Ajout de la permission "consulter tous les clients" dans le module commercial, afin

qu'un commercial puisse voir que les clients qui lui sont affect�s.
2006-03-08 18:06:29 +00:00 · 2006-03-08 18:06:29 +00:00 · ac790f3e95
commit ac790f3e95
parent fb4d524b50
5 changed files with 36 additions and 27 deletions
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@ -46,10 +46,10 @@ $langs->load("contracts");
 if ($conf->fichinter->enabled) $langs->load("interventions");

 // Protection quand utilisateur externe
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$socidp = isset($_GET["socid"])?$_GET["socid"]:'';
 if ($user->societe_id > 0)
 {
-    $socid = $user->societe_id;
+    $socidp = $user->societe_id;
 }


@ -90,7 +90,7 @@ if ($_POST["action"] == 'setassujtva')
 {
 	$societe = new Societe($db, $_GET["socid"]);
    $societe->tva_assuj=$_POST['assujtva_value'];
-	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET tva_assuj='".$_POST['assujtva_value']."' WHERE idp='".$socid."'";
+	$sql = "UPDATE ".MAIN_DB_PREFIX."societe SET tva_assuj='".$_POST['assujtva_value']."' WHERE idp='".$socidp."'";
    $result = $db->query($sql);
    if (! $result) dolibarr_print_error($result);
 }
@ -98,7 +98,7 @@ if ($_POST["action"] == 'setassujtva')
 if ($action == 'recontact')
 {
    $dr = mktime(0, 0, 0, $remonth, $reday, $reyear);
-    $sql = "INSERT INTO ".MAIN_DB_PREFIX."soc_recontact (fk_soc, datere, author) VALUES ($socid, $dr,'".  $user->login ."')";
+    $sql = "INSERT INTO ".MAIN_DB_PREFIX."soc_recontact (fk_soc, datere, author) VALUES ($socidp, $dr,'".  $user->login ."')";
    $result = $db->query($sql);
    if (! $result) dolibarr_print_error($result);
 }
@ -108,12 +108,12 @@ if ($action == 'stcomm')
    if ($stcommid <> 'null' && $stcommid <> $oldstcomm)
    {
        $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) ";
-        $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $user->login . "')";
+        $sql .= " VALUES ('$dateaction',$socidp,$stcommid,'" . $user->login . "')";
        $result = @$db->query($sql);

        if ($result)
        {
-            $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=$stcommid WHERE idp=".$socid;
+            $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=$stcommid WHERE idp=".$socidp;
            $result = $db->query($sql);
        }
        else
@ -124,7 +124,7 @@ if ($action == 'stcomm')

    if ($actioncommid)
    {
-        $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')";
+        $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socidp,'" . $user->id . "')";
        $result = @$db->query($sql);

        if (!$result)
@ -140,14 +140,18 @@ if ($action == 'stcomm')
 */
 if ($mode == 'search') {
    if ($mode-search == 'soc') {
-        $sql = "SELECT s.idp FROM ".MAIN_DB_PREFIX."societe as s ";
+        $sql = "SELECT s.idp";
+        if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user ";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
+        if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
        $sql .= " WHERE lower(s.nom) like '%".strtolower($socname)."%'";
+        if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;
    }

    if ( $db->query($sql) ) {
        if ( $db->num_rows() == 1) {
            $obj = $db->fetch_object();
-            $socid = $obj->idp;
+            $socidp = $obj->idp;
        }
        $db->free();
    }
@ -163,12 +167,12 @@ llxHeader('',$langs->trans('CustomerCard'));
 * Mode fiche
 *
 *********************************************************************************/
-if ($socid > 0)
+if ($socidp > 0)
 {
    // On recupere les donnees societes par l'objet
    $objsoc = new Societe($db);
-    $objsoc->id=$socid;
-    $objsoc->fetch($socid,$to);
+    $objsoc->id=$socidp;
+    $objsoc->fetch($socidp,$to);

    $dac = strftime("%Y-%m-%d %H:%M", time());
    if ($errmesg)
--- a/htdocs/compta/clients.php
+++ b/htdocs/compta/clients.php
@ -137,8 +137,13 @@ if ($mode == 'search') {
 *
 */

-$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,  st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta ";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st WHERE s.fk_stcomm = st.id AND s.client=1";
+$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea";
+$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta ";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user ";
+$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+$sql .= " WHERE s.fk_stcomm = st.id AND s.client=1";
+if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id;

 if (strlen($stcomm))
 {
@ -172,9 +177,9 @@ if (strlen($begin))
  $sql .= " AND s.nom like '".addslashes($begin)."'";
 }

-if ($user->societe_id)
+if ($socidp)
 {
-  $sql .= " AND s.idp = " .$user->societe_id;
+  $sql .= " AND s.idp = $socidp";
 }

