From cfb14bd7729d1716084bbb75529076a0c9757da1 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 7 Mar 2006 17:06:32 +0000
Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?=
 =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?=
 =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?=
 =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/comm/clients.php | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/htdocs/comm/clients.php b/htdocs/comm/clients.php
index e7a8b6c5c29..228c361c5df 100644
--- a/htdocs/comm/clients.php
+++ b/htdocs/comm/clients.php
@@ -51,11 +51,20 @@ $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
 $search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];
 $search_code=isset($_GET["search_code"])?$_GET["search_contract"]:$_POST["search_code"];
 
-
-$sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,";
-$sql .= " st.libelle as stcomm, s.prefix_comm, s.code_client, sc.fk_soc, sc.fk_user";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st, ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
-$sql .= " WHERE s.fk_stcomm = st.id AND s.client=1";
+if ($user->rights->commercial->client->voir)
+{
+  $sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,";
+  $sql .= " st.libelle as stcomm, s.prefix_comm, s.code_client";
+  $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st ";
+  $sql .= " WHERE s.fk_stcomm = st.id AND s.client=1";
+}
+else
+{
+  $sql = "SELECT s.idp, s.nom, s.ville, ".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea,";
+  $sql .= " st.libelle as stcomm, s.prefix_comm, s.code_client, sc.fk_soc, sc.fk_user";
+  $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st, ".MAIN_DB_PREFIX."societe_commerciaux as sc ";
+  $sql .= " WHERE s.fk_stcomm = st.id AND s.client=1";
+}
 
 if ($socidp)           $sql .= " AND s.idp = $socidp";
 if ($user->societe_id) $sql .= " AND s.idp = " .$user->societe_id;