Mirrors/dolibarr
1
0
Fork 0
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-02-20 13:46:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean code

Browse Source
This commit is contained in:
Laurent Destailleur 2024-01-09 13:08:22 +01:00
parent e6dbcf2f82
commit 910a541c60
109 changed files with 709 additions and 1078 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
htdocs/comm/action/class/actioncomm.class.php
View File

@ -1422,9 +1422,6 @@ class ActionComm extends CommonObject
$sql = "SELECT count(a.id) as nb";
}
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
if (!$user->hasRight('agenda', 'allactions', 'read')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id);
}
@ -1433,17 +1430,24 @@ class ActionComm extends CommonObject
$sql .= " AND a.percent >= 0 AND a.percent < 100";
}
$sql .= " AND a.entity IN (".getEntity('agenda').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {
$sql .= " AND a.fk_soc = ".((int) $user->socid);
}
if (!$user->hasRight('agenda', 'allactions', 'read')) {
$sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id);
$sql .= " OR ar.fk_element = ".((int) $user->id);
$sql .= ")";
}
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
$resql = $this->db->query($sql);
if ($resql) {

20
htdocs/comm/action/index.php
View File

@ -712,9 +712,6 @@ $sql .= ' a.fk_soc, a.fk_contact, a.fk_project, a.fk_bookcal_calendar,';
$sql .= ' a.fk_element, a.elementtype,';
$sql .= ' ca.code as type_code, ca.libelle as type_label, ca.color as type_color, ca.type as type_type, ca.picto as type_picto';
$sql .= ' FROM '.MAIN_DB_PREFIX.'c_actioncomm as ca, '.MAIN_DB_PREFIX."actioncomm as a";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
// We must filter on resource table
if ($resourceid > 0) {
$sql .= ", ".MAIN_DB_PREFIX."element_resources as r";
@ -763,10 +760,21 @@ if ($resourceid > 0) {
if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
if ($socid > 0) {
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND a.fk_soc = ".((int) $socid);
}
// We must filter on assignement table

22
htdocs/comm/action/list.php
View File

@ -438,9 +438,6 @@ $sqlfields = $sql; // $sql fields to remove for count total
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_extrafields as ef ON (a.id = ef.fk_object)";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
$sql .= " ,".MAIN_DB_PREFIX."c_actioncomm as c";
@ -492,11 +489,22 @@ if ($resourceid > 0) {
if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND a.fk_soc = ".((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

24
htdocs/comm/action/pertype.php
View File

@ -522,9 +522,6 @@ $sql .= ' a.transparency, a.priority, a.fulldayevent, a.location,';
$sql .= ' a.fk_soc, a.fk_contact, a.fk_element, a.elementtype, a.fk_project,';
$sql .= ' ca.code, ca.libelle as type_label, ca.color, ca.type as type_type, ca.picto as type_picto';
$sql .= ' FROM '.MAIN_DB_PREFIX.'c_actioncomm as ca, '.MAIN_DB_PREFIX."actioncomm as a";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
// We must filter on resource table
if ($resourceid > 0) {
$sql .= ", ".MAIN_DB_PREFIX."element_resources as r";
@ -571,13 +568,24 @@ if ($resourceid > 0) {
$sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid);
}
if ($pid) {
$sql .= " AND a.fk_project=".((int) $pid);
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
if ($socid > 0) {
$sql .= ' AND a.fk_soc = '.((int) $socid);
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND a.fk_soc = ".((int) $socid);
}
// We must filter on assignement table
if ($filtert > 0 || $usergroup > 0) {

20
htdocs/comm/action/peruser.php
View File

@ -535,9 +535,6 @@ $sql .= " a.transparency, a.priority, a.fulldayevent, a.location,";
$sql .= " a.fk_soc, a.fk_contact, a.fk_element, a.elementtype, a.fk_project,";
$sql .= " ca.code, ca.libelle as type_label, ca.color, ca.type as type_type, ca.picto as type_picto";
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as ca, ".MAIN_DB_PREFIX."actioncomm as a";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
// We must filter on resource table
if ($resourceid > 0) {
$sql .= ", ".MAIN_DB_PREFIX."element_resources as r";
@ -591,10 +588,21 @@ if ($resourceid > 0) {
if ($pid) {
$sql .= " AND a.fk_project = ".((int) $pid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
if ($socid > 0) {
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND a.fk_soc = ".((int) $socid);
}

30
htdocs/comm/contact.php
View File

@ -80,19 +80,13 @@ if ($type == "f") {
* List mode
*/
$sql = "SELECT s.rowid, s.nom as name, st.libelle as stcomm";
$sql .= ", p.rowid as cidp, p.name, p.firstname, p.email, p.phone";
$sql = "SELECT s.rowid, s.nom as name, st.libelle as stcomm,";
$sql .= " p.rowid as cidp, p.name, p.firstname, p.email, p.phone";
$sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st,";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
}
$sql .= " ".MAIN_DB_PREFIX."socpeople as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND p.entity IN (".getEntity('contact').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($type == "c") {
$sql .= " AND s.client IN (1, 3)";
}
@ -102,9 +96,6 @@ if ($type == "p") {
if ($type == "f") {
$sql .= " AND s.fournisseur = 1";
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!empty($search_lastname)) {
$sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'";
}
@ -119,6 +110,23 @@ if (!empty($contactname)) { // acces a partir du module de recherche
$sortfield = "p.name";
$sortorder = "ASC";
}
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
}
$sql .= $db->order($sortfield, $sortorder);
$sql .= $db->plimit($limit + 1, $offset);

40
htdocs/comm/index.php
View File

@ -137,13 +137,13 @@ if (isModEnabled("propal") && $user->hasRight("propal", "lire")) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT;
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -235,13 +235,13 @@ if (isModEnabled('supplier_proposal') && $user->hasRight("supplier_proposal", "l
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($supplierproposalstatic->element).")";
$sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT;
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -332,13 +332,13 @@ if (isModEnabled('commande') && $user->hasRight('commande', 'lire')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")";
$sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT;
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -430,13 +430,13 @@ if ((isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMO
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE cf.entity IN (".getEntity($supplierorderstatic->element).")";
$sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT;
$sql .= " AND cf.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -527,7 +527,7 @@ if (isModEnabled('ficheinter')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
@ -536,7 +536,7 @@ if (isModEnabled('ficheinter')) {
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
@ -608,12 +608,12 @@ if (isModEnabled("societe") && $user->hasRight('societe', 'lire')) {
$sql .= ", s.canvas";
$sql .= ", s.datec, s.tms";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks
@ -714,12 +714,12 @@ if ((isModEnabled("supplier_order") || isModEnabled("supplier_invoice")) && $use
$sql .= ", s.canvas";
$sql .= ", s.datec as dc, s.tms as dm";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")";
$sql .= " AND s.fournisseur = ".Societe::SUPPLIER;
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks
@ -829,13 +829,13 @@ if (isModEnabled('contrat') && $user->hasRight("contrat", "lire") && 0) { // TOD
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."contrat as c";
$sql .= ", ".MAIN_DB_PREFIX."product as p";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity($staticcontrat->element).")";
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_product = p.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -904,13 +904,13 @@ if (isModEnabled("propal") && $user->hasRight("propal", "lire")) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -1023,13 +1023,13 @@ if (isModEnabled('commande') && $user->hasRight('commande', 'lire')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")";
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

8
htdocs/comm/mailing/class/advtargetemailing.class.php
View File

@ -546,10 +546,10 @@ class AdvanceTargetingMailing extends CommonObject
if (count($arrayquery) > 0) {
if (array_key_exists('cust_saleman', $arrayquery)) {
$sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc=t.rowid ";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc = t.rowid";
}
if (array_key_exists('cust_categ', $arrayquery)) {
$sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc=t.rowid ";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc = t.rowid";
}
if (!empty($arrayquery['cust_name'])) {
@ -787,10 +787,10 @@ class AdvanceTargetingMailing extends CommonObject
if (!empty($withThirdpartyFilter)) {
if (array_key_exists('cust_saleman', $arrayquery)) {
$sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc=ts.rowid ";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc = ts.rowid";
}
if (array_key_exists('cust_categ', $arrayquery)) {
$sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc=ts.rowid ";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc = ts.rowid";
}
if (!empty($arrayquery['cust_name'])) {

5
htdocs/comm/mailing/class/html.formadvtargetemailing.class.php
View File

@ -165,10 +165,9 @@ class FormAdvTargetEmailing extends Form
$sql_usr .= "SELECT DISTINCT u2.rowid, u2.lastname as name, u2.firstname, u2.login";
$sql_usr .= " FROM ".MAIN_DB_PREFIX."user as u2, ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql_usr .= " WHERE u2.entity IN (0,".$conf->entity.")";
$sql_usr .= " AND u2.rowid = sc.fk_user ";
$sql_usr .= " AND u2.rowid = sc.fk_user";
if (getDolGlobalString('USER_HIDE_INACTIVE_IN_COMBOBOX')) {
$sql_usr .= " AND u2.statut<>0 ";
$sql_usr .= " AND u2.statut <> 0";
}
$sql_usr .= " ORDER BY name ASC";
// print $sql_usr;exit;

64
htdocs/comm/propal/class/propal.class.php
View File

@ -2946,24 +2946,30 @@ class Propal extends CommonObject
$sql = "SELECT s.rowid, s.nom as name, s.client,";
$sql .= " p.rowid as propalid, p.fk_statut, p.total_ht, p.ref, p.remise, ";
$sql .= " p.datep as dp, p.fin_validite as datelimite";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", sc.fk_soc, sc.fk_user";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
$sql .= " AND p.fk_soc = ".((int) $socid);
}
if ($draft) {
$sql .= " AND p.fk_statut = ".self::STATUS_DRAFT;
$sql .= " AND p.fk_statut = ".((int) self::STATUS_DRAFT);
}
if ($notcurrentuser > 0) {
$sql .= " AND p.fk_user_author <> ".((int) $user->id);
@ -3458,11 +3464,6 @@ class Propal extends CommonObject
$sql = "SELECT p.rowid, p.ref, p.datec as datec, p.fin_validite as datefin, p.total_ht";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
}
$sql .= $clause." p.entity IN (".getEntity('propal').")";
if ($mode == 'opened') {
$sql .= " AND p.fk_statut = ".self::STATUS_VALIDATED;
@ -3470,8 +3471,18 @@ class Propal extends CommonObject
if ($mode == 'signed') {
$sql .= " AND p.fk_statut = ".self::STATUS_SIGNED;
}
if ($user->socid) {
$sql .= " AND p.fk_soc = ".((int) $user->socid);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
$resql = $this->db->query($sql);
@ -3635,13 +3646,22 @@ class Propal extends CommonObject
$sql = "SELECT count(p.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";
}
$sql .= " ".$clause." p.entity IN (".getEntity('propal').")";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
$resql = $this->db->query($sql);
if ($resql) {
// This assignment in condition is not a bug. It allows walking the results.

