diff --git a/htdocs/compta/bank/account.class.php b/htdocs/compta/bank/account.class.php index f70a080dc77..8da71e87444 100644 --- a/htdocs/compta/bank/account.class.php +++ b/htdocs/compta/bank/account.class.php @@ -108,8 +108,19 @@ class Account extends CommonObject */ function add_url_line($line_id, $url_id, $url, $label, $type) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_url (fk_bank, url_id, url, label, type)"; - $sql .= " VALUES ('".$line_id."', '".$url_id."', '".$url."', '".addslashes($label)."', '".$type."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_url ("; + $sql.= "fk_bank"; + $sql.= ", url_id"; + $sql.= ", url"; + $sql.= ", label"; + $sql.= ", type"; + $sql.= ") VALUES ("; + $sql.= "'".$line_id."'"; + $sql.= ", '".$url_id."'"; + $sql.= ", '".$url."'"; + $sql.= ", '".addslashes($label)."'"; + $sql.= ", '".$type."'"; + $sql.= ")"; dol_syslog("Account::add_url_line sql=".$sql); if ($this->db->query($sql)) @@ -132,6 +143,7 @@ class Account extends CommonObject function get_url($line_id) { $lines = array(); + $sql = "SELECT url_id, url, label, type"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_url"; $sql.= " WHERE fk_bank = ".$line_id; @@ -226,14 +238,29 @@ class Account extends CommonObject $datev = $date; - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank (datec, dateo, datev, label, amount, fk_user_author, num_chq, fk_account, fk_type,emetteur,banque)"; - $sql.= " VALUES (".$this->db->idate(mktime()).", '".$this->db->idate($date)."', '".$this->db->idate($datev)."', "; - $sql.= " '".addslashes($label)."', " . price2num($amount).", '".$user->id."', "; - $sql.= " ".($num_chq?"'".$num_chq."'":"null").", "; - $sql.= " '".$this->rowid."', "; - $sql.= " '".$oper."', "; - $sql.= " ".($emetteur?"'".addslashes($emetteur)."'":"null").", "; - $sql.= " ".($banque?"'".addslashes($banque)."'":"null"); + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank ("; + $sql.= "datec"; + $sql.= ", dateo"; + $sql.= ", datev"; + $sql.= ", label"; + $sql.= ", amount"; + $sql.= ", fk_user_author"; + $sql.= ", num_chq"; + $sql.= ", fk_account"; + $sql.= ", fk_type"; + $sql.= ",emetteur,banque"; + $sql.= ") VALUES ("; + $sql.= $this->db->idate(mktime()); + $sql.= ", '".$this->db->idate($date)."'"; + $sql.= ", '".$this->db->idate($datev)."'"; + $sql.= ", '".addslashes($label)."'"; + $sql.= ", ".price2num($amount); + $sql.= ", '".$user->id."'"; + $sql.= ", ".($num_chq?"'".$num_chq."'":"null"); + $sql.= ", '".$this->rowid."'"; + $sql.= ", '".$oper."'"; + $sql.= ", ".($emetteur?"'".addslashes($emetteur)."'":"null"); + $sql.= ", ".($banque?"'".addslashes($banque)."'":"null"); $sql.= ")"; dol_syslog("Account::addline sql=".$sql); @@ -242,7 +269,14 @@ class Account extends CommonObject $rowid = $this->db->last_insert_id(MAIN_DB_PREFIX."bank"); if ($categorie) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ) VALUES ('$rowid', '$categorie')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class ("; + $sql.= "lineid"; + $sql.= ", fk_categ"; + $sql.= ") VALUES ("; + $sql.= "'".$rowid."'"; + $sql.= ", '".$categorie."'"; + $sql.= ")"; + $result = $this->db->query($sql); if (! $result) { @@ -269,7 +303,7 @@ class Account extends CommonObject */ function create() { - global $langs; + global $langs,$conf; // Check parameters if (! $this->min_allowed) $this->min_allowed=0; @@ -285,14 +319,27 @@ class Account extends CommonObject } $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_account ("; - $sql.= "datec, ref, label, account_number, currency_code, "; - $sql.= "rappro, min_allowed, min_desired, "; - $sql.= "comment"; - $sql.= ") values ("; - $sql.= "".$this->db->idate(mktime()).",'" . addslashes($this->ref) . "', '" . addslashes($this->label) . "', "; - $sql.= "'".addslashes($this->account_number) . "', '".$this->currency_code."', "; - $sql.= $this->rappro.", ".price2num($this->min_allowed).", ".price2num($this->min_desired).", "; - $sql.= "'".addslashes($this->comment)."'"; + $sql.= "datec"; + $sql.= ", ref"; + $sql.= ", label"; + $sql.= ", entity"; + $sql.= ", account_number"; + $sql.= ", currency_code"; + $sql.= ", rappro"; + $sql.= ", min_allowed"; + $sql.= ", min_desired"; + $sql.= ", comment"; + $sql.= ") VALUES ("; + $sql.= $this->db->idate(mktime()); + $sql.= ", '".addslashes($this->ref)."'"; + $sql.= ", '".addslashes($this->label)."'"; + $sql.= ", ".$conf->entity; + $sql.= ", '".addslashes($this->account_number)."'"; + $sql.= ", '".$this->currency_code."'"; + $sql.= ", ".$this->rappro; + $sql.= ", ".price2num($this->min_allowed); + $sql.= ", ".price2num($this->min_desired); + $sql.= ", '".addslashes($this->comment)."'"; $sql.= ")"; dol_syslog("Account::create sql=".$sql); @@ -304,8 +351,26 @@ class Account extends CommonObject $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."bank_account"); if ( $this->update() ) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank (datec, label, amount, fk_account, datev, dateo, fk_type, rappro) "; - $sql .= " VALUES (".$this->db->idate(mktime()).",'(".$langs->trans("InitialBankBalance").")'," . price2num($this->solde) . ",'$this->id','".$this->db->idate($this->date_solde)."','".$this->db->idate($this->date_solde)."','SOLD',1);"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank ("; + $sql.= "datec"; + $sql.= ", label"; + $sql.= ", amount"; + $sql.= ", fk_account"; + $sql.= ", datev"; + $sql.= ", dateo"; + $sql.= ", fk_type"; + $sql.= ", rappro"; + $sql.= ") VALUES ("; + $sql.= $this->db->idate(mktime()); + $sql.= ", '(".$langs->trans("InitialBankBalance").")'"; + $sql.= ", ".price2num($this->solde); + $sql.= ", '".$this->id."'"; + $sql.= ", '".$this->db->idate($this->date_solde)."'"; + $sql.= ", '".$this->db->idate($this->date_solde)."'"; + $sql.= ", 'SOLD'"; + $sql.= ", 1"; + $sql.= ")"; + $this->db->query($sql); } return $this->id; @@ -334,7 +399,7 @@ class Account extends CommonObject */ function update($user='') { - global $langs; + global $langs,$conf; // Check parameters if (! $this->min_allowed) $this->min_allowed=0; @@ -350,22 +415,23 @@ class Account extends CommonObject $sql = "UPDATE ".MAIN_DB_PREFIX."bank_account SET "; - $sql .= " ref = '".addslashes($this->ref)."'"; - $sql .= ",label = '".addslashes($this->label)."'"; + $sql.= " ref = '".addslashes($this->ref)."'"; + $sql.= ",label = '".addslashes($this->label)."'"; - $sql .= ",courant = ".$this->courant; - $sql .= ",clos = ".$this->clos; - $sql .= ",rappro = ".$this->rappro; - $sql .= ",url = ".($this->url?"'".$this->url."'":"null"); - $sql .= ",account_number = '".$this->account_number."'"; + $sql.= ",courant = ".$this->courant; + $sql.