Fix: Droits non chargs
This commit is contained in:
Laurent Destailleur
parent
a5067856b2
commit
8a17b09486
@ -1,5 +1,5 @@
|
||||
<?php
|
||||
/* Copyright (C) 2005 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
/* Copyright (C) 2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -29,32 +29,40 @@
|
||||
require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
$contactid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
$scoid=0;
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contactid)
|
||||
if ($contactid && ! $user->rights->commercial->client->voir)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (! $user->rights->commercial->client->voir && ! $socid)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
if ($db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
else
|
||||
{
|
||||
dolibarr_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -31,34 +31,47 @@
|
||||
require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
$contactid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contactid)
|
||||
if ($contactid && ! $user->rights->commercial->client->voir)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (! $user->rights->commercial->client->voir && ! $socid)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
if ($db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
else
|
||||
{
|
||||
dolibarr_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Fiche info
|
||||
*/
|
||||
|
||||
llxHeader();
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -31,32 +31,41 @@ require("./pre.inc.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
|
||||
require_once(DOL_DOCUMENT_ROOT."/lib/vcard/vcard.class.php");
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
$contactid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// Protection restriction commercial
|
||||
if ($contactid)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
|
||||
if ( $db->query($sql) )
|
||||
{
|
||||
if ( $db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
// Protection restriction commercial
|
||||
if ($contactid && ! $user->rights->commercial->client->voir)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, sp.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
|
||||
$sql .= " WHERE sp.idp = ".$contactid;
|
||||
if (! $user->rights->commercial->client->voir && ! $socid)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
|
||||
|
||||
$resql=$db->query($sql);
|
||||
if ($resql)
|
||||
{
|
||||
if ($db->num_rows() == 0) accessforbidden();
|
||||
}
|
||||
else
|
||||
{
|
||||
dolibarr_print_error($db);
|
||||
}
|
||||
}
|
||||
|
||||
if ($_POST["action"] == 'update')
|
||||
|
||||
@ -33,14 +33,13 @@ require("./pre.inc.php");
|
||||
$langs->load("companies");
|
||||
$langs->load('other');
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
$mesg = "";
|
||||
|
||||
// Sécurité accés client
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
|
||||
if ($socid == '') accessforbidden();
|
||||
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
|
||||
@ -32,6 +32,8 @@ require("./pre.inc.php");
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
$user->getrights('commercial');
|
||||
|
||||
// Protection quand utilisateur externe
|
||||
$socidp = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user