From 96402a9dccf4b42f7bd0ff96f97d6035b6644127 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Thu, 9 Mar 2006 11:35:25 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?=
 =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?=
 =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?=
 =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/projet/liste.php | 317 ++++++++++++++++++++--------------------
 1 file changed, 160 insertions(+), 157 deletions(-)
diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
index 21ec37104b3..7531f44cab8 100644
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@@ -1,157 +1,160 @@
-<?php
-/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005      Marc Bariley / Ocebo      <marc@ocebo.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
- */
-
-/** 
-        \file       htdocs/projet/liste.php
-        \ingroup    projet
-        \brief      Page liste des projets
-        \version    $Revision$
-*/
-
-require("./pre.inc.php");
-
-if (!$user->rights->projet->lire) accessforbidden();
-
-$socid = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
-
-$title = $langs->trans("Projects");
-
-// Sécurité accés client
-if ($user->societe_id > 0) $socid = $user->societe_id;
-
-if ($socid > 0)
-{
-  $soc = new Societe($db);
-  $soc->fetch($socid);
-  $title .= ' (<a href="liste.php">'.$soc->nom.'</a>)';
-}
-
-
-$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
-$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
-$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
-$page = is_numeric($page) ? $page : 0;
-$page = $page == -1 ? 0 : $page;
-
-if (! $sortfield) $sortfield="p.ref";
-if (! $sortorder) $sortorder="ASC";
-$offset = $conf->liste_limit * $page ;
-$pageprev = $page - 1;
-$pagenext = $page + 1;
-
-
-
-/**
- * Affichage de la liste des projets
- * 
- */
-
-llxHeader();
-
-$sql = "SELECT p.rowid as projectid, p.ref, p.title, ".$db->pdate("p.dateo")." as do";
-$sql .= " , s.nom, s.idp, s.client";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."projet as p";
-$sql .= " WHERE p.fk_soc = s.idp";
-if ($socid)
-{ 
-  $sql .= " AND s.idp = ".$socid; 
-}
-if ($_GET["search_ref"])
-{
-  $sql .= " AND p.ref LIKE '%".addslashes($_GET["search_ref"])."%'";
-}
-if ($_GET["search_label"])
-{
-  $sql .= " AND p.title LIKE '%".addslashes($_GET["search_label"])."%'";
-}
-if ($_GET["search_societe"])
-{
-  $sql .= " AND s.nom LIKE '%".addslashes($_GET["search_societe"])."%'";
-}
-$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
-
-$var=true;
-$resql = $db->query($sql);
-if ($resql)
-{
-  $num = $db->num_rows($resql);
-  $i = 0;
-  
-  print_barre_liste($langs->trans("Projects"), $page, "liste.php", "", $sortfield, $sortorder, "", $num);
-  
-  print '<table class="noborder" width="100%">';
-  print '<tr class="liste_titre">';
-  print_liste_field_titre($langs->trans("Ref"),"liste.php","p.ref","","","",$sortfield);
-  print_liste_field_titre($langs->trans("Label"),"liste.php","p.title","","","",$sortfield);
-  print_liste_field_titre($langs->trans("Company"),"liste.php","s.nom","","","",$sortfield);
-  print '<td>&nbsp;</td>';
-  print "</tr>\n";
-  
-  print '<form method="get" action="liste.php">';
-  print '<tr class="liste_titre">';
-  print '<td valign="right">';
-  print '<input type="text" class="flat" name="search_ref" value="'.$_GET["search_ref"].'">';
-  print '</td>';
-  print '<td valign="right">';
-  print '<input type="text" class="flat" name="search_label" value="'.stripslashes($_GET["search_label"]).'">';
-  print '</td>';
-  print '<td valign="right">';
-  print '<input type="text" class="flat" name="search_societe" value="'.$_GET["search_societe"].'">';
-  print '</td>';
-  print '<td align="center">';
-  print '<input class="button" type="submit" value="'.$langs->trans("Search").'">';
-  print "</td>";
-  print "</tr>\n";
-  
-  while ($i < $num)
-    {
-      $objp = $db->fetch_object($resql);    
-      $var=!$var;
-      print "<tr $bc[$var]>";
-      print "<td><a href=\"fiche.php?id=$objp->projectid\">".img_object($langs->trans("ShowProject"),"project")." ".$objp->ref."</a></td>\n";
-      print "<td><a href=\"fiche.php?id=$objp->projectid\">".$objp->title."</a></td>\n";
-      print '<td>';
-      print img_object($langs->trans("ShowCompany"),"company");
-      
-      print '&nbsp;<a href="'.DOL_URL_ROOT.'/soc.php?socid='.$objp->idp.'">'.$objp->nom.'</a></td>';
-      print '<td>&nbsp;</td>';
-      print "</tr>\n";
-      
-      $i++;
-    }
-  
-  $db->free($resql);
-}
-else
-{
-  dolibarr_print_error($db);
-}
-
-print "</table>";
-
-$db->close();
-
-
-llxFooter('$Date$ - $Revision$');
-
-?>
+<?php
