From bea4dc80f2ad10df39a6ed6598f68e4d5f56f199 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Thu, 9 Mar 2006 10:30:01 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/compta/commande/liste.php | 8 ++++++-- htdocs/compta/propal.php | 5 ++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/htdocs/compta/commande/liste.php b/htdocs/compta/commande/liste.php index 30135ebe4fd..5fe83057824 100644 --- a/htdocs/compta/commande/liste.php +++ b/htdocs/compta/commande/liste.php @@ -52,8 +52,12 @@ if ($user->societe_id > 0) llxHeader(); -$sql = "SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,".$db->pdate("c.date_commande")." as date_commande, c.fk_statut" ; -$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c WHERE c.fk_soc = s.idp"; +$sql = "SELECT s.nom, s.idp, c.rowid, c.ref, c.total_ht,".$db->pdate("c.date_commande")." as date_commande, c.fk_statut"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; +$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +$sql .= " WHERE c.fk_soc = s.idp"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= " AND s.idp = $socidp"; diff --git a/htdocs/compta/propal.php b/htdocs/compta/propal.php index ca499f44667..dcc7ed2fc01 100644 --- a/htdocs/compta/propal.php +++ b/htdocs/compta/propal.php @@ -661,8 +661,11 @@ if ($_GET["propalid"] > 0) $sql = "SELECT s.nom, s.idp, p.rowid as propalid, p.price, p.ref, p.fk_statut, ".$db->pdate("p.datep")." as dp"; - $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p "; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user"; + $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE p.fk_soc = s.idp"; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) $sql .= " AND s.idp = $socidp"; if ($viewstatut <> '') $sql .= " AND p.fk_statut in ($viewstatut)"; // viewstatut peut etre combinaisons séparé par virgules if ($month > 0) $sql .= " AND date_format(p.datep, '%Y-%m') = '$year-$month'";