diff --git a/htdocs/compta/commande/liste.php b/htdocs/compta/commande/liste.php index 5fe83057824..96f21bfba85 100644 --- a/htdocs/compta/commande/liste.php +++ b/htdocs/compta/commande/liste.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index b17942d1dab..1a1d786c6fb 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -2,6 +2,7 @@ /* Copyright (C) 2003 Rodolphe Quiedeville * Copyright (C) 2004-2005 Laurent Destailleur * Copyright (C) 2004 Eric Seigne + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index cf9a65a68d8..b31211099b2 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -1,6 +1,7 @@ * Copyright (C) 2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -65,9 +66,12 @@ if (! $sortfield) $sortfield="f.facnumber"; $sql= "SELECT f.facnumber, f.rowid, s.nom, s.idp"; $sql.= " , ".$db->pdate("pfd.date_demande")." as date_demande"; $sql.= " , pfd.fk_user_demande"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."societe as s"; $sql.= " , ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.idp = f.fk_soc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $statut) $sql.= " AND pfd.traite = 0"; if ($statut) $sql.= " AND pfd.traite = ".$statut; $sql.= " AND pfd.fk_facture = f.rowid"; diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 860789af161..19c82d8f12d 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,6 +33,12 @@ require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php"; if (!$user->rights->prelevement->bons->lire) accessforbidden(); +// Sécurité accés client +if ($user->societe_id > 0) +{ + $action = ''; + $socidp = $user->societe_id; +} /* @@ -121,11 +128,15 @@ print ''; * */ $sql = "SELECT f.facnumber, f.rowid, s.nom, s.idp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."societe as s"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " , ".MAIN_DB_PREFIX."prelevement_facture_demande as pfd"; $sql .= " WHERE s.idp = f.fk_soc"; $sql .= " AND pfd.traite = 0 AND pfd.fk_facture = f.rowid"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if ($socidp) { $sql .= " AND f.fk_soc = $socidp"; diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php index 991bf68b12c..356ef56f249 100644 --- a/htdocs/projet/index.php +++ b/htdocs/projet/index.php @@ -58,10 +58,13 @@ print ''.$langs->trans("NbOpenTasks").''; print "\n"; $sql = "SELECT p.title, p.rowid, count(t.rowid)"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t ON p.rowid = t.fk_projet"; //$sql.= " , ".MAIN_DB_PREFIX."projet_task as t"; //$sql.= " WHERE t.fk_projet = p.rowid"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= " AND p.fk_soc = ".$socidp; @@ -109,8 +112,11 @@ print ''.$langs->trans("Nb").''; print "\n"; $sql = "SELECT s.nom, s.idp, count(p.rowid)"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."projet as p"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_soc = s.idp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= " AND s.idp = $socidp";