= ",clos = ".$this->clos; + $sql.= ",rappro = ".$this->rappro; + $sql.= ",url = ".($this->url?"'".$this->url."'":"null"); + $sql.= ",account_number = '".$this->account_number."'"; - $sql .= ",currency_code = '".$this->currency_code."'"; + $sql.= ",currency_code = '".$this->currency_code."'"; - $sql .= ",min_allowed = '".price2num($this->min_allowed)."'"; - $sql .= ",min_desired = '".price2num($this->min_desired)."'"; - $sql .= ",comment = '".addslashes($this->comment)."'"; + $sql.= ",min_allowed = '".price2num($this->min_allowed)."'"; + $sql.= ",min_desired = '".price2num($this->min_desired)."'"; + $sql.= ",comment = '".addslashes($this->comment)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql.= " WHERE rowid = ".$this->id; + $sql.= " AND entity = ".$conf->entity; dol_syslog("Account::update sql=".$sql); $result = $this->db->query($sql); @@ -404,17 +470,18 @@ class Account extends CommonObject } $sql = "UPDATE ".MAIN_DB_PREFIX."bank_account SET "; - $sql .= " bank = '".addslashes($this->bank)."'"; - $sql .= ",code_banque='".$this->code_banque."'"; - $sql .= ",code_guichet='".$this->code_guichet."'"; - $sql .= ",number='".$this->number."'"; - $sql .= ",cle_rib='".$this->cle_rib."'"; - $sql .= ",bic='".$this->bic."'"; - $sql .= ",iban_prefix = '".$this->iban."'"; - $sql .= ",domiciliation='".addslashes($this->domiciliation)."'"; - $sql .= ",proprio = '".addslashes($this->proprio)."'"; - $sql .= ",adresse_proprio = '".addslashes($this->adresse_proprio)."'"; - $sql .= " WHERE rowid = ".$this->id; + $sql.= " bank = '".addslashes($this->bank)."'"; + $sql.= ",code_banque='".$this->code_banque."'"; + $sql.= ",code_guichet='".$this->code_guichet."'"; + $sql.= ",number='".$this->number."'"; + $sql.= ",cle_rib='".$this->cle_rib."'"; + $sql.= ",bic='".$this->bic."'"; + $sql.= ",iban_prefix = '".$this->iban."'"; + $sql.= ",domiciliation='".addslashes($this->domiciliation)."'"; + $sql.= ",proprio = '".addslashes($this->proprio)."'"; + $sql.= ",adresse_proprio = '".addslashes($this->adresse_proprio)."'"; + $sql.= " WHERE rowid = ".$this->id; + $sql.= " AND entity = ".$conf->entity; dol_syslog("Account::update_bban sql=$sql"); @@ -434,19 +501,22 @@ class Account extends CommonObject /* * \brief Charge un compte en memoire depuis la base - * \param id Id du compte � r�cup�rer - * \param ref Ref du compte � r�cup�rer + * \param id Id du compte a recuperer + * \param ref Ref du compte a recuperer */ function fetch($id,$ref='') { + global $conf; + $sql = "SELECT rowid, ref, label, bank, number, courant, clos, rappro, url,"; $sql.= " code_banque, code_guichet, cle_rib, bic, iban_prefix as iban,"; $sql.= " domiciliation, proprio, adresse_proprio,"; $sql.= " account_number, currency_code,"; $sql.= " min_allowed, min_desired, comment"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_account"; - if ($id) $sql.= " WHERE rowid = ".$id; - if ($ref) $sql.= " WHERE ref = '".addslashes($ref)."'"; + $sql.= " WHERE entity = ".$conf->entity; + if ($id) $sql.= " AND rowid = ".$id; + if ($ref) $sql.= " AND ref = '".addslashes($ref)."'"; dol_syslog("Account::fetch sql=".$sql); $result = $this->db->query($sql); @@ -505,8 +575,11 @@ class Account extends CommonObject */ function delete() { + global $conf; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_account"; - $sql .= " WHERE rowid = ".$this->rowid; + $sql.= " WHERE rowid = ".$this->rowid; + $sql.= " AND entity = ".$conf->entity; dol_syslog("Account::delete sql=".$sql); $result = $this->db->query($sql); @@ -521,8 +594,8 @@ class Account extends CommonObject /** - * \brief Retourne le libell� du statut d'une facture (brouillon, valid�e, abandonn�e, pay�e) - * \param mode 0=libell� long, 1=libell� court, 2=Picto + Libell� court, 3=Picto, 4=Picto + Libell� long + * \brief Retourne le libelle du statut d'une facture (brouillon, validee, abandonnee, payee) + * \param mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long * \return string Libelle */ function getLibStatut($mode=0) @@ -531,10 +604,10 @@ class Account extends CommonObject } /** - * \brief Renvoi le libell� d'un statut donn� + * \brief Renvoi le libelle d'un statut donne * \param statut Id statut - * \param mode 0=libell� long, 1=libell� court, 2=Picto + Libell� court, 3=Picto, 4=Picto + Libell� long, 5=Libell� court + Picto - * \return string Libell� du statut + * \param mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto + * \return string Libelle du statut */ function LibStatut($statut,$mode=0) { @@ -576,7 +649,7 @@ class Account extends CommonObject /* * \brief Renvoi si un compte peut etre supprimer ou non (sans mouvements) - * \return boolean vrai si peut etre supprim�, faux sinon + * \return boolean vrai si peut etre supprime, faux sinon */ function can_be_deleted() { @@ -585,6 +658,7 @@ class Account extends CommonObject $sql = "SELECT COUNT(rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."bank"; $sql.= " WHERE fk_account=".$this->id; + $resql = $this->db->query($sql); if ($resql) { $obj=$this->db->fetch_object($resql); @@ -612,8 +686,9 @@ class Account extends CommonObject */ function solde($option=0) { - $sql = "SELECT sum(amount) as amount FROM ".MAIN_DB_PREFIX."bank"; - $sql.= " WHERE fk_account=".$this->id; + $sql = "SELECT sum(amount) as amount"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank"; + $sql.= " WHERE fk_account = ".$this->id; if ($option == 1) $sql.= " AND dateo <= ".$this->db->idate(time()); $resql = $this->db->query($sql); @@ -635,10 +710,8 @@ class Account extends CommonObject function datev_next($rowid) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank SET "; - - $sql .= " datev = adddate(datev, interval 1 day)"; - - $sql .= " WHERE rowid = $rowid"; + $sql.= " datev = adddate(datev, interval 1 day)"; + $sql.= " WHERE rowid = ".$rowid; $result = $this->db->query($sql); @@ -662,10 +735,8 @@ class Account extends CommonObject function datev_previous($rowid) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank SET "; - - $sql .= " datev = adddate(datev, interval -1 day)"; - - $sql .= " WHERE rowid = $rowid"; + $sql.= " datev = adddate(datev, interval -1 day)"; + $sql.= " WHERE rowid = ".$rowid; $result = $this->db->query($sql); @@ -699,6 +770,7 @@ class Account extends CommonObject $now=gmmktime(); $this->nbtodo=$this->nbtodolate=0; + $sql = "SELECT b.rowid, b.datev as datefin"; $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; @@ -826,17 +898,22 @@ class AccountLine /** * \brief Charge en memoire depuis la base, une ecriture sur le compte - * \param id Id de la ligne �criture � r�cup�rer + * \param id Id de la ligne ecriture a recuperer * \return int <0 if KO, >0 if OK */ function fetch($rowid) { + global $conf; + $sql = "SELECT b.datec, b.datev, b.dateo, b.amount, b.label as label, b.fk_account,"; $sql.