diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php index a07e1cca5b6..b94f88aa4bc 100644 --- a/htdocs/comm/prospect/fiche.php +++ b/htdocs/comm/prospect/fiche.php @@ -50,6 +50,19 @@ if ($user->societe_id > 0) $socid = $user->societe_id; } +// Protection restriction commercial +if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0) +{ + $sql = "SELECT sc.rowid"; + $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.idp AND sc.fk_user = ".$user->id." AND s.client = 2"; + + if ( $db->query($sql) ) + { + if ( $db->num_rows() == 0) accessforbidden(); + } +} + /* @@ -63,19 +76,6 @@ if ($_GET["action"] == 'cstc') $db->query($sql); } -// Protection restriction commercial -if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0) -{ - $sql = "SELECT sc.fk_soc, s.client"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 2"; - - if ( $db->query($sql) ) - { - if ( $db->num_rows() == 0) accessforbidden(); - } -} - /********************************************************************************* * diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php index 31cb3727701..16714857939 100644 --- a/htdocs/fourn/fiche.php +++ b/htdocs/fourn/fiche.php @@ -52,9 +52,9 @@ if ($user->societe_id > 0) // Protection restriction commercial if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0) { - $sql = "SELECT sc.fk_soc, s.fournisseur"; + $sql = "SELECT sc.rowid"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s"; - $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.fournisseur = 1"; + $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.idp AND sc.fk_user = ".$user->id." AND s.fournisseur = 1"; if ( $db->query($sql) ) {