diff --git a/htdocs/categories/categorie.php b/htdocs/categories/categorie.php index 52047d28bcf..ab9f00014d8 100644 --- a/htdocs/categories/categorie.php +++ b/htdocs/categories/categorie.php @@ -41,19 +41,20 @@ if ($_REQUEST["socid"]) if ($_REQUEST["typeid"] == 2) { $type = 'societe'; $socid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; } $objecttype = 'societe'; $objectid = isset($_REQUEST["socid"])?$_REQUEST["socid"]:''; + $fieldid = 'rowid'; } else if ($_REQUEST["id"] || $_REQUEST["ref"]) { $type = 'produit'; $objecttype = 'produit'; + $objectid = isset($_REQUEST["id"])?$_REQUEST["id"]:(isset($_REQUEST["ref"])?$_REQUEST["ref"]:''); $dbtablename = 'product'; + $fieldid = isset($_REQUEST["ref"])?'ref':'rowid'; } // Security check if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, $objecttype, $objectid, $dbtablename); - - +$result = restrictedArea($user,$objecttype,$objectid,$dbtablename,'','',$fieldid); /* * Actions diff --git a/htdocs/product/barcode.php b/htdocs/product/barcode.php index 97227d209bb..d291babb4f8 100644 --- a/htdocs/product/barcode.php +++ b/htdocs/product/barcode.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2008 Laurent Destailleur - * Copyright (C) 2005-2007 Regis Houssin + * Copyright (C) 2005-2009 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -33,8 +33,20 @@ require_once(DOL_DOCUMENT_ROOT."/includes/barcode/html.formbarcode.class.php"); $langs->load("products"); $langs->load("bills"); -if (!$user->rights->barcode->lire) -accessforbidden(); +// Security check +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); /* * Actions diff --git a/htdocs/product/document.php b/htdocs/product/document.php index f1d4f0bfcee..de675bdf9c7 100755 --- a/htdocs/product/document.php +++ b/htdocs/product/document.php @@ -36,12 +36,22 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php"); $langs->load("other"); $langs->load("products"); -// Security check -$id = isset($_GET["id"])?$_GET["id"]:''; $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action']; -if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +// Security check +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); // Get parameters $page=$_GET["page"]; diff --git a/htdocs/product/fiche.php b/htdocs/product/fiche.php index cdc5567d700..8ccb413b57e 100644 --- a/htdocs/product/fiche.php +++ b/htdocs/product/fiche.php @@ -36,8 +36,6 @@ require_once(DOL_DOCUMENT_ROOT."/facture.class.php"); require_once(DOL_DOCUMENT_ROOT."/product.class.php"); require_once(DOL_DOCUMENT_ROOT."/commande/commande.class.php"); -if (!$user->rights->produit->lire) accessforbidden(); - $langs->load("bills"); $langs->load("other"); $langs->load("stocks"); diff --git a/htdocs/product/fournisseurs.php b/htdocs/product/fournisseurs.php index 2861f717dd5..916c50f1756 100644 --- a/htdocs/product/fournisseurs.php +++ b/htdocs/product/fournisseurs.php @@ -36,9 +36,19 @@ $langs->load("suppliers"); $langs->load("bills"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/photos.php b/htdocs/product/photos.php index 24b7a56e7ab..6617cc9a0d1 100644 --- a/htdocs/product/photos.php +++ b/htdocs/product/photos.php @@ -35,9 +35,19 @@ $langs->load("products"); $langs->load("bills"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/popuprop.php b/htdocs/product/popuprop.php index b502be27099..9e0f0ecb66b 100644 --- a/htdocs/product/popuprop.php +++ b/htdocs/product/popuprop.php @@ -28,6 +28,10 @@ require("./pre.inc.php"); require_once(DOL_DOCUMENT_ROOT.'/product.class.php'); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit'); + $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; $sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; $page = $_GET["page"]; @@ -46,7 +50,10 @@ $staticproduct=new Product($db); llxHeader(); //On n'affiche le lien page suivante que s'il y a une page suivante ... -$sql = "select count(*) as c from ".MAIN_DB_PREFIX."product"; +$sql = "SELECT count(*) as c"; +$sql.