22
htdocs/comm/propal/class/propalestats.class.php
View File

@ -122,7 +122,7 @@ class PropaleStats extends Stats
$sql = "SELECT date_format(".$this->field_date.",'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -147,8 +147,8 @@ class PropaleStats extends Stats
$sql = "SELECT date_format(".$this->field_date.",'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
$sql .= " WHERE ".$this->where;
@ -171,8 +171,8 @@ class PropaleStats extends Stats
$sql = "SELECT date_format(".$this->field_date.",'%m') as dm, SUM(p.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
$sql .= " WHERE ".$this->field_date." BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -196,8 +196,8 @@ class PropaleStats extends Stats
$sql = "SELECT date_format(".$this->field_date.",'%m') as dm, AVG(p.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
$sql .= " WHERE ".$this->field_date." BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -219,8 +219,8 @@ class PropaleStats extends Stats
$sql = "SELECT date_format(".$this->field_date.",'%Y') as year, COUNT(*) as nb, SUM(".$this->field.") as total, AVG(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
$sql .= " WHERE ".$this->where;
@ -247,8 +247,8 @@ class PropaleStats extends Stats
$sql .= " FROM ".$this->from;
$sql .= " INNER JOIN ".$this->from_line." ON p.rowid = tl.fk_propal";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."product as product ON tl.fk_product = product.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
$sql .= " WHERE ".$this->where;

209
htdocs/comm/propal/index.php
View File

@ -82,15 +82,23 @@ if (isModEnabled("propal")) {
$sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.code_fournisseur, s.email, s.entity, s.code_compta";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT;
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND p.fk_soc = ".((int) $socid);
}
@ -156,19 +164,27 @@ $sql = "SELECT c.rowid, c.entity, c.ref, c.fk_statut, date_cloture as datec";
$sql .= ", s.nom as socname, s.rowid as socid, s.canvas, s.client, s.email, s.code_compta";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND c.fk_soc = s.rowid";
//$sql.= " AND c.fk_statut > 2";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
$sql .= $db->plimit($max, 0);
$resql = $db->query($sql);
@ -232,17 +248,25 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) {
$sql .= ", p.rowid as propalid, p.entity, p.total_ttc, p.total_ht, p.ref, p.fk_statut, p.datep as dp, p.fin_validite as dfv";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity($propalstatic->element).")";
$sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED;
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
$sql .= " AND p.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
@ -307,155 +331,6 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) {
}
}
/*
* Proposals to process
*/
/*
if (isModEnabled('propal'))
{
$sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as name, s.rowid as socid";
$sql.=" FROM ".MAIN_DB_PREFIX."propal as c";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
if (empty($user->rights->societe->client->voir) && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 1";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (empty($user->rights->societe->client->voir) && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("ProposalsToProcess").' <a href="'.DOL_URL_ROOT.'/commande/list.php?search_status=1"><span class="badge">'.$num.'</span></a></td></tr>';
if ($num)
{
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven">';
print '<td class="nowrap">';
$propalstatic->id=$obj->rowid;
$propalstatic->ref=$obj->ref;
print '<table class="nobordernopadding"><tr class="nocellnopadd">';
print '<td width="96" class="nobordernopadding nowrap">';
print $propalstatic->getNomUrl(1);
print '</td>';
print '<td width="16" class="nobordernopadding nowrap">';
print '&nbsp;';
print '</td>';
print '<td width="16" class="nobordernopadding right">';
$filename=dol_sanitizeFileName($obj->ref);
$filedir=$conf->commande->dir_output . '/' . dol_sanitizeFileName($obj->ref);
$urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid;
print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir);
print '</td></tr></table>';
print '</td>';
print '<td><a href="'.DOL_URL_ROOT.'/comm/card.php?socid='.$obj->socid.'">'.img_object($langs->trans("ShowCompany"),"company").' '.dol_trunc($obj->name,24).'</a></td>';
print '<td class="right">'.$propalstatic->LibStatut($obj->fk_statut,$obj->facture,5).'</td>';
print '</tr>';
$i++;
}
}
print "</table>";
print "</div><br>";
}
else dol_print_error($db);
}
*/
/*
* Proposal that are in a shipping process
*/
/*
if (isModEnabled('propal'))
{
$sql = "SELECT c.rowid, c.ref, c.fk_statut, c.facture, s.nom as name, s.rowid as socid";
$sql.= " FROM ".MAIN_DB_PREFIX."commande as c";
$sql.= ", ".MAIN_DB_PREFIX."societe as s";
if (empty($user->rights->societe->client->voir) && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE c.fk_soc = s.rowid";
$sql.= " AND c.entity = ".$conf->entity;
$sql.= " AND c.fk_statut = 2 ";
if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid);
if (empty($user->rights->societe->client->voir) && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id);
$sql.= " ORDER BY c.rowid DESC";
$resql=$db->query($sql);
if ($resql)
{
$num = $db->num_rows($resql);
print '<div class="div-table-responsive-no-min">';
print '<table class="noborder centpercent">';
print '<tr class="liste_titre">';
print '<td colspan="3">'.$langs->trans("OnProcessOrders").' <a href="'.DOL_URL_ROOT.'/commande/list.php?search_status=2"><span class="badge">'.$num.'</span></a></td></tr>';
if ($num)
{
$i = 0;
while ($i < $num)
{
$obj = $db->fetch_object($resql);
print '<tr class="oddeven">';
print '<td width="20%" class="nowrap">';
$propalstatic->id=$obj->rowid;
$propalstatic->ref=$obj->ref;
print '<table class="nobordernopadding"><tr class="nocellnopadd">';
print '<td width="96" class="nobordernopadding nowrap">';
print $propalstatic->getNomUrl(1);
print '</td>';
print '<td width="16" class="nobordernopadding nowrap">';
print '&nbsp;';
print '</td>';
print '<td width="16" class="nobordernopadding right">';
$filename=dol_sanitizeFileName($obj->ref);
$filedir=$conf->commande->dir_output . '/' . dol_sanitizeFileName($obj->ref);
$urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid;
print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir);
print '</td></tr></table>';
print '</td>';
print '<td><a href="'.DOL_URL_ROOT.'/comm/card.php?socid='.$obj->socid.'">'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->name.'</a></td>';
print '<td class="right">'.$propalstatic->LibStatut($obj->fk_statut,$obj->facture,5).'</td>';
print '</tr>';
$i++;
}
}
print "</table>";
print "</div><br>";
}
else dol_print_error($db);
}
*/
print '</div>';
print '</div>';

6
htdocs/comm/propal/stats/index.php
View File

@ -112,7 +112,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/proposalsnbinyear-'.$user->id.'-'.$year.'.png';
$fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=propalstats&file=proposalsnbinyear-'.$user->id.'-'.$year.'.png';
} else {
@ -148,7 +148,7 @@ if (!$mesg) {
$data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear, 0);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenameamount = $dir.'/proposalsamountinyear-'.$user->id.'-'.$year.'.png';
$fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=propalstats&file=proposalsamountinyear-'.$user->id.'-'.$year.'.png';
} else {
@ -183,7 +183,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
$fileurl_avg = '';
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png';

87
htdocs/comm/prospect/index.php
View File

@ -75,20 +75,30 @@ if (isModEnabled("propal")) {
/*
* Prospects par statut
*
*/
$sql = "SELECT count(*) as cc, st.libelle as stcomm, st.picto, st.id";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."c_stcomm as st ";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.fk_stcomm = st.id";
$sql .= " AND s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity($companystatic->element).")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " GROUP BY st.id";
$sql .= " ORDER BY st.id";
@ -123,14 +133,25 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) {
$sql = "SELECT p.rowid, p.ref, p.price, s.nom as sname";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_statut = 0";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
$resql = $db->query($sql);
@ -183,18 +204,26 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) {
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
$sql .= ", ".MAIN_DB_PREFIX."c_propalst as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.fk_statut = c.id";
$sql .= " AND p.fk_statut = 1";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
$sql .= " AND p.fk_soc = ".((int) $socid);
}
$sql .= " ORDER BY p.rowid DESC";
$sql .= $db->plimit(5, 0);
@ -239,18 +268,28 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) {
}
/*
* Societes a contacter
*
* Companies to contact
*/
$sql = "SELECT s.nom as name, s.rowid as socid, s.client, s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.fk_stcomm = 1";
$sql .= " AND s.entity IN (".getEntity($companystatic->element).")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
$sql .= " ORDER BY s.tms ASC";
$sql .= $db->plimit(15, 0);

10
htdocs/commande/class/commande.class.php
View File

@ -2737,16 +2737,16 @@ class Commande extends CommonOrder
$sql = "SELECT s.rowid, s.nom as name, s.client,";
$sql .= " c.rowid as cid, c.ref";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction
if (!$user->hasRight('societe', 'client', 'voir')) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -3573,7 +3573,7 @@ class Commande extends CommonOrder
$sql = "SELECT c.rowid, c.date_creation as datec, c.date_commande, c.date_livraison as delivery_date, c.fk_statut, c.total_ht";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
@ -4077,7 +4077,7 @@ class Commande extends CommonOrder
$sql = "SELECT count(co.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as co";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";

12
htdocs/commande/class/commandestats.class.php
View File

@ -123,7 +123,7 @@ class CommandeStats extends Stats
$sql = "SELECT date_format(c.date_commande,'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -148,7 +148,7 @@ class CommandeStats extends Stats
$sql = "SELECT date_format(c.date_commande,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -172,7 +172,7 @@ class CommandeStats extends Stats
$sql = "SELECT date_format(c.date_commande,'%m') as dm, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -197,7 +197,7 @@ class CommandeStats extends Stats
$sql = "SELECT date_format(c.date_commande,'%m') as dm, AVG(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -220,7 +220,7 @@ class CommandeStats extends Stats
$sql = "SELECT date_format(c.date_commande,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;
@ -246,7 +246,7 @@ class CommandeStats extends Stats
$sql .= " FROM ".$this->from;
$sql .= " INNER JOIN ".$this->from_line." ON c.rowid = tl.fk_commande";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."product as product ON tl.fk_product = product.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->join;