= " b.fk_user_author, b.fk_user_rappro,"; $sql.= " b.fk_type, b.num_releve, b.num_chq, b.rappro, b.note,"; $sql.= " ba.label as bank_account_label"; - $sql.= " FROM ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba"; - $sql.= " WHERE b.fk_account = ba.rowid AND b.rowid = ".$rowid; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.rowid = ".$rowid; dol_syslog("AccountLine::fetch sql=".$sql); $result = $this->db->query($sql); @@ -969,10 +1046,11 @@ class AccountLine { $this->db->begin(); - $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql.= " set rappro=1, num_releve='".$this->num_releve."',"; - $sql.= " fk_user_rappro=".$user->id; - $sql.= " WHERE rowid=".$this->id; + $sql = "UPDATE ".MAIN_DB_PREFIX."bank SET"; + $sql.= " rappro = 1"; + $sql.= ", num_releve = '".$this->num_releve."'"; + $sql.= ", fk_user_rappro = ".$user->id; + $sql.= " WHERE rowid = ".$this->id; dol_syslog("AccountLine::update_conciliation sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -980,8 +1058,13 @@ class AccountLine { if (! empty($cat)) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class (lineid, fk_categ)"; - $sql.= " VALUES (".$this->id.", ".$cat.")"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_class ("; + $sql.= "lineid"; + $sql.= ", fk_categ"; + $sql.= ") VALUES ("; + $sql.= $this->id; + $sql.= ", ".$cat; + $sql.= ")"; dol_syslog("AccountLine::update_conciliation sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -1007,8 +1090,8 @@ class AccountLine */ function info($rowid) { - $sql = 'SELECT b.rowid, '.$this->db->pdate('datec').' as datec,'; - $sql.= ' fk_user_author, fk_user_rappro'; + $sql = 'SELECT b.rowid, '.$this->db->pdate('b.datec').' as datec,'; + $sql.= ' b.fk_user_author, b.fk_user_rappro'; $sql.= ' FROM '.MAIN_DB_PREFIX.'bank as b'; $sql.= ' WHERE b.rowid = '.$rowid; diff --git a/htdocs/compta/bank/account.php b/htdocs/compta/bank/account.php index c40c99b6c2a..9fdc9dc0b9b 100644 --- a/htdocs/compta/bank/account.php +++ b/htdocs/compta/bank/account.php @@ -3,7 +3,7 @@ * Copyright (C) 2003 Jean-Louis Bergamo * Copyright (C) 2004-2009 Laurent Destailleur * Copytight (C) 2004 Christophe Combelles - * Copytight (C) 2005-2007 Regis Houssin + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -36,13 +36,17 @@ require_once(DOL_DOCUMENT_ROOT."/paiement.class.php"); require_once(DOL_DOCUMENT_ROOT."/compta/tva/tva.class.php"); require_once(DOL_DOCUMENT_ROOT."/fourn/facture/paiementfourn.class.php"); -// Security check -if (!$user->rights->banque->lire) -accessforbidden(); - - $langs->load("bills"); +// Security check +if (isset($_GET["account"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); + $account=isset($_GET["account"])?$_GET["account"]:$_POST["account"]; $vline=isset($_GET["vline"])?$_GET["vline"]:$_POST["vline"]; @@ -150,9 +154,12 @@ if ($account || $_GET["ref"]) // Chargement des categories bancaires dans $options $nbcategories=0; + $sql = "SELECT rowid, label"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_categ"; + $sql.= " WHERE entity = ".$conf->entity; $sql.= " ORDER BY label"; + $result = $db->query($sql); if ($result) { @@ -195,18 +202,22 @@ if ($account || $_GET["ref"]) } if ($_REQUEST["thirdparty"]) { - $sql_rech.=" AND (IFNULL(s.nom,'') like '%".$_REQUEST["thirdparty"]."%')"; + $sql_rech.=" AND (IFNULL(s.nom,'') LIKE '%".$_REQUEST["thirdparty"]."%')"; $param.='&thirdparty='.urlencode($_REQUEST["thirdparty"]); $mode_search = 1; } - $sql = "SELECT count(*) as nb FROM ".MAIN_DB_PREFIX."bank as b"; + $sql = "SELECT count(*) as nb"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= ", ".MAIN_DB_PREFIX."bank as b"; if ($mode_search) { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu ON bu.fk_bank = b.rowid AND bu.type='company'"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON bu.url_id = s.rowid"; } - $sql.= " WHERE b.fk_account=".$acct->id; + $sql.= " WHERE b.fk_account = ".$acct->id; + $sql.= " AND b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; $sql.= $sql_rech; dol_syslog("account.php count transactions - sql=".$sql); @@ -417,7 +428,8 @@ if ($account || $_GET["ref"]) { } - $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= ", ".MAIN_DB_PREFIX."bank as b"; if ($mode_search) { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu1 ON bu1.fk_bank = b.rowid AND bu1.type='company'"; @@ -435,6 +447,8 @@ if ($account || $_GET["ref"]) //$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON bu3.url_id = s.rowid"; } $sql.= " WHERE b.fk_account=".$acct->id; + $sql.= " AND b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; $sql.= $sql_rech; $sql.= " ORDER BY b.datev ASC"; $sql.= $db->plimit($limitsql, 0); diff --git a/htdocs/compta/bank/annuel.php b/htdocs/compta/bank/annuel.php index 5e4c9e94146..461d4c42f20 100644 --- a/htdocs/compta/bank/annuel.php +++ b/htdocs/compta/bank/annuel.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2009 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -20,7 +21,7 @@ /** * \file htdocs/compta/bank/annuel.php * \ingroup banque - * \brief Page reporting mensuel Entr�es/Sorties d'un compte bancaire + * \brief Page reporting mensuel Entrees/Sorties d'un compte bancaire * \version $Id$ */ @@ -28,7 +29,14 @@ require("./pre.inc.php"); require_once(DOL_DOCUMENT_ROOT."/lib/bank.lib.php"); require_once(DOL_DOCUMENT_ROOT."/compta/bank/account.class.php"); -if (!$user->rights->banque->lire) accessforbidden(); +// Security check +if (isset($_GET["account"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); $year_start=isset($_GET["year_start"])?$_GET["year_start"]:$_POST["year_start"]; $year_current = strftime("%Y",time()); @@ -42,13 +50,6 @@ else $year_end=$year_start+2; } -// S�curit� acc�s client -if ($user->societe_id > 0) -{ - $socid = $user->societe_id; -} - - llxHeader(); @@ -67,14 +68,18 @@ if ($_GET["ref"]) } -# Ce rapport de tr�sorerie est bas� sur llx_bank (car doit inclure les transactions sans facture) +# Ce rapport de tresorerie est base sur llx_bank (car doit inclure les transactions sans facture) # plutot que sur llx_paiement + llx_paiementfourn -$sql = "SELECT sum(f.amount), date_format(f.dateo,'%Y-%m') as dm"; -$sql .= " FROM llx_bank as f"; -$sql .= " WHERE f.amount >= 0"; -if ($_GET["account"]) { $sql .= " AND fk_account in (".$_GET["account"].")"; } -$sql .= " GROUP BY dm"; +$sql = "SELECT SUM(b.amount)"; +$sql.