diff --git a/htdocs/adherents/list.php b/htdocs/adherents/list.php index d5b856ce5dd..71c0e223f92 100644 --- a/htdocs/adherents/list.php +++ b/htdocs/adherents/list.php @@ -100,6 +100,7 @@ $fieldstosearchall = array( 'd.note_public'=>'NotePublic', 'd.note_private'=>'NotePrivate', ); +if($db->type == 'pgsql') unset($fieldstosearchall['d.rowid']); $arrayfields=array( 'd.ref'=>array('label'=>$langs->trans("Ref"), 'checked'=>1), 'd.lastname'=>array('label'=>$langs->trans("Lastname"), 'checked'=>1), diff --git a/htdocs/api/class/api_access.class.php b/htdocs/api/class/api_access.class.php index 5848620f735..176c816d18c 100644 --- a/htdocs/api/class/api_access.class.php +++ b/htdocs/api/class/api_access.class.php @@ -69,7 +69,7 @@ class DolibarrApiAccess implements iAuthenticate */ public function __isAllowed() { - global $db; + global $conf, $db; $login = ''; $stored_key = ''; @@ -100,11 +100,14 @@ class DolibarrApiAccess implements iAuthenticate if ($api_key) { + $userentity = 0; + $sql = "SELECT u.login, u.datec, u.api_key, "; $sql.= " u.tms as date_modification, u.entity"; $sql.= " FROM ".MAIN_DB_PREFIX."user as u"; $sql.= " WHERE u.api_key = '".$db->escape($api_key)."'"; - + // TODO Check if 2 users has same API key. + $result = $db->query($sql); if ($result) { @@ -113,24 +116,31 @@ class DolibarrApiAccess implements iAuthenticate $obj = $db->fetch_object($result); $login = $obj->login; $stored_key = $obj->api_key; + $userentity = $obj->entity; + + if (! defined("DOLENTITY")) // If API was not forced with HTTP_DOLENTITY, we set entity to entity of user + { + $conf->entity = ($obj->entity?$obj->entity:1); + } } } else { throw new RestException(503, 'Error when fetching user api_key :'.$db->error_msg); } - if ($stored_key != $api_key) { + if ($stored_key != $api_key) { // This should not happen since we did a search on api_key $userClass::setCacheIdentifier($api_key); return false; } if (! $login) { - throw new RestException(503, 'Error when searching logn user fro mapi key'); + throw new RestException(503, 'Error when searching login user from api key'); } $fuser = new User($db); - if(! $fuser->fetch('',$login)) { - throw new RestException(503, 'Error when fetching user :'.$fuser->error); + $result = $fuser->fetch('', $login, '', 0, (empty($userentity) ? -1 : $conf->entity)); // If user is not entity 0, we search in working entity $conf->entity (that may have been forced to a different value than user entity) + if ($result <= 0) { + throw new RestException(503, 'Error when fetching user :'.$fuser->error.' (conf->entity='.$conf->entity.')'); } $fuser->getrights(); static::$user = $fuser; @@ -143,14 +153,14 @@ class DolibarrApiAccess implements iAuthenticate } else { - throw new RestException(401, "Failed to login to API. No parameter 'DOLAPIKEY' on HTTP header (neither in URL)."); + throw new RestException(401, "Failed to login to API. No parameter 'HTTP_DOLAPIKEY' on HTTP header (and no parameter DOLAPIKEY in URL)."); } - $userClass::setCacheIdentifier(static::$role); - Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess'; - $requirefortest = static::$requires; - if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest); - return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin'; + $userClass::setCacheIdentifier(static::$role); + Resources::$accessControlFunction = 'DolibarrApiAccess::verifyAccess'; + $requirefortest = static::$requires; + if (! is_array($requirefortest)) $requirefortest=explode(',',$requirefortest); + return in_array(static::$role, (array) $requirefortest) || static::$role == 'admin'; } /** diff --git a/htdocs/compta/bank/bankentries_list.php b/htdocs/compta/bank/bankentries_list.php index 326e3ece569..a829cdc8cba 100644 --- a/htdocs/compta/bank/bankentries_list.php +++ b/htdocs/compta/bank/bankentries_list.php @@ -1114,7 +1114,7 @@ if ($resql) $bankstatic->id=$banklinestatic->fk_account; $bankstatic->label=$banklinestatic->bank_account_ref; print ' ('.