From bd272c7bd2b359f5fda3229d9a138ac73c8c2903 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 16:48:36 +0000 Subject: [PATCH] bugfix --- htdocs/comm/action/index.php | 16 +++++----- htdocs/comm/index.php | 57 +++++++++++++++++++----------------- htdocs/comm/propal.php | 6 ++-- htdocs/commande/index.php | 24 +++++++-------- htdocs/commande/liste.php | 6 ++-- htdocs/contact/index.php | 12 ++++---- htdocs/expedition/index.php | 27 +++++++++-------- htdocs/expedition/liste.php | 6 ++-- htdocs/societe.php | 26 ++++++++-------- 9 files changed, 93 insertions(+), 87 deletions(-) diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index 2e64edf1ff8..80fd4b5cfb2 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -40,7 +40,7 @@ $langs->load("companies"); if ($user->societe_id > 0) { $action = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } @@ -67,9 +67,9 @@ llxHeader(); $sql = "SELECT s.nom as societe, s.idp as socidp, s.client,"; $sql.= " a.id,".$db->pdate("a.datea")." as da, a.fk_contact, a.note, a.percent as percent,"; $sql.= " c.code as acode, c.libelle, u.code, u.rowid as userid"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."actioncomm as a, ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."user as u"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE a.fk_soc = s.idp AND c.id=a.fk_action AND a.fk_user_author = u.rowid"; if ($_GET["type"]) { @@ -79,11 +79,11 @@ if ($_GET["time"] == "today") { $sql .= " AND date_format(a.datea, '%d%m%Y') = ".strftime("%d%m%Y",time()); } -if ($socid) +if ($socidp) { - $sql .= " AND s.idp = $socid"; + $sql .= " AND s.idp = $socidp"; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -100,10 +100,10 @@ if ($resql) if ($status == 'done') $title="DoneActions"; if ($status == 'todo') $title="ToDoActions"; - if ($socid) + if ($socidp) { $societe = new Societe($db); - $societe->fetch($socid); + $societe->fetch($socidp); print_barre_liste($langs->trans($title."For",$societe->nom), $page, "index.php",'',$sortfield,$sortorder,'',$num); } diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index ce666cf69c6..71ed75af874 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -129,12 +129,15 @@ if ($conf->contrat->enabled) if ($conf->propal->enabled && $user->rights->propale->lire) { $sql = "SELECT p.rowid, p.ref, p.price, s.idp, s.nom"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."societe as s"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE p.fk_statut = 0 and p.fk_soc = s.idp"; - $sql.= " AND s.idp = ".$socidp; - if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if ($socidp) + { + $sql .= " AND s.idp = $socidp"; + } + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $resql=$db->query($sql); if ($resql) @@ -177,11 +180,11 @@ if ($conf->commande->enabled) { $langs->load("orders"); $sql = "SELECT c.rowid, c.ref, c.total_ttc, s.nom, s.idp"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.idp AND c.fk_statut = 0"; - if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= " AND c.fk_soc = $socidp"; @@ -273,11 +276,11 @@ print ''; */ $sql = "SELECT a.id, a.label, ".$db->pdate("a.datea")." as da, c.code, c.libelle, a.fk_user_author, s.nom as sname, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a, ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.id=a.fk_action AND a.percent < 100 AND s.idp = a.fk_soc"; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= " AND s.idp = $socidp"; @@ -356,15 +359,15 @@ else if ($user->rights->societe->lire) { $sql = "SELECT s.idp,s.nom,".$db->pdate("datec")." as datec"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.client = 1"; - if ($user->societe_id > 0) + if ($socidp) { - $sql .= " AND s.idp = $user->societe_id"; + $sql .= " AND s.idp = $socidp"; } - if (!$user->rights->commercial->client->voir) //restriction + if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -409,15 +412,15 @@ if ($user->rights->societe->lire) */ $sql = "SELECT a.id, ".$db->pdate("a.datea")." as da, c.code, c.libelle, a.fk_user_author, s.nom as sname, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a, ".MAIN_DB_PREFIX."c_actioncomm as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.id=a.fk_action AND a.percent >= 100 AND s.idp = a.fk_soc"; if ($socidp) { $sql .= " AND s.idp = $socidp"; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -471,15 +474,15 @@ if ($conf->contrat->enabled && 0) // \todo A REFAIRE DEPUIS NOUVEAU CONTRAT $langs->load("contracts"); $sql = "SELECT s.nom, s.idp, c.statut, c.rowid, p.ref, c.mise_en_service as datemes, c.fin_validite as datefin, c.date_cloture as dateclo"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."product as p"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp and c.fk_product = p.rowid"; if ($socidp) { $sql .