29
htdocs/commande/customer.php
View File

@ -77,19 +77,10 @@ $thirdpartystatic = new Societe($db);
*/
$sql = "SELECT s.rowid, s.nom as name, s.client, s.town, s.datec, s.datea";
$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta ";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st, ".MAIN_DB_PREFIX."commande as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (GETPOST("search_nom")) {
$sql .= natural_search("s.nom", GETPOST("search_nom"));
}
@ -102,8 +93,22 @@ if (GETPOST("search_code_client")) {
if (dol_strlen($begin)) {
$sql .= " AND s.nom like '".$db->escape($begin)."'";
}
if ($socid > 0) {
$sql .= " AND s.rowid = ".((int) $socid);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
$sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0";
$sql .= " GROUP BY s.nom";

16
htdocs/commande/index.php
View File

@ -99,7 +99,7 @@ if (isModEnabled('commande')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -108,7 +108,7 @@ if (isModEnabled('commande')) {
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
@ -167,7 +167,7 @@ $sql .= ", s.code_client";
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -176,7 +176,7 @@ $sql .= " AND c.entity IN (".getEntity('commande').")";
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.tms DESC";
@ -251,7 +251,7 @@ if (isModEnabled('commande')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -260,7 +260,7 @@ if (isModEnabled('commande')) {
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";
@ -340,7 +340,7 @@ if (isModEnabled('commande')) {
$sql .= ", s.canvas";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -349,7 +349,7 @@ if (isModEnabled('commande')) {
if ($socid) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid DESC";

6
htdocs/commande/stats/index.php
View File

@ -127,7 +127,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/ordersnbinyear-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersnbinyear-'.$user->id.'-'.$year.'.png';
@ -174,7 +174,7 @@ $data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear);
//var_dump($data);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenameamount = $dir.'/ordersamountinyear-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersamountinyear-'.$user->id.'-'.$year.'.png';
@ -219,7 +219,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png';

6
htdocs/compta/clients.php
View File

@ -95,16 +95,16 @@ if ($mode == 'search') {
$sql = "SELECT s.rowid, s.nom as name, s.client, s.town, s.datec, s.datea";
$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta ";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (dol_strlen($stcomm)) {

18
htdocs/compta/deplacement/index.php
View File

@ -151,17 +151,25 @@ $langs->load("boxes");
$sql = "SELECT u.rowid as uid, u.lastname, u.firstname, d.rowid, d.dated as date, d.tms as dm, d.km, d.fk_statut";
$sql .= " FROM ".MAIN_DB_PREFIX."deplacement as d, ".MAIN_DB_PREFIX."user as u";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE u.rowid = d.fk_user";
$sql .= " AND d.entity = ".$conf->entity;
if (!$user->hasRight('deplacement', 'readall') && !$user->hasRight('deplacement', 'lire_tous')) {
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND d.fk_soc = ".((int) $socid);
}

20
htdocs/compta/deplacement/list.php
View File

@ -97,19 +97,27 @@ $sql .= " u.lastname, u.firstname"; // Qui
$sql .= " FROM ".MAIN_DB_PREFIX."user as u";
$sql .= ", ".MAIN_DB_PREFIX."deplacement as d";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON d.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
}
$sql .= " WHERE d.fk_user = u.rowid";
$sql .= " AND d.entity = ".$conf->entity;
if (!$user->hasRight('deplacement', 'readall') && !$user->hasRight('deplacement', 'lire_tous')) {
$sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) ";
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
$sql .= " AND d.fk_soc = ".((int) $socid);
}
if ($search_ref) {

2
htdocs/compta/deplacement/stats/index.php
View File

@ -164,7 +164,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png';

35
htdocs/compta/facture/class/facture.class.php
View File

@ -4712,33 +4712,38 @@ class Facture extends CommonInvoice
public function liste_array($shortlist = 0, $draft = 0, $excluser = null, $socid = 0, $limit = 0, $offset = 0, $sortfield = 'f.datef,f.rowid', $sortorder = 'DESC')
{
// phpcs:enable
global $conf, $user;
global $user;
$ga = array();
$sql = "SELECT s.rowid, s.nom as name, s.client,";
$sql .= " f.rowid as fid, f.ref as ref, f.datef as df";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", sc.fk_soc, sc.fk_user";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as f";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('invoice').")";
$sql .= " AND f.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if ($draft) {
$sql .= " AND f.fk_statut = ".self::STATUS_DRAFT;
}
if (is_object($excluser)) {
$sql .= " AND f.fk_user_author <> ".((int) $excluser->id);
}
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = f.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = f.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= $this->db->order($sortfield, $sortorder);
$sql .= $this->db->plimit($limit, $offset);
@ -4917,7 +4922,7 @@ class Facture extends CommonInvoice
$sql = "SELECT f.rowid, f.date_lim_reglement as datefin, f.fk_statut as status, f.total_ht";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = " AND";
@ -5165,7 +5170,7 @@ class Facture extends CommonInvoice
$sql = "SELECT count(f.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";

16
htdocs/compta/facture/class/facturestats.class.php
View File

@ -85,7 +85,7 @@ class FactureStats extends Stats
$this->where = " f.fk_statut >= 0";
$this->where .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($mode == 'customer') {
@ -136,7 +136,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(f.datef,'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -162,7 +162,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(f.datef,'%Y') as dm, COUNT(*), SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -187,7 +187,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(datef,'%m') as dm, SUM(f.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -213,7 +213,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(datef,'%m') as dm, AVG(f.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -236,7 +236,7 @@ class FactureStats extends Stats
$sql = "SELECT date_format(datef,'%Y') as year, COUNT(*) as nb, SUM(f.".$this->field.") as total, AVG(f.".$this->field.") as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -260,7 +260,7 @@ class FactureStats extends Stats
$sql = "SELECT product.ref, COUNT(product.ref) as nb, SUM(tl.".$this->field_line.") as total, AVG(tl.".$this->field_line.") as avg";
$sql .= " FROM ".$this->from.", ".$this->from_line.", ".MAIN_DB_PREFIX."product as product";
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -288,7 +288,7 @@ class FactureStats extends Stats
$startYear = $endYear - $numberYears;
$sql = "SELECT date_format(datef,'%Y') as dm, SUM(f.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;

2
htdocs/compta/facture/invoicetemplate_list.php
View File

@ -300,7 +300,7 @@ $sqlfields = $sql; // $sql fields to remove for count total
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_rec_extrafields as ef ON ef.fk_object = f.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
// Add table from hooks

2
htdocs/compta/facture/list.php
View File

@ -297,7 +297,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php';
$object->fields = dol_sort_array($object->fields, 'position');
$arrayfields = dol_sort_array($arrayfields, 'position');
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}

2
htdocs/compta/facture/stats/index.php
View File

@ -193,7 +193,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png';

4
htdocs/compta/index.php
View File

@ -142,12 +142,12 @@ if (isModEnabled('facture') && $user->hasRight('facture', 'lire')) {
$sql .= ", sum(pf.amount) as am";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays, ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf on f.rowid=pf.fk_facture";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

2
htdocs/compta/paiement/rapport.php
View File

@ -40,7 +40,7 @@ if ($user->socid > 0) {
}
$dir = $conf->facture->dir_output.'/payments';
if (!$user->hasRight('societe', 'client', 'voir') || $socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$dir .= '/private/'.$user->id; // If user has no permission to see all, output dir is specific to user
}

4
htdocs/compta/prelevement/demandes.php
View File

@ -140,12 +140,12 @@ if ($sourcetype != 'salary') {
}
$sql .= " ".MAIN_DB_PREFIX."societe as s,";
$sql .= " ".MAIN_DB_PREFIX."prelevement_demande as pd";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = f.fk_soc";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

4
htdocs/compta/prelevement/index.php
View File

@ -106,7 +106,7 @@ $sql .= " pfd.date_demande, pfd.amount,";
$sql .= " s.nom as name, s.email, s.rowid as socid, s.tva_intra, s.siren as idprof1, s.siret as idprof2, s.ape as idprof3, s.idprof4, s.idprof5, s.idprof6";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " , ".MAIN_DB_PREFIX."prelevement_demande as pfd";
@ -119,7 +119,7 @@ if (!getDolGlobalString('WITHDRAWAL_ALLOW_ANY_INVOICE_STATUS')) {
$sql .= " AND pfd.traite = 0";
$sql .= " AND pfd.ext_payment_id IS NULL";
$sql .= " AND pfd.fk_facture = f.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

2
htdocs/contact/class/contact.class.php
View File

@ -413,7 +413,7 @@ class Contact extends CommonObject
$sql = "SELECT count(sp.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."socpeople as sp";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);

4
htdocs/contact/list.php
View File

@ -495,7 +495,7 @@ if (isset($extrafields->attributes[$object->table_element]['label']) && is_array
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = p.fk_pays";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_stcommcontact as st ON st.id = p.fk_stcommcontact";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
}
@ -504,7 +504,7 @@ $parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
$sql .= ' WHERE p.entity IN ('.getEntity('contact').')';
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction
if (!$user->hasRight('societe', 'client', 'voir')) { //restriction
$sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)";
}
if (!empty($userid)) { // propre au commercial

6
htdocs/contrat/class/contrat.class.php
View File

@ -2292,7 +2292,7 @@ class Contrat extends CommonObject
$this->from = " FROM ".MAIN_DB_PREFIX."contrat as c";
$this->from .= ", ".MAIN_DB_PREFIX."contratdet as cd";
$this->from .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$this->from .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
@ -2323,7 +2323,7 @@ class Contrat extends CommonObject
if ($user->socid) {
$sql .= " AND c.fk_soc = ".((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
@ -2391,7 +2391,7 @@ class Contrat extends CommonObject
$sql = "SELECT count(c.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";

