From 5e7666c915fd53575757c7c91e4159b69b031e1c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 7 May 2009 14:33:52 +0000 Subject: [PATCH] Add: all tables with a field ref must contain a field entity --- htdocs/admin/syslog.php | 1 + htdocs/compta/bank/graph.php | 1 - htdocs/compta/paiement/cheque/fiche.php | 22 +++- htdocs/compta/paiement/cheque/index.php | 20 ++- htdocs/compta/paiement/cheque/liste.php | 2 + .../paiement/cheque/remisecheque.class.php | 121 ++++++++++++------ htdocs/core/conf.class.php | 6 +- htdocs/lib/functions.lib.php | 27 ++-- 8 files changed, 138 insertions(+), 62 deletions(-) diff --git a/htdocs/admin/syslog.php b/htdocs/admin/syslog.php index 379199c9cc7..ca75dc49d16 100644 --- a/htdocs/admin/syslog.php +++ b/htdocs/admin/syslog.php @@ -1,5 +1,6 @@ + * Copyright (C) 2005-2009 Regis Houssin * Copyright (C) 2007 Rodolphe Quiedeville * * This program is free software; you can redistribute it and/or modify diff --git a/htdocs/compta/bank/graph.php b/htdocs/compta/bank/graph.php index 7824b3de053..24caa1448a5 100644 --- a/htdocs/compta/bank/graph.php +++ b/htdocs/compta/bank/graph.php @@ -79,7 +79,6 @@ if ($_GET["ref"]) $account=$acct->id; } - $result=create_exdir($conf->banque->dir_temp); if ($result < 0) { diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php index 4a5fb831671..c56bdb35eec 100644 --- a/htdocs/compta/paiement/cheque/fiche.php +++ b/htdocs/compta/paiement/cheque/fiche.php @@ -1,6 +1,7 @@ * Copyright (C) 2007-2008 Laurent Destailleur + * Copyright (C) 2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,8 +36,13 @@ $langs->load('banks'); $langs->load('companies'); // Security check +if (isset($_GET["id"]) || isset($_GET["ref"])) +{ + $id = isset($_GET["id"])?$_GET["id"]:(isset($_GET["ref"])?$_GET["ref"]:''); +} +$fieldid = isset($_GET["ref"])?'number':'rowid'; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'cheque', '',''); +$result = restrictedArea($user, 'cheque', $id, 'bordereau_cheque','','',$fieldid); $mesg=''; @@ -230,8 +236,11 @@ if ($_GET['action'] == 'new') $sql.= " b.amount, ba.label, b.emetteur, b.num_chq, b.banque"; $sql.= " FROM ".MAIN_DB_PREFIX."bank as b "; $sql.= ",".MAIN_DB_PREFIX."bank_account as ba "; - $sql.= " WHERE b.fk_type = 'CHQ' AND b.fk_account = ba.rowid"; - $sql.= " AND b.fk_bordereau = 0 AND b.amount > 0"; + $sql.= " WHERE b.fk_type = 'CHQ'"; + $sql.= " AND b.fk_account = ba.rowid"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.fk_bordereau = 0"; + $sql.= " AND b.amount > 0"; $sql.= " ORDER BY b.emetteur ASC, b.rowid ASC"; $resql = $db->query($sql); @@ -340,9 +349,12 @@ else $sql = "SELECT b.rowid, b.amount, b.num_chq, b.emetteur,"; $sql.= " ".$db->pdate("b.dateo")." as date,".$db->pdate("b.datec")." as datec, b.banque,"; $sql.= " p.rowid as pid"; - $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= ", ".MAIN_DB_PREFIX."bank as b"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."paiement as p ON p.fk_bank = b.rowid"; - $sql.= " WHERE b.fk_type= 'CHQ'"; + $sql.= " WHERE ba.rowid = b.fk_account"; + $sql.= " AND ba.entity = ".$conf->entity; + $sql.= " AND b.fk_type= 'CHQ'"; $sql.= " AND b.fk_bordereau = ".$remisecheque->id; $sql.= " ORDER BY $sortfield $sortorder"; //print $sql; diff --git a/htdocs/compta/paiement/cheque/index.php b/htdocs/compta/paiement/cheque/index.php index 3377f29e061..195b90f89b5 100644 --- a/htdocs/compta/paiement/cheque/index.php +++ b/htdocs/compta/paiement/cheque/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2007-2008 Laurent Destailleur + * Copyright (C) 2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -53,7 +54,11 @@ print ''; $sql = "SELECT count(b.rowid)"; $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; -$sql.= " WHERE b.fk_type = 'CHQ' AND b.fk_bordereau = 0"; +$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; +$sql.= " WHERE ba.rowid = b.fk_account"; +$sql.= " AND ba.entity = ".$conf->entity; +$sql.= " AND b.fk_type = 'CHQ'"; +$sql.