diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index ebb08916758..ed12edd032a 100644 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -60,6 +60,8 @@ if ($search_status=='') $search_status=1; // always display activ customer first $search_sale = GETPOST("search_sale"); $search_categ = GETPOST("search_categ",'int'); $catid = GETPOST("catid",'int'); +// If the internal user must only see his customers, force searching by him +if (!$user->rights->societe->client->voir && !$socid) $search_sale = $user->id; // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array $hookmanager->initHooks(array('customerlist')); @@ -104,17 +106,15 @@ llxHeader('',$langs->trans("ThirdParty"),$help_url); $sql = "SELECT s.rowid, s.nom as name, s.client, s.zip, s.town, st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta, s.status as status,"; $sql.= " s.datec, s.datea, s.canvas"; -// We'll need these fields in order to filter by sale (including the case where the user can only see his prospects) -if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_societe"; // We need this table joined to the select in order to filter by categ +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; -// We'll need this table joined to the select in order to filter by sale -if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (1, 3)"; $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; -if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= " AND s.rowid = sc.fk_soc"; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($catid > 0) $sql.= " AND cs.fk_categorie = ".$catid; @@ -149,8 +149,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) $sql.= $db->order($sortfield,$sortorder); $sql.= $db->plimit($conf->liste_limit +1, $offset); -dol_syslog('comm:list.php: sql='.$sql,LOG_DEBUG); - +dol_syslog('comm/list.php: sql='.$sql,LOG_DEBUG); $result = $db->query($sql); if ($result) { diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php index 7284827e657..18038d3ed44 100644 --- a/htdocs/comm/prospect/list.php +++ b/htdocs/comm/prospect/list.php @@ -144,7 +144,7 @@ else dol_print_error($db); // Load sale and categ filters $search_sale = GETPOST('search_sale'); $search_categ = GETPOST('search_categ'); -// If the user must only see his prospect, force searching by him +// If the internal user must only see his prospect, force searching by him if (!$user->rights->societe->client->voir && !$socid) $search_sale = $user->id; // List of avaible states; we'll need that for each lines (quick changing prospect states) and for search bar (filter by prospect state) @@ -180,18 +180,17 @@ $form=new Form($db); $sql = "SELECT s.rowid, s.nom, s.zip, s.town, s.datec, s.datea, s.status as status, s.code_client, s.client,"; $sql.= " st.libelle as stcomm, s.prefix_comm, s.fk_stcomm, s.fk_prospectlevel,"; $sql.= " d.nom as departement"; -// Updated by Matelli -if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) $sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st"; -if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)"; if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_societe"; // We need this table joined to the select in order to filter by categ +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (2, 3)"; $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')'; -if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id; -if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale +if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= " AND s.rowid = sc.fk_soc"; +if ($socid) $sql.= " AND s.rowid = " .$socid; if (isset($stcomm) && $stcomm != '') $sql.= " AND s.fk_stcomm=".$stcomm; if ($catid > 0) $sql.= " AND cs.fk_categorie = ".$catid; if ($catid == -2) $sql.= " AND cs.fk_categorie IS NULL"; @@ -224,7 +223,6 @@ if ($socname) { $sortfield = "s.nom"; $sortorder = "ASC"; } - // Count total nb of records $nbtotalofrecords = 0; if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) @@ -232,9 +230,9 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) $result = $db->query($sql); $nbtotalofrecords = $db->num_rows($result); } - $sql.= " ORDER BY $sortfield $sortorder, s.nom ASC"; $sql.= $db->plimit($conf->liste_limit+1, $offset); + dol_syslog('comm/prospect/list.php sql='.$sql,LOG_DEBUG); $resql = $db->query($sql); if ($resql) diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php index 78668103606..f59e692fb87 100644 --- a/htdocs/fourn/liste.php +++ b/htdocs/fourn/liste.php @@ -87,7 +87,7 @@ $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st"; if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id AND s.fournisseur = 1"; $sql.= " AND s.entity IN (".getEntity('societe', 1).")"; -if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; +if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc"; if ($socid) $sql .= " AND s.rowid = ".$socid; if ($socname) { $sql .= natural_search('s.nom', $socname); @@ -118,6 +118,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST)) $sql.= $db->order($sortfield,$sortorder); $sql.= $db->plimit($conf->liste_limit+1, $offset); +dol_syslog('fourn/liste.php: sql='.$sql,LOG_DEBUG); $resql = $db->query($sql); if ($resql) { diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang index e03b31c1929..7b553e0fcb2 100644 --- a/htdocs/langs/en_US/bills.lang +++ b/htdocs/langs/en_US/bills.lang @@ -411,5 +411,4 @@ PDFOursinDescription=Invoice PDF template Oursin. A complete invoice template (a # NumRef Modules TerreNumRefModelDesc1=Return number with format %syymm-nnnn for standard invoices and %syymm-nnnn for credit notes where yy is year, mm is month and nnnn is a sequence with no break and no return to 0 MarsNumRefModelDesc1=Return number with format %syymm-nnnn for standard invoices, %syymm-nnnn for replacement invoices, %syymm-nnnn for credit notes and %syymm-nnnn for credit notes where yy is year, mm is month and nnnn is a sequence with no break and no return to 0 - TerreNumRefModelError=A bill starting with $syymm already exists and is not compatible with this model of sequence. Remove it or rename it to activate this module. diff --git a/htdocs/societe/note.php b/htdocs/societe/note.php index 9605106aec6..1928ba914a0 100644 --- a/htdocs/societe/note.php +++ b/htdocs/societe/note.php @@ -33,7 +33,7 @@ $action = GETPOST('action'); $langs->load("companies"); // Security check -$id = GETPOST('id','int'); +$id = GETPOST('id')?GETPOST('id','int'):GETPOST('socid','int'); if ($user->societe_id) $id=$user->societe_id; $result = restrictedArea($user, 'societe', $id, '&societe');