Fix: Several fixes for bad management of external/internal users.
This commit is contained in:
Laurent Destailleur
parent
049a6dc742
commit
cd6e3464db
@ -309,7 +309,7 @@ if ($id > 0 || ! empty($ref))
|
||||
|
||||
print '<td colspan="1">';
|
||||
$nbofcontacts=$form->select_contacts($selectedCompany,'','contactid');
|
||||
if ($nbofcontacts == 0) print $langs->trans("NoContactDefined");
|
||||
if ($nbofcontacts == 0) print $langs->trans("NoContactDefinedForThirdParty");
|
||||
print '</td>';
|
||||
print '<td>';
|
||||
$formcompany->selectTypeContact($object,'','type','external','rowid');
|
||||
|
||||
@ -69,6 +69,7 @@ class box_activity extends ModeleBoxes
|
||||
include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
|
||||
include_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
|
||||
include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
|
||||
include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
|
||||
$facturestatic=new Facture($db);
|
||||
$propalstatic=new Propal($db);
|
||||
$commandestatic=new Commande($db);
|
||||
@ -80,10 +81,14 @@ class box_activity extends ModeleBoxes
|
||||
if (! empty($conf->facture->enabled) && $user->rights->facture->lire)
|
||||
{
|
||||
$sql = "SELECT f.paye, f.fk_statut, sum(f.total_ttc) as Mnttot, count(*) as nb";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ")";
|
||||
$sql.= " WHERE f.entity = ".$conf->entity;
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
|
||||
$sql.= " AND f.fk_soc = s.rowid";
|
||||
$sql.= " AND (DATE_FORMAT(f.datef,'%Y') = ".date("Y")." or paye=0)";
|
||||
$sql.= " AND f.datef between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
|
||||
$sql.= " GROUP BY f.paye, f.fk_statut ";
|
||||
$sql.= " ORDER BY f.fk_statut DESC";
|
||||
|
||||
@ -136,9 +141,14 @@ class box_activity extends ModeleBoxes
|
||||
if (! empty($conf->commande->enabled) && $user->rights->commande->lire)
|
||||
{
|
||||
$sql = "SELECT c.fk_statut,c.facture, sum(c.total_ttc) as Mnttot, count(*) as nb";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ")";
|
||||
$sql.= " WHERE c.entity = ".$conf->entity;
|
||||
$sql.= " AND c.fk_soc = s.rowid";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
|
||||
$sql.= " AND c.datec between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
|
||||
$sql.= " AND c.facture=0";
|
||||
$sql.= " GROUP BY c.fk_statut";
|
||||
$sql.= " ORDER BY c.fk_statut DESC";
|
||||
@ -178,11 +188,15 @@ class box_activity extends ModeleBoxes
|
||||
if (! empty($conf->propal->enabled) && $user->rights->propal->lire)
|
||||
{
|
||||
$sql = "SELECT p.fk_statut, sum(p.total) as Mnttot, count(*) as nb";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ")";
|
||||
$sql.= " WHERE p.entity = ".$conf->entity;
|
||||
$sql.= " AND p.fk_soc = s.rowid";
|
||||
$sql.= " AND DATE_FORMAT(p.datep,'%Y') = ".date("Y");
|
||||
$sql.= " AND p.date_cloture IS NULL "; // just unclosed
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
|
||||
$sql.= " AND p.datep between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
|
||||
$sql.= " AND p.date_cloture IS NULL"; // just unclosed
|
||||
$sql.= " GROUP BY p.fk_statut";
|
||||
$sql.= " ORDER BY p.fk_statut DESC";
|
||||
|
||||
|
||||
@ -826,7 +826,7 @@ class Form
|
||||
* @param int $socid Id ot third party or 0 for all
|
||||
* @param string $selected Id contact pre-selectionne
|