28
htdocs/contrat/index.php
View File

@ -95,7 +95,7 @@ $vals = array();
$sql = "SELECT count(cd.rowid) as nb, cd.statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
@ -104,7 +104,7 @@ $sql .= " AND c.entity IN (".getEntity('contract', 0).")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
@ -132,7 +132,7 @@ if ($resql) {
$sql = "SELECT count(cd.rowid) as nb, cd.statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid";
@ -141,7 +141,7 @@ $sql .= " AND c.entity IN (".getEntity('contract', 0).")";
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY cd.statut";
@ -243,13 +243,13 @@ if (isModEnabled('contrat') && $user->hasRight('contrat', 'lire')) {
$sql = "SELECT c.rowid, c.ref,";
$sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";
$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = c.fk_soc";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut = 0";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -320,7 +320,7 @@ $sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,';
$sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut,";
$sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
}
$sql .= " ".MAIN_DB_PREFIX."contrat as c";
@ -328,7 +328,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contra
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND c.statut > 0";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -410,7 +410,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou
$sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity";
$sql .= " FROM (".MAIN_DB_PREFIX."contrat as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd";
@ -418,7 +418,7 @@ $sql .= ") LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
$sql .= " WHERE c.entity IN (".getEntity('contract', 0).")";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -502,7 +502,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou
$sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity";
$sql .= " FROM (".MAIN_DB_PREFIX."contrat as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd";
@ -512,7 +512,7 @@ $sql .= " AND c.statut = 1";
$sql .= " AND cd.statut = 0";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -595,7 +595,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou
$sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity";
$sql .= " FROM (".MAIN_DB_PREFIX."contrat as c";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ", ".MAIN_DB_PREFIX."contratdet as cd";
@ -606,7 +606,7 @@ $sql .= " AND cd.statut = 4";
$sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'";
$sql .= " AND cd.fk_contrat = c.rowid";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/contrat/services_list.php
View File

@ -247,7 +247,7 @@ $sql = "SELECT c.rowid as cid, c.ref, c.statut as cstatut, c.ref_customer, c.ref
$sql .= " s.rowid as socid, s.nom as name, s.email, s.client, s.fournisseur,";
$sql .= " cd.rowid, cd.description, cd.statut, cd.product_type as type,";
$sql .= " p.rowid as pid, p.ref as pref, p.label as label, p.fk_product_type as ptype, p.tobuy, p.tosell, p.barcode, p.entity as pentity,";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " sc.fk_soc, sc.fk_user,";
}
$sql .= " cd.date_ouverture_prevue,";
@ -273,7 +273,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $obje
$sql .= $hookmanager->resPrint;
$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c,";
$sql .= " ".MAIN_DB_PREFIX."societe as s,";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
}
$sql .= " ".MAIN_DB_PREFIX."contratdet as cd";
@ -290,7 +290,7 @@ if ($search_product_category > 0) {
$sql .= " AND cp.fk_categorie = ".((int) $search_product_category);
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($search_status == "0") {

4
htdocs/core/boxes/box_actions.php
View File

@ -92,14 +92,14 @@ class box_actions extends ModeleBoxes
$sql .= ", s.code_client, s.code_compta, s.client";
$sql .= ", s.logo, s.email, s.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm AS ta, ".MAIN_DB_PREFIX."actioncomm AS a";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE a.fk_action = ta.id";
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {

4
htdocs/core/boxes/box_actions_future.php
View File

@ -94,14 +94,14 @@ class box_actions_future extends ModeleBoxes
$sql .= ", s.code_client, s.code_compta, s.client";
$sql .= ", s.logo, s.email, s.entity";
$sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm AS ta, ".MAIN_DB_PREFIX."actioncomm AS a";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
}
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql .= " WHERE a.fk_action = ta.id";
$sql .= " AND a.entity IN (".getEntity('actioncomm').")";
//$sql .= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")";
}
if ($user->socid) {

12
htdocs/core/boxes/box_activity.php
View File

@ -114,13 +114,13 @@ class box_activity extends ModeleBoxes
$sql = "SELECT p.fk_statut, SUM(p.total_ttc) as Mnttot, COUNT(*) as nb";
$sql .= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ")";
$sql .= " WHERE p.entity IN (".getEntity('propal').")";
$sql .= " AND p.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
@ -203,13 +203,13 @@ class box_activity extends ModeleBoxes
$sql = "SELECT c.fk_statut, sum(c.total_ttc) as Mnttot, count(*) as nb";
$sql .= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ")";
$sql .= " WHERE c.entity IN (".getEntity('commande').")";
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {
@ -288,12 +288,12 @@ class box_activity extends ModeleBoxes
$data = array();
$sql = "SELECT f.fk_statut, SUM(f.total_ttc) as Mnttot, COUNT(*) as nb";
$sql .= " FROM (".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ")";
$sql .= " WHERE f.entity IN (".getEntity('invoice').')';
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_clients.php
View File

@ -92,12 +92,12 @@ class box_clients extends ModeleBoxes
$sql .= ", s.logo, s.email, s.entity";
$sql .= ", s.datec, s.tms, s.status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks

4
htdocs/core/boxes/box_commandes.php
View File

@ -100,7 +100,7 @@ class box_commandes extends ModeleBoxes
$sql .= ", c.total_tva";
$sql .= ", c.total_ttc";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -108,7 +108,7 @@ class box_commandes extends ModeleBoxes
if (getDolGlobalString('ORDER_BOX_LAST_ORDERS_VALIDATED_ONLY')) {
$sql .= " AND c.fk_statut = 1";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_contacts.php
View File

@ -107,11 +107,11 @@ class box_contacts extends ModeleBoxes
if (getDolGlobalString('MAIN_COMPANY_PERENTITY_SHARED')) {
$sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as spe ON spe.fk_soc = s.rowid AND spe.entity = " . ((int) $conf->entity);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE sp.entity IN (".getEntity('contact').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks

4
htdocs/core/boxes/box_contracts.php
View File

@ -86,12 +86,12 @@ class box_contracts extends ModeleBoxes
$sql .= " c.rowid, c.ref, c.statut as fk_statut, c.date_contrat, c.datec, c.tms as date_modification, c.fin_validite, c.date_cloture,";
$sql .= " c.ref_customer, c.ref_supplier";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity = ".$conf->entity;
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_customers_outstanding_bill_reached.php
View File

@ -93,12 +93,12 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes
$sql .= ", s.outstanding_limit";
$sql .= ", s.datec, s.tms, s.status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.client IN (1, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_factures.php
View File

@ -103,12 +103,12 @@ class box_factures extends ModeleBoxes
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_factures_fourn.php
View File

@ -100,12 +100,12 @@ class box_factures_fourn extends ModeleBoxes
$sql .= ', f.date_lim_reglement as datelimite, f.tms, f.type';
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."facture_fourn as f";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_factures_fourn_imp.php
View File

@ -99,14 +99,14 @@ class box_factures_fourn_imp extends ModeleBoxes
$sql2 = " FROM ".MAIN_DB_PREFIX."societe as s";
$sql2 .= ",".MAIN_DB_PREFIX."facture_fourn as f";
$sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf ON f.rowid = pf.fk_facturefourn";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql2 .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql2 .= " WHERE f.fk_soc = s.rowid";
$sql2 .= " AND f.entity IN (".getEntity('supplier_invoice').")";
$sql2 .= " AND f.paye = 0";
$sql2 .= " AND fk_statut = 1";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql2 .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_factures_imp.php
View File

@ -109,7 +109,7 @@ class box_factures_imp extends ModeleBoxes
if (getDolGlobalString('MAIN_COMPANY_PERENTITY_SHARED')) {
$sql2 .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as spe ON spe.fk_soc = s.rowid AND spe.entity = " . ((int) $conf->entity);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql2 .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql2 .= ", ".MAIN_DB_PREFIX."facture as f";
@ -118,7 +118,7 @@ class box_factures_imp extends ModeleBoxes
$sql2 .= " AND f.entity IN (".getEntity('invoice').")";
$sql2 .= " AND f.paye = 0";
$sql2 .= " AND fk_statut = 1";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql2 .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

2
htdocs/core/boxes/box_ficheinter.php
View File

@ -95,7 +95,7 @@ class box_ficheinter extends ModeleBoxes
$sql .= ", ".MAIN_DB_PREFIX."fichinter as f";
$sql .= " WHERE f.fk_soc = s.rowid ";
$sql .= " AND f.entity = ".$conf->entity;
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_fournisseurs.php
View File

@ -87,12 +87,12 @@ class box_fournisseurs extends ModeleBoxes
$sql .= ", s.logo, s.email, s.entity";
$sql .= ", s.datec, s.tms, s.status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.fournisseur = 1";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks

4
htdocs/core/boxes/box_propales.php
View File

@ -89,12 +89,12 @@ class box_propales extends ModeleBoxes
$sql .= ", s.logo, s.email, s.entity";
$sql .= ", p.rowid, p.ref, p.fk_statut as status, p.datep as dp, p.datec, p.fin_validite, p.date_cloture, p.total_ht, p.total_tva, p.total_ttc, p.tms";
$sql .= " FROM ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_prospect.php
View File

@ -93,12 +93,12 @@ class box_prospect extends ModeleBoxes
$sql .= ", s.fk_stcomm";
$sql .= ", s.datec, s.tms, s.status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.client IN (2, 3)";
$sql .= " AND s.entity IN (".getEntity('societe').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
// Add where from hooks

2
htdocs/core/boxes/box_services_contracts.php
View File

@ -95,7 +95,7 @@ class box_services_contracts extends ModeleBoxes
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contrat as c ON s.rowid = c.fk_soc";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= ")";

4
htdocs/core/boxes/box_services_expired.php
View File

@ -85,7 +85,7 @@ class box_services_expired extends ModeleBoxes
$sql .= " s.nom as name, s.rowid as socid, s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,";
$sql .= " MIN(cd.date_fin_validite) as date_line, COUNT(cd.rowid) as nb_services";
$sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe s, ".MAIN_DB_PREFIX."contratdet as cd";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE cd.statut = 4 AND cd.date_fin_validite <= '".$this->db->idate($now)."'";
@ -94,7 +94,7 @@ class box_services_expired extends ModeleBoxes
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid";

6
htdocs/core/boxes/box_shipments.php
View File

@ -101,7 +101,7 @@ class box_shipments extends ModeleBoxes
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping' AND el.sourcetype IN ('commande')";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid AND el.sourcetype IN ('commande') AND el.targettype = 'shipping'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
}
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
@ -111,10 +111,10 @@ class box_shipments extends ModeleBoxes
if ($user->socid > 0) {
$sql.= " AND s.rowid = ".((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND sc.fk_user = ".((int) $user->id);
} else {
$sql .= " ORDER BY e.date_delivery, e.ref DESC ";
$sql .= " ORDER BY e.date_delivery, e.ref DESC";
}
$sql .= $this->db->plimit($max, 0);

4
htdocs/core/boxes/box_supplier_orders.php
View File

@ -91,12 +91,12 @@ class box_supplier_orders extends ModeleBoxes
$sql .= ", c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