= ", date_format(b.dateo,'%Y-%m') as dm"; +$sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; +$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; +$sql.= " WHERE b.fk_account = ba.rowid"; +$sql.= " AND ba.entity = ".$conf->entity; +$sql.= " AND b.amount >= 0"; +if ($_GET["account"]) $sql .= " AND b.fk_account IN (".$_GET["account"].")"; +$sql.= " GROUP BY dm"; $resql=$db->query($sql); if ($resql) @@ -93,11 +98,16 @@ else dol_print_error($db); } -$sql = "SELECT sum(f.amount), date_format(f.dateo,'%Y-%m') as dm"; -$sql .= " FROM llx_bank as f"; -$sql .= " WHERE f.amount <= 0"; -if ($_GET["account"]) { $sql .= " AND fk_account in (".$_GET["account"].")"; } -$sql .= " GROUP BY dm"; +$sql = "SELECT SUM(b.amount)"; +$sql.= ", date_format(b.dateo,'%Y-%m') as dm"; +$sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; +$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; +$sql.= " WHERE b.fk_account = ba.rowid"; +$sql.= " AND ba.entity = ".$conf->entity; +$sql.= " AND b.amount <= 0"; +if ($_GET["account"]) $sql.= " AND b.fk_account IN (".$_GET["account"].")"; +$sql.= " GROUP BY dm"; + $resql=$db->query($sql); if ($resql) { @@ -235,9 +245,14 @@ print "\n"; // Solde actuel $balance=0; -$sql = "SELECT sum(f.amount) as total"; -$sql.= " FROM ".MAIN_DB_PREFIX."bank as f"; -if ($_GET["account"]) { $sql .= " WHERE fk_account in (".$_GET["account"].")"; } + +$sql = "SELECT SUM(b.amount) as total"; +$sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; +$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; +$sql.= " WHERE b.fk_account = ba.rowid"; +$sql.= " AND ba.entity = ".$conf->entity; +if ($_GET["account"]) $sql.= " AND b.fk_account IN (".$_GET["account"].")"; + $resql=$db->query($sql); if ($resql) { diff --git a/htdocs/compta/bank/bankcateg.class.php b/htdocs/compta/bank/bankcateg.class.php index c7e230fac2c..39d78f7fbf2 100644 --- a/htdocs/compta/bank/bankcateg.class.php +++ b/htdocs/compta/bank/bankcateg.class.php @@ -1,5 +1,6 @@ + * Copyright (C) 2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -44,21 +45,19 @@ class BankCateg // extends CommonObject //var $element='bank_categ'; //!< Id that identify managed objects //var $table_element='bank_categ'; //!< Name of table without prefix where object is stored - var $id; + var $id; var $label; - - - + /** * \brief Constructor * \param DB Database handler */ function BankCateg($DB) { - $this->db = $DB; - return 1; + $this->db = $DB; + return 1; } @@ -71,39 +70,32 @@ class BankCateg // extends CommonObject function create($user, $notrigger=0) { global $conf, $langs; - $error=0; + $error=0; - // Clean parameters - - if (isset($this->label)) $this->label=trim($this->label); - - - - // Check parameters - // Put here code to add control on parameters values - - // Insert request - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ("; - - $sql.= "label"; - - - $sql.= ") VALUES ("; - - $sql.= " ".(! isset($this->label)?'NULL':"'".addslashes($this->label)."'").""; - - - $sql.= ")"; - - $this->db->begin(); + // Clean parameters + if (isset($this->label)) $this->label=trim($this->label); + + // Check parameters + // Put here code to add control on parameters values + + // Insert request + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ ("; + $sql.= "label"; + $sql.= ", entity"; + $sql.= ") VALUES ("; + $sql.= " ".(! isset($this->label)?'NULL':"'".addslashes($this->label)."'").""; + $sql.= ", ".$conf->entity; + $sql.= ")"; + + $this->db->begin(); dol_syslog(get_class($this)."::create sql=".$sql, LOG_DEBUG); - $resql=$this->db->query($sql); + $resql=$this->db->query($sql); if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } - - if (! $error) - { - $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."bank_categ"); + + if (! $error) + { + $this->id = $this->db->last_insert_id(MAIN_DB_PREFIX."bank_categ"); if (! $notrigger) { @@ -145,40 +137,36 @@ class BankCateg // extends CommonObject */ function fetch($id) { - global $langs; - $sql = "SELECT"; - $sql.= " t.rowid,"; - - $sql.= " t.label"; - - - $sql.= " FROM ".MAIN_DB_PREFIX."bank_categ as t"; - $sql.= " WHERE t.rowid = ".$id; + global $langs,$conf; + + $sql = "SELECT"; + $sql.= " t.rowid,"; + $sql.= " t.label"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank_categ as t"; + $sql.= " WHERE t.rowid = ".$id; + $sql.= " AND t.entity = ".$conf->entity; dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG); - $resql=$this->db->query($sql); - if ($resql) + $resql=$this->db->query($sql); + if ($resql) + { + if ($this->db->num_rows($resql)) { - if ($this->db->num_rows($resql)) - { - $obj = $this->db->fetch_object($resql); - - $this->id = $obj->rowid; - - $this->label = $obj->label; - - - } - $this->db->free($resql); - - return 1; - } - else - { - $this->error="Error ".$this->db->lasterror(); - dol_syslog(get_class($this)."::fetch ".$this->error, LOG_ERR); - return -1; + $obj = $this->db->fetch_object($resql); + + $this->id = $obj->rowid; + $this->label = $obj->label; } + $this->db->free($resql); + + return 1; + } + else + { + $this->error="Error ".$this->db->lasterror(); + dol_syslog(get_class($this)."::fetch ".$this->error, LOG_ERR); + return -1; + } } @@ -191,35 +179,30 @@ class BankCateg // extends CommonObject function update($user=0, $notrigger=0) { global $conf, $langs; - $error=0; + $error=0; - // Clean parameters - - if (isset($this->label)) $this->label=trim($this->label); + // Clean parameters + if (isset($this->label)) $this->label=trim($this->label); - - - // Check parameters - // Put here code to add control on parameters values - - // Update request - $sql = "UPDATE ".MAIN_DB_PREFIX."bank_categ SET"; - - $sql.= " label=".(isset($this->label)?"'".addslashes($this->label)."'":"null").""; - - - $sql.= " WHERE rowid=".$this->id; - - $this->db->begin(); - - dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); - $resql = $this->db->query($sql); + // Check parameters + // Put here code to add control on parameters values + + // Update request + $sql = "UPDATE ".MAIN_DB_PREFIX."bank_categ SET"; + $sql.= " label=".(isset($this->label)?"'".addslashes($this->label)."'":"null").""; + $sql.= " WHERE rowid=".$this->id; + $sql.= " AND entity = ".$conf->entity; + + $this->db->begin(); + + dol_syslog(get_class($this)."::update sql=".$sql, LOG_DEBUG); + $resql = $this->db->query($sql); if (! $resql) { $error++; $this->errors[]="Error ".$this->db->lasterror(); } - - if (! $error) - { - if (! $notrigger) - { + + if (! $error) + { + if (! $notrigger) + { // Uncomment this and change MYOBJECT to your own tag if you // want this action call a trigger. @@ -264,6 +247,7 @@ class BankCateg // extends CommonObject $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_categ"; $sql.