= " AND s.idp = $socidp"; } - if (!$user->rights->commercial->client->voir) //restriction + if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -524,12 +527,12 @@ if ($conf->contrat->enabled && 0) // \todo A REFAIRE DEPUIS NOUVEAU CONTRAT if ($conf->propal->enabled && $user->rights->propale->lire) { $sql = "SELECT s.nom, s.idp, p.rowid as propalid, p.price, p.ref, p.fk_statut, ".$db->pdate("p.datep")." as dp"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_soc = s.idp AND p.fk_statut = 1"; if ($socidp) $sql .= " AND s.idp = $socidp"; - if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY p.rowid DESC"; $result=$db->query($sql); @@ -579,15 +582,15 @@ if ($conf->propal->enabled && $user->rights->propale->lire) { $NBMAX=5; $sql = "SELECT s.nom, s.idp, p.rowid as propalid, p.price, p.ref, p.fk_statut, ".$db->pdate("p.datep")." as dp"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE p.fk_soc = s.idp AND p.fk_statut > 1"; if ($socidp) { $sql .= " AND s.idp = $socidp"; } - if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY p.rowid DESC"; $sql .= $db->plimit($NBMAX, 0); diff --git a/htdocs/comm/propal.php b/htdocs/comm/propal.php index bbe2983c521..64805bbfda8 100644 --- a/htdocs/comm/propal.php +++ b/htdocs/comm/propal.php @@ -1235,13 +1235,13 @@ else $pagenext = $page + 1; $sql = 'SELECT s.nom, s.idp, s.client, p.rowid as propalid, p.price, p.ref, p.fk_statut, '.$db->pdate('p.datep').' as dp,'.$db->pdate('p.fin_validite').' as dfv'; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'propal as p'; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; if ($sall) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'propaldet as pd ON p.rowid=pd.fk_propal'; $sql.= ' WHERE p.fk_soc = s.idp'; - if (!$user->rights->commercial->client->voir) //restriction + if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index 34fa9187a50..73934303c53 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -70,12 +70,12 @@ print "
\n"; * Commandes à valider */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 0"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ( $db->query($sql) ) { @@ -104,12 +104,12 @@ if ( $db->query($sql) ) * Commandes à traiter */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .=" FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 1"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY c.rowid DESC"; if ( $db->query($sql) ) @@ -144,12 +144,12 @@ print ''; * Commandes en cours */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 2 "; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY c.rowid DESC"; if ( $db->query($sql) ) @@ -183,12 +183,12 @@ $max=5; $sql = "SELECT c.rowid, c.ref, s.nom, s.idp,"; $sql.= " ".$db->pdate("date_cloture")." as datec"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.idp and c.fk_statut > 2"; if ($socidp) $sql .= " AND c.fk_soc = ".$socidp; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.tms DESC"; $sql.= $db->plimit($max, 0); diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php index cbbf14874d1..bcae1c24ab6 100644 --- a/htdocs/commande/liste.php +++ b/htdocs/commande/liste.php @@ -63,11 +63,11 @@ $limit = $conf->liste_limit; $offset = $limit * $_GET['page'] ; $sql = 'SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,'.$db->pdate('c.date_commande').' as date_commande, c.fk_statut'; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'commande as c'; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= ' WHERE c.fk_soc = s.idp'; -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php index d0668dd07f3..1362b0595da 100644 --- a/htdocs/contact/index.php +++ b/htdocs/contact/index.php @@ -38,7 +38,7 @@ $langs->load("suppliers"); if ($user->societe_id > 0) { $action = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } @@ -91,9 +91,9 @@ llxHeader(); $sql = "SELECT s.idp, s.nom, p.idp as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user "; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= "FROM ".MAIN_DB_PREFIX."socpeople as p"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.idp = p.fk_soc "; $sql .= "WHERE 1=1 "; @@ -101,7 +101,7 @@ if ($_GET["userid"]) // statut commercial { $sql .= " AND p.fk_user=".$_GET["userid"]; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -133,9 +133,9 @@ if ($sall) { $sql .= " AND (p.name like '%".addslashes($sall)."%' OR p.firstname like '%".addslashes($sall)."%' OR p.email like '%".addslashes($sall)."%') "; } -if ($socid) +if ($socidp) { - $sql .= " AND s.idp = $socid"; + $sql .= " AND s.idp = $socidp"; } if($_GET["view"] == "recent") diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index 1b20294e44e..637715738af 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -51,15 +51,15 @@ print "
