From cd6e3464dbf151f0e2f9a9cfb55336ad65db3d6e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 2 Jan 2013 14:35:16 +0100
Subject: [PATCH] Fix: Several fixes for bad management of external/internal
 users.

---
 htdocs/comm/action/contact.php               |   2 +-
 htdocs/core/boxes/box_activity.php           |  26 +++-
 htdocs/core/class/html.form.class.php        |  11 +-
 htdocs/core/class/html.formcompany.class.php |   2 +-
 htdocs/langs/en_US/companies.lang            |   3 +-
 htdocs/langs/fr_FR/companies.lang            |   3 +-
 htdocs/user/fiche.php                        | 130 ++++++++++++-------
 7 files changed, 115 insertions(+), 62 deletions(-)

diff --git a/htdocs/comm/action/contact.php b/htdocs/comm/action/contact.php
index c86792f4572..fd8e7a83dd3 100644
--- a/htdocs/comm/action/contact.php
+++ b/htdocs/comm/action/contact.php
@@ -309,7 +309,7 @@ if ($id > 0 || ! empty($ref))
 
 				print '<td colspan="1">';
 				$nbofcontacts=$form->select_contacts($selectedCompany,'','contactid');
-				if ($nbofcontacts == 0) print $langs->trans("NoContactDefined");
+				if ($nbofcontacts == 0) print $langs->trans("NoContactDefinedForThirdParty");
 				print '</td>';
 				print '<td>';
 				$formcompany->selectTypeContact($object,'','type','external','rowid');
diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php
index 5e4267bd12c..817bf77ddd1 100644
--- a/htdocs/core/boxes/box_activity.php
+++ b/htdocs/core/boxes/box_activity.php
@@ -69,6 +69,7 @@ class box_activity extends ModeleBoxes
 		include_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 		include_once DOL_DOCUMENT_ROOT.'/comm/propal/class/propal.class.php';
 		include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
+		include_once DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php';
 		$facturestatic=new Facture($db);
 		$propalstatic=new Propal($db);
 		$commandestatic=new Commande($db);
@@ -80,10 +81,14 @@ class box_activity extends ModeleBoxes
 		if (! empty($conf->facture->enabled) && $user->rights->facture->lire)
 		{
 			$sql = "SELECT f.paye, f.fk_statut, sum(f.total_ttc) as Mnttot, count(*) as nb";
-			$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
+			$sql.= " FROM (".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+			$sql.= ")";
 			$sql.= " WHERE f.entity = ".$conf->entity;
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+			if($user->societe_id)	$sql.= " AND s.rowid = ".$user->societe_id;
 			$sql.= " AND f.fk_soc = s.rowid";
-			$sql.= " AND (DATE_FORMAT(f.datef,'%Y') = ".date("Y")." or paye=0)";
+			$sql.= " AND f.datef between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
 			$sql.= " GROUP BY f.paye, f.fk_statut ";
 			$sql.= " ORDER BY f.fk_statut DESC";
 
@@ -136,9 +141,14 @@ class box_activity extends ModeleBoxes
 		if (! empty($conf->commande->enabled) && $user->rights->commande->lire)
 		{
 			$sql = "SELECT c.fk_statut,c.facture, sum(c.total_ttc) as Mnttot, count(*) as nb";
-			$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
+			$sql.= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+			$sql.= ")";
 			$sql.= " WHERE c.entity = ".$conf->entity;
 			$sql.= " AND c.fk_soc = s.rowid";
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+			if($user->societe_id)	$sql.= " AND s.rowid = ".$user->societe_id;
+			$sql.= " AND c.datec between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
 			$sql.= " AND c.facture=0";
 			$sql.= " GROUP BY c.fk_statut";
 			$sql.= " ORDER BY c.fk_statut DESC";
@@ -178,11 +188,15 @@ class box_activity extends ModeleBoxes
 		if (! empty($conf->propal->enabled) && $user->rights->propal->lire)
 		{
 			$sql = "SELECT p.fk_statut, sum(p.total) as Mnttot, count(*) as nb";
-			$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p";
+			$sql.= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p";
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+			$sql.= ")";
 			$sql.= " WHERE p.entity = ".$conf->entity;
 			$sql.= " AND p.fk_soc = s.rowid";
-			$sql.= " AND DATE_FORMAT(p.datep,'%Y') = ".date("Y");
-			$sql.= " AND p.date_cloture IS NULL "; // just unclosed
+			if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+			if($user->societe_id)	$sql.= " AND s.rowid = ".$user->societe_id;
+			$sql.= " AND p.datep between '".$db->idate(dol_get_first_day(date("Y"),1,1))."' AND '".$db->idate(dol_get_last_day(date("Y"),12,1))."'";
+			$sql.= " AND p.date_cloture IS NULL"; // just unclosed
 			$sql.= " GROUP BY p.fk_statut";
 			$sql.= " ORDER BY p.fk_statut DESC";
 