= " WHERE rowid=".$this->id; + $sql.= " AND entity = ".$conf->entity; $this->db->begin(); diff --git a/htdocs/compta/bank/bankid_fr.php b/htdocs/compta/bank/bankid_fr.php index a2e89084809..e9adb08036c 100644 --- a/htdocs/compta/bank/bankid_fr.php +++ b/htdocs/compta/bank/bankid_fr.php @@ -2,6 +2,7 @@ /* Copyright (C) 2002-2006 Rodolphe Quiedeville * Copyright (C) 2003 Jean-Louis Bergamo * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,7 +22,7 @@ /** * \file htdocs/compta/bank/bankid_fr.php * \ingroup banque - * \brief Fiche cr�ation compte bancaire + * \brief Fiche creation compte bancaire * \version $Id$ */ @@ -30,8 +31,15 @@ require_once(DOL_DOCUMENT_ROOT."/lib/bank.lib.php"); $langs->load("banks"); -if (!$user->admin && !$user->rights->banque) -accessforbidden(); +// Security check +if (isset($_GET["id"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); + /* * Actions @@ -90,7 +98,7 @@ $form = new Form($db); /* ************************************************************************** */ /* */ -/* Affichage page en mode cr�ation */ +/* Affichage page en mode creation */ /* */ /* ************************************************************************** */ diff --git a/htdocs/compta/bank/budget.php b/htdocs/compta/bank/budget.php index 359ae48329c..3703568c63c 100644 --- a/htdocs/compta/bank/budget.php +++ b/htdocs/compta/bank/budget.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -28,9 +29,9 @@ require("./pre.inc.php"); $langs->load("categories"); -if (!$user->rights->banque->lire) - accessforbidden(); - +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque'); /* @@ -55,8 +56,14 @@ print ''.$langs->trans("Average").''; print "\n"; $sql = "SELECT sum(d.amount) as somme, count(*) as nombre, c.label, c.rowid "; -$sql .= " FROM ".MAIN_DB_PREFIX."bank_categ as c, ".MAIN_DB_PREFIX."bank_class as l, ".MAIN_DB_PREFIX."bank as d"; -$sql .= " WHERE d.rowid=l.lineid AND c.rowid = l.fk_categ GROUP BY c.label, c.rowid ORDER BY c.label"; +$sql.= " FROM ".MAIN_DB_PREFIX."bank_categ as c"; +$sql.= ", ".MAIN_DB_PREFIX."bank_class as l"; +$sql.= ", ".MAIN_DB_PREFIX."bank as d"; +$sql.= " WHERE c.entity = ".$conf->entity; +$sql.= " AND c.rowid = l.fk_categ"; +$sql.= " AND d.rowid = l.lineid"; +$sql.= " GROUP BY c.label, c.rowid"; +$sql.= " ORDER BY c.label"; $result = $db->query($sql); if ($result) diff --git a/htdocs/compta/bank/categ.php b/htdocs/compta/bank/categ.php index 1018fd19ac8..5fb062d330a 100644 --- a/htdocs/compta/bank/categ.php +++ b/htdocs/compta/bank/categ.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -38,7 +39,14 @@ if ($_POST["action"] == 'add') { if ($_POST["label"]) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ (label) VALUES ('".addslashes($_POST["label"])."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bank_categ ("; + $sql.= "label"; + $sql.= ", entity"; + $sql.= ") VALUES ("; + $sql.= "'".addslashes($_POST["label"])."'"; + $sql.= ", ".$conf->entity; + $sql.= ")"; + $result = $db->query($sql); if (!$result) @@ -55,7 +63,10 @@ if ( $_REQUEST['action'] == 'delete' ) { if ( $_REQUEST['categid'] ) { - $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_categ WHERE rowid='".$_REQUEST['categid']."'"; + $sql = "DELETE FROM ".MAIN_DB_PREFIX."bank_categ"; + $sql.= " WHERE rowid = '".$_REQUEST['categid']."'"; + $sql.= " AND entity = ".$conf->entity; + $result = $db->query($sql); if (!$result) @@ -84,7 +95,10 @@ print ''; print ''.$langs->trans("Ref").''.$langs->trans("Label").''; print "\n"; -$sql = "SELECT rowid, label FROM ".MAIN_DB_PREFIX."bank_categ ORDER BY label"; +$sql = "SELECT rowid, label"; +$sql.= " FROM ".MAIN_DB_PREFIX."bank_categ"; +$sql.= " WHERE entity = ".$conf->entity; +$sql.= " ORDER BY label"; $result = $db->query($sql); if ($result) diff --git a/htdocs/compta/bank/fiche.php b/htdocs/compta/bank/fiche.php index 46262051181..1ed227ee49e 100644 --- a/htdocs/compta/bank/fiche.php +++ b/htdocs/compta/bank/fiche.php @@ -2,6 +2,7 @@ /* Copyright (C) 2002-2003 Rodolphe Quiedeville * Copyright (C) 2003 Jean-Louis Bergamo * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,8 +31,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/bank.lib.php"); $langs->load("banks"); -if (!$user->admin && !$user->rights->banque) - accessforbidden(); +// Security check +if (isset($_GET["id"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); /* diff --git a/htdocs/compta/bank/graph.php b/htdocs/compta/bank/graph.php index 9ad632ff1c9..7824b3de053 100644 --- a/htdocs/compta/bank/graph.php +++ b/htdocs/compta/bank/graph.php @@ -1,6 +1,7 @@ - * Copyright (C) 2006-2009 Laurent Destailleur + * Copyright (C) 2004-2009 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,8 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/core/dolgraph.class.php"); $langs->load("banks"); -if (!$user->rights->banque->lire) -accessforbidden(); +// Security check +if (isset($_GET["account"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); $account=$_GET["account"]; $mode='standard'; @@ -87,9 +94,14 @@ else $height = 200; // Calcul de $min et $max - $sql = "SELECT min(".$db->pdate("datev")."), max(".$db->pdate("datev").")"; - $sql.= " FROM ".MAIN_DB_PREFIX."bank"; - if ($account && $_GET["option"]!='all') $sql.= " WHERE fk_account in (".$account.")"; + $sql = "SELECT MIN(".$db->pdate("b.datev").")"; + $sql.= ", MAX(".$db->pdate("b.datev").")"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $resql = $db->query($sql); if ($resql) { @@ -112,14 +124,26 @@ else { // Chargement du tableau $amounts $amounts = array(); - $sql = "SELECT date_format(datev,'%Y%m%d'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $monthnext=$month+1; $yearnext=$year; - if ($monthnext > 12) { $monthnext=1; $yearnext++; } - $sql .= " WHERE datev >= '".$year."-".$month."-01 00:00:00'"; - $sql .= " AND datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%Y%m%d')"; + + $monthnext = $month+1; + $yearnext = $year; + if ($monthnext > 12) + { + $monthnext=1; + $yearnext++; + } + + $sql = "SELECT date_format(b.datev,'%Y%m%d')"; + $sql.= ", SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-".$month."-01 00:00:00'"; + $sql.= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql.= " GROUP BY date_format(b.datev,'%Y%m%d')"; + $resql = $db->query($sql); if ($resql) { @@ -140,10 +164,15 @@ else // Calcul de $solde avant le debut du graphe $solde = 0; - $sql = "SELECT SUM(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE datev < '".$year."-".sprintf("%02s",$month)."