From f1cf629b80f3e88dbcc3ff7fb94cb9a6ed5a6f51 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 5 Oct 2015 23:52:54 +0200 Subject: [PATCH] FIX List of project for user that are restrited as sale repreentative to some thirdparties. --- htdocs/projet/list.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php index 0debcab2449..ab01f922797 100644 --- a/htdocs/projet/list.php +++ b/htdocs/projet/list.php @@ -48,9 +48,9 @@ if ($socid > 0) if (!$user->rights->projet->lire) accessforbidden(); -$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"]; -$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"]; -$page = isset($_GET["page"])? $_GET["page"]:$_POST["page"]; +$sortfield = GETPOST("sortfield","alpha"); +$sortorder = GETPOST("sortorder"); +$page = GETPOST("page"); $page = is_numeric($page) ? $page : 0; $page = $page == -1 ? 0 : $page; @@ -140,7 +140,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid"; // We'll need this table joined to the select in order to filter by sale -if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; +if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid"; if ($search_user > 0) { $sql.=", ".MAIN_DB_PREFIX."element_contact as c"; @@ -190,7 +190,8 @@ if ($search_opp_status) if ($search_opp_status == 'none') $sql .= " AND p.fk_opp_status IS NULL"; } if ($search_public!='') $sql .= " AND p.public = ".$db->escape($search_public); -if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$search_sale; +if ($search_sale > 0) $sql.= " AND sc.fk_user = " .$search_sale; +if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; if ($search_user > 0) $sql.= " AND c.fk_c_type_contact = tc.rowid AND tc.element='project' AND tc.source='internal' AND c.element_id = p.rowid AND c.fk_socpeople = ".$search_user; // Add where from hooks $parameters=array();