lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: La gestion des permissions sur les boxes n'tait pas assure.

Browse Source
This commit is contained in:
Laurent Destailleur 2005-06-27 21:25:17 +00:00
parent c6da0ff43b
commit d374e082c9
13 changed files with 265 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
htdocs/includes/boxes/box_boutique_livre.php
View File

@ -63,30 +63,40 @@ class box_boutique_livre extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastBooks",$max));
$sql = "SELECT l.ref, l.title, l.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."livre as l ";
$sql .= " ORDER BY l.date_ajout DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
if ($user->rights->boutique->lire)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT l.ref, l.title, l.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."livre as l ";
$sql .= " ORDER BY l.date_ajout DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => $objp->title,
'url' => DOL_URL_ROOT."/boutique/livre/fiche.php?id=".$objp->rowid);
$i++;
$num = $db->num_rows($result);
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => $objp->title,
'url' => DOL_URL_ROOT."/boutique/livre/fiche.php?id=".$objp->rowid);
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

60
htdocs/includes/boxes/box_clients.php
View File

@ -62,34 +62,44 @@ class box_clients extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastCustomers",$max));
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.client = 1";
if ($user->societe_id > 0)
if ($user->rights->societe->lire)
{
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.client = 1";
if ($user->societe_id > 0)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => stripslashes($objp->nom),
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => stripslashes($objp->nom),
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

13
htdocs/includes/boxes/box_commandes.php
View File

@ -58,12 +58,12 @@ class box_commandes extends ModeleBoxes {
function loadBox($max=5)
{
global $user, $langs, $db;
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastCustomerOrders",$max));
if ($user->rights->commande->lire)
{
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastCustomerOrders",$max));
$sql = "SELECT s.nom,s.idp,p.ref,".$db->pdate("p.date_commande")." as dp,p.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as p WHERE p.fk_soc = s.idp";
@ -97,6 +97,13 @@ class box_commandes extends ModeleBoxes {
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

28
htdocs/includes/boxes/box_factures.php
View File

@ -58,13 +58,13 @@ class box_factures extends ModeleBoxes {
function loadBox($max=5)
{
global $user, $langs, $db;
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastCustomerBills",$max));
if ($user->rights->facture->lire)
{
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastCustomerBills",$max));
$sql = "SELECT s.nom,s.idp,f.facnumber,f.amount,".$db->pdate("f.datef")." as df,f.paye,f.rowid as facid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f WHERE f.fk_soc = s.idp";
if($user->societe_id)
@ -73,31 +73,35 @@ class box_factures extends ModeleBoxes {
}
$sql .= " ORDER BY f.datef DESC, f.facnumber DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => $objp->facnumber,
'url' => DOL_URL_ROOT."/compta/facture.php?facid=".$objp->facid);
$this->info_box_contents[$i][1] = array('align' => 'left',
'text' => $objp->nom,
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
}
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

7
htdocs/includes/boxes/box_factures_fourn.php
View File

@ -97,6 +97,13 @@ class box_factures_fourn extends ModeleBoxes {
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

15
htdocs/includes/boxes/box_factures_fourn_imp.php
View File

@ -58,12 +58,12 @@ class box_factures_fourn_imp extends ModeleBoxes {
function loadBox($max=5)
{
global $user, $langs, $db;
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleOldestUnpayedSupplierBills",$max));
if ($user->rights->facture->lire)
{
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleOldestUnpayedSupplierBills",$max));
$sql = "SELECT s.nom,s.idp,f.facnumber,f.amount,".$db->pdate("f.datef")." as df,f.paye,f.rowid as facid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture_fourn as f WHERE f.fk_soc = s.idp AND f.paye=0 AND fk_statut = 1";
@ -97,8 +97,15 @@ class box_factures_fourn_imp extends ModeleBoxes {
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()

4
htdocs/includes/boxes/box_factures_imp.php
View File

@ -105,6 +105,10 @@ class box_factures_imp extends ModeleBoxes {
}
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()

60
htdocs/includes/boxes/box_fournisseurs.php
View File

@ -61,34 +61,44 @@ class box_fournisseurs extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastSuppliers",$max));
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.fournisseur = 1";
if ($user->societe_id > 0)
if ($user->rights->societe->lire)
{
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.fournisseur = 1";
if ($user->societe_id > 0)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => $objp->nom,
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => $objp->nom,
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

