($_GET["id"])?$_GET["id"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'contrat', $contratid); +$socid = restrictedArea($user, 'contrat', $contratid); /* * Ajout d'un nouveau contact diff --git a/htdocs/docsoc.php b/htdocs/docsoc.php index d203e96d8fc..0f6a60eff9c 100644 --- a/htdocs/docsoc.php +++ b/htdocs/docsoc.php @@ -39,7 +39,7 @@ $mesg = ""; $socid = isset($_GET["socid"])?$_GET["socid"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'commercial', $socid, 'societe'); +$socid = restrictedArea($user, 'commercial', $socid, 'societe'); /* * Actions diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php index 0db8ea0058b..d282fd3721c 100644 --- a/htdocs/lib/functions.inc.php +++ b/htdocs/lib/functions.inc.php @@ -1281,27 +1281,27 @@ function dol_loginfunction($notused,$pearstatus) { $_GET["action"] = ''; $_POST["action"] = ''; - $user_socid = $user->societe_id; + $socid = $user->societe_id; } if ($objectid) { - if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$user_socid > 0) + if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$socid > 0) { $sql = "SELECT sc.fk_soc"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id; } - else if ($objectid && (!$user->rights->commercial->client->voir || $user_socid > 0)) + else if ($objectid && (!$user->rights->commercial->client->voir || $socid > 0)) { $sql = "SELECT sc.fk_soc, dbt.fk_soc"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " WHERE dbt.rowid = ".$objectid; - if (!$user->rights->commercial->client->voir && !$user_socid > 0) + if (!$user->rights->commercial->client->voir && !$socid > 0) { $sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id; } - if ($user_socid > 0) $sql .= " AND dbt.fk_soc = ".$user_socid; + if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid; } if ($db->query($sql)) @@ -1312,7 +1312,7 @@ function dol_loginfunction($notused,$pearstatus) } } } - return 1; + return $socid; } diff --git a/htdocs/soc.php b/htdocs/soc.php index 785eceb6ef8..e58a6581abc 100644 --- a/htdocs/soc.php +++ b/htdocs/soc.php @@ -40,8 +40,7 @@ $langs->load("bills"); $socid = isset($_GET["socid"])?$_GET["socid"]:''; // Sécurité d'accès client et commerciaux -$security = restrictedArea($user, 'societe', $socid); -print $security; +$socid = restrictedArea($user, 'societe', $socid); // Initialisation de l'objet Societe $soc = new Societe($db); diff --git a/htdocs/societe.php b/htdocs/societe.php index 78525fc9686..929554e7c1b 100644 --- a/htdocs/societe.php +++ b/htdocs/societe.php @@ -30,24 +30,14 @@ require_once("./pre.inc.php"); -if (!$user->rights->societe->lire) - accessforbidden(); - include_once(DOL_DOCUMENT_ROOT."/contact.class.php"); $langs->load("companies"); $langs->load("customers"); $langs->load("suppliers"); - -// Sécurité accés client -$socid=0; -if ($user->societe_id > 0) -{ - $action = ''; - $socid = $user->societe_id; -} - +// Sécurité d'accès client et commerciaux +$socid = restrictedArea($user, 'societe'); $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; $search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];