lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix for multicompany

Browse Source
This commit is contained in:
Laurent Destailleur 2018-01-30 15:48:09 +01:00
parent 0d90ab0c6c
commit d6317a26d2
13 changed files with 34 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -276,6 +276,16 @@ Following changes may create regressions for some external modules, but were nec
and add 'td.' to the beginning of the dragHandle match string.
* IE8 and earlier and Firefox 12 and earlier (< 2012) are no more supported.
* If you use the external module "multicompany", payment modes and conditions are now specific to each company.
It means you will lose, by default, your payment modes and condition currently set on your orders, invoices,
etc, for all companies that are not the first one (list of payment modes and conditions must be defined for each
companies, old values are kept into the first company only). You can restore old behaviour by adding setting the
following constant to 1 into menu Home - Setup - Other:
MULTICOMPANY_C_PAIEMENT_SHARING_DISABLED
MULTICOMPANY_C_PAYMENT_TERM_SHARING_DISABLED
With this 2 options set, and if you use a multicompany module compatible with v7, the payment modes and terms will
be like in v6 (same for all companies, so old value entered will not be lost).
***** ChangeLog for 6.0.5 compared to 6.0.4 *****
FIX: security vulnerability reported by ADLab of Venustech

8
htdocs/categories/class/categorie.class.php
View File

@ -825,7 +825,7 @@ class Categorie extends CommonObject
$sql = "SELECT c.fk_" . $this->MAP_CAT_FK[$type];
$sql .= " FROM " . MAIN_DB_PREFIX . "categorie_" . $this->MAP_CAT_TABLE[$type] . " as c";
$sql .= ", " . MAIN_DB_PREFIX . $this->MAP_OBJ_TABLE[$type] . " as o";
$sql .= " WHERE o.entity IN (" . getEntity( $obj->element, 1).")";
$sql .= " WHERE o.entity IN (" . getEntity( $obj->element).")";
$sql.= " AND c.fk_categorie = ".$this->id;
$sql .= " AND c.fk_" . $this->MAP_CAT_FK[$type] . " = o.rowid";
@ -1066,7 +1066,7 @@ class Categorie extends CommonObject
if (! empty($conf->global->MAIN_MULTILANGS)) $sql.= ", t.label as label_trans, t.description as description_trans";
$sql.= " FROM ".MAIN_DB_PREFIX."categorie as c";
if (! empty($conf->global->MAIN_MULTILANGS)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_lang as t ON t.fk_category=c.rowid AND t.lang='".$current_lang."'";
$sql .= " WHERE c.entity IN (" . getEntity( 'category', 1 ) . ")";
$sql .= " WHERE c.entity IN (" . getEntity( 'category') . ")";
$sql .= " AND c.type = " . $type;
dol_syslog(get_class($this)."::get_full_arbo get category list", LOG_DEBUG);
@ -1481,7 +1481,7 @@ class Categorie extends CommonObject
$sql = "SELECT ct.fk_categorie, c.label, c.rowid";
$sql .= " FROM " . MAIN_DB_PREFIX . "categorie_" . $this->MAP_CAT_TABLE[$type] . " as ct, " . MAIN_DB_PREFIX . "categorie as c";
$sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_" . $this->MAP_CAT_FK[$type] . " = " . (int) $id . " AND c.type = " . $this->MAP_ID[$type];
$sql .= " AND c.entity IN (" . getEntity( 'category', 1 ) . ")";
$sql .= " AND c.entity IN (" . getEntity( 'category') . ")";
$res = $this->db->query($sql);
if ($res)
@ -1542,7 +1542,7 @@ class Categorie extends CommonObject
// Generation requete recherche
$sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . "categorie";
$sql .= " WHERE type = " . $this->MAP_ID[$type];
$sql .= " AND entity IN (" . getEntity( 'category', 1 ) . ")";
$sql .= " AND entity IN (" . getEntity( 'category') . ")";
if ($nom)
{
if (! $exact)

4
htdocs/comm/index.php
View File

@ -470,7 +470,7 @@ if (! empty($conf->societe->enabled) && $user->rights->societe->lire)
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.client IN (1, 2, 3)";
$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")";
$sql.= " AND s.entity IN (".getEntity($companystatic->element).")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";
@ -534,7 +534,7 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->societe->lire)
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.fournisseur = 1";
$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")";
$sql.= " AND s.entity IN (".getEntity($companystatic->element).")";
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND s.rowid = ".$socid;
$sql.= " ORDER BY s.datec DESC";

14
htdocs/comm/prospect/index.php
View File

@ -76,7 +76,7 @@ $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st ";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.fk_stcomm = st.id";
$sql.= " AND s.client IN (2, 3)";
$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")";
$sql.= " AND s.entity IN (".getEntity($companystatic->element).")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql.= " GROUP BY st.id";
$sql.= " ORDER BY st.id";
@ -96,7 +96,7 @@ if ($resql)
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven"><td>';
print '<a href="prospects.php?page=0&amp;stcomm='.$obj->id.'">';
print img_action($langs->trans("Show"),$obj->id).' ';
@ -140,7 +140,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire)
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven"><td>';
print '<a href="'.DOL_URL_ROOT.'/comm/propal/card.php?id='.$obj->rowid.'">'.img_object($langs->trans("ShowPropal"),"propal").' '.$obj->ref.'</a>';
print '</td><td align="right">';
@ -150,7 +150,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire)
$total += $obj->price;
}
if ($total>0) {
print '<tr class="liste_total"><td>'.$langs->trans("Total")."</td><td align=\"right\">".price($total)."</td></tr>";
}
print "</table><br>";
@ -205,7 +205,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire)
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven"><td>';
print '<a href="../propal.php?id='.$obj->propalid.'">';
print img_object($langs->trans("ShowPropal"),"propal").' '.$obj->ref.'</a></td>';
@ -243,7 +243,7 @@ $sql = "SELECT s.nom as name, s.rowid as socid, s.client, s.canvas";
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.fk_stcomm = 1";
$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")";
$sql.= " AND s.entity IN (".getEntity($companystatic->element).")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
$sql.= " ORDER BY s.tms ASC";
$sql.= $db->plimit(15, 0);
@ -263,7 +263,7 @@ if ($resql)
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven"><td width="12%">';
$companystatic->id=$obj->socid;
$companystatic->name=$obj->name;

