diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php index 21e8d1fed11..d574dcaa241 100644 --- a/htdocs/comm/action/class/actioncomm.class.php +++ b/htdocs/comm/action/class/actioncomm.class.php @@ -1422,9 +1422,6 @@ class ActionComm extends CommonObject $sql = "SELECT count(a.id) as nb"; } $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; - } if (!$user->hasRight('agenda', 'allactions', 'read')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".((int) $user->id); } @@ -1433,17 +1430,24 @@ class ActionComm extends CommonObject $sql .= " AND a.percent >= 0 AND a.percent < 100"; } $sql .= " AND a.entity IN (".getEntity('agenda').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; - } - if ($user->socid) { - $sql .= " AND a.fk_soc = ".((int) $user->socid); - } if (!$user->hasRight('agenda', 'allactions', 'read')) { $sql .= " AND (a.fk_user_author = ".((int) $user->id)." OR a.fk_user_action = ".((int) $user->id)." OR a.fk_user_done = ".((int) $user->id); $sql .= " OR ar.fk_element = ".((int) $user->id); $sql .= ")"; } + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } $resql = $this->db->query($sql); if ($resql) { diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php index fe0f2e6ee75..9c84eeea19c 100644 --- a/htdocs/comm/action/index.php +++ b/htdocs/comm/action/index.php @@ -712,9 +712,6 @@ $sql .= ' a.fk_soc, a.fk_contact, a.fk_project, a.fk_bookcal_calendar,'; $sql .= ' a.fk_element, a.elementtype,'; $sql .= ' ca.code as type_code, ca.libelle as type_label, ca.color as type_color, ca.type as type_type, ca.picto as type_picto'; $sql .= ' FROM '.MAIN_DB_PREFIX.'c_actioncomm as ca, '.MAIN_DB_PREFIX."actioncomm as a"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; -} // We must filter on resource table if ($resourceid > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_resources as r"; @@ -763,10 +760,21 @@ if ($resourceid > 0) { if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } -if ($socid > 0) { +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { $sql .= " AND a.fk_soc = ".((int) $socid); } // We must filter on assignement table diff --git a/htdocs/comm/action/list.php b/htdocs/comm/action/list.php index 5e403dff7a8..d499b8b050f 100644 --- a/htdocs/comm/action/list.php +++ b/htdocs/comm/action/list.php @@ -438,9 +438,6 @@ $sqlfields = $sql; // $sql fields to remove for count total $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_extrafields as ef ON (a.id = ef.fk_object)"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; -} $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; $sql .= " ,".MAIN_DB_PREFIX."c_actioncomm as c"; @@ -492,11 +489,22 @@ if ($resourceid > 0) { if ($pid) { $sql .= " AND a.fk_project=".((int) $pid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } -if ($socid > 0) { - $sql .= " AND s.rowid = ".((int) $socid); +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND a.fk_soc = ".((int) $socid); } // We must filter on assignement table if ($filtert > 0 || $usergroup > 0) { diff --git a/htdocs/comm/action/pertype.php b/htdocs/comm/action/pertype.php index 1d3add211ef..a18f98ebdaa 100644 --- a/htdocs/comm/action/pertype.php +++ b/htdocs/comm/action/pertype.php @@ -522,9 +522,6 @@ $sql .= ' a.transparency, a.priority, a.fulldayevent, a.location,'; $sql .= ' a.fk_soc, a.fk_contact, a.fk_element, a.elementtype, a.fk_project,'; $sql .= ' ca.code, ca.libelle as type_label, ca.color, ca.type as type_type, ca.picto as type_picto'; $sql .= ' FROM '.MAIN_DB_PREFIX.'c_actioncomm as ca, '.MAIN_DB_PREFIX."actioncomm as a"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; -} // We must filter on resource table if ($resourceid > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_resources as r"; @@ -571,13 +568,24 @@ if ($resourceid > 0) { $sql .= " AND r.element_type = 'action' AND r.element_id = a.id AND r.resource_id = ".((int) $resourceid); } if ($pid) { - $sql .= " AND a.fk_project=".((int) $pid); + $sql .= " AND a.fk_project = ".((int) $pid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } -if ($socid > 0) { - $sql .= ' AND a.fk_soc = '.((int) $socid); +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND a.fk_soc = ".((int) $socid); } // We must filter on assignement table if ($filtert > 0 || $usergroup > 0) { diff --git a/htdocs/comm/action/peruser.php b/htdocs/comm/action/peruser.php index 8aa8ac23537..818ff18c13b 100644 --- a/htdocs/comm/action/peruser.php +++ b/htdocs/comm/action/peruser.php @@ -535,9 +535,6 @@ $sql .= " a.transparency, a.priority, a.fulldayevent, a.location,"; $sql .= " a.fk_soc, a.fk_contact, a.fk_element, a.elementtype, a.fk_project,"; $sql .