New: use getEntity() instead $conf->entity
This commit is contained in:
Regis Houssin
parent
033b290ed3
commit
9339119455
@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P
|
||||
if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs";
|
||||
$sql.= " WHERE s.fk_stcomm = st.id";
|
||||
$sql.= " AND s.client IN (1, 3)";
|
||||
$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
|
||||
if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
|
||||
|
||||
@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)";
|
||||
$sql.= " WHERE s.fk_stcomm = st.id";
|
||||
$sql.= " AND s.client IN (2, 3)";
|
||||
$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
|
||||
if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id;
|
||||
if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale
|
||||
if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe"; // Join for the needed table to filter by categ
|
||||
|
||||
@ -121,7 +121,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
|
||||
if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
|
||||
$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
$sql.= ' WHERE p.entity IN ('.getEntity('societe', 1).')';
|
||||
if (!$user->rights->societe->client->voir && !$socid) //restriction
|
||||
{
|
||||
$sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)";
|
||||
|
||||
@ -73,7 +73,7 @@ class box_produits extends ModeleBoxes {
|
||||
{
|
||||
$sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
|
||||
$sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
|
||||
$sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')';
|
||||
if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
|
||||
if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';
|
||||
$sql.= $db->order('p.datec', 'DESC');
|
||||
|
||||
@ -724,7 +724,7 @@ abstract class CommonObject
|
||||
if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
|
||||
if (! empty($filter)) $sql.=" AND ".$filter;
|
||||
if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity
|
||||
if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')';
|
||||
if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';
|
||||
|
||||
//print $sql."<br>";
|
||||
$result = $this->db->query($sql);
|
||||
@ -745,7 +745,7 @@ abstract class CommonObject
|
||||
if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id;
|
||||
if (! empty($filter)) $sql.=" AND ".$filter;
|
||||
if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity
|
||||
if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')';
|
||||
if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')';
|
||||
// Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null
|
||||
|
||||
//print $sql."<br>";
|
||||
|
||||
@ -1165,7 +1165,7 @@ class Form
|
||||
{
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang='". $langs->getDefaultLang() ."'";
|
||||
}
|
||||
$sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
|
||||
$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
|
||||
if ($finished == 0)
|
||||
{
|
||||
$sql.= " AND p.finished = ".$finished;
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
|
||||
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
|
||||
* Copyright (C) 2004 Christophe Combelles <ccomb@free.fr>
|
||||
* Copyright (C) 2005-2010 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2008 Raphael Bertrand (Resultic) <raphael.bertrand@resultic.fr>
|
||||
* Copyright (C) 2010-2011 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
@ -193,6 +193,26 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port)
|
||||
return $dolidb;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get entity to use
|
||||
*
|
||||
* @param string $element Current element
|
||||
* @param int $shared 1=Return shared entities
|
||||
* @return mixed Entity id(s) to use
|
||||
*/
|
||||
function getEntity($element=false, $shared=false)
|
||||
{
|
||||
global $conf, $mc;
|
||||
|
||||
if (is_object($mc))
|
||||
{
|
||||
return $mc->getEntity($element, $shared);
|
||||
}
|
||||
else
|
||||
{
|
||||
return $conf->entity;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Function called at end of web php process
|
||||
@ -2392,7 +2412,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checksoc))
|
||||
@ -2411,7 +2431,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " WHERE sc.fk_soc = ".$objectid;
|
||||
$sql.= " AND sc.fk_user = ".$user->id;
|
||||
$sql.= " AND sc.fk_soc = s.rowid";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
else if (! empty($conf->multicompany->enabled))
|
||||
@ -2419,7 +2439,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT s.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql.= " WHERE s.rowid = ".$objectid;
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checkother))
