From c276e7996d9765ac6b417261f628cd2372af65fa Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 13 Mar 2006 15:16:08 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?=
 =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?=
 =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?=
 =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/commande/stats/commandestats.class.php | 59 +++++++++++++------
 1 file changed, 42 insertions(+), 17 deletions(-)

diff --git a/htdocs/commande/stats/commandestats.class.php b/htdocs/commande/stats/commandestats.class.php
index 87c41b60e88..5c4a208eed1 100644
--- a/htdocs/commande/stats/commandestats.class.php
+++ b/htdocs/commande/stats/commandestats.class.php
@@ -51,11 +51,17 @@ class CommandeStats extends Stats
    */
     function getNbByMonth($year)
     {
-        $sql = "SELECT date_format(date_commande,'%m') as dm, count(*) nb FROM ".MAIN_DB_PREFIX."commande";
-        $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0";
+    	  global $conf;
+    	  global $user;
+    	  
+        $sql = "SELECT date_format(c.date_commande,'%m') as dm, count(*) nb";
+        $sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
+        if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+        $sql .= " WHERE date_format(c.date_commande,'%Y') = $year AND c.fk_statut > 0";
+        if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
         if ($this->socidp)
         {
-            $sql .= " AND fk_soc = ".$this->socidp;
+            $sql .= " AND c.fk_soc = ".$this->socidp;
         }
         $sql .= " GROUP BY dm";
         $sql .= " ORDER BY dm DESC";
@@ -69,11 +75,18 @@ class CommandeStats extends Stats
    */
   function getNbByYear()
   {
-    $sql = "SELECT date_format(date_commande,'%Y') as dm, count(*), sum(total_ht)  FROM ".MAIN_DB_PREFIX."commande WHERE fk_statut > 0";
+  	global $conf;
+    global $user;
+  	
+    $sql = "SELECT date_format(c.date_commande,'%Y') as dm, count(*), sum(c.total_ht)";
+    $sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+    $sql .= " WHERE c.fk_statut > 0";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
     if ($this->socidp)
-      {
-	$sql .= " AND fk_soc = ".$this->socidp;
-      }
+    {
+	    $sql .= " AND c.fk_soc = ".$this->socidp;
+    }
     $sql .= " GROUP BY dm DESC";
 
     return $this->_getNbByYear($sql);
@@ -85,12 +98,18 @@ class CommandeStats extends Stats
    */
   function getAmountByMonth($year)
   {
-    $sql = "SELECT date_format(date_commande,'%m') as dm, sum(total_ht)  FROM ".MAIN_DB_PREFIX."commande";
-    $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0";
+  	global $conf;
+    global $user;
+  	
+    $sql = "SELECT date_format(c.date_commande,'%m') as dm, sum(c.total_ht)";
+    $sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+    $sql .= " WHERE date_format(c.date_commande,'%Y') = $year AND c.fk_statut > 0";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
     if ($this->socidp)
-      {
-	$sql .= " AND fk_soc = ".$this->socidp;
-      }
+    {
+	    $sql .= " AND c.fk_soc = ".$this->socidp;
+    }
     $sql .= " GROUP BY dm DESC";
 
     return $this->_getAmountByMonth($year, $sql);
@@ -102,12 +121,18 @@ class CommandeStats extends Stats
    */
   function getAverageByMonth($year)
   {
-    $sql = "SELECT date_format(date_commande,'%m') as dm, avg(total_ht)  FROM ".MAIN_DB_PREFIX."commande";
-    $sql .= " WHERE date_format(date_commande,'%Y') = $year AND fk_statut > 0";
+  	global $conf;
+    global $user;
+  	
+    $sql = "SELECT date_format(c.date_commande,'%m') as dm, avg(c.total_ht)";
+    $sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+    $sql .= " WHERE date_format(c.date_commande,'%Y') = $year AND c.fk_statut > 0";
+    if (!$user->rights->commercial->client->voir && !$this->socidp) $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
     if ($this->socidp)
-      {
-	$sql .= " AND fk_soc = ".$this->socidp;
-      }
+    {
+	    $sql .= " AND c.fk_soc = ".$this->socidp;
+    }
     $sql .= " GROUP BY dm DESC";
 
     return $this->_getAverageByMonth($year, $sql);