44
htdocs/includes/boxes/box_osc_client.php
View File

@ -62,27 +62,37 @@ class box_osc_clients extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxTitleNbOfCustomers",$max));
$sql = "SELECT count(*) as cus FROM ".DB_NAME_OSC.".customers";
$result = $db->query($sql);
if ($result)
if ($user->rights->boutique->lire)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT count(*) as cus FROM ".DB_NAME_OSC.".customers";
$result = $db->query($sql);
if ($result)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'center',
'logo' => $this->boximg,
'text' => $objp->cus,
'url' => DOL_URL_ROOT."/boutique/client/index.php");
$i++;
$num = $db->num_rows();
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'center',
'logo' => $this->boximg,
'text' => $objp->cus,
'url' => DOL_URL_ROOT."/boutique/client/index.php");
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()

4
htdocs/includes/boxes/box_produits.php
View File

@ -93,6 +93,10 @@ class box_produits extends ModeleBoxes {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()

15
htdocs/includes/boxes/box_propales.php
View File

@ -59,11 +59,12 @@ class box_propales extends ModeleBoxes {
{
global $user, $langs, $db;
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastPropals",$max));
if ($user->rights->propale->lire)
{
$langs->load("boxes");
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastPropals",$max));
$sql = "SELECT s.nom,s.idp,p.ref,".$db->pdate("p.datep")." as dp,p.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."propal as p WHERE p.fk_soc = s.idp";
@ -97,7 +98,13 @@ class box_propales extends ModeleBoxes {
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}

59
htdocs/includes/boxes/box_prospect.php
View File

@ -63,36 +63,43 @@ class box_prospect extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxTitleLastProspects",$max));
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.client = 2";
if ($user->societe_id > 0)
if ($user->rights->societe->lire)
{
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT s.nom,s.idp";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s WHERE s.client = 2";
if ($user->societe_id > 0)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => stripslashes($objp->nom),
'url' => DOL_URL_ROOT."/comm/prospect/fiche.php?id=".$objp->idp);
$i++;
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY s.datec DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => $this->boximg,
'text' => stripslashes($objp->nom),
'url' => DOL_URL_ROOT."/comm/prospect/fiche.php?id=".$objp->idp);
$i++;
}
}
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()

72
htdocs/includes/boxes/box_services_vendus.php
View File

@ -62,41 +62,51 @@ class box_services_vendus extends ModeleBoxes {
$this->info_box_head = array('text' => $langs->trans("BoxLastProductsInContract",$max));
$sql = "SELECT s.nom, s.idp, p.label, p.fk_product_type, c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE s.idp = c.fk_soc AND c.fk_product = p.rowid";
if($user->societe_id)
if ($user->rights->produit->lire)
{
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY c.tms DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows();
$i = 0;
while ($i < $num)
$sql = "SELECT s.nom, s.idp, p.label, p.fk_product_type, c.rowid";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."product as p";
$sql .= " WHERE s.idp = c.fk_soc AND c.fk_product = p.rowid";
if($user->societe_id)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => ($objp->fk_product_type?'object_service':'object_product'),
'text' => $objp->label,
'url' => DOL_URL_ROOT."/contrat/fiche.php?id=".$objp->rowid);
$this->info_box_contents[$i][1] = array('align' => 'left',
'text' => $objp->nom,
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
$sql .= " AND s.idp = $user->societe_id";
}
$sql .= " ORDER BY c.tms DESC ";
$sql .= $db->plimit($max, 0);
$result = $db->query($sql);
if ($result)
{
$num = $db->num_rows($result);
$i = 0;
while ($i < $num)
{
$objp = $db->fetch_object($result);
$this->info_box_contents[$i][0] = array('align' => 'left',
'logo' => ($objp->fk_product_type?'object_service':'object_product'),
'text' => $objp->label,
'url' => DOL_URL_ROOT."/contrat/fiche.php?id=".$objp->rowid);
$this->info_box_contents[$i][1] = array('align' => 'left',
'text' => $objp->nom,
'url' => DOL_URL_ROOT."/comm/fiche.php?socid=".$objp->idp);
$i++;
}
}
else {
dolibarr_print_error($db);
}
}
else {
$this->info_box_contents[0][0] = array('align' => 'left',
'text' => $langs->trans("ReadPermissionNotAllowed"));
}
}
function showBox()