 $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
--- a/htdocs/compta/index.php
+++ b/htdocs/compta/index.php
@ -140,7 +140,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire)
 	      $obj = $db->fetch_object($resql);
 	      $var=!$var;
 	      print '<tr '.$bc[$var].'><td nowrap><a href="facture.php?facid='.$obj->rowid.'">'.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.'</a></td>';
-	      print '<td><a href="fiche.php?socid='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($obj->nom,20).'</a></td>';
+	      print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($obj->nom,20).'</a></td>';
 	      print '<td align="right">'.price($obj->total_ttc).'</td>';
 	      print '</tr>';
 	      $tot_ttc+=$obj->total_ttc;
@ -238,7 +238,7 @@ if ( $resql )
 	  $obj = $db->fetch_object($resql);
 	  $var = !$var;
 	  print "<tr $bc[$var]>";
-	  print '<td><a href="fiche.php?socid='.$obj->idp.'">'.$obj->nom.'</a></td>';
+	  print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.$obj->nom.'</a></td>';
 	  print '<td align="right"><a href="index.php?action=del_bookmark&amp;bid='.$obj->bid.'">'.img_delete().'</a></td>';
 	  print '</tr>';
 	  $i++;
@ -306,8 +306,8 @@ if ($conf->commande->enabled && $user->rights->commande->lire)
 				print "<td width=\"20%\"><a href=\"commande/fiche.php?id=$obj->rowid\">".img_object($langs->trans("ShowOrder"),"order").'</a>&nbsp;';
 				print "<a href=\"commande/fiche.php?id=$obj->rowid\">".$obj->ref.'</a></td>';
 				
-				print '<td><a href="fiche.php?socid='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").'</a>&nbsp;';
-				print '<a href="fiche.php?socid='.$obj->idp.'">'.dolibarr_trunc($obj->nom,50).'</a></td>';
+				print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").'</a>&nbsp;';
+				print '<a href="fiche.php?socidp='.$obj->idp.'">'.dolibarr_trunc($obj->nom,50).'</a></td>';
 				print '<td align="right">'.price($obj->total_ht).'</td>';
 				print '<td align="right">'.price($obj->total_ttc).'</td>';
 				print '<td align="right">'.price($obj->total_ttc-$obj->tot_fttc).'</td></tr>';
@ -377,7 +377,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire)
 		  print '<td nowrap><a href="facture.php?facid='.$obj->rowid.'">'.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.'</a>';
 		  if ($obj->datelimite < (time() - $conf->facture->client->warning_delay)) print img_warning($langs->trans("Late"));
 		  print '</td>';
-		  print '<td><a href="fiche.php?socid='.$obj->idp.'">'.img_object($langs->trans("ShowCustomer"),"company").' '.dolibarr_trunc($obj->nom,44).'</a></td>';
+		  print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.img_object($langs->trans("ShowCustomer"),"company").' '.dolibarr_trunc($obj->nom,44).'</a></td>';
 		  print '<td align="right">'.price($obj->total).'</td>';
 		  print '<td align="right">'.price($obj->total_ttc).'</td>';
 		  print '<td align="right">'.price($obj->am).'</td></tr>';
@ -461,7 +461,7 @@ if ($conf->facture->enabled) {
    	      $obj = $db->fetch_object($result);
    	      $var = !$var;
        	  print '<tr '.$bc[$var].'><td><a href="'.DOL_URL_ROOT.'/fourn/facture/fiche.php?facid='.$obj->rowid.'">'.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.'</a></td>';
-    		  print '<td><a href="fiche.php?socid='.$obj->idp.'">'.img_object($langs->trans("ShowSupplier"),"company").' '.dolibarr_trunc($obj->nom,50).'</a></td>';
+    		  print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.img_object($langs->trans("ShowSupplier"),"company").' '.dolibarr_trunc($obj->nom,50).'</a></td>';
 		      print '<td align="right">'.price($obj->total_ht).'</td>';
              print '<td align="right">'.price($obj->total_ttc).'</td>';
    	      print '</tr>';
--- a/htdocs/fourn/contact.php
+++ b/htdocs/fourn/contact.php
@ -41,7 +41,7 @@ llxHeader();
 if ($user->societe_id > 0) 
 {
  $action = '';
-  $socid = $user->societe_id;
+  $socidp = $user->societe_id;
 }

 $page=$_GET["page"];
@ -81,8 +81,8 @@ if ($contactname) {
  $sortorder = "ASC";
 }

-if ($socid) {
-  $sql .= " AND s.idp = $socid";
+if ($socidp) {
+  $sql .= " AND s.idp = $socidp";
 }

 $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset);
@ -113,7 +113,7 @@ if ($result) {

      print '<td><a href="'.DOL_URL_ROOT.'/contact/fiche.php?id='.$obj->cidp.'">'.img_object($langs->trans("ShowContact"),"contact").' '.$obj->name.'</a></td>';
      print '<td>'.$obj->firstname.'</td>';
-      print '<td><a href="fiche.php?socid='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a></td>';
+      print '<td><a href="fiche.php?socidp='.$obj->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.'</a></td>';
      print '<td>'.$obj->email.'</td>';
      print '<td>'.$obj->phone.'</td>';
      
--- a/htdocs/product/stats/facture.php
+++ b/htdocs/product/stats/facture.php
@ -303,7 +303,7 @@ if ($_GET["id"] || $_GET["ref"])
                    print '<td><a href="'.DOL_URL_ROOT.'/compta/facture.php?facid='.$objp->facid.'">'.img_object($langs->trans("ShowBill"),"bill").' ';
                    print $objp->facnumber;
                    print "</a></td>\n";
-                    print '<td><a href="'.DOL_URL_ROOT.'/compta/fiche.php?socid='.$objp->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($objp->nom,44).'</a></td>';
+                    print '<td><a href="'.DOL_URL_ROOT.'/compta/fiche.php?socidp='.$objp->idp.'">'.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($objp->nom,44).'</a></td>';
                    print "<td>".$objp->code_client."</td>\n";
                    print "<td align=\"center\">";
                    print dolibarr_print_date($objp->date)."</td>";