diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 10bd6545bf4..0c47814e6f1 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (1, 3)"; -$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php index a6529acd01f..fc1a2796fae 100755 --- a/htdocs/comm/prospect/list.php +++ b/htdocs/comm/prospect/list.php @@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (2, 3)"; -$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe"; // Join for the needed table to filter by categ diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 025c550ea34..a495a3e7323 100755 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -121,7 +121,7 @@ $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; -$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; +$sql.= ' WHERE p.entity IN ('.getEntity('societe', 1).')'; if (!$user->rights->societe->client->voir && !$socid) //restriction { $sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)"; diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index 5c125cf421e..6e031577cbc 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -73,7 +73,7 @@ class box_produits extends ModeleBoxes { { $sql = "SELECT p.rowid, p.label, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; - $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN (0,'.getEntity($productstatic->element, 1).')'; if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0'; if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1'; $sql.= $db->order('p.datec', 'DESC'); diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 13bc1347a1d..4168a97166f 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -724,7 +724,7 @@ abstract class CommonObject if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; if (! empty($filter)) $sql.=" AND ".$filter; if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')'; + if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; //print $sql."
"; $result = $this->db->query($sql); @@ -745,7 +745,7 @@ abstract class CommonObject if (empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir) $sql.= " AND sc.fk_user = " .$user->id; if (! empty($filter)) $sql.=" AND ".$filter; if ($this->ismultientitymanaged == 2 || ($this->element != 'societe' && empty($this->isnolinkedbythird) && !$user->rights->societe->client->voir)) $sql.= ' AND te.fk_soc = s.rowid'; // If we need to link to societe to limit select to entity - if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN (0,'.(! empty($conf->entities[$this->element]) ? $conf->entities[$this->element] : $conf->entity).')'; + if ($this->ismultientitymanaged == 1) $sql.= ' AND te.entity IN ('.getEntity($this->element, 1).')'; // Rem: Bug in some mysql version: SELECT MIN(rowid) FROM llx_socpeople WHERE rowid > 1 when one row in database with rowid=1, returns 1 instead of null //print $sql."
"; diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 67c3e44fe87..f2c0f2aedc4 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1165,7 +1165,7 @@ class Form { $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_lang as pl ON pl.fk_product = p.rowid AND pl.lang='". $langs->getDefaultLang() ."'"; } - $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')'; if ($finished == 0) { $sql.= " AND p.finished = ".$finished; diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index d80fa593d5f..8227e33f119 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -5,7 +5,7 @@ * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * Copyright (C) 2004 Christophe Combelles - * Copyright (C) 2005-2010 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Raphael Bertrand (Resultic) * Copyright (C) 2010-2011 Juanjo Menent * @@ -193,6 +193,26 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) return $dolidb; } +/** + * Get entity to use + * + * @param string $element Current element + * @param int $shared 1=Return shared entities + * @return mixed Entity id(s) to use + */ +function getEntity($element=false, $shared=false) +{ + global $conf, $mc; + + if (is_object($mc)) + { + return $mc->getEntity($element, $shared); + } + else + { + return $conf->entity; + } +} /** * Function called at end of web php process @@ -2392,7 +2412,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' } else { - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checksoc)) @@ -2411,7 +2431,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE sc.fk_soc = ".$objectid; $sql.= " AND sc.fk_user = ".$user->id; $sql.= " AND sc.fk_soc = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2419,7 +2439,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT s.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE s.rowid = ".$objectid; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checkother)) @@ -2440,7 +2460,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'"; $sql.= " WHERE dbt.rowid = ".$objectid; $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2448,7 +2468,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.rowid = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } else if (in_array($feature,$checkproject)) @@ -2482,7 +2502,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield; $sql.= " AND dbt.".$dbt_keyfield." = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND s.entity IN (".getEntity($sharedelement, 1).")"; $sql.= " AND sc.fk_user = ".$user->id; } // If multicompany and internal users with all permissions, check user is in correct entity @@ -2491,7 +2511,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.".$dbt_select; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")"; } } diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index 6d3a63efe2b..4adfc33c371 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2804,7 +2804,7 @@ class Product extends CommonObject $sql = "SELECT count(p.rowid) as nb"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; $sql.= " WHERE p.fk_product_type <> 1"; - $sql.= ' AND p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' AND p.entity IN ('.getEntity($this->element, 1).')'; $resql=$this->db->query($sql); if ($resql) diff --git a/htdocs/product/index.php b/htdocs/product/index.php index a0b1b4a6500..27a11d57ce5 100644 --- a/htdocs/product/index.php +++ b/htdocs/product/index.php @@ -105,7 +105,7 @@ $prodser[0][0]=$prodser[0][1]=$prodser[1][0]=$prodser[1][1]=0; $sql = "SELECT COUNT(p.rowid) as total, p.fk_product_type, p.tosell, p.tobuy"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; -$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")"; +$sql.= ' WHERE p.entity IN ('.getEntity($product_static->element, 1).')'; $sql.= " GROUP BY p.fk_product_type, p.tosell, p.tobuy"; $result = $db->query($sql); while ($objp = $db->fetch_object($result)) @@ -165,7 +165,7 @@ $max=15; $sql = "SELECT p.rowid, p.label, p.price, p.ref, p.fk_product_type, p.tosell, p.tobuy,"; $sql.= " p.tms as datem"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; -$sql.= " WHERE p.entity IN (0,".(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).")"; +$sql.= " WHERE p.entity IN (".getEntity($sharedelement, 1).")"; if ($type != '') $sql.= " AND p.fk_product_type = ".$type; $sql.= $db->order("p.tms","DESC"); $sql.= $db->plimit($max,0); diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index ae26cb791c2..5c786e49412 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -136,7 +136,7 @@ else //$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product"; //} - $sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN ('.getEntity('product', 1).')'; if ($search_categ) $sql.= " AND p.rowid = cp.fk_product"; // Join for the needed table to filter by categ if ($sall) { diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 92bf3472ea1..44e2a99058f 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -1,6 +1,6 @@ - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,6 +50,7 @@ class Client extends Societe function load_state_board() { global $conf, $user; + global $mc; $this->nb=array("customers" => 0,"prospects" => 0); $clause = "WHERE"; @@ -63,7 +64,7 @@ class Client extends Societe $clause = "AND"; } $sql.= " ".$clause." s.client IN (1,2,3)"; - $sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; + $sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')'; $sql.= " GROUP BY s.client"; $resql=$this->db->query($sql); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index a91cfcd6e76..4d1fc552726 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -4,7 +4,7 @@ * Copyright (C) 2004 Eric Seigne * Copyright (C) 2003 Brian Fraval * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Patrick Raguin * Copyright (C) 2010-2011 Juanjo Menent * diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index 06eebc64ee8..c948127312d 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -28,7 +28,7 @@ require_once(DOL_DOCUMENT_ROOT.'/societe/class/societe.class.php'); $langs->load("companies"); -$socid = GETPOST("socid"); +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; // Security check @@ -80,9 +80,9 @@ $total=0; $sql = "SELECT s.rowid, s.client, s.fournisseur"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; -if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')'; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $result = $db->query($sql); @@ -149,9 +149,9 @@ print ''; $max=15; $sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; -if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql.= ' WHERE s.entity IN ('.getEntity('societe', 1).')'; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $sql.= " AND ("; if (! empty($conf->societe->enabled)) $sql.=" s.client IN (1,2,3)";