= " AND b.fk_bordereau = 0"; $sql.= " AND b.amount > 0"; $resql = $db->query($sql); @@ -86,12 +91,13 @@ else print ''; -$sql = "SELECT bc.rowid,".$db->pdate("bc.date_bordereau")." as db, bc.amount, bc.number,"; -$sql.= " bc.statut, bc.nbcheque,"; -$sql.= " ba.label, ba.rowid as bid"; -$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque as bc,"; -$sql.= " ".MAIN_DB_PREFIX."bank_account as ba"; -$sql.= " WHERE ba.rowid=bc.fk_bank_account"; +$sql = "SELECT bc.rowid,".$db->pdate("bc.date_bordereau")." as db, bc.amount, bc.number"; +$sql.= ", bc.statut, bc.nbcheque"; +$sql.= ", ba.label, ba.rowid as bid"; +$sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque as bc"; +$sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; +$sql.= " WHERE ba.rowid = bc.fk_bank_account"; +$sql.= " AND bc.entity = ".$conf->entity; $sql.= " ORDER BY bc.rowid"; $sql.= " DESC LIMIT 10"; diff --git a/htdocs/compta/paiement/cheque/liste.php b/htdocs/compta/paiement/cheque/liste.php index deee749cce5..e96865d8836 100644 --- a/htdocs/compta/paiement/cheque/liste.php +++ b/htdocs/compta/paiement/cheque/liste.php @@ -1,6 +1,7 @@ * Copyright (C) 2007-2008 Laurent Destailleur + * Copyright (C) 2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -59,6 +60,7 @@ $sql.= " ba.rowid as bid, ba.label"; $sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque as bc,"; $sql.= " ".MAIN_DB_PREFIX."bank_account as ba"; $sql.= " WHERE bc.fk_bank_account = ba.rowid"; +$sql.= " AND bc.entity = ".$conf->entity; if ($_GET["search_montant"]) { $sql.=" AND bc.amount=".price2num($_GET["search_montant"]); diff --git a/htdocs/compta/paiement/cheque/remisecheque.class.php b/htdocs/compta/paiement/cheque/remisecheque.class.php index 1e065a4b7c7..fb4797394c9 100644 --- a/htdocs/compta/paiement/cheque/remisecheque.class.php +++ b/htdocs/compta/paiement/cheque/remisecheque.class.php @@ -47,7 +47,7 @@ class RemiseCheque extends CommonObject /** * \brief Constructeur de la classe - * \param DB handler acc�s base de donn�es + * \param DB handler acces base de donnees * \param id id compte (0 par defaut) */ function RemiseCheque($DB) @@ -65,13 +65,16 @@ class RemiseCheque extends CommonObject */ function Fetch($id,$ref='') { - $sql = "SELECT bc.rowid, bc.datec, bc.fk_user_author,bc.fk_bank_account,bc.amount,bc.number,bc.statut,bc.nbcheque"; - $sql.= ",".$this->db->pdate("date_bordereau"). " as date_bordereau"; - $sql.=",ba.label as account_label"; + global $conf; + + $sql = "SELECT bc.rowid, bc.datec, bc.fk_user_author, bc.fk_bank_account, bc.amount, bc.number, bc.statut, bc.nbcheque"; + $sql.= ", ".$this->db->pdate("bc.date_bordereau"). " as date_bordereau"; + $sql.= ", ba.label as account_label"; $sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque as bc"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON bc.fk_bank_account = ba.rowid"; - if ($id) $sql.= " WHERE bc.rowid = ".$id; - if ($ref) $sql.= " WHERE bc.number = '".addslashes($ref)."'"; + $sql.= " WHERE bc.entity = ".$conf->entity; + if ($id) $sql.= " AND bc.rowid = ".$id; + if ($ref) $sql.= " AND bc.number = '".addslashes($ref)."'"; dol_syslog("RemiseCheque::fetch sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -117,13 +120,32 @@ class RemiseCheque extends CommonObject */ function Create($user, $account_id) { + global $conf; + $this->errno = 0; $this->id = 0; $this->db->begin(); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."bordereau_cheque (datec, date_bordereau, fk_user_author, fk_bank_account, amount, number, nbcheque)"; - $sql.= " VALUES (".$this->db->idate(mktime()).",".$this->db->idate(mktime()).",".$user->id.",".$account_id.",0,0,0)"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."bordereau_cheque ("; + $sql.= "datec"; + $sql.= ", date_bordereau"; + $sql.= ", fk_user_author"; + $sql.= ", fk_bank_account"; + $sql.= ", amount"; + $sql.= ", number"; + $sql.= ", entity"; + $sql.= ", nbcheque"; + $sql.= ") VALUES ("; + $sql.= $this->db->idate(mktime()); + $sql.