From 851ae01a62792807b9c1f9fad5faf920f15a9ec7 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 14:00:24 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/action/index.php | 6 ++++++ htdocs/contact/index.php | 4 ++-- htdocs/societe.php | 11 +++++++++-- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index a796174eeed..2e64edf1ff8 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -67,7 +67,9 @@ llxHeader(); $sql = "SELECT s.nom as societe, s.idp as socidp, s.client,"; $sql.= " a.id,".$db->pdate("a.datea")." as da, a.fk_contact, a.note, a.percent as percent,"; $sql.= " c.code as acode, c.libelle, u.code, u.rowid as userid"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as a, ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."user as u"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE a.fk_soc = s.idp AND c.id=a.fk_action AND a.fk_user_author = u.rowid"; if ($_GET["type"]) { @@ -81,6 +83,10 @@ if ($socid) { $sql .= " AND s.idp = $socid"; } +if (!$user->rights->commercial->client->voir) //restriction +{ + $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +} if ($status == 'done') { $sql.= " AND a.percent = 100"; } if ($status == 'todo') { $sql.= " AND a.percent < 100"; } $sql .= " ORDER BY $sortfield $sortorder"; diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php index a8f617f412d..d0668dd07f3 100644 --- a/htdocs/contact/index.php +++ b/htdocs/contact/index.php @@ -92,8 +92,8 @@ llxHeader(); $sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax"; if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user "; - $sql .= "FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."socpeople as p "; + $sql .= "FROM ".MAIN_DB_PREFIX."socpeople as p"; + if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.idp = p.fk_soc "; $sql .= "WHERE 1=1 "; diff --git a/htdocs/societe.php b/htdocs/societe.php index 4c86db5ed8d..c05feb36974 100644 --- a/htdocs/societe.php +++ b/htdocs/societe.php @@ -121,10 +121,12 @@ if (isset($_POST["button_removefilter_x"])) $title=$langs->trans("ListOfCompanies"); -$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, st.libelle as stcomm, s.prefix_comm, s.client, s.fournisseur"; -$sql.= ", s.siren"; +$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea"; +$sql.= ", st.libelle as stcomm, s.prefix_comm, s.client, s.fournisseur, s.siren"; +if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; +if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id"; if ($user->societe_id > 0) { @@ -140,6 +142,11 @@ if (strlen($stcomm)) { $sql .= " AND s.fk_stcomm=$stcomm"; } +if (!$user->rights->commercial->client->voir) //restriction +{ + $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +} + if ($search_nom) { $sql .= " AND (s.nom LIKE '%".$search_nom."%' OR s.code_client LIKE '%".$search_nom."%')"; }