4
htdocs/core/boxes/box_supplier_orders_awaiting_reception.php
View File

@ -91,14 +91,14 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes
$sql .= ", c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
$sql .= " AND c.date_livraison IS NOT NULL";
$sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($user->socid) {

8
htdocs/core/class/html.form.class.php
View File

@ -1447,7 +1447,7 @@ class Form
if (getDolGlobalString('COMPANY_SHOW_ADDRESS_SELECTLIST')) {
$sql .= " LEFT JOIN " . $this->db->prefix() . "c_country as dictp ON dictp.rowid = s.fk_pays";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", " . $this->db->prefix() . "societe_commerciaux as sc";
}
$sql .= " WHERE s.entity IN (" . getEntity('societe') . ")";
@ -1459,7 +1459,7 @@ class Form
// if not, by testSqlAndScriptInject() only.
$sql .= " AND (" . $filter . ")";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " . ((int) $user->id);
}
if (getDolGlobalString('COMPANY_HIDE_INACTIVE_IN_COMBOBOX')) {
@ -8219,7 +8219,7 @@ class Form
$sql .= " INNER JOIN " . $this->db->prefix() . $tmparray[1] . " as parenttable ON parenttable.rowid = t." . $tmparray[0];
}
if ($objecttmp->ismultientitymanaged === 'fk_soc@societe') {
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", " . $this->db->prefix() . "societe_commerciaux as sc";
}
}
@ -8253,7 +8253,7 @@ class Form
}
}
if ($objecttmp->ismultientitymanaged === 'fk_soc@societe') {
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = " . ((int) $user->id);
}
}

8
htdocs/core/lib/agenda.lib.php
View File

@ -161,12 +161,12 @@ function show_array_actions_to_do($max = 5)
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN ";
$sql .= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -277,12 +277,12 @@ function show_array_last_actions_done($max = 5)
$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN ";
$sql .= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action ";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE a.entity IN (".getEntity('agenda').")";
$sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

28
htdocs/core/lib/invoice.lib.php
View File

@ -501,16 +501,16 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$sql .= ", s.rowid as socid, s.email";
$sql .= ", s.code_client, s.code_compta, s.code_fournisseur, s.code_compta_fournisseur";
$sql .= ", cc.rowid as country_id, cc.code as country_code";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
@ -525,7 +525,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0)
$sql .= " GROUP BY f.rowid, f.ref, f.datef, f.total_ht, f.total_tva, f.total_ttc, f.ref_client, f.type, f.fk_statut, f.paye,";
$sql .= " s.nom, s.rowid, s.email, s.code_client, s.code_compta, s.code_fournisseur, s.code_compta_fournisseur,";
$sql .= " cc.rowid, cc.code";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user";
}
@ -652,12 +652,12 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0)
$sql .= ", s.code_fournisseur, s.code_compta_fournisseur";
$sql .= ", cc.rowid as country_id, cc.code as country_code";
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f, ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -775,7 +775,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client";
$sql .= " FROM ".MAIN_DB_PREFIX."facture as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -783,7 +783,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0)
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
@ -883,7 +883,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
$sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client";
$sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -891,7 +891,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0)
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
@ -1002,12 +1002,12 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= ", sum(pf.amount) as am";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays,".MAIN_DB_PREFIX."facture as f";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf on f.rowid=pf.fk_facture";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED;
$sql .= " AND f.entity IN (".getEntity('invoice').')';
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {
@ -1189,14 +1189,14 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0)
$sql .= ", sum(pf.amount) as am";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as ff";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf on ff.rowid=pf.fk_facturefourn";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE s.rowid = ff.fk_soc";
$sql .= " AND ff.entity = ".$conf->entity;
$sql .= " AND ff.paye = 0";
$sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED;
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

4
htdocs/core/lib/order.lib.php
View File

@ -243,7 +243,7 @@ function getCustomerOrderPieChart($socid = 0)
$sql = "SELECT count(c.rowid) as nb, c.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande as c";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -251,7 +251,7 @@ function getCustomerOrderPieChart($socid = 0)
if ($user->socid) {
$sql .= ' AND c.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY c.fk_statut";

4
htdocs/core/lib/propal.lib.php
View File

@ -225,7 +225,7 @@ function getCustomerProposalPieChart($socid = 0)
$sql = "SELECT count(p.rowid) as nb, p.fk_statut as status";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."propal as p";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")";
@ -233,7 +233,7 @@ function getCustomerProposalPieChart($socid = 0)
if ($user->socid) {
$sql .= ' AND p.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")";

170
htdocs/core/modules/modWebhook.class.php
View File

@ -278,176 +278,6 @@ class modWebhook extends DolibarrModules
// Main menu entries to add
$this->menu = array();
$r = 0;
// Add here entries to declare new menus
/* BEGIN MODULEBUILDER TOPMENU */
/*$this->menu[$r++] = array(
'fk_menu'=>'', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'type'=>'top', // This is a Top menu entry
'titre'=>'ModuleWebhookName',
'prefix' => img_picto('', $this->picto, 'class="pictofixedwidth valignmiddle"'),
'mainmenu'=>'webhook',
'leftmenu'=>'',
'url'=>'/webhook/webhookindex.php',
'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'position'=>1000 + $r,
'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled.
'perms'=>'1', // Use 'perms'=>'$user->rights->webhook->webhook_target->read' if you want your menu with a permission rules
'target'=>'',
'user'=>2, // 0=Menu for internal users, 1=external users, 2=both
);*/
/* END MODULEBUILDER TOPMENU */
/* BEGIN MODULEBUILDER LEFTMENU WEBHOOK_TARGET
$this->menu[$r++]=array(
'fk_menu'=>'fk_mainmenu=webhook', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'type'=>'left', // This is a Left menu entry
'titre'=>'Webhook_target',
'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth valignmiddle"'),
'mainmenu'=>'webhook',
'leftmenu'=>'webhook_target',
'url'=>'/webhook/webhookindex.php',
'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'position'=>1000+$r,
'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled.
'perms'=>'$user->rights->webhook->webhook_target->read', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules
'target'=>'',
'user'=>2, // 0=Menu for internal users, 1=external users, 2=both
);
$this->menu[$r++]=array(
'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_target', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'type'=>'left', // This is a Left menu entry
'titre'=>'List_Webhook_target',
'mainmenu'=>'webhook',
'leftmenu'=>'webhook_webhook_target_list',
'url'=>'/webhook/webhook_target_list.php',
'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'position'=>1000+$r,
'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
'perms'=>'$user->rights->webhook->webhook_target->read', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules
'target'=>'',
'user'=>2, // 0=Menu for internal users, 1=external users, 2=both
);
$this->menu[$r++]=array(
'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_target', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'type'=>'left', // This is a Left menu entry
'titre'=>'New_Webhook_target',
'mainmenu'=>'webhook',
'leftmenu'=>'webhook_webhook_target_new',
'url'=>'/webhook/webhook_target_card.php?action=create',
'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'position'=>1000+$r,
'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
'perms'=>'$user->rights->webhook->webhook_target->write', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules
'target'=>'',
'user'=>2, // 0=Menu for internal users, 1=external users, 2=both
);
*/
/*$this->menu[$r++]=array(
// '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'fk_menu'=>'fk_mainmenu=webhook',
// This is a Left menu entry
'type'=>'left',
'titre'=>'List Webhook_target',
'mainmenu'=>'webhook',
'leftmenu'=>'webhook_webhook_target',
'url'=>'/webhook/webhook_target_list.php',
// Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'langs'=>'',
'position'=>1100+$r,
// Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
'enabled'=>'$conf->webhook->enabled',
// Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules
'perms'=>'1',
'target'=>'',
// 0=Menu for internal users, 1=external users, 2=both
'user'=>2,
);
$this->menu[$r++]=array(
// '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode
'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_webhook_target',
// This is a Left menu entry
'type'=>'left',
'titre'=>'New Webhook_target',
'mainmenu'=>'webhook',
'leftmenu'=>'webhook_webhook_target',
'url'=>'/webhook/webhook_target_card.php?action=create',
// Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory.
'langs'=>'',
'position'=>1100+$r,
// Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected.
'enabled'=>'$conf->webhook->enabled',
// Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules
'perms'=>'1',
'target'=>'',
// 0=Menu for internal users, 1=external users, 2=both
'user'=>2
);*/
/* END MODULEBUILDER LEFTMENU WEBHOOK_TARGET */
// Exports profiles provided by this module
$r = 1;
/* BEGIN MODULEBUILDER EXPORT WEBHOOK_TARGET */
/*
$this->export_code[$r]=$this->rights_class.'_'.$r;
$this->export_label[$r]='Webhook_targetLines'; // Translation key (used only if key ExportDataset_xxx_z not found)
$this->export_icon[$r]='webhook_target@webhook';
// Define $this->export_fields_array, $this->export_TypeFields_array and $this->export_entities_array
$keyforclass = 'Webhook_target'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_target@webhook';
include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php';
//$this->export_fields_array[$r]['t.fieldtoadd']='FieldToAdd'; $this->export_TypeFields_array[$r]['t.fieldtoadd']='Text';
//unset($this->export_fields_array[$r]['t.fieldtoremove']);
//$keyforclass = 'Webhook_targetLine'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_targetline@webhook'; $keyforalias='tl';
//include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php';
$keyforselect='webhook_target'; $keyforaliasextra='extra'; $keyforelement='webhook_target@webhook';
include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php';
//$keyforselect='webhook_targetline'; $keyforaliasextra='extraline'; $keyforelement='webhook_targetline@webhook';
//include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php';
//$this->export_dependencies_array[$r] = array('webhook_targetline'=>array('tl.rowid','tl.ref')); // To force to activate one or several fields if we select some fields that need same (like to select a unique key if we ask a field of a child to avoid the DISTINCT to discard them, or for computed field than need several other fields)
//$this->export_special_array[$r] = array('t.field'=>'...');
//$this->export_examplevalues_array[$r] = array('t.field'=>'Example');
//$this->export_help_array[$r] = array('t.field'=>'FieldDescHelp');
$this->export_sql_start[$r]='SELECT DISTINCT ';
$this->export_sql_end[$r] =' FROM '.MAIN_DB_PREFIX.'webhook_target as t';
//$this->export_sql_end[$r] =' LEFT JOIN '.MAIN_DB_PREFIX.'webhook_target_line as tl ON tl.fk_webhook_target = t.rowid';
$this->export_sql_end[$r] .=' WHERE 1 = 1';
$this->export_sql_end[$r] .=' AND t.entity IN ('.getEntity('webhook_target').')';
$r++; */
/* END MODULEBUILDER EXPORT WEBHOOK_TARGET */
// Imports profiles provided by this module
$r = 1;
/* BEGIN MODULEBUILDER IMPORT WEBHOOK_TARGET */
/*
$this->import_code[$r]=$this->rights_class.'_'.$r;
$this->import_label[$r]='Webhook_targetLines'; // Translation key (used only if key ExportDataset_xxx_z not found)
$this->import_icon[$r]='webhook_target@webhook';
$this->import_tables_array[$r] = array('t' => MAIN_DB_PREFIX.'webhook_webhook_target', 'extra' => MAIN_DB_PREFIX.'webhook_webhook_target_extrafields');
$this->import_tables_creator_array[$r] = array('t' => 'fk_user_author'); // Fields to store import user id
$import_sample = array();
$keyforclass = 'Webhook_target'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_target@webhook';
include DOL_DOCUMENT_ROOT.'/core/commonfieldsinimport.inc.php';
$import_extrafield_sample = array();
$keyforselect='webhook_target'; $keyforaliasextra='extra'; $keyforelement='webhook_target@webhook';
include DOL_DOCUMENT_ROOT.'/core/extrafieldsinimport.inc.php';
$this->import_fieldshidden_array[$r] = array('extra.fk_object' => 'lastrowid-'.MAIN_DB_PREFIX.'webhook_webhook_target');
$this->import_regex_array[$r] = array();
$this->import_examplevalues_array[$r] = array_merge($import_sample, $import_extrafield_sample);
$this->import_updatekeys_array[$r] = array('t.ref' => 'Ref');
$this->import_convertvalue_array[$r] = array(
't.ref' => array(
'rule'=>'getrefifauto',
'class'=>(empty($conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON) ? 'mod_webhook_target_standard' : $conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON),
'path'=>"/core/modules/commande/".(empty($conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON) ? 'mod_webhook_target_standard' : $conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON).'.php'
'classobject'=>'Webhook_target',
'pathobject'=>'/webhook/class/webhook_target.class.php',
),
't.fk_soc' => array('rule' => 'fetchidfromref', 'file' => '/societe/class/societe.class.php', 'class' => 'Societe', 'method' => 'fetch', 'element' => 'ThirdParty'),
't.fk_user_valid' => array('rule' => 'fetchidfromref', 'file' => '/user/class/user.class.php', 'class' => 'User', 'method' => 'fetch', 'element' => 'user'),
't.fk_mode_reglement' => array('rule' => 'fetchidfromcodeorlabel', 'file' => '/compta/paiement/class/cpaiement.class.php', 'class' => 'Cpaiement', 'method' => 'fetch', 'element' => 'cpayment'),
);
$r++; */
/* END MODULEBUILDER IMPORT WEBHOOK_TARGET */
}
/**