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index d7342b87732..6cf1f3aff41 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -826,7 +826,7 @@ class Form
      *	@param	int		$socid      	Id ot third party or 0 for all
      *	@param  string	$selected   	Id contact pre-selectionne
      *	@param  string	$htmlname  	    Name of HTML field ('none' for a not editable field)
-     *	@param  int		$showempty     	0=no empty value, 1=add an empty value
+     *	@param  int		$showempty     	0=no empty value, 1=add an empty value, 2=add line 'Internal' (used by user edit)
      *	@param  string	$exclude        List of contacts id to exclude
      *	@param	string	$limitto		Disable answers that are not id in this array list
      *	@param	string	$showfunction   Add function into label
@@ -863,7 +863,8 @@ class Form
             $num=$this->db->num_rows($resql);
 
             if ($htmlname != 'none' || $options_only) $out.= '<select class="flat'.($moreclass?' '.$moreclass:'').'" id="'.$htmlname.'" name="'.$htmlname.'">';
-            if ($showempty) $out.= '<option value="0"></option>';
+            if ($showempty == 1) $out.= '<option value="0"'.($selected=='0'?' selected="selected"':'').'></option>';
+            if ($showempty == 2) $out.= '<option value="0"'.($selected=='0'?' selected="selected"':'').'>'.$langs->trans("Internal").'</option>';
             $num = $this->db->num_rows($resql);
             $i = 0;
             if ($num)
@@ -907,7 +908,7 @@ class Form
                         }
                     }
                     else
-                    {
+					{
                         if ($selected == $obj->rowid)
                         {
                             $out.= $contactstatic->getFullName($langs);
@@ -919,8 +920,8 @@ class Form
                 }
             }
             else
-            {
-            	$out.= '<option value="-1" selected="selected" disabled="disabled">'.$langs->trans("NoContactDefined").'</option>';
+			{
+            	$out.= '<option value="-1"'.($showempty==2?'':' selected="selected"').' disabled="disabled">'.$langs->trans($socid?"NoContactDefinedForThirdParty":"NoContactDefined").'</option>';
             }
             if ($htmlname != 'none' || $options_only)
             {
diff --git a/htdocs/core/class/html.formcompany.class.php b/htdocs/core/class/html.formcompany.class.php
index 0363660ebc3..e2dbacdd159 100644
--- a/htdocs/core/class/html.formcompany.class.php
+++ b/htdocs/core/class/html.formcompany.class.php
@@ -507,7 +507,7 @@ class FormCompany
 	 *  @param  string		$selected       Pre-selected third party
 	 *  @param  string		$htmlname       Name of HTML form
 	 * 	@param	array		$limitto		Disable answers that are not id in this array list
-	 *  @param	int			$forceid		This is to force antoher object id than object->id
+	 *  @param	int			$forceid		This is to force another object id than object->id
 	 * 	@return	void
 	 * 	TODO obsolete ?
 	 * 	cette fonction doit utiliser du javascript quoi qu'il en soit !
diff --git a/htdocs/langs/en_US/companies.lang b/htdocs/langs/en_US/companies.lang
index 241dcd9f9d5..1ce5db6ccd4 100644
--- a/htdocs/langs/en_US/companies.lang
+++ b/htdocs/langs/en_US/companies.lang
@@ -254,7 +254,8 @@ EditContact=Edit contact
 EditContactAddress=Edit contact/address
 Contact=Contact
 ContactsAddresses=Contacts/Addresses
-NoContactDefined=No contact defined for this third party
+NoContactDefinedForThirdParty=No contact defined for this third party
+NoContactDefined=No contact defined
 DefaultContact=Default contact/address
 AddCompany=Add company
 AddThirdParty=Add third party
diff --git a/htdocs/langs/fr_FR/companies.lang b/htdocs/langs/fr_FR/companies.lang
index 72115f17e5f..254d1e8af16 100644
--- a/htdocs/langs/fr_FR/companies.lang
+++ b/htdocs/langs/fr_FR/companies.lang
@@ -255,7 +255,8 @@ AddContactAddress=Créer contact/adresse
 EditContact=Editer contact
 EditContactAddress=Editer contact/adresse
 Contact=Contact
-NoContactDefined=Aucun contact défini pour ce tiers
+NoContactDefinedForThirdParty=Aucun contact défini pour ce tiers
+NoContactDefined=Aucun contact défini
 DefaultContact=Contact par défaut
 AddCompany=Créer société
 AddThirdParty=Créer tiers
diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index d4ba1f2733d..fd314fef0a8 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -290,36 +290,40 @@ if ($action == 'update' && ! $_POST["cancel"])
 