= " ca.code, ca.libelle as type_label, ca.color, ca.type as type_type, ca.picto as type_picto"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm as ca, ".MAIN_DB_PREFIX."actioncomm as a"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; -} // We must filter on resource table if ($resourceid > 0) { $sql .= ", ".MAIN_DB_PREFIX."element_resources as r"; @@ -591,10 +588,21 @@ if ($resourceid > 0) { if ($pid) { $sql .= " AND a.fk_project = ".((int) $pid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } -if ($socid > 0) { +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = a.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { $sql .= " AND a.fk_soc = ".((int) $socid); } diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php index e86a3d10848..3023a70c546 100644 --- a/htdocs/comm/contact.php +++ b/htdocs/comm/contact.php @@ -80,19 +80,13 @@ if ($type == "f") { * List mode */ -$sql = "SELECT s.rowid, s.nom as name, st.libelle as stcomm"; -$sql .= ", p.rowid as cidp, p.name, p.firstname, p.email, p.phone"; +$sql = "SELECT s.rowid, s.nom as name, st.libelle as stcomm,"; +$sql .= " p.rowid as cidp, p.name, p.firstname, p.email, p.phone"; $sql .= " FROM ".MAIN_DB_PREFIX."c_stcomm as st,"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; -} $sql .= " ".MAIN_DB_PREFIX."socpeople as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND p.entity IN (".getEntity('contact').")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); -} if ($type == "c") { $sql .= " AND s.client IN (1, 3)"; } @@ -102,9 +96,6 @@ if ($type == "p") { if ($type == "f") { $sql .= " AND s.fournisseur = 1"; } -if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); -} if (!empty($search_lastname)) { $sql .= " AND p.name LIKE '%".$db->escape($search_lastname)."%'"; } @@ -119,6 +110,23 @@ if (!empty($contactname)) { // acces a partir du module de recherche $sortfield = "p.name"; $sortorder = "ASC"; } +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND p.fk_soc = ".((int) $socid); +} $sql .= $db->order($sortfield, $sortorder); $sql .= $db->plimit($limit + 1, $offset); diff --git a/htdocs/comm/index.php b/htdocs/comm/index.php index da07b9f9dd6..91d667348af 100644 --- a/htdocs/comm/index.php +++ b/htdocs/comm/index.php @@ -137,13 +137,13 @@ if (isModEnabled("propal") && $user->hasRight("propal", "lire")) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_DRAFT; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -235,13 +235,13 @@ if (isModEnabled('supplier_proposal') && $user->hasRight("supplier_proposal", "l $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.entity IN (".getEntity($supplierproposalstatic->element).")"; $sql .= " AND p.fk_statut = ".SupplierProposal::STATUS_DRAFT; $sql .= " AND p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -332,13 +332,13 @@ if (isModEnabled('commande') && $user->hasRight('commande', 'lire')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")"; $sql .= " AND c.fk_statut = ".Commande::STATUS_DRAFT; $sql .= " AND c.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -430,13 +430,13 @@ if ((isModEnabled("fournisseur") && !getDolGlobalString('MAIN_USE_NEW_SUPPLIERMO $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as cf,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE cf.entity IN (".getEntity($supplierorderstatic->element).")"; $sql .= " AND cf.fk_statut = ".CommandeFournisseur::STATUS_DRAFT; $sql .= " AND cf.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -527,7 +527,7 @@ if (isModEnabled('ficheinter')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; @@ -536,7 +536,7 @@ if (isModEnabled('ficheinter')) { if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -608,12 +608,12 @@ if (isModEnabled("societe") && $user->hasRight('societe', 'lire')) { $sql .= ", s.canvas"; $sql .= ", s.datec, s.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.client IN (".Societe::CUSTOMER.", ".Societe::PROSPECT.", ".Societe::CUSTOMER_AND_PROSPECT.")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks @@ -714,12 +714,12 @@ if ((isModEnabled("supplier_order") || isModEnabled("supplier_invoice")) && $use $sql .= ", s.canvas"; $sql .= ", s.datec as dc, s.tms as dm"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.entity IN (".getEntity($companystatic->element).")"; $sql .= " AND s.fournisseur = ".Societe::SUPPLIER; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks @@ -829,13 +829,13 @@ if (isModEnabled('contrat') && $user->hasRight("contrat", "lire") && 0) { // TOD $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."product as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.entity IN (".getEntity($staticcontrat->element).")"