8
htdocs/core/modules/rapport/pdf_paiement.class.php
View File

@ -226,7 +226,7 @@ class pdf_paiement extends CommonDocGenerator
$sql .= " ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba,";
}
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid AND pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid";
@ -235,7 +235,7 @@ class pdf_paiement extends CommonDocGenerator
}
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
@ -264,7 +264,7 @@ class pdf_paiement extends CommonDocGenerator
$sql .= " ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba,";
}
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid AND pf.fk_facturefourn = f.rowid AND pf.fk_paiementfourn = p.rowid";
@ -273,7 +273,7 @@ class pdf_paiement extends CommonDocGenerator
}
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {

24
htdocs/dav/dav.class.php
View File

@ -81,27 +81,17 @@ class CdavLib
LEFT OUTER JOIN '.MAIN_DB_PREFIX.'user AS u ON (u.rowid=fk_element)
WHERE ar.element_type=\'user\' AND fk_actioncomm=a.id) AS other_users
FROM '.MAIN_DB_PREFIX.'actioncomm AS a';
if (!$this->user->rights->societe->client->voir) { //FIXME si 'voir' on voit plus de chose ?
$sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.((int) $this->user->id).')
LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = sc.fk_soc)
LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.fk_soc = sc.fk_soc AND sp.rowid = a.fk_contact)
LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)';
} else {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = a.fk_soc)
LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.rowid = a.fk_contact)
LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)';
}
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays
$sql .= " LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays
LEFT JOIN '.MAIN_DB_PREFIX.'c_country as cos ON cos.rowid = s.fk_pays
WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.((int) $calid).')
AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type<>\'systemauto\')
AND a.entity IN ('.getEntity('societe', 1).')';
WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type='user' AND ar.fk_element=".((int) $calid).")
AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type <> 'systemauto')
AND a.entity IN (".getEntity('societe', 1).")";
// TODO Restrict on external users
if ($oid !== false) {
if ($ouri === false) {
$sql .= ' AND a.id = '.intval($oid);
$sql .= ' AND a.id = '.((int) $oid);
} else {
$sql .= ' AND (a.id = '.intval($oid).' OR ac.uuidext = \''.$this->db->escape($ouri).'\')';
$sql .= ' AND (a.id = '.((int) $oid)." OR ac.uuidext = '".$this->db->escape($ouri)."')";
}
}

2
htdocs/document.php
View File

@ -122,7 +122,7 @@ if ($user->socid > 0) {
// For some module part, dir may be privates
if (in_array($modulepart, array('facture_paiement', 'unpaid'))) {
if (!$user->hasRight('societe', 'client', 'voir') || $socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$original_file = 'private/'.$user->id.'/'.$original_file; // If user has no permission to see all, output dir is specific to user
}
}

2
htdocs/don/stats/index.php
View File

@ -74,7 +74,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/donationnbinyear-'.$user->id.'-'.$year.'.png';
} else {
$filenamenb = $dir.'/donationnbinyear-'.$year.'.png';

12
htdocs/expedition/class/expeditionstats.class.php
View File

@ -96,7 +96,7 @@ class ExpeditionStats extends Stats
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
$this->where .= " AND c.entity = ".$conf->entity;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
@ -120,7 +120,7 @@ class ExpeditionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -144,7 +144,7 @@ class ExpeditionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;
@ -167,7 +167,7 @@ class ExpeditionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -191,7 +191,7 @@ class ExpeditionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, AVG(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= $this->join;
@ -213,7 +213,7 @@ class ExpeditionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;

10
htdocs/expedition/index.php
View File

@ -69,7 +69,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
$sql .= $clause." sc.fk_user = ".((int) $user->id);
$clause = " AND ";
@ -141,11 +141,11 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping' AND el.sourcetype IN ('commande')";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid AND el.sourcetype IN ('commande') AND el.targettype = 'shipping'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
}
$sql .= " WHERE e.entity IN (".getEntity('expedition').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED;
@ -211,7 +211,7 @@ if ($resql) {
$sql = "SELECT c.rowid, c.ref, c.ref_client as ref_customer, c.fk_statut as status, c.facture as billed, s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."commande as c,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -220,7 +220,7 @@ $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS
if ($socid > 0) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid ASC";

2
htdocs/expedition/stats/index.php
View File

@ -76,7 +76,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/shipmentsnbinyear-'.$user->id.'-'.$year.'.png';
} else {
$filenamenb = $dir.'/shipmentsnbinyear-'.$year.'.png';

2
htdocs/expensereport/stats/index.php
View File

@ -149,7 +149,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png';
if ($mode == 'customer') {
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png';

6
htdocs/fichinter/card-rec.php
View File

@ -783,7 +783,7 @@ if ($action == 'create') {
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter_rec as f";
$sql .= " , ".MAIN_DB_PREFIX."societe as s ";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " , ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -791,12 +791,14 @@ if ($action == 'create') {
if (!empty($socid)) {
$sql .= " AND s.rowid = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
/*
if (!empty($search_ref)) {
$sql .= natural_search('f.titre', $search_ref);
}
*/
if (!empty($search_societe)) {
$sql .= natural_search('s.nom', $search_societe);
}

2
htdocs/fichinter/class/fichinter.class.php
View File

@ -224,7 +224,7 @@ class Fichinter extends CommonObject
$sql = "SELECT count(fi.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as fi";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql .= " WHERE sc.fk_user = ".((int) $user->id);
$clause = "AND";

12
htdocs/fichinter/class/fichinterstats.class.php
View File

@ -72,7 +72,7 @@ class FichinterStats extends Stats
$this->field_line = '0';
//$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled
}
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$this->where .= (!empty($this->where) ? ' AND ' : '')." c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('intervention').')';
@ -98,7 +98,7 @@ class FichinterStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -122,7 +122,7 @@ class FichinterStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, 0";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;
@ -145,7 +145,7 @@ class FichinterStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, 0";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -169,7 +169,7 @@ class FichinterStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, 0";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -191,7 +191,7 @@ class FichinterStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, 0 as total, 0 as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;

16
htdocs/fichinter/index.php
View File

@ -75,7 +75,7 @@ print '<div class="fichecenter"><div class="fichethirdleft">';
$sql = "SELECT count(f.rowid), f.fk_statut";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."fichinter as f";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
@ -83,7 +83,7 @@ $sql .= " AND f.fk_soc = s.rowid";
if ($user->socid) {
$sql .= ' AND f.fk_soc = '.((int) $user->socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " GROUP BY f.fk_statut";
@ -176,7 +176,7 @@ if (isModEnabled('ficheinter')) {
$sql = "SELECT f.rowid, f.ref, s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
@ -185,7 +185,7 @@ if (isModEnabled('ficheinter')) {
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
@ -226,7 +226,7 @@ $sql = "SELECT f.rowid, f.ref, f.fk_statut, f.date_valid as datec, f.tms as date
$sql .= " s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
@ -235,7 +235,7 @@ $sql .= " AND f.fk_soc = s.rowid";
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.tms DESC";
@ -299,7 +299,7 @@ if (isModEnabled('ficheinter')) {
$sql = "SELECT f.rowid, f.ref, f.fk_statut, s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.entity IN (".getEntity('intervention').")";
@ -308,7 +308,7 @@ if (isModEnabled('ficheinter')) {
if ($socid) {
$sql .= " AND f.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY f.rowid DESC";

4
htdocs/fichinter/list.php
View File

@ -275,7 +275,7 @@ $parameters = array();
$reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
$sql .= $hookmanager->resPrint;
if (!$user->hasRight('societe', 'client', 'voir') && empty($socid)) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
@ -306,7 +306,7 @@ if ($search_desc) {
if ($search_status != '' && $search_status >= 0) {
$sql .= ' AND f.fk_statut = '.urlencode($search_status);
}
if (!$user->hasRight('societe', 'client', 'voir') && empty($socid)) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/fichinter/stats/index.php
View File