     if ($caneditfield)	// Case we can edit all field
     {
-        if (! $_POST["nom"])
+        $error=0;
+
+    	if (! $_POST["nom"])
         {
             $message='<div class="error">'.$langs->trans("NameNotDefined").'</div>';
             $action="edit";       // Go back to create page
+            $error++;
         }
         if (! $_POST["login"])
         {
             $message='<div class="error">'.$langs->trans("LoginNotDefined").'</div>';
             $action="edit";       // Go back to create page
+            $error++;
         }
 
-        if (! $message)
+        if (! $error)
         {
             $db->begin();
             $object->fetch($id);
 
             $object->oldcopy=dol_clone($object);
 
-            $object->lastname		= $_POST["nom"];
-            $object->firstname	= $_POST["prenom"];
-            $object->login		= $_POST["login"];
-            $object->pass			= $_POST["password"];
-            $object->admin		= $_POST["admin"];
-            $object->office_phone	= $_POST["office_phone"];
-            $object->office_fax	= $_POST["office_fax"];
-            $object->user_mobile	= $_POST["user_mobile"];
-            $object->email		= $_POST["email"];
-            $object->job			= $_POST["job"];
-            $object->signature	= $_POST["signature"];
-            $object->openid		= $_POST["openid"];
+            $object->lastname	= GETPOST("nom");
+            $object->firstname	= GETPOST("prenom");
+            $object->login		= GETPOST("login");
+            $object->pass		= GETPOST("password");
+            $object->admin		= GETPOST("admin");
+            $object->office_phone=GETPOST("office_phone");
+            $object->office_fax	= GETPOST("office_fax");
+            $object->user_mobile= GETPOST("user_mobile");
+            $object->email		= GETPOST("email");
+            $object->job		= GETPOST("job");
+            $object->signature	= GETPOST("signature");
+            $object->openid		= GETPOST("openid");
 
             // Get extra fields
             foreach($_POST as $key => $value)
@@ -363,8 +367,10 @@ if ($action == 'update' && ! $_POST["cancel"])
             if (! empty($_FILES['photo']['name'])) $object->photo = dol_sanitizeFileName($_FILES['photo']['name']);
 
             $ret=$object->update($user);
+
             if ($ret < 0)
             {
+            	$error++;
                 if ($db->errno() == 'DB_ERROR_RECORD_ALREADY_EXISTS')
                 {
                     $langs->load("errors");
@@ -376,7 +382,36 @@ if ($action == 'update' && ! $_POST["cancel"])
                 }
             }
 
-            if ($ret >=0 && ! count($object->errors))
+            if (! $error && isset($_POST['contactid']))
+            {
+            	$contactid=GETPOST('contactid');
+
+            	if ($contactid > 0)
+            	{
+	            	$contact=new Contact($db);
+	            	$contact->fetch($contactid);
+
+	            	$sql = "UPDATE ".MAIN_DB_PREFIX."user";
+	            	$sql.= " SET fk_socpeople=".$contactid;
+	            	if ($contact->socid) $sql.=", fk_societe=".$contact->socid;
+	            	$sql.= " WHERE rowid=".$object->id;
+            	}
+            	else
+            	{
+            		$sql = "UPDATE ".MAIN_DB_PREFIX."user";
+            		$sql.= " SET fk_socpeople=NULL, fk_societe=NULL";
+            		$sql.= " WHERE rowid=".$object->id;
+            	}
+            	$resql=$db->query($sql);
+            	dol_syslog("fiche::update sql=".$sql, LOG_DEBUG);
+            	if (! $resql)
+            	{
+            		$error++;
+            		$message.='<div class="error">'.$db->lasterror().'</div>';
+            	}
+            }
+
+            if (! $error && ! count($object->errors))
             {
                 if (GETPOST('deletephoto') && $object->photo)
                 {
@@ -415,7 +450,7 @@ if ($action == 'update' && ! $_POST["cancel"])
                 }
             }
 
