From fb4d524b5093eaacd2466459f09fd66c6cb6d398 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Wed, 8 Mar 2006 17:39:04 +0000 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20permission=20"consulter=20tou?= =?UTF-8?q?s=20les=20clients"=20dans=20le=20module=20commercial,=20afin=20?= =?UTF-8?q?=20qu'un=20commercial=20puisse=20voir=20que=20les=20clients=20q?= =?UTF-8?q?ui=20lui=20sont=20affect=E9s.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- htdocs/compta/index.php | 1 + htdocs/fourn/contact.php | 6 ++++- htdocs/fourn/facture/index.php | 38 +++++++++++++++++-------------- htdocs/fourn/facture/paiement.php | 3 +++ htdocs/fourn/index.php | 4 ++++ htdocs/product/stats/facture.php | 2 +- 6 files changed, 35 insertions(+), 19 deletions(-) diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index d70a26b154a..5b5e0bad00d 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/fourn/contact.php b/htdocs/fourn/contact.php index 651ec5e8ed3..3b20507de7e 100644 --- a/htdocs/fourn/contact.php +++ b/htdocs/fourn/contact.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -59,9 +60,12 @@ $offset = $limit * $page ; * */ -$sql = "SELECT s.idp, s.nom, st.libelle as stcomm, p.idp as cidp, p.name, p.firstname, p.email, p.phone "; +$sql = "SELECT s.idp, s.nom, st.libelle as stcomm, p.idp as cidp, p.name, p.firstname, p.email, p.phone"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."socpeople as p, ".MAIN_DB_PREFIX."c_stcomm as st"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE s.fk_stcomm = st.id AND s.fournisseur = 1 AND s.idp = p.fk_soc"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if (strlen($stcomm)) { $sql .= " AND s.fk_stcomm=$stcomm"; diff --git a/htdocs/fourn/facture/index.php b/htdocs/fourn/facture/index.php index 5007b769e52..45bfcd9a5c5 100644 --- a/htdocs/fourn/facture/index.php +++ b/htdocs/fourn/facture/index.php @@ -33,13 +33,13 @@ if (!$user->rights->fournisseur->facture->lire) accessforbidden(); -$socid = $_GET["socid"]; +$socidp = $_GET["socidp"]; // Sécurité accés client if ($user->societe_id > 0) { $_GET["action"] = ''; - $socid = $user->societe_id; + $socidp = $user->societe_id; } if ($_GET["action"] == 'delete') @@ -80,7 +80,7 @@ if ($_POST["mode"] == 'search') if ( $db->num_rows() == 1) { $obj = $db->fetch_object(); - $socid = $obj->idp; + $socidp = $obj->idp; } $db->free(); } @@ -96,12 +96,16 @@ if ($_POST["mode"] == 'search') llxHeader(); -$sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("fac.date_lim_reglement")." as date_echeance, fac.total_ht, fac.total_ttc, fac.paye as paye, fac.fk_statut as fk_statut, fac.libelle, fac.rowid as facid, fac.facnumber"; -$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as fac "; +$sql = "SELECT s.idp as socid, s.nom, ".$db->pdate("fac.date_lim_reglement")." as date_echeance, fac.total_ht"; +$sql .= ", fac.total_ttc, fac.paye as paye, fac.fk_statut as fk_statut, fac.libelle, fac.rowid as facid, fac.facnumber"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; +$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as fac"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE fac.fk_soc = s.idp"; -if ($socid) +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; +if ($socidp) { - $sql .= " AND s.idp = $socid"; + $sql .= " AND s.idp = $socidp"; } if ($_GET["filtre"]) { @@ -147,22 +151,22 @@ if ($resql) $num = $db->num_rows($resql); $i = 0; - if ($socid) { + if ($socidp) { $soc = new Societe($db); - $soc->fetch($socid); + $soc->fetch($socidp); } - print_barre_liste($langs->trans("BillsSuppliers").($socid?" $soc->nom":""),$page,"index.php","&socidp=$socidp",$sortfield,$sortorder,'',$num); + print_barre_liste($langs->trans("BillsSuppliers").