@ -80,7 +80,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/interventionsnbinyear-'.$user->id.'-'.$year.'.png';
$fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsnbinyear-'.$user->id.'-'.$year.'.png';
} else {
@ -116,7 +116,7 @@ if (!$mesg) {
$data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenameamount = $dir.'/interventionsamountinyear-'.$user->id.'-'.$year.'.png';
$fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsamountinyear-'.$user->id.'-'.$year.'.png';
} else {
@ -151,7 +151,7 @@ if (!$mesg) {
$data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear);
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filename_avg = $dir.'/interventionsaverage-'.$user->id.'-'.$year.'.png';
$fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsaverage-'.$user->id.'-'.$year.'.png';
} else {

4
htdocs/margin/customerMargins.php
View File

@ -231,14 +231,14 @@ if (!empty($TSelectedCats)) {
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product=d.fk_product';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")";

10
htdocs/margin/tabs/productMargins.php
View File

@ -142,7 +142,7 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT s.nom as name, s.rowid as socid, s.code_client,";
$sql .= " f.rowid as facid, f.ref, f.total_ht,";
$sql .= " f.datef, f.paye, f.fk_statut as statut, f.type,";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " sc.fk_soc, sc.fk_user,";
}
$sql .= " sum(d.total_ht) as selling_price,"; // may be negative or positive
@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."facture as f";
$sql .= ", ".MAIN_DB_PREFIX."facturedet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -160,11 +160,11 @@ if ($id > 0 || !empty($ref)) {
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND d.fk_facture = f.rowid";
$sql .= " AND d.fk_product = ".((int) $object->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if (!empty($socid)) {
$sql .= " AND f.fk_soc = $socid";
$sql .= " AND f.fk_soc = ".((int) $socid);
}
$sql .= " AND d.buy_price_ht IS NOT NULL";
// We should not use this here. Option ForceBuyingPriceIfNull should have effect only when inserting data. Once data is recorded, it must be used as it is for report.
@ -173,7 +173,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " AND d.buy_price_ht <> 0";
}
$sql .= " GROUP BY s.nom, s.rowid, s.code_client, f.rowid, f.ref, f.total_ht, f.datef, f.paye, f.fk_statut, f.type";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user";
}
$sql .= $db->order($sortfield, $sortorder);

19
htdocs/modulebuilder/template/myobject_list.php
View File

@ -348,6 +348,25 @@ foreach ($search as $key => $val) {
if ($search_all) {
$sql .= natural_search(array_keys($fieldstosearchall), $search_all);
}
/*
// If the internal user must only see his customers, force searching by him
$search_sale = 0;
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Search on sale representative
if ($search_sale && $search_sale != '-1') {
if ($search_sale == -2) {
$sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)";
} elseif ($search_sale > 0) {
$sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")";
}
}
// Search on socid
if ($socid) {
$sql .= " AND t.fk_soc = ".((int) $socid);
}
*/
//$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear);
// Add where from extra fields
include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php';

77
htdocs/product/class/product.class.php
View File

@ -2884,7 +2884,7 @@ class Product extends CommonObject
$sql .= " SUM(mp.qty) as qty";
$sql .= " FROM ".$this->db->prefix()."mrp_mo as c";
$sql .= " INNER JOIN ".$this->db->prefix()."mrp_production as mp ON mp.fk_mo=c.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".$this->db->prefix()."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " WHERE ";
@ -3007,7 +3007,7 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."propaldet as pd";
$sql .= ", ".$this->db->prefix()."propal as p";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE p.rowid = pd.fk_propal";
@ -3082,14 +3082,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."supplier_proposaldet as pd";
$sql .= ", ".$this->db->prefix()."supplier_proposal as p";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE p.rowid = pd.fk_supplier_proposal";
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
$sql .= " AND pd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND pr.fk_statut != 0";
@ -3138,14 +3138,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."commandedet as cd";
$sql .= ", ".$this->db->prefix()."commande as c";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.rowid = cd.fk_commande";
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'commande').")";
$sql .= " AND cd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3266,14 +3266,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."commande_fournisseurdet as cd";
$sql .= ", ".$this->db->prefix()."commande_fournisseur as c";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.rowid = cd.fk_commande";
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'supplier_order').")";
$sql .= " AND cd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3329,7 +3329,7 @@ class Product extends CommonObject
$sql .= ", ".$this->db->prefix()."commande as c";
$sql .= ", ".$this->db->prefix()."expedition as e";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE e.rowid = ed.fk_expedition";
@ -3338,7 +3338,7 @@ class Product extends CommonObject
$sql .= " AND e.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'expedition').")";
$sql .= " AND ed.fk_origin_line = cd.rowid";
$sql .= " AND cd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3413,14 +3413,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."commande_fournisseur_dispatch as fd";
$sql .= ", ".$this->db->prefix()."commande_fournisseur as cf";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE cf.rowid = fd.fk_commande";
$sql .= " AND cf.fk_soc = s.rowid";
$sql .= " AND cf.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'supplier_order').")";
$sql .= " AND fd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3474,13 +3474,13 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."mrp_production as mp";
$sql .= ", ".$this->db->prefix()."mrp_mo as m";
$sql .= " LEFT JOIN ".$this->db->prefix()."societe as s ON s.rowid = m.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE m.rowid = mp.fk_mo";
$sql .= " AND m.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'mrp').")";
$sql .= " AND mp.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) {
if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) {
$sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3570,14 +3570,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."contratdet as cd";
$sql .= ", ".$this->db->prefix()."contrat as c";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.rowid = cd.fk_contrat";
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " AND cd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND c.statut != 0";
@ -3644,14 +3644,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."facturedet as fd";
$sql .= ", ".$this->db->prefix()."facture as f";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE f.rowid = fd.fk_facture";
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND fd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND f.fk_statut != 0";
@ -3719,14 +3719,14 @@ class Product extends CommonObject
$sql .= " FROM ".MAIN_DB_PREFIX."facturedet_rec as fd";
$sql .= ", ".MAIN_DB_PREFIX."facture_rec as f";
$sql .= ", ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.rowid = fd.fk_facture";
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
$sql .= " AND fd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND f.fk_statut != 0";
@ -3793,14 +3793,14 @@ class Product extends CommonObject
$sql .= " FROM ".$this->db->prefix()."facture_fourn_det as fd";
$sql .= ", ".$this->db->prefix()."facture_fourn as f";
$sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE f.rowid = fd.fk_facture_fourn";
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
$sql .= " AND fd.fk_product = ".((int) $this->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND f.fk_statut != 0";
@ -3931,7 +3931,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE f.rowid = d.fk_facture";
@ -3945,7 +3945,7 @@ class Product extends CommonObject
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('invoice').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -3985,7 +3985,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE f.rowid = d.fk_facture_fourn";
@ -3999,7 +3999,7 @@ class Product extends CommonObject
}
$sql .= " AND f.fk_soc = s.rowid";
$sql .= " AND f.entity IN (".getEntity('facture_fourn').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4037,7 +4037,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as prod";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE p.rowid = d.fk_propal";
@ -4051,7 +4051,7 @@ class Product extends CommonObject
}
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('propal').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4090,7 +4090,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as prod";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE p.rowid = d.fk_supplier_proposal";
@ -4104,7 +4104,7 @@ class Product extends CommonObject
}
$sql .= " AND p.fk_soc = s.rowid";
$sql .= " AND p.entity IN (".getEntity('supplier_proposal').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4142,7 +4142,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.rowid = d.fk_commande";
@ -4156,7 +4156,7 @@ class Product extends CommonObject
}
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('commande').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4194,7 +4194,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.rowid = d.fk_commande";
@ -4208,7 +4208,7 @@ class Product extends CommonObject
}
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('supplier_order').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4246,10 +4246,9 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE c.entity IN (".getEntity('contract').")";
$sql .= " AND c.rowid = d.fk_contrat";
@ -4263,7 +4262,7 @@ class Product extends CommonObject
}
$sql .= " AND c.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {
@ -4300,7 +4299,7 @@ class Product extends CommonObject
if ($filteronproducttype >= 0) {
$sql .= ", ".$this->db->prefix()."product as p";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
@ -4316,7 +4315,7 @@ class Product extends CommonObject
$sql .= " AND p.rowid = d.fk_product AND p.fk_product_type = ".((int) $filteronproducttype);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid > 0) {

6
htdocs/product/stats/commande.php
View File

@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) {
$sql .= " c.ref_client,";
$sql .= " c.date_commande, c.fk_statut as statut, c.facture, c.rowid as commandeid, d.rowid, d.qty,";
$sql .= " c.date_livraison as delivery_date";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande as c";
$sql .= ", ".MAIN_DB_PREFIX."commandedet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/commande_fournisseur.php
View File

@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) {
$sql .= " c.rowid, d.total_ht as total_ht, c.ref,";
$sql .= " c.date_commande, c.fk_statut as statut, c.rowid as commandeid, d.rowid, d.qty,";
$sql .= " c.date_livraison as delivery_date";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c";
$sql .= ", ".MAIN_DB_PREFIX."commande_fournisseurdet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

4
htdocs/product/stats/contrat.php
View File

@ -135,7 +135,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " c.rowid as rowid, c.ref, c.ref_customer, c.ref_supplier, c.date_contrat, c.statut as statut,";
$sql .= " s.nom as name, s.rowid as socid, s.code_client";
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= ", ".MAIN_DB_PREFIX."contrat as c";
@ -144,7 +144,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " AND c.fk_soc = s.rowid";
$sql .= " AND c.entity IN (".getEntity('contract').")";
$sql .= " AND cd.fk_product = ".((int) $product->id);
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/facture.php
View File

@ -193,7 +193,7 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client,";
$sql .= " f.ref, f.datef, f.paye, f.type, f.fk_statut as statut, f.rowid as facid,";
$sql .= " d.rowid, d.total_ht as total_ht, d.qty"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
// Add fields from extrafields
@ -214,7 +214,7 @@ if ($id > 0 || !empty($ref)) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX.'facture'."_extrafields as ef on (f.rowid = ef.fk_object)";
}
$sql .= ", ".MAIN_DB_PREFIX."facturedet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
// Add table from hooks
@ -232,7 +232,7 @@ if ($id > 0 || !empty($ref)) {
if ($search_date_end) {
$sql .= " AND f.datef <= '".$db->idate($search_date_end)."'";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/facture_fournisseur.php
View File