-            if ($ret >= 0 && ! count($object->errors))
+            if (! $error && ! count($object->errors))
             {
                 $message.='<div class="ok">'.$langs->trans("UserModified").'</div>';
                 $db->commit();
@@ -1149,20 +1184,20 @@ else
 
             // Type
             print '<tr><td valign="top">'.$langs->trans("Type").'</td><td>';
-            if ($object->societe_id)
-            {
-                print $form->textwithpicto($langs->trans("External"),$langs->trans("InternalExternalDesc"));
-            }
-            else if ($object->ldap_sid)
-            {
-                print $langs->trans("DomainUser",$ldap->domainFQDN);
-            }
-            else
-            {
-                print $form->textwithpicto($langs->trans("Internal"),$langs->trans("InternalExternalDesc"));
-            }
+            $type=$langs->trans("Internal");
+            if ($object->societe_id) $type=$langs->trans("External");
+            print $form->textwithpicto($type,$langs->trans("InternalExternalDesc"));
+            if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
             print '</td></tr>'."\n";
 
+            // ldap sid
+            if ($object->ldap_sid)
+            {
+            	print '<tr><td valign="top">'.$langs->trans("Type").'</td><td>';
+            	print $langs->trans("DomainUser",$ldap->domainFQDN);
+            	print '</td></tr>'."\n";
+            }
+
             // Tel pro
             print '<tr><td valign="top">'.$langs->trans("PhonePro").'</td>';
             print '<td>'.dol_print_phone($object->office_phone,'',0,0,1).'</td>';
@@ -1630,6 +1665,7 @@ else
             print '<tr><td valign="top">'.$langs->trans("Administrator").'</td>';
             if ($object->societe_id > 0)
             {
+            	$langs->load("admin");
                 print '<td>';
                 print '<input type="hidden" name="admin" value="'.$object->admin.'">'.yn($object->admin);
                 print ' ('.$langs->trans("ExternalUser").')';
@@ -1702,7 +1738,7 @@ else
                 print '</td></tr>';
             }
 
-            //Multicompany
+            // Multicompany
             if (! empty($conf->multicompany->enabled))
             {
             	if (empty($conf->multicompany->transverse_mode) && $conf->entity == 1 && $user->admin && ! $user->entity)
@@ -1716,25 +1752,25 @@ else
             		print '<input type="hidden" name="entity" value="'.$conf->entity.'" />';
             	}
             }
-            else
-            {
-            	// Type
-            	print '<tr><td width="25%" valign="top">'.$langs->trans("Type").'</td>';
-            	print '<td>';
-            	if ($object->societe_id)
-            	{
-            		print $langs->trans("External");
-            	}
-            	else if ($object->ldap_sid)
-            	{
-            		print $langs->trans("DomainUser");
-            	}
-            	else
-            	{
-            		print $langs->trans("Internal");
-            	}
-            	print '</td></tr>';
+
+           	// Type
+           	print '<tr><td width="25%" valign="top">'.$langs->trans("Type").'</td>';
+           	print '<td>';
+           	if ($user->id == $object->id || ! $user->admin)
+           	{
+	           	$type=$langs->trans("Internal");
+    	       	if ($object->societe_id) $type=$langs->trans("External");
+        	   	print $form->textwithpicto($type,$langs->trans("InternalExternalDesc"));
+	           	if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
+           	}
+           	else
+			{
+				$type=0;
+	            if ($object->contact_id) $type=$object->contact_id;
+	            print $form->selectcontacts(0,$type,'contactid',2,'','',1,'',false,1);
+	           	if ($object->ldap_sid) print ' ('.$langs->trans("DomainUser").')';
             }
+           	print '</td></tr>';
 
             // Tel pro
             print "<tr>".'<td valign="top">'.$langs->trans("PhonePro").'</td>';