From 88d3246be29c87646a9c5490736a64ed5f2c183c Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 22 Nov 2007 15:28:43 +0000 Subject: [PATCH] =?UTF-8?q?Fix:=20droits=20des=20commerciaux=20non=20d=E9f?= =?UTF-8?q?inis?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/compta/facture.php | 12 +++++++++--- htdocs/compta/paiement/liste.php | 8 ++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/facture.php b/htdocs/compta/facture.php index 73447b456a6..024e0fc55d4 100644 --- a/htdocs/compta/facture.php +++ b/htdocs/compta/facture.php @@ -3061,11 +3061,17 @@ else $sql.= ' f.paye as paye, f.fk_statut,'; $sql.= ' s.nom, s.rowid as socid'; if (! $sall) $sql.= ' ,sum(pf.amount) as am'; + if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s'; - $sql.= ','.MAIN_DB_PREFIX.'facture as f'; - if (! $sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture '; - if ($sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'facturedet as fd ON f.rowid=fd.fk_facture '; + if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + $sql.= ', '.MAIN_DB_PREFIX.'facture as f'; + if (! $sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON pf.fk_facture = f.rowid'; + if ($sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'facturedet as fd ON fd.fk_facture = f.rowid'; $sql.= ' WHERE f.fk_soc = s.rowid'; + if (!$user->rights->commercial->client->voir && !$socid) //restriction + { + $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + } if ($socid) $sql .= ' AND s.rowid = '.$socid; if ($month > 0) $sql .= ' AND date_format(f.datef, \'%m\') = '.$month; if ($_GET['filtre']) diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php index 74ee92c818c..f262bcf4eed 100644 --- a/htdocs/compta/paiement/liste.php +++ b/htdocs/compta/paiement/liste.php @@ -77,7 +77,15 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."bank_account as ba ON b.fk_account = ba.row $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON p.rowid = pf.fk_paiement"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."facture as f ON pf.fk_facture = f.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; +if (!$user->rights->commercial->client->voir && !$socid) +{ + $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; +} $sql.= " WHERE p.fk_paiement = c.id"; +if (!$user->rights->commercial->client->voir && !$socid) +{ + $sql.= " AND sc.fk_user = " .$user->id; +} if ($socid) { $sql.= " AND f.fk_soc = ".$socid;