@ -140,13 +140,13 @@ if ($id > 0 || !empty($ref)) {
if ($user->hasRight('fournisseur', 'facture', 'lire')) {
$sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client, d.rowid, d.total_ht as line_total_ht,";
$sql .= " f.rowid as facid, f.ref, f.ref_supplier, f.datef, f.libelle as label, f.total_ht, f.total_ttc, f.total_tva, f.paye, f.fk_statut as statut, d.qty";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."facture_fourn as f";
$sql .= ", ".MAIN_DB_PREFIX."facture_fourn_det as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/facturerec.php
View File

@ -158,13 +158,13 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client,";
$sql .= "f.titre as title, f.datec, f.rowid as facid, f.suspended as suspended,";
$sql .= " d.rowid, d.total_ht as total_ht, d.qty"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ", ".MAIN_DB_PREFIX."facture_rec as f";
$sql .= ", ".MAIN_DB_PREFIX."facturedet_rec as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE f.fk_soc = s.rowid";
@ -177,7 +177,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(f.datec) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/propal.php
View File

@ -142,13 +142,13 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, p.rowid as propalid, p.ref, d.total_ht as amount,";
$sql .= " p.ref_client,";
$sql .= "p.datep, p.fk_statut as statut, d.rowid, d.qty";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ",".MAIN_DB_PREFIX."propal as p";
$sql .= ", ".MAIN_DB_PREFIX."propaldet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_soc = s.rowid";
@ -161,7 +161,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stats/supplier_proposal.php
View File

@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) {
$sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, p.rowid as propalid, p.ref, d.total_ht as amount,";
//$sql .= " p.ref_supplier,";
$sql .= "p.date_valid, p.fk_statut as statut, d.rowid, d.qty";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= ",".MAIN_DB_PREFIX."supplier_proposal as p";
$sql .= ", ".MAIN_DB_PREFIX."supplier_proposaldet as d";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE p.fk_soc = s.rowid";
@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

14
htdocs/product/stock/class/productlot.class.php
View File

@ -767,12 +767,12 @@ class Productlot extends CommonObject
$sql .= " INNER JOIN ".$this->db->prefix()."expeditiondet as ed ON (ed.rowid = edb.fk_expeditiondet)";
$sql .= " INNER JOIN ".$this->db->prefix()."expedition as exp ON (exp.rowid = ed.fk_expedition)";
// $sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE exp.entity IN (".getEntity('expedition').")";
$sql .= " AND edb.batch = '".($this->db->escape($this->batch))."'";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND exp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND exp.fk_statut != 0";
@ -842,12 +842,12 @@ class Productlot extends CommonObject
$sql .= " INNER JOIN ".$this->db->prefix()."commande_fournisseurdet as cfd ON (cfd.rowid = cfdi.fk_commandefourndet)";
$sql .= " INNER JOIN ".$this->db->prefix()."commande_fournisseur as cf ON (cf.rowid = cfd.fk_commande)";
// $sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE cf.entity IN (".getEntity('expedition').")";
$sql .= " AND cfdi.batch = '".($this->db->escape($this->batch))."'";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND cf.fk_statut != 0";
@ -916,12 +916,12 @@ class Productlot extends CommonObject
$sql .= " FROM ".$this->db->prefix()."commande_fournisseur_dispatch as cfdi";
$sql .= " INNER JOIN ".$this->db->prefix()."reception as recep ON (recep.rowid = cfdi.fk_reception)";
// $sql .= ", ".$this->db->prefix()."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".$this->db->prefix()."societe_commerciaux as sc";
}
$sql .= " WHERE recep.entity IN (".getEntity('reception').")";
$sql .= " AND cfdi.batch = '".($this->db->escape($this->batch))."'";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND recep.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
//$sql.= " AND exp.fk_statut != 0";
@ -996,7 +996,7 @@ class Productlot extends CommonObject
$sql .= " SUM(mp.qty) as qty";
$sql .= " FROM ".$this->db->prefix()."mrp_mo as c";
$sql .= " INNER JOIN ".$this->db->prefix()."mrp_production as mp ON mp.fk_mo=c.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= "INNER JOIN ".$this->db->prefix()."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " WHERE ";

4
htdocs/product/stock/replenishorders.php
View File

@ -126,7 +126,7 @@ $sql .= ' cf.rowid, cf.ref, cf.fk_statut, cf.total_ttc, cf.fk_user_author,';
$sql .= ' u.login';
$sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'commande_fournisseur as cf';
$sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user as u ON cf.fk_user_author = u.rowid';
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ', '.MAIN_DB_PREFIX.'societe_commerciaux as sc';
}
$sql .= ' WHERE cf.fk_soc = s.rowid ';
@ -138,7 +138,7 @@ if (getDolGlobalString('STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER')) {
} else {
$sql .= ' AND cf.fk_statut < 5';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id);
}
if ($sref) {

6
htdocs/product/stock/stats/commande_fournisseur.php
View File

@ -218,14 +218,14 @@ if ($id > 0 || !empty($ref)) {
$sql .= " cf.ref, cf.date_commande, cf.date_livraison as delivery_date, cf.fk_statut as statut, cf.rowid as facid,";
$sql .= " cfd.rowid, SUM(cfdi.qty) as qty";
// $sql.= ", cfd.total_ht * SUM(cfdi.qty) / cfd.qty as total_ht_pondere";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur as cf ON (cf.fk_soc = s.rowid)";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseurdet as cfd ON (cfd.fk_commande = cf.rowid)";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfdi ON (cfdi.fk_commandefourndet = cfd.rowid)";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE cf.entity IN (".getEntity('product').")";
@ -236,7 +236,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(cf.date_commande) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stock/stats/expedition.php
View File

@ -218,14 +218,14 @@ if ($id > 0 || !empty($ref)) {
$sql .= " exp.ref, exp.date_creation, exp.fk_statut as statut, exp.rowid as facid,";
$sql .= " d.rowid, db.qty";
// $sql.= ", d.total_ht as total_ht"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expedition as exp ON (exp.fk_soc = s.rowid)";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expeditiondet as d ON (d.fk_expedition = exp.rowid)";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as db ON (db.fk_expeditiondet = d.rowid)";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE exp.entity IN (".getEntity('product').")";
@ -236,7 +236,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(exp.date_creation) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

6
htdocs/product/stock/stats/reception.php
View File

@ -218,13 +218,13 @@ if ($id > 0 || !empty($ref)) {
$sql .= " recep.ref, recep.date_creation, recep.fk_statut as statut, recep.rowid as facid,";
$sql .= " d.qty";
// $sql.= ", d.total_ht as total_ht"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", sc.fk_soc, sc.fk_user ";
}
$sql .= " FROM ".MAIN_DB_PREFIX."societe as s";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."reception as recep ON (recep.fk_soc = s.rowid)";
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as d ON (d.fk_reception = recep.rowid)";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE recep.entity IN (".getEntity('product').")";
@ -235,7 +235,7 @@ if ($id > 0 || !empty($ref)) {
if (!empty($search_year)) {
$sql .= ' AND YEAR(recep.date_creation) IN ('.$db->sanitize($search_year).')';
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($socid) {

4
htdocs/projet/class/task.class.php
View File

@ -2350,7 +2350,7 @@ class Task extends CommonObjectLine
$sql = "SELECT count(p.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."projet as p";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
}
$sql .= ", ".MAIN_DB_PREFIX."projet_task as t";
@ -2364,7 +2364,7 @@ class Task extends CommonObjectLine
if ($socid) {
$sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")";
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))";
}

10
htdocs/projet/class/taskstats.class.php
View File

@ -58,8 +58,8 @@ class TaskStats extends Stats
$sql = "SELECT";
$sql .= " COUNT(t.rowid), t.priority";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->buildWhere();
//$sql .= " AND t.fk_statut <> 0"; // We want historic also, so all task not draft
@ -112,8 +112,8 @@ class TaskStats extends Stats
$sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id);
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= $this->buildWhere();
$sql .= " GROUP BY year";
@ -174,7 +174,7 @@ class TaskStats extends Stats
$sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(t.rowid) as nb";
$sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet";
if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id);
}
$sql .= $this->buildWhere();

12
htdocs/reception/class/receptionstats.class.php
View File

@ -70,7 +70,7 @@ class ReceptionStats extends Stats
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
$this->where .= " AND c.entity IN (".getEntity('reception').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
if ($this->socid) {
@ -94,7 +94,7 @@ class ReceptionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -118,7 +118,7 @@ class ReceptionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;
@ -141,7 +141,7 @@ class ReceptionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, SUM(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -165,7 +165,7 @@ class ReceptionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%m') as dm, AVG(c.".$this->field.")";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
@ -187,7 +187,7 @@ class ReceptionStats extends Stats
$sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
$sql .= " FROM ".$this->from;
if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE ".$this->where;

10
htdocs/reception/index.php
View File

@ -88,7 +88,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."reception as e";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'reception'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source = c.rowid";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
$sql .= $clause." sc.fk_user = ".((int) $user->id);
$clause = " AND ";
@ -152,11 +152,11 @@ $sql .= " FROM ".MAIN_DB_PREFIX."reception as e";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'reception' AND el.sourcetype IN ('order_supplier')";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source = c.rowid AND el.sourcetype IN ('order_supplier') AND el.targettype = 'reception'";
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc";
}
$sql .= " WHERE e.entity IN (".getEntity('reception').")";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND sc.fk_user = ".((int) $user->id);
}
$sql .= " AND e.fk_statut = 1";
@ -213,7 +213,7 @@ if ($resql) {
$sql = "SELECT c.rowid, c.ref, c.ref_supplier as ref_supplier, c.fk_statut as status, c.billed as billed, s.nom as name, s.rowid as socid";
$sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c,";
$sql .= " ".MAIN_DB_PREFIX."societe as s";
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
}
$sql .= " WHERE c.fk_soc = s.rowid";
@ -222,7 +222,7 @@ $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".Comma
if ($socid > 0) {
$sql .= " AND c.fk_soc = ".((int) $socid);
}
if (!$user->hasRight('societe', 'client', 'voir') && !$socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id);
}
$sql .= " ORDER BY c.rowid ASC";

2
htdocs/reception/stats/index.php
View File

@ -71,7 +71,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear);
// $data = array(array('Lib',val1,val2,val3),...)
if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) {
if (!$user->hasRight('societe', 'client', 'voir')) {
$filenamenb = $dir.'/receptionsnbinyear-'.$user->id.'-'.$year.'.png';
} else {
$filenamenb = $dir.'/receptionsnbinyear-'.$year.'.png';

Some files were not shown because too many files have changed in this diff Show More