From d6317a26d213c5a0ab14d7e9bff8b4a64ec75a47 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Tue, 30 Jan 2018 15:48:09 +0100 Subject: [PATCH] Fix for multicompany --- ChangeLog | 10 ++++++++++ htdocs/categories/class/categorie.class.php | 8 ++++---- htdocs/comm/index.php | 4 ++-- htdocs/comm/prospect/index.php | 14 +++++++------- htdocs/contact/class/contact.class.php | 2 +- htdocs/core/boxes/box_produits.php | 2 +- htdocs/core/boxes/box_produits_alerte_stock.php | 2 +- htdocs/core/class/html.formmail.class.php | 6 +++--- htdocs/core/lib/functions.lib.php | 2 +- htdocs/fichinter/class/fichinter.class.php | 2 +- htdocs/modulebuilder/template/mymoduleindex.php | 2 +- htdocs/societe/class/client.class.php | 2 +- htdocs/societe/class/societe.class.php | 2 +- 13 files changed, 34 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2a72296477c..97be6272f6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -276,6 +276,16 @@ Following changes may create regressions for some external modules, but were nec and add 'td.' to the beginning of the dragHandle match string. * IE8 and earlier and Firefox 12 and earlier (< 2012) are no more supported. +* If you use the external module "multicompany", payment modes and conditions are now specific to each company. + It means you will lose, by default, your payment modes and condition currently set on your orders, invoices, + etc, for all companies that are not the first one (list of payment modes and conditions must be defined for each + companies, old values are kept into the first company only). You can restore old behaviour by adding setting the + following constant to 1 into menu Home - Setup - Other: + MULTICOMPANY_C_PAIEMENT_SHARING_DISABLED + MULTICOMPANY_C_PAYMENT_TERM_SHARING_DISABLED + With this 2 options set, and if you use a multicompany module compatible with v7, the payment modes and terms will + be like in v6 (same for all companies, so old value entered will not be lost). + ***** ChangeLog for 6.0.5 compared to 6.0.4 ***** FIX: security vulnerability reported by ADLab of Venustech diff --git a/htdocs/categories/class/categorie.class.php b/htdocs/categories/class/categorie.class.php index 87594b2031f..5658460927c 100644 --- a/htdocs/categories/class/categorie.class.php +++ b/htdocs/categories/class/categorie.class.php @@ -825,7 +825,7 @@ class Categorie extends CommonObject $sql = "SELECT c.fk_" . $this->MAP_CAT_FK[$type]; $sql .= " FROM " . MAIN_DB_PREFIX . "categorie_" . $this->MAP_CAT_TABLE[$type] . " as c"; $sql .= ", " . MAIN_DB_PREFIX . $this->MAP_OBJ_TABLE[$type] . " as o"; - $sql .= " WHERE o.entity IN (" . getEntity( $obj->element, 1).")"; + $sql .= " WHERE o.entity IN (" . getEntity( $obj->element).")"; $sql.= " AND c.fk_categorie = ".$this->id; $sql .= " AND c.fk_" . $this->MAP_CAT_FK[$type] . " = o.rowid"; @@ -1066,7 +1066,7 @@ class Categorie extends CommonObject if (! empty($conf->global->MAIN_MULTILANGS)) $sql.= ", t.label as label_trans, t.description as description_trans"; $sql.= " FROM ".MAIN_DB_PREFIX."categorie as c"; if (! empty($conf->global->MAIN_MULTILANGS)) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_lang as t ON t.fk_category=c.rowid AND t.lang='".$current_lang."'"; - $sql .= " WHERE c.entity IN (" . getEntity( 'category', 1 ) . ")"; + $sql .= " WHERE c.entity IN (" . getEntity( 'category') . ")"; $sql .= " AND c.type = " . $type; dol_syslog(get_class($this)."::get_full_arbo get category list", LOG_DEBUG); @@ -1481,7 +1481,7 @@ class Categorie extends CommonObject $sql = "SELECT ct.fk_categorie, c.label, c.rowid"; $sql .= " FROM " . MAIN_DB_PREFIX . "categorie_" . $this->MAP_CAT_TABLE[$type] . " as ct, " . MAIN_DB_PREFIX . "categorie as c"; $sql .= " WHERE ct.fk_categorie = c.rowid AND ct.fk_" . $this->MAP_CAT_FK[$type] . " = " . (int) $id . " AND c.type = " . $this->MAP_ID[$type]; - $sql .= " AND c.entity IN (" . getEntity( 'category', 1 ) . ")"; + $sql .= " AND c.entity IN (" . getEntity( 'category') . ")"; $res = $this->db->query($sql); if ($res) @@ -1542,7 +1542,7 @@ class Categorie extends CommonObject // Generation requete recherche $sql = "SELECT rowid FROM " . MAIN_DB_PREFIX . "categorie"; $sql .= " WHERE type = " . $this->MAP_ID[$type]; - $sql .= " AND entity IN (" . getEntity( 'category', 1 ) . ")"; + $sql .= " AND entity IN (" . getEntity( 'category') . ")"; if ($nom) { if (! $exact) diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index 9edad60f400..c394ef69d8d 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -470,7 +470,7 @@ if (! empty($conf->societe->enabled) && $user->rights->societe->lire) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.client IN (1, 2, 3)"; - $sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")"; + $sql.= " AND s.entity IN (".getEntity($companystatic->element).")