diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php index d1750755835..dd374eb1a6f 100644 --- a/htdocs/compta/facture/impayees.php +++ b/htdocs/compta/facture/impayees.php @@ -1,7 +1,7 @@ * Copyright (C) 2004 Eric Seigne - * Copyright (C) 2004-2012 Laurent Destailleur + * Copyright (C) 2004-2014 Laurent Destailleur * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify @@ -38,12 +38,13 @@ $id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int')); $action = GETPOST('action','alpha'); $option = GETPOST('option'); -$diroutputpdf=$conf->facture->dir_output . '/unpaid/temp'; - // Security check if ($user->societe_id) $socid=$user->societe_id; $result = restrictedArea($user,'facture',$id,''); +$diroutputpdf=$conf->facture->dir_output . '/unpaid/temp'; +if (! $user->rights->societe->client->voir || $socid) $diroutputpdf.='/private/'.$user->id; // If user has no permission to see all, output dir is specific to user + /* * Action @@ -221,7 +222,7 @@ if ($search_societe) $sql .= " AND s.nom LIKE '%".$db->escape($search_societ if ($search_montant_ht) $sql .= " AND f.total = '".$db->escape($search_montant_ht)."'"; if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$db->escape($search_montant_ttc)."'"; if (GETPOST('sf_ref')) $sql .= " AND f.facnumber LIKE '%".$db->escape(GETPOST('sf_ref'))."%'"; -$sql.= " GROUP BY s.nom, s.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.rowid, f.fk_statut, f.type "; +$sql.= " GROUP BY s.nom, s.rowid, f.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.localtax1, f.localtax2, f.revenuestamp, f.datef, f.date_lim_reglement, f.paye, f.fk_statut, f.type "; if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user "; $sql.= " ORDER BY "; $listfield=explode(',',$sortfield); diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php index 16a6c1410e6..32400cf29cc 100644 --- a/htdocs/compta/paiement/liste.php +++ b/htdocs/compta/paiement/liste.php @@ -29,6 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php'; require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php'; $langs->load("bills"); +$langs->load("compta"); // Security check $facid =GETPOST('facid','int'); diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 9c8febe9e1a..eeeaa715718 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2004-2014 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,16 +32,16 @@ if (! $user->rights->facture->lire) accessforbidden(); $action=GETPOST('action'); -$dir = $conf->facture->dir_output.'/payments'; - $socid=0; if ($user->societe_id > 0) { $action = ''; $socid = $user->societe_id; - $dir = $conf->facture->dir_output.'/payments/private/'.$user->id; } +$dir = $conf->facture->dir_output.'/payments'; +if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id; // If user has no permission to see all, output dir is specific to user + $year = $_GET["year"]; if (! $year) { $year=date("Y"); } diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index b7e2f8e5d91..3d3c45e1963 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006-2009 Laurent Destailleur + * Copyright (C) 2006-2014 Laurent Destailleur * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -93,6 +93,9 @@ class pdf_paiement global $user,$langs,$conf; + $socid=0; + if ($user->societe_id) $socid=$user->societe_id; + if (! is_object($outputlangs)) $outputlangs=$langs; // For backward compatibility with FPDF, force output charset to ISO, because FPDF expect text to be encoded in ISO if (! empty($conf->global->MAIN_USE_FPDF)) $outputlangs->charset_output='ISO-8859-1'; @@ -136,11 +139,21 @@ class pdf_paiement $sql.= ", pf.amount as pf_amount "; $sql.= ", p.rowid as prowid"; $sql.= " FROM ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."facture as f,"; - $sql.= " ".MAIN_DB_PREFIX."c_paiement as c, ".MAIN_DB_PREFIX."paiement_facture as pf"; - $sql.= " WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid"; + $sql.= " ".MAIN_DB_PREFIX."c_paiement as c, ".MAIN_DB_PREFIX."paiement_facture as pf,"; + $sql.= " ".MAIN_DB_PREFIX."societe as s"; + if (! $user->rights->societe->client->voir && ! $socid) + { + $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + } + $sql.= " WHERE f.fk_soc = s.rowid AND pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid"; $sql.= " AND f.entity = ".$conf->entity; $sql.= " AND p.fk_paiement = c.id "; $sql.= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year,$month))."' AND '".$this->db->idate(dol_get_last_day($year,$month))."'"; + if (! $user->rights->societe->client->voir && ! $socid) + { + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + } + if (! empty($socid)) $sql .= " AND s.rowid = ".$socid; $sql.= " ORDER BY p.datep ASC, pf.fk_paiement ASC"; dol_syslog(get_class($this)."::write_file sql=".$sql); diff --git a/htdocs/document.php b/htdocs/document.php index 9815bbdd7e6..bb6bd032301 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -66,6 +66,14 @@ $entity=GETPOST('entity')?GETPOST('entity','int'):$conf->entity; // Security check if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart'); +$socid=0; +if ($user->societe_id > 0) $socid = $user->societe_id; + +// For some module part, dir may be privates +if (in_array($modulepart,array('facture_paiement','unpaid'))) +{ + if (! $user->rights->societe->client->voir || $socid) $original_file='private/'.$user->id.'/'.$original_file; // If user has no permission to see all, output dir is specific to user +} /* * Action