-01'"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; + + $sql = "SELECT SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev < '".$year."-".sprintf("%02s",$month)."-01'"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $resql = $db->query($sql); if ($resql) { @@ -240,12 +269,17 @@ else { // Chargement du tableau $amounts $amounts = array(); - $sql = "SELECT date_format(datev,'%Y%m%d'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE datev >= '".$year."-01-01 00:00:00'"; - $sql .= " AND datev <= '".$year."-12-31 23:59:59'"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%Y%m%d')"; + $sql = "SELECT date_format(b.datev,'%Y%m%d')"; + $sql.= ", SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-01-01 00:00:00'"; + $sql.= " AND b.datev <= '".$year."-12-31 23:59:59'"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql .= " GROUP BY date_format(b.datev,'%Y%m%d')"; + $resql = $db->query($sql); if ($resql) { @@ -266,10 +300,15 @@ else // Calcul de $solde avant le debut du graphe $solde = 0; - $sql = "SELECT sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE datev < '".$year."-01-01'"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; + + $sql = "SELECT SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev < '".$year."-01-01'"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $resql = $db->query($sql); if ($resql) { @@ -359,10 +398,16 @@ else { // Chargement du tableau $amounts $amounts = array(); - $sql = "SELECT date_format(datev,'%Y%m%d'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - if ($account && $_GET["option"]!='all') $sql .= " WHERE fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%Y%m%d')"; + + $sql = "SELECT date_format(b.datev,'%Y%m%d')"; + $sql.= ", SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql.= " GROUP BY date_format(b.datev,'%Y%m%d')"; + $resql = $db->query($sql); if ($resql) { @@ -457,15 +502,27 @@ else // Chargement du tableau $credits, $debits $credits = array(); $debits = array(); - $sql = "SELECT date_format(datev,'%d'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $monthnext=$month+1; $yearnext=$year; - if ($monthnext > 12) { $monthnext=1; $yearnext++; } - $sql .= " WHERE datev >= '".$year."-".$month."-01 00:00:00'"; - $sql .= " AND datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; - $sql .= " AND amount > 0"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%d')"; + + $monthnext = $month+1; + $yearnext = $year; + if ($monthnext > 12) + { + $monthnext=1; + $yearnext++; + } + + $sql = "SELECT date_format(b.datev,'%d')"; + $sql.= ", SUM(b.amount)"; + $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-".$month."-01 00:00:00'"; + $sql.= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; + $sql.= " AND b.amount > 0"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql.= " GROUP BY date_format(b.datev,'%d')"; + $resql = $db->query($sql); if ($resql) { @@ -483,15 +540,27 @@ else { dol_print_error($db); } - $sql = "SELECT date_format(datev,'%d'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $monthnext=$month+1; $yearnext=$year; - if ($monthnext > 12) { $monthnext=1; $yearnext++; } - $sql .= " WHERE datev >= '".$year."-".$month."-01 00:00:00'"; - $sql .= " AND datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; - $sql .= " AND amount < 0"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%d')"; + + $monthnext = $month+1; + $yearnext = $year; + if ($monthnext > 12) + { + $monthnext=1; + $yearnext++; + } + + $sql = "SELECT date_format(b.datev,'%d')"; + $sql.= ", SUM(b.amount)"; + $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-".$month."-01 00:00:00'"; + $sql.= " AND b.datev < '".$yearnext."-".$monthnext."-01 00:00:00'"; + $sql.= " AND b.amount < 0"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql .= " GROUP BY date_format(b.datev,'%d')"; + $resql = $db->query($sql); if ($resql) { @@ -557,13 +626,18 @@ else // Chargement du tableau $credits, $debits $credits = array(); $debits = array(); - $sql = "SELECT date_format(datev,'%m'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE datev >= '".$year."-01-01 00:00:00'"; - $sql .= " AND datev <= '".$year."-12-31 23:59:59'"; - $sql .= " AND amount > 0"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%m');"; + $sql = "SELECT date_format(b.datev,'%m')"; + $sql.= ", SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-01-01 00:00:00'"; + $sql.= " AND b.datev <= '".$year."-12-31 23:59:59'"; + $sql.= " AND b.amount > 0"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql .= " GROUP BY date_format(b.datev,'%m');"; + $resql = $db->query($sql); if ($resql) { @@ -581,13 +655,18 @@ else { dol_print_error($db); } - $sql = "SELECT date_format(datev,'%m'), sum(amount)"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank"; - $sql .= " WHERE datev >= '".$year."-01-01 00:00:00'"; - $sql .= " AND datev <= '".$year."-12-31 23:59:59'"; - $sql .= " AND amount < 0"; - if ($account && $_GET["option"]!='all') $sql .= " AND fk_account in (".$account.")"; - $sql .= " GROUP BY date_format(datev,'%m')"; + $sql = "SELECT date_format(b.datev,'%m')"; + $sql.= ", SUM(b.amount)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.datev >= '".$year."-01-01 00:00:00'"; + $sql.= " AND b.datev <= '".$year."-12-31 23:59:59'"; + $sql.= " AND b.amount < 0"; + if ($account && $_GET["option"]!='all') $sql.= " AND b.fk_account IN (".$account.")"; + $sql .= " GROUP BY date_format(b.datev,'%m')"; + $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/bank/index.php b/htdocs/compta/bank/index.php index f49f425e6ff..f789d035c81 100644 --- a/htdocs/compta/bank/index.php +++ b/htdocs/compta/bank/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,8 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/chargesociales.class.php"); $langs->load("banks"); -if (!$user->rights->banque->lire) -accessforbidden(); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque'); $statut=isset($_GET["statut"])?$_GET["statut"]:''; @@ -56,11 +58,10 @@ print '