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; @@ -534,7 +534,7 @@ if (! empty($conf->fournisseur->enabled) && $user->rights->societe->lire) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fournisseur = 1"; - $sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")"; + $sql.= " AND s.entity IN (".getEntity($companystatic->element).")"; if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $sql.= " ORDER BY s.datec DESC"; diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index 0ec6f20ae46..8db5308bf3f 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -76,7 +76,7 @@ $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st "; if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (2, 3)"; -$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")"; +$sql.= " AND s.entity IN (".getEntity($companystatic->element).")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " GROUP BY st.id"; $sql.= " ORDER BY st.id"; @@ -96,7 +96,7 @@ if ($resql) while ($i < $num) { $obj = $db->fetch_object($resql); - + print ''; print ''; print img_action($langs->trans("Show"),$obj->id).' '; @@ -140,7 +140,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire) while ($i < $num) { $obj = $db->fetch_object($resql); - + print ''; print ''.img_object($langs->trans("ShowPropal"),"propal").' '.$obj->ref.''; print ''; @@ -150,7 +150,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire) $total += $obj->price; } if ($total>0) { - + print ''.$langs->trans("Total")."".price($total).""; } print "
"; @@ -205,7 +205,7 @@ if (! empty($conf->propal->enabled) && $user->rights->propale->lire) while ($i < $num) { $obj = $db->fetch_object($resql); - + print ''; print ''; print img_object($langs->trans("ShowPropal"),"propal").' '.$obj->ref.''; @@ -243,7 +243,7 @@ $sql = "SELECT s.nom as name, s.rowid as socid, s.client, s.canvas"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = 1"; -$sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")"; +$sql.= " AND s.entity IN (".getEntity($companystatic->element).")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $sql.= " ORDER BY s.tms ASC"; $sql.= $db->plimit(15, 0); @@ -263,7 +263,7 @@ if ($resql) while ($i < $num) { $obj = $db->fetch_object($resql); - + print ''; $companystatic->id=$obj->socid; $companystatic->name=$obj->name; diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 1f307b00c69..124f50db1b4 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -131,7 +131,7 @@ class Contact extends CommonObject $sql.= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; $clause = "AND"; } - $sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element, 1).')'; + $sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element).')'; $sql.= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))"; if ($user->societe_id > 0) $sql.=" AND sp.fk_soc = ".$user->societe_id; diff --git a/htdocs/core/boxes/box_produits.php b/htdocs/core/boxes/box_produits.php index 3ccbc05be24..3261572460e 100644 --- a/htdocs/core/boxes/box_produits.php +++ b/htdocs/core/boxes/box_produits.php @@ -84,7 +84,7 @@ class box_produits extends ModeleBoxes { $sql = "SELECT p.rowid, p.label, p.ref, p.price, p.price_base_type, p.price_ttc, p.fk_product_type, p.tms, p.tosell, p.tobuy, p.fk_price_expression, p.entity"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; - $sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')'; + $sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element).')'; if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0'; if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1'; // Add where from hooks diff --git a/htdocs/core/boxes/box_produits_alerte_stock.php b/htdocs/core/boxes/box_produits_alerte_stock.php index e244d276fac..9dc75612773 100644 --- a/htdocs/core/boxes/box_produits_alerte_stock.php +++ b/htdocs/core/boxes/box_produits_alerte_stock.php @@ -88,7 +88,7 @@ class box_produits_alerte_stock extends ModeleBoxes $sql.= " SUM(".$db->ifsql("s.reel IS NULL","0","s.reel").") as total_stock"; $sql.= " FROM ".MAIN_DB_PREFIX."product as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_stock as s on p.rowid = s.fk_product"; - $sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element, 1).')'; + $sql.= ' WHERE p.entity IN ('.getEntity($productstatic->element).')'; $sql.= " AND p.tosell = 1 AND p.seuil_stock_alerte > 0"; if (empty($user->rights->produit->lire)) $sql.=' AND p.fk_product_type != 0'; if (empty($user->rights->service->lire)) $sql.=' AND p.fk_product_type != 1'; diff --git a/htdocs/core/class/html.formmail.class.php b/htdocs/core/class/html.formmail.class.php index 30719d0da80..94ab828ee39 100644 --- a/htdocs/core/class/html.formmail.class.php +++ b/htdocs/core/class/html.formmail.class.php @@ -993,7 +993,7 @@ class FormMail extends Form $sql = "SELECT label, topic, joinfiles, content, content_lines, lang"; $sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql.= " WHERE (type_template='".$db->escape($type_template)."' OR type_template='all')"; - $sql.= " AND entity IN (".getEntity('c_email_templates', 0).")"; + $sql.= " AND entity IN (".getEntity('c_email_templates').")"; $sql.= " AND (private = 0 OR fk_user = ".$user->id.")"; // Get all public or private owned if ($active >= 0) $sql.=" AND active = ".$active; if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')"; @@ -1065,7 +1065,7 @@ class FormMail extends Form $sql = "SELECT label, topic, content, lang"; $sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql.= " WHERE type_template='".$this->db->escape($type_template)."'"; - $sql.= " AND entity IN (".getEntity('c_email_templates', 0).")"; + $sql.= " AND entity IN (".getEntity('c_email_templates').")"; $sql.= " AND (fk_user is NULL or fk_user = 0 or fk_user = ".$user->id.")"; if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')"; $sql.= $this->db->order("lang,label","ASC"); @@ -1102,7 +1102,7 @@ class FormMail extends Form $sql = "SELECT rowid, label, topic, content, content_lines, lang, fk_user, private, position"; $sql.= " FROM ".MAIN_DB_PREFIX.'c_email_templates'; $sql.= " WHERE type_template IN ('".$this->db->escape($type_template)."', 'all')"; - $sql.= " AND entity IN (".getEntity('c_email_templates', 1).")"; + $sql.= " AND entity IN (".getEntity('c_email_templates').")"; $sql.= " AND (private = 0 OR fk_user = ".$user->id.")"; // See all public templates or templates I own. if ($active >= 0) $sql.=" AND active = ".$active; //if (is_object($outputlangs)) $sql.= " AND (lang = '".$outputlangs->defaultlang."' OR lang IS NULL OR lang = '')"; // Return all languages diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index cedbbfbbc58..9b8a1c96480 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -111,7 +111,7 @@ function getDoliDBInstance($type, $host, $user, $pass, $name, $port) * 'commande', 'commande_fournisseur', 'expedition', 'intervention', 'survey', * 'contract', 'tax', 'expensereport', 'holiday', 'multicurrency', 'project', * 'email_template', 'event', 'donation' - * 'c_paiement', ... + * 'c_paiement', 'c_payment_term', ... * @param int $shared 0=Return id of current entity only, * 1=Return id of current entity + shared entities (default) * @param int $forceentity Entity id diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 237d09570d1..17b8aca8474 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -128,7 +128,7 @@ class Fichinter extends CommonObject $sql.= " WHERE sc.fk_user = " .$user->id; $clause = "AND"; } - $sql.= " ".$clause." fi.entity IN (".getEntity($this->element, 1).")"; + $sql.= " ".$clause." fi.entity IN (".getEntity($this->element).")"; $resql=$this->db->query($sql); if ($resql) diff --git a/htdocs/modulebuilder/template/mymoduleindex.php b/htdocs/modulebuilder/template/mymoduleindex.php index c6f70b0ba85..8073d31fd60 100644 --- a/htdocs/modulebuilder/template/mymoduleindex.php +++ b/htdocs/modulebuilder/template/mymoduleindex.php @@ -175,7 +175,7 @@ if (! empty($conf->mymodule->enabled) && $user->rights->mymodule->read) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.client IN (1, 2, 3)"; - $sql.= " AND s.entity IN (".getEntity($companystatic->element, 1).")"; + $sql.= " AND s.entity IN (".getEntity($companystatic->element).")"; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = $socid"; $sql .= " ORDER BY s.tms DESC"; diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index b4ee6b86249..6db71eb4218 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -65,7 +65,7 @@ class Client extends Societe $clause = "AND"; } $sql.= " ".$clause." s.client IN (1,2,3)"; - $sql.= ' AND s.entity IN ('.getEntity($this->element, 1).')'; + $sql.= ' AND s.entity IN ('.getEntity($this->element).')'; $sql.= " GROUP BY s.client"; $resql=$this->db->query($sql); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index cd4b66a23a1..270a1dc344c 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -1148,7 +1148,7 @@ class Societe extends CommonObject $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_departements as d ON s.fk_departement = d.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_typent as te ON s.fk_typent = te.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_incoterms as i ON s.fk_incoterms = i.rowid'; - $sql .= ' WHERE s.entity IN ('.getEntity($this->element, 1).')'; + $sql .= ' WHERE s.entity IN ('.getEntity($this->element).')'; if ($rowid) $sql .= ' AND s.rowid = '.$rowid; if ($ref) $sql .= " AND s.nom = '".$this->db->escape($ref)."'"; if ($ref_ext) $sql .= " AND s.ref_ext = '".$this->db->escape($ref_ext)."'";