\n"; * Expeditions à valider */ $sql = "SELECT e.rowid, e.ref, s.nom, s.idp, c.ref as commande_ref, c.rowid as commande_id"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."expedition as e, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE e.fk_commande = c.rowid AND c.fk_soc = s.idp AND e.fk_statut = 0"; if ($socidp) { $sql .= " AND c.fk_soc = $socidp"; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; } @@ -92,11 +92,12 @@ if ($resql) * Commandes à traiter */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE c.fk_soc = s.idp AND c.fk_statut = 1"; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if ($socidp) $sql .= " AND c.fk_soc = $socidp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY c.rowid ASC"; if ( $db->query($sql) ) @@ -135,11 +136,12 @@ print ''; * Commandes en traitement */ $sql = "SELECT c.rowid, c.ref, s.nom, s.idp"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE c.fk_soc = s.idp AND c.fk_statut = 2"; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if ($socidp) $sql .= " AND c.fk_soc = $socidp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $resql = $db->query($sql); if ( $resql ) { @@ -171,11 +173,12 @@ if ( $resql ) * Expeditions à valider */ $sql = "SELECT e.rowid, e.ref, s.nom, s.idp, c.ref as commande_ref, c.rowid as commande_id"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e, ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE e.fk_commande = c.rowid AND c.fk_soc = s.idp AND e.fk_statut = 1"; -if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if ($socidp) $sql .= " AND c.fk_soc = $socidp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $sql .= " ORDER BY e.date_expedition DESC"; $sql .= $db->plimit(5, 0); diff --git a/htdocs/expedition/liste.php b/htdocs/expedition/liste.php index 73fa731808d..46f962a7b07 100644 --- a/htdocs/expedition/liste.php +++ b/htdocs/expedition/liste.php @@ -58,9 +58,9 @@ $offset = $limit * $_GET["page"] ; llxHeader('',$langs->trans('ListOfSendings'),'ch-expedition.html'); $sql = "SELECT e.rowid, e.ref,".$db->pdate("e.date_expedition")." as date_expedition, e.fk_statut"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."commande as c"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."commande as c"; if ($socidp) $sql.=", ".MAIN_DB_PREFIX."commande as c"; $sql_add = " WHERE "; if ($socidp) @@ -73,7 +73,7 @@ if ($_POST["sf_ref"]) $sql.= $sql_add . " e.ref like '%".addslashes($_POST["sf_ref"])."%'"; $sql_add = " AND "; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= $sql_add . " e.fk_commande = c.rowid AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; } diff --git a/htdocs/societe.php b/htdocs/societe.php index f7228aa7463..c784e3b7c99 100644 --- a/htdocs/societe.php +++ b/htdocs/societe.php @@ -40,11 +40,11 @@ $langs->load("suppliers"); // Sécurité accés client -$socid=0; +$socidp=0; if ($user->societe_id > 0) { $action = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } @@ -80,11 +80,11 @@ if ($mode == 'search') $_POST["search_nom"]="$socname"; $sql = "SELECT s.idp"; - if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE s.nom like '%".$socname."%'"; - if (!$user->rights->commercial->client->voir) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; $result=$db->query($sql); if ($result) @@ -92,8 +92,8 @@ if ($mode == 'search') if ($db->num_rows($result) == 1) { $obj = $db->fetch_object($result); - $socid = $obj->idp; - header("location: soc.php?socid=$socid"); + $socidp = $obj->idp; + header("location: soc.php?socidp=$socidp"); exit; } $db->free($result); @@ -102,7 +102,7 @@ if ($mode == 'search') if ($user->societe_id > 0) { $action = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } } @@ -127,14 +127,14 @@ $title=$langs->trans("ListOfCompanies"); $sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea"; $sql.= ", st.libelle as stcomm, s.prefix_comm, s.client, s.fournisseur, s.siren"; -if (!$user->rights->commercial->client->voir) $sql .= ", sc.fk_soc, sc.fk_user"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; -if (!$user->rights->commercial->client->voir) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id"; -if ($user->societe_id > 0) +if ($socidp) { - $sql .= " AND s.idp = " . $user->societe_id; + $sql .= " AND s.idp = $socidp"; } if ($socname) @@ -146,7 +146,7 @@ if (strlen($stcomm)) { $sql .= " AND s.fk_stcomm=$stcomm"; } -if (!$user->rights->commercial->client->voir) //restriction +if (!$user->rights->commercial->client->voir && !$socidp) //restriction { $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; }