||||
* @param string $htmlname Name of HTML field ('none' for a not editable field)
|
||||
* @param int $showempty 0=no empty value, 1=add an empty value
|
||||
* @param int $showempty 0=no empty value, 1=add an empty value, 2=add line 'Internal' (used by user edit)
|
||||
* @param string $exclude List of contacts id to exclude
|
||||
* @param string $limitto Disable answers that are not id in this array list
|
||||
* @param string $showfunction Add function into label
|
||||
@ -863,7 +863,8 @@ class Form
|
||||
$num=$this->db->num_rows($resql);
|
||||
|
||||
if ($htmlname != 'none' || $options_only) $out.= '<select class="flat'.($moreclass?' '.$moreclass:'').'" id="'.$htmlname.'" name="'.$htmlname.'">';
|
||||
if ($showempty) $out.= '<option value="0"></option>';
|
||||
if ($showempty == 1) $out.= '<option value="0"'.($selected=='0'?' selected="selected"':'').'></option>';
|
||||
if ($showempty == 2) $out.= '<option value="0"'.($selected=='0'?' selected="selected"':'').'>'.$langs->trans("Internal").'</option>';
|
||||
$num = $this->db->num_rows($resql);
|
||||
$i = 0;
|
||||
if ($num)
|
||||
@ -907,7 +908,7 @@ class Form
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
{
|
||||
if ($selected == $obj->rowid)
|
||||
{
|
||||
$out.= $contactstatic->getFullName($langs);
|
||||
@ -919,8 +920,8 @@ class Form
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$out.= '<option value="-1" selected="selected" disabled="disabled">'.$langs->trans("NoContactDefined").'</option>';
|
||||
{
|
||||
$out.= '<option value="-1"'.($showempty==2?'':' selected="selected"').' disabled="disabled">'.$langs->trans($socid?"NoContactDefinedForThirdParty":"NoContactDefined").'</option>';
|
||||
}
|
||||
if ($htmlname != 'none' || $options_only)
|
||||
{
|
||||
|
||||
@ -507,7 +507,7 @@ class FormCompany
|
||||
* @param string $selected Pre-selected third party
|
||||
* @param string $htmlname Name of HTML form
|
||||
* @param array $limitto Disable answers that are not id in this array list
|
||||
* @param int $forceid This is to force antoher object id than object->id
|
||||
* @param int $forceid This is to force another object id than object->id
|
||||
* @return void
|
||||
* TODO obsolete ?
|
||||
* cette fonction doit utiliser du javascript quoi qu'il en soit !
|
||||
|
||||
@ -254,7 +254,8 @@ EditContact=Edit contact
|
||||
EditContactAddress=Edit contact/address
|
||||
Contact=Contact
|
||||
ContactsAddresses=Contacts/Addresses
|
||||
NoContactDefined=No contact defined for this third party
|
||||
NoContactDefinedForThirdParty=No contact defined for this third party
|
||||
NoContactDefined=No contact defined
|
||||
DefaultContact=Default contact/address
|
||||
AddCompany=Add company
|
||||
AddThirdParty=Add third party
|
||||
|
||||
@ -255,7 +255,8 @@ AddContactAddress=Créer contact/adresse
|
||||
EditContact=Editer contact
|
||||
EditContactAddress=Editer contact/adresse
|
||||
Contact=Contact
|
||||
NoContactDefined=Aucun contact défini pour ce tiers
|
||||
NoContactDefinedForThirdParty=Aucun contact défini pour ce tiers
|
||||
NoContactDefined=Aucun contact défini
|
||||
DefaultContact=Contact par défaut
|
||||
AddCompany=Créer société
|
||||
AddThirdParty=Créer tiers
|
||||
|
||||
@ -290,36 +290,40 @@ if ($action == 'update' && ! $_POST["cancel"])
|
||||
|
||||
if ($caneditfield) // Case we can edit all field
|
||||
{
|