= ", ".$this->db->idate(mktime()); + $sql.= ", ".$user->id; + $sql.= ", ".$account_id; + $sql.= ", 0"; + $sql.= ", 0"; + $sql.= ", ".$conf->entity; + $sql.= ", 0"; + $sql.= ")"; dol_syslog("RemiseCheque::Create sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -156,9 +178,11 @@ class RemiseCheque extends CommonObject $lines = array(); $sql = "SELECT b.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; - $sql.= " WHERE b.fk_type = 'CHQ' AND b.amount > 0"; - $sql.= " AND b.fk_bordereau = 0 AND b.fk_account='".$account_id."'"; - $sql.= " LIMIT 40"; // On limite a 40 pour ne g�n�rer des PDF que d'une page + $sql.= " WHERE b.fk_type = 'CHQ'"; + $sql.= " AND b.amount > 0"; + $sql.= " AND b.fk_bordereau = 0"; + $sql.= " AND b.fk_account='".$account_id."'"; + $sql.= " LIMIT 40"; // On limite a 40 pour ne generer des PDF que d'une page dol_syslog("RemiseCheque::Create sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -233,11 +257,14 @@ class RemiseCheque extends CommonObject */ function Delete($user='') { + global $conf; + $this->errno = 0; $this->db->begin(); $sql = "DELETE FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql .= " WHERE rowid = $this->id;"; + $sql.= " WHERE rowid = ".$this->id; + $sql.= " AND entity = ".$conf->entity; $resql = $this->db->query($sql); if ( $resql ) @@ -253,8 +280,9 @@ class RemiseCheque extends CommonObject if ( $this->errno === 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql.= " SET fk_bordereau=0"; - $sql.= " WHERE fk_bordereau='".$this->id."';"; + $sql.= " SET fk_bordereau = 0"; + $sql.= " WHERE fk_bordereau = '".$this->id."'"; + $resql = $this->db->query($sql); if (!$resql) { @@ -283,7 +311,7 @@ class RemiseCheque extends CommonObject */ function Validate($user) { - global $langs; + global $langs,$conf; $this->errno = 0; @@ -294,8 +322,11 @@ class RemiseCheque extends CommonObject if ($this->errno == 0 && $num) { $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql.= " SET statut=1, number='".$num."'"; - $sql .= " WHERE rowid = $this->id AND statut=0;"; + $sql.= " SET statut = 1"; + $sql.= ", number = '".$num."'"; + $sql.= " WHERE rowid = ".$this->id; + $sql.= " AND entity = ".$conf->entity; + $sql.= " AND statut = 0"; dol_syslog("RemiseCheque::Validate sql=".$sql, LOG_DEBUG); $resql = $this->db->query($sql); @@ -342,10 +373,14 @@ class RemiseCheque extends CommonObject */ function getNextNumber() { + global $conf; + $num=0; // We use +0 to convert varchar to number - $sql = "SELECT MAX(number+0) FROM ".MAIN_DB_PREFIX."bordereau_cheque"; + $sql = "SELECT MAX(number+0)"; + $sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque"; + $sql.= " WHERE entity = ".$conf->entity; dol_syslog("Remisecheque::getNextNumber sql=".$sql); $resql = $this->db->query($sql); @@ -416,7 +451,7 @@ class RemiseCheque extends CommonObject */ function GeneratePdf($model='blochet', $outputlangs) { - global $langs; + global $langs,$conf; if (empty($model)) $model='blochet'; @@ -434,11 +469,14 @@ class RemiseCheque extends CommonObject $classname='BordereauCheque'.ucfirst($model); $pdf = new $classname($db); - $sql = "SELECT b.banque, b.emetteur, b.amount, b.num_chq "; - $sql.= " FROM ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba "; - $sql.= " , ".MAIN_DB_PREFIX."bordereau_cheque as bc"; - $sql.= " WHERE b.fk_account = ba.rowid AND b.fk_bordereau = bc.rowid"; + $sql = "SELECT b.banque, b.emetteur, b.amount, b.num_chq"; + $sql.= " FROM ".MAIN_DB_PREFIX."bank as b"; + $sql.= ", ".MAIN_DB_PREFIX."bank_account as ba"; + $sql.= ", ".MAIN_DB_PREFIX."bordereau_cheque as bc"; + $sql.= " WHERE b.fk_account = ba.rowid"; + $sql.= " AND b.fk_bordereau = bc.rowid"; $sql.= " AND bc.rowid = ".$this->id; + $sql.= " AND bc.entity = ".$conf->entity; $sql.= " ORDER BY b.emetteur ASC, b.rowid ASC;"; dol_syslog("RemiseCheque::GeneratePdf sql=".