= " FROM ".MAIN_DB_PREFIX."product"; +$sql.= " WHERE entity = ".$conf->entity; + $result=$db->query($sql); if ($result) { diff --git a/htdocs/product/price.php b/htdocs/product/price.php index 8fa373670e1..1d92088d557 100644 --- a/htdocs/product/price.php +++ b/htdocs/product/price.php @@ -35,9 +35,19 @@ $langs->load("products"); $langs->load("bills"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); /* diff --git a/htdocs/product/reassort.php b/htdocs/product/reassort.php index b335a2d54bd..b2f0d516bdf 100644 --- a/htdocs/product/reassort.php +++ b/htdocs/product/reassort.php @@ -32,8 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/categories/categorie.class.php"); $langs->load("products"); $langs->load("stocks"); -if (!$user->rights->produit->lire) -accessforbidden(); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit'); $sref=isset($_GET["sref"])?$_GET["sref"]:$_POST["sref"]; diff --git a/htdocs/product/sousproduits/fiche.php b/htdocs/product/sousproduits/fiche.php index 56367d84516..9c5813b77b7 100644 --- a/htdocs/product/sousproduits/fiche.php +++ b/htdocs/product/sousproduits/fiche.php @@ -36,9 +36,19 @@ $langs->load("bills"); $langs->load("products"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index 27979aa7694..2d366a73990 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -36,9 +36,19 @@ $langs->load("products"); $langs->load("companies"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index aba3a8bf1a5..6383e78ab8d 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -36,9 +36,19 @@ $langs->load("products"); $langs->load("companies"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/commandestats.class.php b/htdocs/product/stats/commandestats.class.php index 4b80d450709..e48be2bc3aa 100644 --- a/htdocs/product/stats/commandestats.class.php +++ b/htdocs/product/stats/commandestats.class.php @@ -35,7 +35,12 @@ class CommandeStats function getNbCommandeByYear() { $result = array(); - $sql = "SELECT date_format(date_commande,'%Y') as dm, count(*) FROM ".MAIN_DB_PREFIX."commande GROUP BY dm DESC WHERE fk_statut > 0"; + $sql = "SELECT date_format(date_commande,'%Y') as dm, count(*)"; + $sql.= " FROM ".MAIN_DB_PREFIX."commande"; + $sql.= " WHERE fk_statut > 0"; + $sql.= " AND entity = ".$conf->entity; + $sql.= " GROUP BY dm DESC"; + if ($this->db->query($sql)) { $num = $this->db->num_rows(); @@ -58,9 +63,12 @@ class CommandeStats function getNbCommandeByMonth($year) { $result = array(); - $sql = "SELECT date_format(date_commande,'%m') as dm, count(*) FROM ".MAIN_DB_PREFIX."commande"; - $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0"; - $sql .= " GROUP BY dm DESC"; + $sql = "SELECT date_format(date_commande,'%m') as dm, count(*)"; + $sql.= " FROM ".MAIN_DB_PREFIX."commande"; + $sql.= " WHERE date_format(date_commande,'%Y') = ".$year; + $sql.= " AND fk_statut > 0"; + $sql.= " AND entity = ".$conf->entity; + $sql.= " GROUP BY dm DESC"; if ($this->db->query($sql)) { @@ -90,9 +98,12 @@ class CommandeStats function getCommandeAmountByMonth($year) { $result = array(); - $sql = "SELECT date_format(date_commande,'%m') as dm, sum(total_ht) FROM ".MAIN_DB_PREFIX."commande"; - $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0"; - $sql .= " GROUP BY dm DESC"; + $sql = "SELECT date_format(date_commande,'%m') as dm, sum(total_ht)"; + $sql.= " FROM ".MAIN_DB_PREFIX."commande"; + $sql.= " WHERE date_format(date_commande,'%Y') = ".$year; + $sql.= " AND fk_statut > 0"; + $sql.= " AND entity = ".$conf->entity; + $sql.