|
||||
@ -2440,7 +2460,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
|
||||
$sql.= " WHERE dbt.rowid = ".$objectid;
|
||||
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
else if (! empty($conf->multicompany->enabled))
|
||||
@ -2448,7 +2468,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT dbt.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql.= " WHERE dbt.rowid = ".$objectid;
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checkproject))
|
||||
@ -2482,7 +2502,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
|
||||
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
|
||||
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")";
|
||||
$sql.= " AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
@ -2491,7 +2511,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT dbt.".$dbt_select;
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -2804,7 +2804,7 @@ class Product extends CommonObject
|
||||
$sql = "SELECT count(p.rowid) as nb";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
|
||||
$sql.= " WHERE p.fk_product_type <> 1";
|
||||
$sql.= ' AND p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
|
||||
$sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')';
|
||||
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@ -105,7 +105,7 @@ $prodser[0][0]=$prodser[0][1]=$prodser[1][0]=$prodser[1][1]=0;
|
||||
|
||||
$sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
|
||||
$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")";
|
||||
$sql.= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')';
|
||||
$sql.= " GROUP BY p.fk_product_type, p.tosell, p.tobuy";
|
||||
$result = $db->query($sql);
|
||||
while ($objp = $db->fetch_object($result))
|
||||
@ -165,7 +165,7 @@ $max=15;
|
||||
$sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,";
|
||||
$sql.= " p.tms as datem";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
|
||||
$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")";
|
||||
$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")";
|
||||
if ($type != '') $sql.= " AND p.fk_product_type = ".$type;
|
||||
$sql.= $db->order("p.tms","DESC");
|
||||
$sql.= $db->plimit($max,0);
|
||||
|
||||
@ -136,7 +136,7 @@ else
|
||||
//$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product";
|
||||
//}
|
||||
$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')';
|
||||
$sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')';
|
||||
if ($search_categ) $sql.= " AND p.rowid = cp.fk_product"; // Join for the needed table to filter by categ
|
||||
if ($sall)
|
||||
{
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
@ -50,6 +50,7 @@ class Client extends Societe
|
||||
function load_state_board()
|
||||
{
|
||||
global $conf, $user;
|
||||
global $mc;
|
||||
|
||||
$this->nb=array("customers" => 0,"prospects" => 0);
|
||||
$clause = "WHERE";
|
||||
@ -63,7 +64,7 @@ class Client extends Societe
|
||||
$clause = "AND";
|
||||
}
|
||||
$sql.= " ".$clause." s.client IN (1,2,3)";
|
||||
$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
$sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')';
|
||||
$sql.= " GROUP BY s.client";
|
||||
|
||||
$resql=$this->db->query($sql);
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Copyright (C) 2004 Eric Seigne <eric.seigne@ryxeo.com>
|
||||
* Copyright (C) 2003 Brian Fraval <brian@fraval.org>
|
||||
* Copyright (C) 2006 Andre Cianfarani <acianfa@free.fr>
|
||||
* Copyright (C) 2005-2009 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
* Copyright (C) 2008 Patrick Raguin <patrick.raguin@auguria.net>
|
||||
* Copyright (C) 2010-2011 Juanjo Menent <jmenent@2byte.es>
|
||||
*
|
||||
|
||||
@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php');
|
||||
|
||||
$langs->load("companies");
|
||||
|
||||
$socid = GETPOST("socid");
|
||||
$socid = GETPOST('socid','int');
|
||||
if ($user->societe_id) $socid=$user->societe_id;
|
||||
|
||||
// Security check
|
||||
@ -80,9 +80,9 @@ $total=0;
|
||||
|
||||
$sql = "SELECT s.rowid, s.client, s.fournisseur";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
|
||||
if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')';
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
|
||||
$result = $db->query($sql);
|
||||
@ -149,9 +149,9 @@ print '</td><td valign="top" width="70%" class="notopnoleftnoright">';
|
||||
$max=15;
|
||||
$sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
|
||||
if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')';
|
||||
if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')';
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
$sql.= " AND (";
|
||||
if (! empty($conf->societe->enabled)) $sql.=" s.client IN (1,2,3)";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user