($socidp?" $soc->nom":""),$page,"index.php","&socidp=$socidp",$sortfield,$sortorder,'',$num); print ''; print ''; - print_liste_field_titre($langs->trans("Ref"),"index.php","facnumber","&socid=$socid","","",$sortfield); - print_liste_field_titre($langs->trans("DateEcheance"),"index.php","fac.datef","&socid=$socid","","",$sortfield); - print_liste_field_titre($langs->trans("Label"),"index.php","fac.libelle","&socid=$socid","","",$sortfield); - print_liste_field_titre($langs->trans("Company"),"index.php","s.nom","&socid=$socid","","",$sortfield); - print_liste_field_titre($langs->trans("AmountHT"),"index.php","fac.total_ht","&socid=$socid","",'align="right"',$sortfield); - print_liste_field_titre($langs->trans("AmountTTC"),"index.php","fac.total_ttc","&socid=$socid","",'align="right"',$sortfield); - print_liste_field_titre($langs->trans("Status"),"index.php","fk_statut,paye","&socid=$socid","",'align="center"',$sortfield); + print_liste_field_titre($langs->trans("Ref"),"index.php","facnumber","&socidp=$socidp","","",$sortfield); + print_liste_field_titre($langs->trans("DateEcheance"),"index.php","fac.datef","&socidp=$socidp","","",$sortfield); + print_liste_field_titre($langs->trans("Label"),"index.php","fac.libelle","&socidp=$socidp","","",$sortfield); + print_liste_field_titre($langs->trans("Company"),"index.php","s.nom","&socidp=$socidp","","",$sortfield); + print_liste_field_titre($langs->trans("AmountHT"),"index.php","fac.total_ht","&socidp=$socidp","",'align="right"',$sortfield); + print_liste_field_titre($langs->trans("AmountTTC"),"index.php","fac.total_ttc","&socidp=$socidp","",'align="right"',$sortfield); + print_liste_field_titre($langs->trans("Status"),"index.php","fk_statut,paye","&socidp=$socidp","",'align="center"',$sortfield); print "\n"; // Lignes des champs de filtre diff --git a/htdocs/fourn/facture/paiement.php b/htdocs/fourn/facture/paiement.php index 0915791ca49..dcb0ce58c82 100644 --- a/htdocs/fourn/facture/paiement.php +++ b/htdocs/fourn/facture/paiement.php @@ -356,13 +356,16 @@ if (! $_GET['action'] && ! $_POST['action']) $sql .= ', f.amount as fa_amount, f.facnumber, s.nom'; $sql .= ', f.rowid as facid, c.libelle as paiement_type, p.num_paiement'; $sql .= ', ba.rowid as bid, ba.label'; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql .= ' FROM '.MAIN_DB_PREFIX.'paiementfourn AS p'; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiementfourn_facturefourn AS pf ON p.rowid=pf.fk_paiementfourn'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'facture_fourn AS f ON f.rowid=pf.fk_facturefourn '; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_paiement AS c ON p.fk_paiement = c.id'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON s.idp = f.fk_soc'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank as b ON p.fk_bank = b.rowid'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'bank_account as ba ON b.fk_account = ba.rowid'; + if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " WHERE s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) { $sql .= ' WHERE f.fk_soc = '.$socidp; diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php index a75909851e0..9b8b8c06896 100644 --- a/htdocs/fourn/index.php +++ b/htdocs/fourn/index.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -67,8 +68,11 @@ if (! $sortfield) $sortfield="nom"; */ $sql = "SELECT s.idp, s.nom, s.ville,".$db->pdate("s.datec")." as datec, ".$db->pdate("s.datea")." as datea, st.libelle as stcomm, s.prefix_comm"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", sc.fk_soc, sc.fk_user "; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE s.fk_stcomm = st.id AND s.fournisseur=1"; +if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND s.idp = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socidp) $sql .= " AND s.idp=$socidp"; if ($socname) { $sql .= " AND lower(s.nom) like '%".strtolower($socname)."%'"; diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index e30ac0d93a7..98992496a01 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2005 Laurent Destailleur - * Copyright (C) 2005 Regis Houssin + * Copyright (C) 2005-2006 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by