$langs->trans("TransferFrom").' '; - print $bankstatic->getNomUrl(1); + print $bankstatic->getNomUrl(1,'transactions'); print ' '.$langs->trans("toward").' '; $bankstatic->id=$objp->bankid; $bankstatic->label=$objp->bankref; @@ -1131,7 +1131,7 @@ if ($resql) $banklinestatic->fetch($links[$key]['url_id']); $bankstatic->id=$banklinestatic->fk_account; $bankstatic->label=$banklinestatic->bank_account_ref; - print $bankstatic->getNomUrl(1); + print $bankstatic->getNomUrl(1,'transactions'); print ')'; } //var_dump($links); diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index b2fd603a394..b6874862286 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -39,7 +39,7 @@ class FactureStats extends Stats var $from; var $field; var $where; - + /** * Constructor @@ -56,8 +56,8 @@ class FactureStats extends Stats $this->db = $db; $this->socid = ($socid > 0 ? $socid : 0); $this->userid = $userid; - $this->cachefilesuffix = $mode; - + $this->cachefilesuffix = $mode; + if ($mode == 'customer') { $object=new Facture($this->db); @@ -195,7 +195,7 @@ class FactureStats extends Stats return $this->_getAllByYear($sql); } - + /** * Return nb, amount of predefined product for year * @@ -218,7 +218,7 @@ class FactureStats extends Stats return $this->_getAllByProduct($sql); } - - + + } diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 3d2daf5a53d..d85255fbf4e 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -84,7 +84,7 @@ dol_mkdir($dir); $stats = new FactureStats($db, $socid, $mode, ($userid>0?$userid:0)); if ($mode == 'customer') { - if ($object_status != '' && $object_status >= -1) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')'; + if ($object_status != '' && $object_status >= 0) $stats->where .= ' AND f.fk_statut IN ('.$db->escape($object_status).')'; } if ($mode == 'supplier') { @@ -227,12 +227,13 @@ complete_head_from_modules($conf,$langs,null,$head,$h,$type); dol_fiche_head($head, 'byyear', $langs->trans("Statistics"), -1); -$tmp_companies = $form->select_thirdparty_list($socid,'socid',$filter,1, 0, 0, array(), '', 1); +// We use select_thirdparty_list instead of select_company so we can use $filter and share same code for customer and supplier. +$tmp_companies = $form->select_thirdparty_list($socid, 'socid', $filter, 1, 0, 0, array(), '', 1); //Array passed as an argument to Form::selectarray to build a proper select input $companies = array(); foreach ($tmp_companies as $value) { - $companies[$value['value']] = $value['label']; + $companies[$value['key']] = $value['label']; } print '
'; diff --git a/htdocs/fourn/class/fournisseur.commande.class.php b/htdocs/fourn/class/fournisseur.commande.class.php index 0b8d45b18ad..e835130de4a 100644 --- a/htdocs/fourn/class/fournisseur.commande.class.php +++ b/htdocs/fourn/class/fournisseur.commande.class.php @@ -1449,7 +1449,7 @@ class CommandeFournisseur extends CommonOrder $result=$prod->get_buyprice($fk_prod_fourn_price, $qty, $fk_product, 'none', $this->fk_soc); // Search on couple $fk_prod_fourn_price/$qty first, then on triplet $qty/$fk_product/$fourn_ref/$this->fk_soc if ($result > 0) { - $pu = $prod->fourn_pu; // Unit price supplier price set by get_buyprice + $pu = $prod->fourn_pu; // Unit price supplier price set by get_buyprice $ref_supplier = $prod->ref_supplier; // Ref supplier price set by get_buyprice // is remise percent not keyed but present for the product we add it if ($remise_percent == 0 && $prod->remise_percent !=0) diff --git a/htdocs/fourn/facture/card.php b/htdocs/fourn/facture/card.php index 38a3102e602..99fe95d0ec0 100644 --- a/htdocs/fourn/facture/card.php +++ b/htdocs/fourn/facture/card.php @@ -1439,6 +1439,11 @@ if ($action == 'create') $dateinvoice=($datetmp==''?(empty($conf->global->MAIN_AUTOFILL_DATE)?-1:''):$datetmp); $datetmp=dol_mktime(12,0,0,$_POST['echmonth'],$_POST['echday'],$_POST['echyear']); $datedue=($datetmp==''?-1:$datetmp); + + // Replicate extrafields + $objectsrc->fetch_optionals($originid); + $object->array_options = $objectsrc->array_options; + } } else