'; $accounts = array(); $sql = "SELECT rowid, courant, rappro"; -$sql .= " FROM ".MAIN_DB_PREFIX."bank_account"; -if ($statut != 'all') { - $sql .= " WHERE clos = 0"; -} -$sql .= $db->order('label', 'ASC'); +$sql.= " FROM ".MAIN_DB_PREFIX."bank_account"; +$sql.= " WHERE entity = ".$conf->entity; +if ($statut != 'all') $sql.= " AND clos = 0"; +$sql.= $db->order('label', 'ASC'); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/compta/bank/pre.inc.php b/htdocs/compta/bank/pre.inc.php index 5067bd90af9..7e8ea90453a 100644 --- a/htdocs/compta/bank/pre.inc.php +++ b/htdocs/compta/bank/pre.inc.php @@ -2,6 +2,7 @@ /* Copyright (C) 2001-2005 Rodolphe Quiedeville * Copyright (C) 2003 Jean-Louis Bergamo * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +42,9 @@ function llxHeader($head = "") { $sql = "SELECT rowid, label, courant"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_account"; - $sql.= " WHERE clos = 0"; + $sql.= " WHERE entity = ".$conf->entity; + $sql.= " AND clos = 0"; + $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/compta/bank/releve.php b/htdocs/compta/bank/releve.php index 6b59012884e..8c28ea5d220 100644 --- a/htdocs/compta/bank/releve.php +++ b/htdocs/compta/bank/releve.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2009 Laurent Destailleur + * Copyright (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,9 +32,14 @@ $langs->load("companies"); $langs->load("banks"); $langs->load("bills"); -if (!$user->rights->banque->lire) -accessforbidden(); - +// Security check +if (isset($_GET["account"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); if ($_GET["action"] == 'dvnext') { @@ -86,10 +92,11 @@ if (! isset($_GET["num"])) /* * Vue liste tous releves confondus */ - $sql = "SELECT distinct(b.num_releve) as numr"; + $sql = "SELECT DISTINCT(b.num_releve) as numr"; $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql.= " WHERE fk_account = ".$_GET["account"]; + $sql.= " WHERE b.fk_account = ".$_GET["account"]; $sql.= " ORDER BY numr DESC"; + $sql.= $db->plimit($conf->liste_limit+1,$offset); $result = $db->query($sql); @@ -161,11 +168,13 @@ else $found=false; if ($_GET["rel"] == 'prev') { - // Recherche valeur pour num = num�ro relev� pr�c�dent - $sql = "SELECT distinct(num_releve) as num"; - $sql.= " FROM ".MAIN_DB_PREFIX."bank"; - $sql.= " WHERE num_releve < '".$_GET["num"]."' AND fk_account = ".$_GET["account"]; - $sql.= " ORDER BY num_releve DESC"; + // Recherche valeur pour num = numero releve precedent + $sql = "SELECT DISTINCT(b.num_releve) as num"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " WHERE b.num_releve < '".$_GET["num"]."'"; + $sql.= " AND b.fk_account = ".$_GET["account"]; + $sql.= " ORDER BY b.num_releve DESC"; + dol_syslog("htdocs/compta/bank/releve.php sql=".$sql); $resql = $db->query($sql); if ($resql) @@ -181,11 +190,13 @@ else } elseif ($_GET["rel"] == 'next') { - // Recherche valeur pour num = num�ro relev� pr�c�dent - $sql = "SELECT distinct(num_releve) as num"; - $sql.= " FROM ".MAIN_DB_PREFIX."bank"; - $sql.= " WHERE num_releve > '".$_GET["num"]."' AND fk_account = ".$_GET["account"]; - $sql.= " ORDER BY num_releve ASC"; + // Recherche valeur pour num = numero releve precedent + $sql = "SELECT DISTINCT(b.num_releve) as num"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " WHERE b.num_releve > '".$_GET["num"]."'"; + $sql.= " AND b.fk_account = ".$_GET["account"]; + $sql.= " ORDER BY b.num_releve ASC"; + dol_syslog("htdocs/compta/bank/releve.php sql=".$sql); $resql = $db->query($sql); if ($resql) @@ -227,9 +238,12 @@ else print ' '; print "\n"; - // Calcul du solde de depart du relev - $sql = "SELECT sum(amount) as amount FROM ".MAIN_DB_PREFIX."bank"; - $sql.= " WHERE num_releve < '".$num."' AND fk_account = ".$acct->id; + // Calcul du solde de depart du releve + $sql = "SELECT sum(b.amount) as amount"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " WHERE b.num_releve < '".$num."'"; + $sql.= " AND b.fk_account = ".$acct->id; + $resql=$db->query($sql); if ($resql) { @@ -238,16 +252,15 @@ else $db->free($resql); } - // Recherche les �critures pour le relev - $sql = "SELECT b.rowid,".$db->pdate("b.dateo")." as do,".$db->pdate("b.datev")." as dv, b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type"; - $sql .= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql .= " WHERE num_releve='".$num."'"; - if (!isset($num)) - { - $sql .= " or num_releve is null"; - } - $sql .= " AND fk_account = ".$acct->id; - $sql .= " ORDER BY datev ASC"; + // Recherche les ecritures pour le releve + $sql = "SELECT b.rowid,".$db->pdate("b.dateo")." as do,".$db->pdate("b.datev")." as dv"; + $sql.= ", b.amount, b.label, b.rappro, b.num_releve, b.num_chq, b.fk_type"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " WHERE b.num_releve='".$num."'"; + if (!isset($num)) $sql.= " OR b.num_releve is null"; + $sql.= " AND b.fk_account = ".$acct->id; + $sql.= " ORDER BY b.datev ASC"; + $result = $db->query($sql); if ($result) @@ -280,13 +293,13 @@ else print img_next().''; print "\n"; - // Num chq + // Num cheque print ''.$objp->fk_type.' '.($objp->num_chq?$objp->num_chq:'').''; // Libelle print ''; $reg=array(); - eregi('\((.+)\)',$objp->label,$reg); // Si texte entour� de parenth�e on tente recherche de traduction + eregi('\((.+)\)',$objp->label,$reg); // Si texte entoure de parenthese on tente recherche de traduction if ($reg[1] && $langs->trans($reg[1])!=$reg[1]) print $langs->trans($reg[1]); else print $objp->label; print ''; @@ -362,8 +375,13 @@ else // Categories if ($ve) { - $sql = "SELECT label FROM ".MAIN_DB_PREFIX."bank_categ as ct, ".MAIN_DB_PREFIX."bank_class as cl"; - $sql.= " WHERE ct.rowid=cl.fk_categ AND cl.lineid=".$objp->rowid; + $sql = "SELECT label"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank_categ as ct"; + $sql.= ", ".MAIN_DB_PREFIX."bank_class as cl"; + $sql.= " WHERE ct.rowid = cl.fk_categ"; + $sql.= " AND ct.entity = ".$conf->entity; + $sql.= " AND cl.lineid = ".$objp->rowid; + $resc = $db->query($sql); if ($resc) { diff --git a/htdocs/compta/bank/search.php b/htdocs/compta/bank/search.php index a66f3a68f31..6abedd3bf3d 100644 --- a/htdocs/compta/bank/search.php +++ b/htdocs/compta/bank/search.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -30,8 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/societe.class.php"); require_once(DOL_DOCUMENT_ROOT."/compta/bank/account.class.php"); require_once(DOL_DOCUMENT_ROOT."/compta/bank/bankcateg.class.php"); -if (!$user->rights->banque->lire) -accessforbidden(); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque'); $description=$_REQUEST["description"]; $debit=$_REQUEST["debit"]; @@ -77,8 +79,9 @@ $sql.= " bu.label as labelurl, bu.url_id"; $sql.= " FROM ("; if (! empty($_REQUEST["bid"])) $sql.= MAIN_DB_PREFIX."bank_class as l, "; $sql.= MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba)"; -$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu on (bu.fk_bank = b.rowid AND type ='company')"; -$sql.= " WHERE b.fk_account=ba.rowid"; +$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_url as bu on (bu.fk_bank = b.rowid AND type = 'company')"; +$sql.= " WHERE b.fk_account = ba.rowid"; +$sql.= " AND ba.entity = ".