From ac790f3e95e650cf0586a99ea242263acceefce0 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 18:06:29 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/comm/fiche.php | 28 ++++++++++++++++------------ htdocs/compta/clients.php | 13 +++++++++---- htdocs/compta/index.php | 12 ++++++------ htdocs/fourn/contact.php | 8 ++++---- htdocs/product/stats/facture.php | 2 +- 5 files changed, 36 insertions(+), 27 deletions(-) diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index af3a209c32c..18cae08c936 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -46,10 +46,10 @@ $langs->load("contracts"); if ($conf->fichinter->enabled) $langs->load("interventions"); // Protection quand utilisateur externe -$socid = isset($_GET["socid"])?$_GET["socid"]:''; +$socidp = isset($_GET["socid"])?$_GET["socid"]:''; if ($user->societe_id > 0) { - $socid = $user->societe_id; + $socidp = $user->societe_id; } @@ -90,7 +90,7 @@ if ($_POST["action"] == 'setassujtva') { $societe = new Societe($db, $_GET["socid"]); $societe->tva_assuj=$_POST['assujtva_value']; - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET tva_assuj='".$_POST['assujtva_value']."' WHERE idp='".$socid."'"; + $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET tva_assuj='".$_POST['assujtva_value']."' WHERE idp='".$socidp."'"; $result = $db->query($sql); if (! $result) dolibarr_print_error($result); } @@ -98,7 +98,7 @@ if ($_POST["action"] == 'setassujtva') if ($action == 'recontact') { $dr = mktime(0, 0, 0, $remonth, $reday, $reyear); - $sql = "INSERT INTO ".MAIN_DB_PREFIX."soc_recontact (fk_soc, datere, author) VALUES ($socid, $dr,'". $user->login ."')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."soc_recontact (fk_soc, datere, author) VALUES ($socidp, $dr,'". $user->login ."')"; $result = $db->query($sql); if (! $result) dolibarr_print_error($result); } @@ -108,12 +108,12 @@ if ($action == 'stcomm') if ($stcommid <> 'null' && $stcommid <> $oldstcomm) { $sql = "INSERT INTO socstatutlog (datel, fk_soc, fk_statut, author) "; - $sql .= " VALUES ('$dateaction',$socid,$stcommid,'" . $user->login . "')"; + $sql .= " VALUES ('$dateaction',$socidp,$stcommid,'" . $user->login . "')"; $result = @$db->query($sql); if ($result) { - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=$stcommid WHERE idp=".$socid; + $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET fk_stcomm=$stcommid WHERE idp=".$socidp; $result = $db->query($sql); } else @@ -124,7 +124,7 @@ if ($action == 'stcomm') if ($actioncommid) { - $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socid,'" . $user->id . "')"; + $sql = "INSERT INTO ".MAIN_DB_PREFIX."actioncomm (datea, fk_action, fk_soc, fk_user_author) VALUES ('$dateaction',$actioncommid,$socidp,'" . $user->id . "')"; $result = @$db->query($sql); if (!$result) @@ -140,14 +140,18 @@ if ($action == 'stcomm') */ if ($mode == 'search') { if ($mode-search == 'soc') { - $sql = "SELECT s.idp FROM ".MAIN_DB_PREFIX."societe as s "; + $sql = "SELECT s.idp"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; + $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE lower(s.nom) like '%".strtolower($socname)."%'"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } if ( $db->query($sql) ) { if ( $db->num_rows() == 1) { $obj = $db->fetch_object(); - $socid = $obj->idp; + $socidp = $obj->idp; } $db->free(); } @@ -163,12 +167,12 @@ llxHeader('',$langs->trans('CustomerCard')); * Mode fiche * *********************************************************************************/ -if ($socid > 0) +if ($socidp > 0) { // On recupere les donnees societes par l'objet $objsoc = new Societe($db); - $objsoc->id=$socid; - $objsoc->fetch($socid,$to); + $objsoc->id=$socidp; + $objsoc->fetch($socidp,$to); $dac = strftime("%Y-%m-%d %H:%M", time()); if ($errmesg) diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index 2e80dec44e8..7dbddabff6e 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -137,8 +137,13 @@ if ($mode == 'search') { * */ -$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta "; -$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st WHERE s.fk_stcomm = st.id AND s.client=1"; +$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea"; +$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta "; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; +$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql .= " WHERE s.fk_stcomm = st.id AND s.client=1"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if (strlen($stcomm)) { @@ -172,9 +177,9 @@ if (strlen($begin)) $sql .= " AND s.nom like '".addslashes($begin)."'"; } -if ($user->societe_id) +if ($socidp) { - $sql .= " AND s.idp = " .$user->societe_id; + $sql .= " AND s.idp = $socidp"; } $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset); diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 5b5e0bad00d..12d9dd9eed6 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -140,7 +140,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire) $obj = $db->fetch_object($resql); $var=!$var; print ''.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.''; - print ''.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($obj->nom,20).''; + print ''.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($obj->nom,20).''; print ''.price($obj->total_ttc).''; print ''; $tot_ttc+=$obj->total_ttc; @@ -238,7 +238,7 @@ if ( $resql ) $obj = $db->fetch_object($resql); $var = !$var; print ""; - print ''.$obj->nom.''; + print ''.$obj->nom.''; print ''.img_delete().''; print ''; $i++; @@ -306,8 +306,8 @@ if ($conf->commande->enabled && $user->rights->commande->lire) print "rowid\">".img_object($langs->trans("ShowOrder"),"order").' '; print "rowid\">".$obj->ref.''; - print ''.img_object($langs->trans("ShowCompany"),"company").' '; - print ''.dolibarr_trunc($obj->nom,50).''; + print ''.img_object($langs->trans("ShowCompany"),"company").' '; + print ''.dolibarr_trunc($obj->nom,50).''; print ''.price($obj->total_ht).''; print ''.price($obj->total_ttc).''; print ''.price($obj->total_ttc-$obj->tot_fttc).''; @@ -377,7 +377,7 @@ if ($conf->facture->enabled && $user->rights->facture->lire) print ''.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.''; if ($obj->datelimite < (time() - $conf->facture->client->warning_delay)) print img_warning($langs->trans("Late")); print ''; - print ''.img_object($langs->trans("ShowCustomer"),"company").' '.dolibarr_trunc($obj->nom,44).''; + print ''.img_object($langs->trans("ShowCustomer"),"company").' '.dolibarr_trunc($obj->nom,44).''; print ''.price($obj->total).''; print ''.price($obj->total_ttc).''; print ''.price($obj->am).''; @@ -461,7 +461,7 @@ if ($conf->facture->enabled) { $obj = $db->fetch_object($result); $var = !$var; print ''.img_object($langs->trans("ShowBill"),"bill").' '.$obj->facnumber.''; - print ''.img_object($langs->trans("ShowSupplier"),"company").' '.dolibarr_trunc($obj->nom,50).''; + print ''.img_object($langs->trans("ShowSupplier"),"company").' '.dolibarr_trunc($obj->nom,50).''; print ''.price($obj->total_ht).''; print ''.price($obj->total_ttc).''; print ''; diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 3b20507de7e..647eefccbd1 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -41,7 +41,7 @@ llxHeader(); if ($user->societe_id > 0) { $action = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } $page=$_GET["page"]; @@ -81,8 +81,8 @@ if ($contactname) { $sortorder = "ASC"; } -if ($socid) { - $sql .= " AND s.idp = $socid"; +if ($socidp) { + $sql .= " AND s.idp = $socidp"; } $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit, $offset); @@ -113,7 +113,7 @@ if ($result) { print ''.img_object($langs->trans("ShowContact"),"contact").' '.$obj->name.''; print ''.$obj->firstname.''; - print ''.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.''; + print ''.img_object($langs->trans("ShowCompany"),"company").' '.$obj->nom.''; print ''.$obj->email.''; print ''.$obj->phone.''; diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index 98992496a01..2ec61480597 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -303,7 +303,7 @@ if ($_GET["id"] || $_GET["ref"]) print ''.img_object($langs->trans("ShowBill"),"bill").' '; print $objp->facnumber; print "\n"; - print ''.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($objp->nom,44).''; + print ''.img_object($langs->trans("ShowCompany"),"company").' '.dolibarr_trunc($objp->nom,44).''; print "".$objp->code_client."\n"; print ""; print dolibarr_print_date($objp->date)."";