From d226abcdfcfd162c19340180694e56c03f5fab30 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcos=20Garci=CC=81a=20de=20La=20Fuente?=
 <marcosgdf@gmail.com>
Date: Tue, 10 Dec 2013 14:30:40 +0100
Subject: [PATCH 1/3] Corrected translation

---
 htdocs/langs/en_US/bills.lang | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/langs/en_US/bills.lang b/htdocs/langs/en_US/bills.lang
index e5df33ec55f..5a12a3a7262 100644
--- a/htdocs/langs/en_US/bills.lang
+++ b/htdocs/langs/en_US/bills.lang
@@ -409,5 +409,5 @@ PDFCrabeDescription=Invoice PDF template Crabe. A complete invoice template (Tem
 # oursin PDF Model
 PDFOursinDescription=Invoice PDF template Oursin. A complete invoice template (Template alternative)
 # NumRef Modules
-TerreNumRefModelDesc1=Return numero with format %syymm-nnnn for standard invoices and %syymm-nnnn for credit notes where yy is year, mm is month and nnnn is a sequence with no break and no return to 0
+TerreNumRefModelDesc1=Return number with format %syymm-nnnn for standard invoices and %syymm-nnnn for credit notes where yy is year, mm is month and nnnn is a sequence with no break and no return to 0
 TerreNumRefModelError=A bill starting with $syymm already exists and is not compatible with this model of sequence. Remove it or rename it to activate this module.

From 6cc20cb731dcd7c2d1e0b384d8ce1f79d4fdb7fb Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 14 Dec 2013 15:21:15 +0100
Subject: [PATCH 2/3] Fix: Filter on third parties were wrong for external
 users.

---
 htdocs/comm/list.php          | 13 ++++++-------
 htdocs/comm/prospect/list.php | 14 ++++++--------
 htdocs/fourn/liste.php        |  3 ++-
 3 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php
index 28696228e45..5864b4b4cee 100644
--- a/htdocs/comm/list.php
+++ b/htdocs/comm/list.php
@@ -56,6 +56,8 @@ $search_compta=GETPOST("search_compta");
 $search_sale  = GETPOST("search_sale");
 $search_categ = GETPOST("search_categ",'int');
 $catid        = GETPOST("catid",'int');
+// If the internal user must only see his customers, force searching by him
+if (!$user->rights->societe->client->voir && !$socid) $search_sale = $user->id;
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 $hookmanager->initHooks(array('customerlist'));
@@ -98,17 +100,15 @@ llxHeader('',$langs->trans("ThirdParty"),$help_url);
 
 $sql = "SELECT s.rowid, s.nom as name, s.client, s.zip, s.town, st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta, s.status as status,";
 $sql.= " s.datec, s.datea, s.canvas";
-// We'll need these fields in order to filter by sale (including the case where the user can only see his prospects)
-if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user";
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
 if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_societe"; // We need this table joined to the select in order to filter by categ
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
 $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st";
-// We'll need this table joined to the select in order to filter by sale
-if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (1, 3)";
 $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
-if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= " AND s.rowid = sc.fk_soc";
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
 if ($catid > 0)          $sql.= " AND cs.fk_categorie = ".$catid;
@@ -137,8 +137,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 $sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($conf->liste_limit +1, $offset);
 
-dol_syslog('comm:list.php: sql='.$sql,LOG_DEBUG);
-
+dol_syslog('comm/list.php: sql='.$sql,LOG_DEBUG);
 $result = $db->query($sql);
 if ($result)
 {
diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php
index 873ef051612..43a800dec76 100644
--- a/htdocs/comm/prospect/list.php
+++ b/htdocs/comm/prospect/list.php
@@ -141,7 +141,7 @@ else dol_print_error($db);
 // Load sale and categ filters
 $search_sale = GETPOST('search_sale');
 $search_categ = GETPOST('search_categ');
-// If the user must only see his prospect, force searching by him
+// If the internal user must only see his prospect, force searching by him
 if (!$user->rights->societe->client->voir && !$socid) $search_sale = $user->id;
 