= " GROUP BY dm DESC"; if ($this->db->query($sql)) { @@ -122,9 +133,12 @@ class CommandeStats function getCommandeAverageByMonth($year) { $result = array(); - $sql = "SELECT date_format(date_commande,'%m') as dm, avg(total_ht) FROM ".MAIN_DB_PREFIX."commande"; - $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0"; - $sql .= " GROUP BY dm DESC"; + $sql = "SELECT date_format(date_commande,'%m') as dm, avg(total_ht)"; + $sql.= " FROM ".MAIN_DB_PREFIX."commande"; + $sql.= " WHERE date_format(date_commande,'%Y') = ".$year; + $sql.= " AND fk_statut > 0"; + $sql.= " AND entity = ".$conf->entity; + $sql.= " GROUP BY dm DESC"; if ($this->db->query($sql)) { diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index d4d562ad566..75f8ac14911 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -34,6 +34,21 @@ $langs->load("contracts"); $langs->load("products"); $langs->load("companies"); +// Security check +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); + $mesg = ''; $page = $_GET["page"]; @@ -46,18 +61,6 @@ $pagenext = $_GET["page"] + 1; if (! $sortorder) $sortorder="DESC"; if (! $sortfield) $sortfield="c.datec"; -// Securite -$socid = 0; -if ($user->societe_id > 0) -{ - $action = ''; - $socid = $user->societe_id; -} -else -{ - $socid = 0; -} - /* * View diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index ec289804066..942aff4c3a8 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -36,9 +36,19 @@ $langs->load("bills"); $langs->load("products"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 4d64eb49824..bcb627a5efd 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -37,9 +37,19 @@ $langs->load("products"); $langs->load("companies"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/fiche.php b/htdocs/product/stats/fiche.php index 39315cae89e..01c2864ebec 100644 --- a/htdocs/product/stats/fiche.php +++ b/htdocs/product/stats/fiche.php @@ -39,9 +39,19 @@ $langs->load("other"); $mode=isset($_GET["mode"])?$_GET["mode"]:'byunit'; // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stats/index.php b/htdocs/product/stats/index.php index 142c0fcf23b..e683207a173 100644 --- a/htdocs/product/stats/index.php +++ b/htdocs/product/stats/index.php @@ -31,6 +31,9 @@ require("./pre.inc.php"); require_once(DOL_DOCUMENT_ROOT."/propal.class.php"); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result=restrictedArea($user,'produit'); llxHeader(); diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 8572583c606..42d1b0e8210 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -35,9 +35,19 @@ $langs->load("products"); $langs->load("companies"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/stock/product.php b/htdocs/product/stock/product.php index 0d702412e2c..56564483aab 100644 --- a/htdocs/product/stock/product.php +++ b/htdocs/product/stock/product.php @@ -32,16 +32,24 @@ require_once(DOL_DOCUMENT_ROOT."/lib/product.lib.php"); require_once(DOL_DOCUMENT_ROOT."/product.class.php"); require_once(DOL_DOCUMENT_ROOT."/html.formproduct.class.php"); -if (! $user->rights->produit->lire || ! $product->type == 0 || ! $conf->stock->enabled) accessforbidden(); - $langs->load("products"); $langs->load("orders"); $langs->load("bills"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); $mesg = ''; diff --git a/htdocs/product/traduction.php b/htdocs/product/traduction.php index a630cea8e6d..d3a33a96f65 100644 --- a/htdocs/product/traduction.php +++ b/htdocs/product/traduction.php @@ -36,9 +36,19 @@ $langs->load("products"); $langs->load("bills"); // Security check -$id = isset($_GET["id"])?$_GET["id"]:''; +$id = ''; +if (isset($_GET["id"])) +{ + $id = $_GET["id"]; + $fieldid = 'rowid'; +} +if (isset($_GET["ref"])) +{ + $id = $_GET["ref"]; + $fieldid = 'ref'; +} if ($user->societe_id) $socid=$user->societe_id; -$result=restrictedArea($user,'produit',$id,'product'); +$result=restrictedArea($user,'produit',$id,'product','','',$fieldid); /*