||||
if (! $_POST["nom"])
|
||||
$error=0;
|
||||
|
||||
if (! $_POST["nom"])
|
||||
{
|
||||
$message='<div class="error">'.$langs->trans("NameNotDefined").'</div>';
|
||||
$action="edit"; // Go back to create page
|
||||
$error++;
|
||||
}
|
||||
if (! $_POST["login"])
|
||||
{
|
||||
$message='<div class="error">'.$langs->trans("LoginNotDefined").'</div>';
|
||||
$action="edit"; // Go back to create page
|
||||
$error++;
|
||||
}
|
||||
|
||||
if (! $message)
|
||||
if (! $error)
|
||||
{
|
||||
$db->begin();
|
||||
$object->fetch($id);
|
||||
|
||||
$object->oldcopy=dol_clone($object);
|
||||
|
||||
$object->lastname = $_POST["nom"];
|
||||
$object->firstname = $_POST["prenom"];
|
||||
$object->login = $_POST["login"];
|
||||
$object->pass = $_POST["password"];
|
||||
$object->admin = $_POST["admin"];
|
||||
$object->office_phone = $_POST["office_phone"];
|
||||
$object->office_fax = $_POST["office_fax"];
|
||||
$object->user_mobile = $_POST["user_mobile"];
|
||||
$object->email = $_POST["email"];
|
||||
$object->job = $_POST["job"];
|
||||
$object->signature = $_POST["signature"];
|
||||
$object->openid = $_POST["openid"];
|
||||
$object->lastname = GETPOST("nom");
|
||||
$object->firstname = GETPOST("prenom");
|
||||
$object->login = GETPOST("login");
|
||||
$object->pass = GETPOST("password");
|
||||
$object->admin = GETPOST("admin");
|
||||
$object->office_phone=GETPOST("office_phone");
|
||||
$object->office_fax = GETPOST("office_fax");
|
||||
$object->user_mobile= GETPOST("user_mobile");
|
||||
$object->email = GETPOST("email");
|
||||
$object->job = GETPOST("job");
|
||||
$object->signature = GETPOST("signature");
|
||||
$object->openid = GETPOST("openid");
|
||||
|
||||
// Get extra fields
|
||||
foreach($_POST as $key => $value)
|
||||
@ -363,8 +367,10 @@ if ($action == 'update' && ! $_POST["cancel"])
|
||||
if (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']);
|
||||
|
||||
$ret=$object->update($user);
|
||||
|
||||
if ($ret < 0)
|
||||
{
|
||||
$error++;
|
||||
if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS')
|
||||
{
|
||||
$langs->load("errors");
|
||||
@ -376,7 +382,36 @@ if ($action == 'update' && ! $_POST["cancel"])
|
||||
}
|
||||
}
|
||||
|
||||
if ($ret >=0 && ! count($object->errors))
|
||||
if (! $error && isset($_POST['contactid']))
|
||||
{
|
||||
$contactid=GETPOST('contactid');
|
||||
|
||||
if ($contactid > 0)
|
||||
{
|
||||
$contact=new Contact($db);
|
||||
$contact->fetch($contactid);
|
||||
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql.= " SET fk_socpeople=".$contactid;
|
||||
if ($contact->socid) $sql.=", fk_societe=".$contact->socid;
|
||||
$sql.= " WHERE rowid=".$object->id;
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql.= " SET fk_socpeople=NULL, fk_societe=NULL";
|
||||
$sql.= " WHERE rowid=".$object->id;
|
||||
}
|
||||
$resql=$db->query($sql);
|
||||
dol_syslog("fiche::update sql=".$sql, LOG_DEBUG);
|
||||
if (! $resql)
|
||||
{
|
||||
$error++;
|
||||
$message.='<div class="error">'.$db->lasterror().'</div>';
|
||||
}
|
||||
}
|
||||
|
||||
if (! $error && ! count($object->errors))
|
||||
{
|
||||
if (GETPOST('deletephoto') && $object->photo)
|
||||
{
|
||||
@ -415,7 +450,7 @@ if ($action == 'update' && ! $_POST["cancel"])
|
||||
}
|
||||
}
|
||||
|
||||
if ($ret >= 0 && ! count($object->errors))
|
||||
if (! $error && ! count($object->errors))
