From b8cf4b13028e16ddd37769dd4eb7376abb1c7bac Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 13 Mar 2006 14:01:26 +0000
Subject: [PATCH] bugfix

---
 htdocs/comm/prospect/fiche.php | 26 +++++++++++++-------------
 htdocs/fourn/fiche.php         |  4 ++--
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php
index a07e1cca5b6..b94f88aa4bc 100644
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@@ -50,6 +50,19 @@ if ($user->societe_id > 0)
     $socid = $user->societe_id;
 }
 
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.rowid";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.idp AND sc.fk_user = ".$user->id." AND s.client = 2";
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+
 
 
 /*
@@ -63,19 +76,6 @@ if ($_GET["action"] == 'cstc')
   $db->query($sql);
 }
 
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
-        $sql = "SELECT sc.fk_soc, s.client";
-        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
-        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 2";
-
-        if ( $db->query($sql) )
-        {
-          if ( $db->num_rows() == 0) accessforbidden();
-        }
-}
-
 
 /*********************************************************************************
  *
diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php
index 31cb3727701..16714857939 100644
--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@@ -52,9 +52,9 @@ if ($user->societe_id > 0)
 // Protection restriction commercial
 if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
 {
-        $sql = "SELECT sc.fk_soc, s.fournisseur";
+        $sql = "SELECT sc.rowid";
         $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
-        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
+        $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.idp AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
 
         if ( $db->query($sql) )
         {