+/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2006 Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2005      Marc Bariley / Ocebo      <marc@ocebo.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
+ * $Id$
+ * $Source$
+ */
+
+/** 
+        \file       htdocs/projet/liste.php
+        \ingroup    projet
+        \brief      Page liste des projets
+        \version    $Revision$
+*/
+
+require("./pre.inc.php");
+
+if (!$user->rights->projet->lire) accessforbidden();
+
+$socidp = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
+
+$title = $langs->trans("Projects");
+
+// Sécurité accés client
+if ($user->societe_id > 0) $socidp = $user->societe_id;
+
+if ($socidp > 0)
+{
+  $soc = new Societe($db);
+  $soc->fetch($socidp);
+  $title .= ' (<a href="liste.php">'.$soc->nom.'</a>)';
+}
+
+
+$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
+$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
+$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
+$page = is_numeric($page) ? $page : 0;
+$page = $page == -1 ? 0 : $page;
+
+if (! $sortfield) $sortfield="p.ref";
+if (! $sortorder) $sortorder="ASC";
+$offset = $conf->liste_limit * $page ;
+$pageprev = $page - 1;
+$pagenext = $page + 1;
+
+
+
+/**
+ * Affichage de la liste des projets
+ * 
+ */
+
+llxHeader();
+
+$sql = "SELECT p.rowid as projectid, p.ref, p.title, ".$db->pdate("p.dateo")." as do";
+$sql .= " , s.nom, s.idp, s.client";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."projet as p";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+$sql .= " WHERE p.fk_soc = s.idp";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
+if ($socidp)
+{ 
+  $sql .= " AND s.idp = ".$socidp; 
+}
+if ($_GET["search_ref"])
+{
+  $sql .= " AND p.ref LIKE '%".addslashes($_GET["search_ref"])."%'";
+}
+if ($_GET["search_label"])
+{
+  $sql .= " AND p.title LIKE '%".addslashes($_GET["search_label"])."%'";
+}
+if ($_GET["search_societe"])
+{
+  $sql .= " AND s.nom LIKE '%".addslashes($_GET["search_societe"])."%'";
+}
+$sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
+
+$var=true;
+$resql = $db->query($sql);
+if ($resql)
+{
+  $num = $db->num_rows($resql);
+  $i = 0;
+  
+  print_barre_liste($langs->trans("Projects"), $page, "liste.php", "", $sortfield, $sortorder, "", $num);
+  
+  print '<table class="noborder" width="100%">';
+  print '<tr class="liste_titre">';
+  print_liste_field_titre($langs->trans("Ref"),"liste.php","p.ref","","","",$sortfield);
+  print_liste_field_titre($langs->trans("Label"),"liste.php","p.title","","","",$sortfield);
+  print_liste_field_titre($langs->trans("Company"),"liste.php","s.nom","","","",$sortfield);
+  print '<td>&nbsp;</td>';
+  print "</tr>\n";
+  
+  print '<form method="get" action="liste.php">';
+  print '<tr class="liste_titre">';
+  print '<td valign="right">';
+  print '<input type="text" class="flat" name="search_ref" value="'.$_GET["search_ref"].'">';
+  print '</td>';
+  print '<td valign="right">';
+  print '<input type="text" class="flat" name="search_label" value="'.stripslashes($_GET["search_label"]).'">';
+  print '</td>';
+  print '<td valign="right">';
+  print '<input type="text" class="flat" name="search_societe" value="'.$_GET["search_societe"].'">';
+  print '</td>';
+  print '<td align="center">';
+  print '<input class="button" type="submit" value="'.$langs->trans("Search").'">';
+  print "</td>";
+  print "</tr>\n";
+  
+  while ($i < $num)
+    {
+      $objp = $db->fetch_object($resql);    
+      $var=!$var;
+      print "<tr $bc[$var]>";
+      print "<td><a href=\"fiche.php?id=$objp->projectid\">".img_object($langs->trans("ShowProject"),"project")." ".$objp->ref."</a></td>\n";
+      print "<td><a href=\"fiche.php?id=$objp->projectid\">".$objp->title."</a></td>\n";
+      print '<td>';
+      print img_object($langs->trans("ShowCompany"),"company");
+      
+      print '&nbsp;<a href="'.DOL_URL_ROOT.'/soc.php?socid='.$objp->idp.'">'.$objp->nom.'</a></td>';
+      print '<td>&nbsp;</td>';
+      print "</tr>\n";
+      
+      $i++;
+    }
+  
+  $db->free($resql);
+}
+else
+{
+  dolibarr_print_error($db);
+}
+
+print "</table>";
+
+$db->close();
+
+
+llxFooter('$Date$ - $Revision$');
+
+?>


'; - print ''; - print '	'; - print ''; - print '	'; - print ''; - print '	'; - print ''; - print "
projectid\">".img_object($langs->trans("ShowProject"),"project")." ".$objp->ref."	projectid\">".$objp->title."	'; - print img_object($langs->trans("ShowCompany"),"company"); - - print ' '.$objp->nom.'

'; + print ''; + print '	'; + print ''; + print '	'; + print ''; + print '	'; + print ''; + print "
projectid\">".img_object($langs->trans("ShowProject"),"project")." ".$objp->ref."	projectid\">".$objp->title."	'; + print img_object($langs->trans("ShowCompany"),"company"); + + print ' '.$objp->nom.'