$conf->entity; if (! empty($_REQUEST["bid"])) { $sql.= " AND b.rowid=l.lineid AND l.fk_categ=".$_REQUEST["bid"]; diff --git a/htdocs/compta/bank/treso.php b/htdocs/compta/bank/treso.php index eace637a5d6..30e36afc548 100644 --- a/htdocs/compta/bank/treso.php +++ b/htdocs/compta/bank/treso.php @@ -1,5 +1,5 @@ +/* Copytight (C) 2005-2009 Regis Houssin * Copyright (C) 2008 Laurent Destailleur (Eldy) * Copyright (C) 2008 Raphael Bertrand (Resultic) * @@ -35,8 +35,15 @@ require_once(DOL_DOCUMENT_ROOT.'/chargesociales.class.php'); $langs->load("banks"); $langs->load("bills"); -if (!$user->admin && !$user->rights->banque) -accessforbidden(); +// Security check +if (isset($_GET["account"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["account"])?$_GET["account"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'ref':'rowid'; +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'banque',$id,'bank_account','','',$fieldid); + $vline=isset($_GET["vline"])?$_GET["vline"]:$_POST["vline"]; $page=isset($_GET["page"])?$_GET["page"]:0; @@ -149,7 +156,8 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) $sql.= " s.rowid as socid, s.nom, s.fournisseur"; $sql.= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; - $sql.= " WHERE f.paye = 0 AND fk_statut = 1"; // Not payed + $sql.= " WHERE f.entity = ".$conf->entity; + $sql.= " AND f.paye = 0 AND f.fk_statut = 1"; // Not payed $sql.= " ORDER BY dlr ASC"; // Supplier invoices @@ -157,14 +165,16 @@ if ($_REQUEST["account"] || $_REQUEST["ref"]) $sql2.= " s.rowid as socid, s.nom, s.fournisseur"; $sql2.= " FROM ".MAIN_DB_PREFIX."facture_fourn as ff"; $sql2.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON ff.fk_soc = s.rowid"; - $sql2.= " WHERE ff.paye = 0 AND fk_statut = 1"; // Not payed + $sql2.= " WHERE ff.entity = ".$conf->entity; + $sql2.= " AND ff.paye = 0 AND fk_statut = 1"; // Not payed $sql2.= " ORDER BY dlr ASC"; // Social contributions $sql3= " SELECT 'social_contribution' as family, cs.rowid as objid, cs.libelle as ref, (-1*cs.amount) as total_ttc, ccs.libelle as type, ".$db->pdate("cs.date_ech")." as dlr"; $sql3.= " FROM ".MAIN_DB_PREFIX."chargesociales as cs"; $sql3.= " LEFT JOIN ".MAIN_DB_PREFIX."c_chargesociales as ccs ON cs.fk_type = ccs.id"; - $sql3.= " WHERE cs.paye = 0"; // Not payed + $sql3.= " WHERE cs.entity = ".$conf->entity; + $sql3.= " AND cs.paye = 0"; // Not payed $sql3.= " ORDER BY dlr ASC"; $error=0; diff --git a/htdocs/compta/bank/virement.php b/htdocs/compta/bank/virement.php index edc13845d41..543ec41cb58 100644 --- a/htdocs/compta/bank/virement.php +++ b/htdocs/compta/bank/virement.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/compta/paiement/cheque/pre.inc.php b/htdocs/compta/paiement/cheque/pre.inc.php index 5ceda4da23d..220206d8099 100644 --- a/htdocs/compta/paiement/cheque/pre.inc.php +++ b/htdocs/compta/paiement/cheque/pre.inc.php @@ -1,5 +1,6 @@ +/* Copyright (C) 2006 Rodolphe Quiedeville + * Copytight (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,7 +42,9 @@ function llxHeader($head = "", $title="") { $sql = "SELECT rowid, label, courant"; $sql.= " FROM ".MAIN_DB_PREFIX."bank_account"; - $sql.= " WHERE clos = 0"; + $sql.= " WHERE entity = ".$conf->entity; + $sql.= " AND clos = 0"; + $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/includes/menus/barre_left/eldy_backoffice.php b/htdocs/includes/menus/barre_left/eldy_backoffice.php index 6f531757dc9..daf31692a21 100644 --- a/htdocs/includes/menus/barre_left/eldy_backoffice.php +++ b/htdocs/includes/menus/barre_left/eldy_backoffice.php @@ -1,20 +1,21 @@ -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -*/ + * Copytight (C) 2005-2009 Regis Houssin + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ /** \file htdocs/includes/menus/barre_left/eldy_backoffice.php diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 53c7910f2d7..ba527ad50c8 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1459,7 +1459,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; $sql.= " AND dbt.entity IN (0,".$conf->entity.")"; } - else if ($feature == 'societe') + else if ($feature == 'societe') { // If external user: Check permission for external users if ($user->societe_id > 0) @@ -1508,11 +1508,22 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', // If multicompany and internal users with all permissions, check user is in correct entity else if ($conf->global->MAIN_MODULE_MULTICOMPANY) { - $sql = "SELECT dbt.".$dbt_select; - $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt, ".MAIN_DB_PREFIX."societe as s"; - $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; - $sql.= " AND dbt.fk_soc = s.rowid"; - $sql.= " AND s.entity = ".$conf->entity; + // If the objects do not have fk_soc + if ($feature == 'banque') + { + $sql = "SELECT dbt.".$dbt_select; + $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; + $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " AND dbt.entity = ".$conf->entity; + } + else + { + $sql = "SELECT dbt.".$dbt_select; + $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt, ".MAIN_DB_PREFIX."societe as s"; + $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; + $sql.= " AND dbt.fk_soc = s.rowid"; + $sql.= " AND s.entity = ".$conf->entity; + } } } diff --git a/mysql/migration/2.6.0-2.7.0.sql b/mysql/migration/2.6.0-2.7.0.sql index 34226a3c6f2..09533d1ac91 100644 --- a/mysql/migration/2.6.0-2.7.0.sql +++ b/mysql/migration/2.6.0-2.7.0.sql @@ -43,6 +43,7 @@ ALTER TABLE llx_fichinter ADD COLUMN entity integer DEFAULT 1 NOT NULL AFTER ref ALTER TABLE llx_contrat ADD COLUMN entity integer DEFAULT 1 NOT NULL AFTER ref; ALTER TABLE llx_c_barcode_type ADD COLUMN entity integer DEFAULT 1 NOT NULL AFTER code; ALTER TABLE llx_dolibarr_modules ADD COLUMN entity integer DEFAULT 1 NOT NULL AFTER numero; +ALTER TABLE llx_bank_categ ADD COLUMN entity integer DEFAULT 1 NOT NULL AFTER label; ALTER TABLE llx_rights_def DROP PRIMARY KEY; ALTER TABLE llx_user_param DROP INDEX fk_user; diff --git a/mysql/tables/llx_bank_categ.sql b/mysql/tables/llx_bank_categ.sql index b185d82883b..7c5d8f23ee9 100644 --- a/mysql/tables/llx_bank_categ.sql +++ b/mysql/tables/llx_bank_categ.sql @@ -1,5 +1,6 @@ -- =================================================================== -- Copyright (C) 2004-2007 Laurent Destailleur +-- Copyright (C) 2005-2009 Regis Houssin -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by @@ -21,5 +22,6 @@ create table llx_bank_categ ( rowid integer AUTO_INCREMENT PRIMARY KEY, - label varchar(255) + label varchar(255), + entity integer DEFAULT 1 NOT NULL -- multi company id )type=innodb;