From aa9ccb41cc3405236eebf662fa24f5c54deb80e4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Sun, 30 Jan 2011 13:56:05 +0000 Subject: [PATCH] Fix: bad restricted view of company --- htdocs/societe/index.php | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index 7458c80cad6..9edd1531b9f 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2011 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -79,18 +79,21 @@ $total=0; $sql = "SELECT s.rowid, s.client, s.fournisseur"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; +if (! $user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity = ".$conf->entity; +if (! $user->rights->societe->client->voir) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; + $result = $db->query($sql); if ($result) { - while ($objp = $db->fetch_object($result)) - { - if ($objp->client == 1 || $objp->client == 3) $third['customer']++; - if ($objp->client == 2 || $objp->client == 3) $third['prospect']++; - if ($objp->fournisseur) $third['supplier']++; + while ($objp = $db->fetch_object($result)) + { + if ($objp->client == 1 || $objp->client == 3) $third['customer']++; + if ($objp->client == 2 || $objp->client == 3) $third['prospect']++; + if ($objp->fournisseur) $third['supplier']++; - $total++; - } + $total++; + } } else dol_print_error($db); @@ -127,7 +130,9 @@ $max=15; $sql = "SELECT s.rowid, s.nom, s.client, s.fournisseur,"; $sql.= " s.tms as datem"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; +if (! $user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.entity = ".$conf->entity; +if (! $user->rights->societe->client->voir) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " AND ("; if (! empty($conf->societe->enabled)) $sql.=" s.client in (1,2,3)"; if (! empty($conf->fournisseur->enabled)) $sql.=" OR s.fournisseur in (1)";