Ajout contr�le de s�curit�

2005-08-19 14:21:59 +00:00 · 2005-08-19 14:21:59 +00:00 · f3f63c9480
commit f3f63c9480
parent 84fa5db557
2 changed files with 52 additions and 31 deletions
--- a/htdocs/telephonie/facture/liste.php
+++ b/htdocs/telephonie/facture/liste.php
@ -71,6 +71,11 @@ $sql .= " , ".MAIN_DB_PREFIX."telephonie_societe_ligne as l";

 $sql .= " WHERE s.idp = l.fk_soc_facture AND l.rowid = f.fk_ligne";

+if ($user->rights->telephonie->ligne->lire_restreint)
+{
+  $sql .= " AND l.fk_commercial_suiv = ".$user->id;
+}
+
 if ($_GET["search_ligne"])
 {
  $sql .= " AND f.ligne LIKE '%".$_GET["search_ligne"]."%'";
--- a/htdocs/telephonie/ligne/index.php
+++ b/htdocs/telephonie/ligne/index.php
@ -62,6 +62,10 @@ print '<br />';

 $sql = "SELECT distinct statut, count(*) as cc";
 $sql .= " FROM ".MAIN_DB_PREFIX."telephonie_societe_ligne as l";
+if ($user->rights->telephonie->ligne->lire_restreint)
+{
+  $sql .= " WHERE l.fk_commercial_suiv = ".$user->id;
+}
 $sql .= " GROUP BY statut";

 if ($db->query($sql))
@ -100,42 +104,50 @@ else
  print $db->error() . ' ' . $sql;
 }

-print '<br />';

-$sql = "SELECT distinct f.nom as fournisseur, f.rowid, count(*) as cc";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."telephonie_societe_ligne as l";
-$sql .= " , ".MAIN_DB_PREFIX."telephonie_fournisseur as f";
-$sql .= " WHERE l.fk_soc = s.idp AND l.fk_fournisseur = f.rowid";
-$sql .= " GROUP BY f.nom";

-if ($db->query($sql))
+if ($user->rights->telephonie->fournisseur->lire)
 {
-  $num = $db->num_rows();
-  $i = 0;
-  
-  print '<table class="noborder" width="100%" cellspacing="0" cellpadding="4">';
-  print '<tr class="liste_titre"><td>Fournisseur</td><td valign="center">Nb</td>';
-  print "</tr>\n";
-  $var=True;
-
-  while ($i < $num)
+  print '<br />';
+  $sql = "SELECT distinct f.nom as fournisseur, f.rowid, count(*) as cc";
+  $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."telephonie_societe_ligne as l";
+  $sql .= " , ".MAIN_DB_PREFIX."telephonie_fournisseur as f";
+  $sql .= " WHERE l.fk_soc = s.idp AND l.fk_fournisseur = f.rowid";
+  if ($user->rights->telephonie->ligne->lire_restreint)
    {
-      $obj = $db->fetch_object($i);	
-      $var=!$var;
-
-      print "<tr $bc[$var]>";
-      print '<td><a href="'.DOL_URL_ROOT.'/telephonie/ligne/liste.php?fournisseur='.$obj->rowid.'">';
-      print $obj->fournisseur.'</a></td>';
-      print "<td>".$obj->cc."</td>\n";
-      print "</tr>\n";
-      $i++;
+      $sql .= " AND l.fk_commercial_suiv = ".$user->id;
+    }
+  $sql .= " GROUP BY f.nom";
+  
+  if ($db->query($sql))
+    {
+      $num = $db->num_rows();
+      $i = 0;
+      
+      print '<table class="noborder" width="100%" cellspacing="0" cellpadding="4">';
+      print '<tr class="liste_titre"><td>Fournisseur</td><td valign="center">Nb</td>';
+      print "</tr>\n";
+      $var=True;
+      
+      while ($i < $num)
+	{
+	  $obj = $db->fetch_object($i);	
+	  $var=!$var;
+	  
+	  print "<tr $bc[$var]>";
+	  print '<td><a href="'.DOL_URL_ROOT.'/telephonie/ligne/liste.php?fournisseur='.$obj->rowid.'">';
+	  print $obj->fournisseur.'</a></td>';
+	  print "<td>".$obj->cc."</td>\n";
+	  print "</tr>\n";
+	  $i++;
+	}
+      print "</table>";
+      $db->free();
+    }
+  else 
+    {
+      print $db->error() . ' ' . $sql;
    }
-  print "</table>";
-  $db->free();
-}
-else 
-{
-  print $db->error() . ' ' . $sql;
 }
 /*
 * Concurrents
@ -147,6 +159,10 @@ print '<br />';
 $sql = "SELECT distinct c.nom as concurrent, count(*) as cc";
 $sql .= " FROM ".MAIN_DB_PREFIX."telephonie_concurrents as c,".MAIN_DB_PREFIX."telephonie_societe_ligne as l";
 $sql .= " WHERE l.fk_concurrent = c.rowid";
+if ($user->rights->telephonie->ligne->lire_restreint)
+{
+  $sql .= " AND l.fk_commercial_suiv = ".$user->id;
+}
 $sql .= " GROUP BY c.nom";

 if ($db->query($sql))