|
||||
{
|
||||
$message.='<div class="ok">'.$langs->trans("UserModified").'</div>';
|
||||
$db->commit();
|
||||
@ -1149,20 +1184,20 @@ else
|
||||
|
||||
// Type
|
||||
print '<tr><td valign="top">'.$langs->trans("Type").'</td><td>';
|
||||
if ($object->societe_id)
|
||||
{
|
||||
print $form->textwithpicto($langs->trans("External"),$langs->trans("InternalExternalDesc"));
|
||||
}
|
||||
else if ($object->ldap_sid)
|
||||
{
|
||||
print $langs->trans("DomainUser",$ldap->domainFQDN);
|
||||
}
|
||||
else
|
||||
{
|
||||
print $form->textwithpicto($langs->trans("Internal"),$langs->trans("InternalExternalDesc"));
|
||||
}
|
||||
$type=$langs->trans("Internal");
|
||||
if ($object->societe_id) $type=$langs->trans("External");
|
||||
print $form->textwithpicto($type,$langs->trans("InternalExternalDesc"));
|
||||
if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
|
||||
print '</td></tr>'."\n";
|
||||
|
||||
// ldap sid
|
||||
if ($object->ldap_sid)
|
||||
{
|
||||
print '<tr><td valign="top">'.$langs->trans("Type").'</td><td>';
|
||||
print $langs->trans("DomainUser",$ldap->domainFQDN);
|
||||
print '</td></tr>'."\n";
|
||||
}
|
||||
|
||||
// Tel pro
|
||||
print '<tr><td valign="top">'.$langs->trans("PhonePro").'</td>';
|
||||
print '<td>'.dol_print_phone($object->office_phone,'',0,0,1).'</td>';
|
||||
@ -1630,6 +1665,7 @@ else
|
||||
print '<tr><td valign="top">'.$langs->trans("Administrator").'</td>';
|
||||
if ($object->societe_id > 0)
|
||||
{
|
||||
$langs->load("admin");
|
||||
print '<td>';
|
||||
print '<input type="hidden" name="admin" value="'.$object->admin.'">'.yn($object->admin);
|
||||
print ' ('.$langs->trans("ExternalUser").')';
|
||||
@ -1702,7 +1738,7 @@ else
|
||||
print '</td></tr>';
|
||||
}
|
||||
|
||||
//Multicompany
|
||||
// Multicompany
|
||||
if (! empty($conf->multicompany->enabled))
|
||||
{
|
||||
if (empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity)
|
||||
@ -1716,25 +1752,25 @@ else
|
||||
print '<input type="hidden" name="entity" value="'.$conf->entity.'" />';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// Type
|
||||
print '<tr><td width="25%" valign="top">'.$langs->trans("Type").'</td>';
|
||||
print '<td>';
|
||||
if ($object->societe_id)
|
||||
{
|
||||
print $langs->trans("External");
|
||||
}
|
||||
else if ($object->ldap_sid)
|
||||
{
|
||||
print $langs->trans("DomainUser");
|
||||
}
|
||||
else
|
||||
{
|
||||
print $langs->trans("Internal");
|
||||
}
|
||||
print '</td></tr>';
|
||||
|
||||
// Type
|
||||
print '<tr><td width="25%" valign="top">'.$langs->trans("Type").'</td>';
|
||||
print '<td>';
|
||||
if ($user->id == $object->id || ! $user->admin)
|
||||
{
|
||||
$type=$langs->trans("Internal");
|
||||
if ($object->societe_id) $type=$langs->trans("External");
|
||||
print $form->textwithpicto($type,$langs->trans("InternalExternalDesc"));
|
||||
if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
|
||||
}
|
||||
else
|
||||
{
|
||||
$type=0;
|
||||
if ($object->contact_id) $type=$object->contact_id;
|
||||
print $form->selectcontacts(0,$type,'contactid',2,'','',1,'',false,1);
|
||||
if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
|
||||
}
|
||||
print '</td></tr>';
|
||||
|
||||
// Tel pro
|
||||
print "<tr>".'<td valign="top">'.$langs->trans("PhonePro").'</td>';
|
||||
|
||||
Loading…
Reference in New Issue
Block a user