$sql, LOG_DEBUG); @@ -468,7 +506,7 @@ class RemiseCheque extends CommonObject // We save charset_output to restore it because write_file can change it if needed for // output format that does not support UTF8. $sav_charset_output=$outputlangs->charset_output; - $result=$pdf->write_file(DOL_DATA_ROOT.'/compta/bordereau', $this->number, $outputlangs); + $result=$pdf->write_file($conf->comptabilite->dir_output.'/bordereau', $this->number, $outputlangs); if ($result > 0) { $outputlangs->charset_output=$sav_charset_output; @@ -495,13 +533,15 @@ class RemiseCheque extends CommonObject */ function UpdateAmount() { + global $conf; + $this->errno = 0; $this->db->begin(); $total = 0; $nb = 0; $sql = "SELECT amount "; $sql.= " FROM ".MAIN_DB_PREFIX."bank"; - $sql.= " WHERE fk_bordereau = $this->id;"; + $sql.= " WHERE fk_bordereau = ".$this->id; $resql = $this->db->query($sql); if ( $resql ) @@ -515,9 +555,11 @@ class RemiseCheque extends CommonObject $this->db->free($resql); $sql = "UPDATE ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql.= " SET amount='".price2num($total)."'"; - $sql.= " ,nbcheque=".$nb; - $sql.= " WHERE rowid='".$this->id."';"; + $sql.= " SET amount = '".price2num($total)."'"; + $sql.= ", nbcheque = ".$nb; + $sql.= " WHERE rowid = ".$this->id; + $sql.= " AND entity = ".$conf->entity; + $resql = $this->db->query($sql); if (!$resql) { @@ -545,7 +587,7 @@ class RemiseCheque extends CommonObject } /** - \brief Ins�re la remise en base + \brief Insere la remise en base \param user utilisateur qui effectue l'operation \param account_id Compte bancaire concerne */ @@ -556,8 +598,10 @@ class RemiseCheque extends CommonObject if ($this->id > 0) { $sql = "UPDATE ".MAIN_DB_PREFIX."bank"; - $sql.= " SET fk_bordereau = 0 "; - $sql.= " WHERE rowid = '".$account_id."' AND fk_bordereau='".$this->id."';"; + $sql.= " SET fk_bordereau = 0"; + $sql.= " WHERE rowid = '".$account_id."'"; + $sql.= " AND fk_bordereau = ".$this->id; + $resql = $this->db->query($sql); if ($resql) { @@ -572,16 +616,19 @@ class RemiseCheque extends CommonObject return 0; } /** - \brief Charge les propri�t�s ref_previous et ref_next + \brief Charge les proprietes ref_previous et ref_next \return int <0 si ko, 0 si ok */ function load_previous_next_id() { + global $conf; + $this->errno = 0; $sql = "SELECT MAX(rowid)"; $sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql.= " WHERE rowid < '".$this->id."'"; + $sql.= " WHERE rowid < ".$this->id; + $sql.= " AND entity = ".$conf->entity; $result = $this->db->query($sql) ; if (! $result) @@ -593,7 +640,9 @@ class RemiseCheque extends CommonObject $sql = "SELECT MIN(rowid)"; $sql.= " FROM ".MAIN_DB_PREFIX."bordereau_cheque"; - $sql.= " WHERE rowid > '".$this->id."'"; + $sql.= " WHERE rowid > ".$this->id; + $sql.= " AND entity = ".$conf->entity; + $result = $this->db->query($sql) ; if (! $result) { @@ -630,8 +679,8 @@ class RemiseCheque extends CommonObject } /** - * \brief Retourne le libell� du statut d'une facture (brouillon, valid�e, abandonn�e, pay�e) - * \param mode 0=libell� long, 1=libell� court, 2=Picto + Libell� court, 3=Picto, 4=Picto + Libell� long, 5=Libell� court + Picto + * \brief Retourne le libelle du statut d'une facture (brouillon, validee, abandonnee, payee) + * \param mode 0=libelle long, 1=libelle court, 2=Picto + Libelle court, 3=Picto, 4=Picto + Libelle long, 5=Libelle court + Picto * \return string Libelle */ function getLibStatut($mode=0) diff --git a/htdocs/core/conf.class.php b/htdocs/core/conf.class.php index 4b841f0a160..5945c772ce9 100644 --- a/htdocs/core/conf.class.php +++ b/htdocs/core/conf.class.php @@ -180,9 +180,11 @@ class Conf foreach($this->modules as $module) { if (empty($this->$module->dir_output)) $this->$module->dir_output=$rootfordata."/".$module; - else $this->$module->dir_output=$rootfordata.$this->$module->dir_output; + //else $this->$module->dir_output=$rootfordata.$this->$module->dir_output; + //print 'this->'.$module.'->dir_output='.$this->$module->dir_output.'