2
htdocs/contact/class/contact.class.php
View File

@ -131,7 +131,7 @@ class Contact extends CommonObject
$sql.= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
$clause = "AND";
}
$sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element, 1).')';
$sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')';
$sql.= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
if ($user->societe_id > 0) $sql.=" AND sp.fk_soc = ".$user->societe_id;

2
htdocs/core/boxes/box_produits.php
View File

@ -84,7 +84,7 @@ class box_produits extends ModeleBoxes
{
$sql = "SELECT p.rowid, p.label, p.ref, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy, p.fk_price_expression, p.entity";
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')';
$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element).')';
if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';
// Add where from hooks

2
htdocs/core/boxes/box_produits_alerte_stock.php
View File

@ -88,7 +88,7 @@ class box_produits_alerte_stock extends ModeleBoxes
$sql.= " SUM(".$db->ifsql("s.reel IS NULL","0","s.reel").") as total_stock";
$sql.= " FROM ".MAIN_DB_PREFIX."product as p";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as s on p.rowid = s.fk_product";
$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')';
$sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element).')';
$sql.= " AND p.tosell = 1 AND p.seuil_stock_alerte > 0";
if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0';
if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1';

6
htdocs/core/class/html.formmail.class.php
View File

@ -993,7 +993,7 @@ class FormMail extends Form
$sql = "SELECT label, topic, joinfiles, content, content_lines, lang";
$sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql.= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')";
$sql.= " AND entity IN (".getEntity('c_email_templates', 0).")";
$sql.= " AND entity IN (".getEntity('c_email_templates').")";
$sql.= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned
if ($active >= 0) $sql.=" AND active = ".$active;
if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')";
@ -1065,7 +1065,7 @@ class FormMail extends Form
$sql = "SELECT label, topic, content, lang";
$sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql.= " WHERE type_template='".$this->db->escape($type_template)."'";
$sql.= " AND entity IN (".getEntity('c_email_templates', 0).")";
$sql.= " AND entity IN (".getEntity('c_email_templates').")";
$sql.= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")";
if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')";
$sql.= $this->db->order("lang,label","ASC");
@ -1102,7 +1102,7 @@ class FormMail extends Form
$sql = "SELECT rowid, label, topic, content, content_lines, lang, fk_user, private, position";
$sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates';
$sql.= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')";
$sql.= " AND entity IN (".getEntity('c_email_templates', 1).")";
$sql.= " AND entity IN (".getEntity('c_email_templates').")";
$sql.= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own.
if ($active >= 0) $sql.=" AND active = ".$active;
//if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')"; // Return all languages

2
htdocs/core/lib/functions.lib.php
View File

@ -111,7 +111,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port)
* 'commande', 'commande_fournisseur', 'expedition', 'intervention', 'survey',
* 'contract', 'tax', 'expensereport', 'holiday', 'multicurrency', 'project',
* 'email_template', 'event', 'donation'
* 'c_paiement', ...
* 'c_paiement', 'c_payment_term', ...
* @param int $shared 0=Return id of current entity only,
* 1=Return id of current entity + shared entities (default)
* @param int $forceentity Entity id

2
htdocs/fichinter/class/fichinter.class.php
View File

@ -128,7 +128,7 @@ class Fichinter extends CommonObject
$sql.= " WHERE sc.fk_user = " .$user->id;
$clause = "AND";
}
$sql.= " ".$clause." fi.entity IN (".getEntity($this->element, 1).")";
$sql.= " ".$clause." fi.entity IN (".getEntity($this->element).")";
$resql=$this->db->query($sql);
if ($resql)

2
htdocs/modulebuilder/template/mymoduleindex.php
View File

@ -175,7 +175,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read)
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE s.client IN (1, 2, 3)";
$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")";
$sql.= " AND s.entity IN (".getEntity($companystatic->element).")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
if ($socid) $sql.= " AND s.rowid = $socid";
$sql .= " ORDER BY s.tms DESC";

2
htdocs/societe/class/client.class.php
View File

@ -65,7 +65,7 @@ class Client extends Societe
$clause = "AND";
}
$sql.= " ".$clause." s.client IN (1,2,3)";
$sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')';
$sql.= ' AND s.entity IN ('.getEntity($this->element).')';
$sql.= " GROUP BY s.client";
$resql=$this->db->query($sql);

2
htdocs/societe/class/societe.class.php
View File

@ -1148,7 +1148,7 @@ class Societe extends CommonObject
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_departements as d ON s.fk_departement = d.rowid';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as te ON s.fk_typent = te.id';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON s.fk_incoterms = i.rowid';
$sql .= ' WHERE s.entity IN ('.getEntity($this->element, 1).')';
$sql .= ' WHERE s.entity IN ('.getEntity($this->element).')';
if ($rowid) $sql .= ' AND s.rowid = '.$rowid;
if ($ref) $sql .= " AND s.nom = '".$this->db->escape($ref)."'";
if ($ref_ext) $sql .= " AND s.ref_ext = '".$this->db->escape($ref_ext)."'";