From be42540d881958fba57aa40768c60157f0be1ee4 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 9 Mar 2006 10:38:12 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/compta/deplacement/index.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index b99e63e7101..b17942d1dab 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -51,15 +51,26 @@ $offset = $limit * $page ; $pageprev = $page - 1; $pagenext = $page + 1; +// Sécurité accés client +$socidp = $_GET["socidp"]; +if ($user->societe_id > 0) +{ + $action = ''; + $socidp = $user->societe_id; +} + $sql = "SELECT s.nom, s.idp,"; // Ou $sql.= " d.rowid, ".$db->pdate("d.dated")." as dd, d.km, "; // Comment $sql.= " u.name, u.firstname"; // Qui -$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."deplacement as d, ".MAIN_DB_PREFIX."user as u "; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."deplacement as d, ".MAIN_DB_PREFIX."user as u"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE d.fk_soc = s.idp AND d.fk_user = u.rowid"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; -if ($user->societe_id > 0) +if ($socidp) { - $sql .= " AND s.idp = " . $user->societe_id; + $sql .= " AND s.idp = $socidp"; } $sql .= " ORDER BY $sortfield $sortorder " . $db->plimit( $limit + 1 ,$offset);