'; if (empty($this->$module->dir_temp)) $this->$module->dir_temp=$rootfordata."/".$module."/temp"; - else $this->$module->dir_temp=$rootfordata.$this->$module->dir_temp; + //else $this->$module->dir_temp=$rootfordata.$this->$module->dir_temp; + //print 'this->'.$module.'->dir_temp='.$this->$module->dir_temp.'
'; } // Exception: Some dir are not the name of module. So we keep exception here diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index 15d1c413d76..aa74a985137 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -1355,10 +1355,11 @@ function info_admin($texte,$infoonimgalt=0) * \param objectid Object ID if we want to check permission on on object (optionnal) * \param dbtablename Table name where object is stored. Not used if objectid is null (optionnal) * \param feature2 Feature to check (second level of permission) - * \param dbt_socfield Field name for socid foreign key if not fk_soc. (optionnal) + * \param dbt_keyfield Field name for socid foreign key if not fk_soc. (optionnal) * \param dbt_select Field name for select if not rowid. (optionnal) + * \param dbt_tablename2 Secondary table name for compare keyfield. (optionnal) */ -function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='',$feature2='',$dbt_socfield='fk_soc',$dbt_select='rowid') +function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $dbtablename2='societe') { global $db, $conf; @@ -1366,7 +1367,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', if ($dbt_select != 'rowid') $objectid = "'".$objectid."'"; //print "user_id=".$user->id.", feature=".$feature.", feature2=".$feature2.", object_id=".$objectid; - //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_socfield.", dbt_select=".$dbt_select; + //print ", dbtablename=".$dbtablename.", dbt_socfield=".$dbt_keyfield.", dbt_select=".$dbt_select; //print ", user_societe_contact_lire=".$user->rights->societe->contact->lire."
"; // Check read permission from module @@ -1480,8 +1481,10 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', else if (! $user->rights->societe->client->voir) { $sql = "SELECT sc.fk_soc"; - $sql.= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; - $sql.= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id; + $sql.= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql.= ", ".MAIN_DB_PREFIX."societe as s"; + $sql.= " WHERE sc.fk_soc = ".$objectid; + $sql.= " AND sc.fk_user = ".$user->id; $sql.= " AND sc.fk_soc = s.rowid"; $sql.= " AND s.entity = ".$conf->entity; } @@ -1508,8 +1511,9 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', else if (! $user->rights->societe->client->voir) { $sql = "SELECT sc.fk_soc"; - $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt, ".MAIN_DB_PREFIX."societe as s"; - $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_socfield; + $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; + $sql.= ", ".MAIN_DB_PREFIX."societe as s"; + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = dbt.".$dbt_keyfield; $sql.= " WHERE dbt.rowid = ".$objectid; $sql.= " AND dbt.fk_soc = s.rowid"; $sql.= " AND s.entity = ".$conf->entity; @@ -1519,7 +1523,7 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', else if ($conf->global->MAIN_MODULE_MULTICOMPANY) { // If the objects do not have fk_soc - if ($feature == 'banque') + if ($feature == 'banque' || $feature == 'cheque') { $sql = "SELECT dbt.".$dbt_select; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; @@ -1529,10 +1533,11 @@ function restrictedArea($user, $feature='societe', $objectid=0, $dbtablename='', else { $sql = "SELECT dbt.".$dbt_select; - $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt, ".MAIN_DB_PREFIX."societe as s"; + $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; + $sql.= ", ".MAIN_DB_PREFIX.$dbtablename2." as dbt2"; $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; - $sql.= " AND dbt.fk_soc = s.rowid"; - $sql.= " AND s.entity = ".$conf->entity; + $sql.= " AND dbt2.rowid = dbt.".$dbt_keyfield; + $sql.= " AND dbt2.entity = ".$conf->entity; } } }