From 475600d948e7d093d5a9b22554b502eccc0241e7 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 18 May 2009 08:01:15 +0000
Subject: [PATCH] =?UTF-8?q?Fix:=20simplification,=20on=20v=E9rifie=20l'ent?=
 =?UTF-8?q?it=E9=20du=20document=20et=20pas=20celle=20de=20la=20soci=E9t?=
 =?UTF-8?q?=E9=20afin=20=20d'avoir=20la=20possibilit=E9=20d'utiliser=20une?=
 =?UTF-8?q?=20base=20commune=20des=20soci=E9t=E9s=20entre=20entit=E9s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/fourn/facture/fiche.php |  2 +-
 htdocs/lib/functions.lib.php   | 24 +++++-------------------
 2 files changed, 6 insertions(+), 20 deletions(-)

diff --git a/htdocs/fourn/facture/fiche.php b/htdocs/fourn/facture/fiche.php
index 1481772714c..c322180efa9 100644
--- a/htdocs/fourn/facture/fiche.php
+++ b/htdocs/fourn/facture/fiche.php
@@ -43,7 +43,7 @@ $facid = isset($_GET["facid"])?$_GET["facid"]:'';
 
 // Security check
 if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'fournisseur', $facid, '', 'facture');
+$result = restrictedArea($user, 'fournisseur', $facid, 'facture_fourn', 'facture');
 
 $html = new Form($db);
 $mesg='';
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index 7562d9bc886..d8ed4a5729f 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -1357,9 +1357,8 @@ function info_admin($texte,$infoonimgalt=0)
  *	\param      feature2		    Feature to check (second level of permission)
  *  \param      dbt_keyfield    Field name for socid foreign key if not fk_soc. (optionnal)
  *  \param      dbt_select      Field name for select if not rowid. (optionnal)
- *  \param      dbt_tablename2  Secondary table name for compare keyfield. (optionnal)
  */
-function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $dbtablename2='societe')
+function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid')
 {
 	global $db, $conf;
 
@@ -1522,23 +1521,10 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',
 			// If multicompany and internal users with all permissions, check user is in correct entity
 			else if ($conf->global->MAIN_MODULE_MULTICOMPANY)
 			{
-				// If the objects do not have fk_soc
-				if ($feature == 'banque' || $feature == 'cheque')
-				{
-					$sql = "SELECT dbt.".$dbt_select;
-					$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
-					$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
-					$sql.= " AND dbt.entity = ".$conf->entity;
-				}
-				else
-				{
-					$sql = "SELECT dbt.".$dbt_select;
-					$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
-					$sql.= ", ".MAIN_DB_PREFIX.$dbtablename2." as dbt2";
-					$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
-					$sql.= " AND dbt2.rowid = dbt.".$dbt_keyfield;
-					$sql.= " AND dbt2.entity = ".$conf->entity;
-				}
+				$sql = "SELECT dbt.".$dbt_select;
+				$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
+				$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
+				$sql.= " AND dbt.entity = ".$conf->entity;
 			}
 		}