 // List of avaible states; we'll need that for each lines (quick changing prospect states) and for search bar (filter by prospect state)
@@ -176,18 +176,17 @@ $formother=new FormOther($db);
 $sql = "SELECT s.rowid, s.nom, s.zip, s.town, s.datec, s.datea, s.status as status,";
 $sql.= " st.libelle as stcomm, s.prefix_comm, s.fk_stcomm, s.fk_prospectlevel,";
 $sql.= " d.nom as departement";
-// Updated by Matelli
-if ($search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects)
 $sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st";
-if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
 $sql.= ", ".MAIN_DB_PREFIX."societe as s";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)";
 if (! empty($search_categ) || ! empty($catid)) $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX."categorie_societe as cs ON s.rowid = cs.fk_societe"; // We need this table joined to the select in order to filter by categ
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale
 $sql.= " WHERE s.fk_stcomm = st.id";
 $sql.= " AND s.client IN (2, 3)";
 $sql.= ' AND s.entity IN ('.getEntity('societe', 1).')';
-if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id;
-if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc";		// Join for the needed table to filter by sale
+if ((!$user->rights->societe->client->voir && !$socid) || $search_sale) $sql.= " AND s.rowid = sc.fk_soc";
+if ($socid) $sql.= " AND s.rowid = " .$socid;
 if (isset($stcomm) && $stcomm != '') $sql.= " AND s.fk_stcomm=".$stcomm;
 if ($catid > 0)          $sql.= " AND cs.fk_categorie = ".$catid;
 if ($catid == -2)        $sql.= " AND cs.fk_categorie IS NULL";
@@ -214,7 +213,6 @@ if ($socname)
 	$sortfield = "s.nom";
 	$sortorder = "ASC";
 }
-
 // Count total nb of records
 $nbtotalofrecords = 0;
 if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
@@ -222,10 +220,10 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 	$result = $db->query($sql);
 	$nbtotalofrecords = $db->num_rows($result);
 }
-
 $sql.= " ORDER BY $sortfield $sortorder, s.nom ASC";
 $sql.= $db->plimit($conf->liste_limit+1, $offset);
 
+dol_syslog('comm/propsect/list.php: sql='.$sql,LOG_DEBUG);
 $resql = $db->query($sql);
 if ($resql)
 {
diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php
index 16406eeb279..07be6c43fc6 100644
--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@@ -86,7 +86,7 @@ $sql.= ", ".MAIN_DB_PREFIX."c_stcomm as st";
 if (!$user->rights->societe->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE s.fk_stcomm = st.id AND s.fournisseur = 1";
 $sql.= " AND s.entity IN (".getEntity('societe', 1).")";
-if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+if (!$user->rights->societe->client->voir && !$socid) $sql .= " AND s.rowid = sc.fk_soc";
 if ($socid) $sql .= " AND s.rowid = ".$socid;
 if ($socname)
 {
@@ -114,6 +114,7 @@ if (empty($conf->global->MAIN_DISABLE_FULL_SCANLIST))
 $sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($conf->liste_limit+1, $offset);
 
+dol_syslog('fourn/liste.php: sql='.$sql,LOG_DEBUG);
 $resql = $db->query($sql);
 if ($resql)
 {

From 7ecb313798d8f206eb48afcd93b3b1c3c71f8d8c Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 14 Dec 2013 15:26:22 +0100
Subject: [PATCH 3/3] Fix: [ bug #1175 ] lien incorrect dans l'onglet Note d'un
 tiers

---
 htdocs/societe/note.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/societe/note.php b/htdocs/societe/note.php
index 9605106aec6..1928ba914a0 100644
--- a/htdocs/societe/note.php
+++ b/htdocs/societe/note.php
@@ -33,7 +33,7 @@ $action = GETPOST('action');
 $langs->load("companies");
 
 // Security check
-$id = GETPOST('id','int');
+$id = GETPOST('id')?GETPOST('id','int'):GETPOST('socid','int');
 if ($user->societe_id) $id=$user->societe_id;
 $result = restrictedArea($user, 'societe', $id, '&societe');