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_product = p.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -904,13 +904,13 @@ if (isModEnabled("propal") && $user->hasRight("propal", "lire")) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -1023,13 +1023,13 @@ if (isModEnabled('commande') && $user->hasRight('commande', 'lire')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.entity IN (".getEntity($orderstatic->element).")"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS_SHIPMENTONPROCESS.")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/comm/mailing/class/advtargetemailing.class.php b/htdocs/comm/mailing/class/advtargetemailing.class.php index 89bd1a23f19..ef9f7c1444a 100644 --- a/htdocs/comm/mailing/class/advtargetemailing.class.php +++ b/htdocs/comm/mailing/class/advtargetemailing.class.php @@ -546,10 +546,10 @@ class AdvanceTargetingMailing extends CommonObject if (count($arrayquery) > 0) { if (array_key_exists('cust_saleman', $arrayquery)) { - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc=t.rowid "; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc = t.rowid"; } if (array_key_exists('cust_categ', $arrayquery)) { - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc=t.rowid "; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc = t.rowid"; } if (!empty($arrayquery['cust_name'])) { @@ -787,10 +787,10 @@ class AdvanceTargetingMailing extends CommonObject if (!empty($withThirdpartyFilter)) { if (array_key_exists('cust_saleman', $arrayquery)) { - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc=ts.rowid "; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as saleman ON saleman.fk_soc = ts.rowid"; } if (array_key_exists('cust_categ', $arrayquery)) { - $sql .= " LEFT OUTER JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc=ts.rowid "; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_societe as custcateg ON custcateg.fk_soc = ts.rowid"; } if (!empty($arrayquery['cust_name'])) { diff --git a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php index c63fad696ee..006405ee1dc 100644 --- a/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php +++ b/htdocs/comm/mailing/class/html.formadvtargetemailing.class.php @@ -165,10 +165,9 @@ class FormAdvTargetEmailing extends Form $sql_usr .= "SELECT DISTINCT u2.rowid, u2.lastname as name, u2.firstname, u2.login"; $sql_usr .= " FROM ".MAIN_DB_PREFIX."user as u2, ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql_usr .= " WHERE u2.entity IN (0,".$conf->entity.")"; - $sql_usr .= " AND u2.rowid = sc.fk_user "; - + $sql_usr .= " AND u2.rowid = sc.fk_user"; if (getDolGlobalString('USER_HIDE_INACTIVE_IN_COMBOBOX')) { - $sql_usr .= " AND u2.statut<>0 "; + $sql_usr .= " AND u2.statut <> 0"; } $sql_usr .= " ORDER BY name ASC"; // print $sql_usr;exit; diff --git a/htdocs/comm/propal/class/propal.class.php b/htdocs/comm/propal/class/propal.class.php index b6a568d9cfc..28d62bafb87 100644 --- a/htdocs/comm/propal/class/propal.class.php +++ b/htdocs/comm/propal/class/propal.class.php @@ -2946,24 +2946,30 @@ class Propal extends CommonObject $sql = "SELECT s.rowid, s.nom as name, s.client,"; $sql .= " p.rowid as propalid, p.fk_statut, p.total_ht, p.ref, p.remise, "; $sql .= " p.datep as dp, p.fin_validite as datelimite"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", sc.fk_soc, sc.fk_user"; - } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); + $sql .= " AND p.fk_soc = ".((int) $socid); } if ($draft) { - $sql .= " AND p.fk_statut = ".self::STATUS_DRAFT; + $sql .= " AND p.fk_statut = ".((int) self::STATUS_DRAFT); } if ($notcurrentuser > 0) { $sql .= " AND p.fk_user_author <> ".((int) $user->id); @@ -3458,11 +3464,6 @@ class Propal extends CommonObject $sql = "SELECT p.rowid, p.ref, p.datec as datec, p.fin_validite as datefin, p.total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".((int) $user->id); - $clause = " AND"; - } $sql .= $clause." p.entity IN (".getEntity('propal').")"; if ($mode == 'opened') { $sql .= " AND p.fk_statut = ".self::STATUS_VALIDATED; @@ -3470,8 +3471,18 @@ class Propal extends CommonObject if ($mode == 'signed') { $sql .= " AND p.fk_statut = ".self::STATUS_SIGNED; } - if ($user->socid) { - $sql .= " AND p.fk_soc = ".((int) $user->socid); + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } $resql = $this->db->query($sql); @@ -3635,13 +3646,22 @@ class Propal extends CommonObject $sql = "SELECT count(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; - $sql .= " WHERE sc.fk_user = ".((int) $user->id); - $clause = "AND"; - } $sql .= " ".$clause." p.entity IN (".getEntity('propal').")"; + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + $resql = $this->db->query($sql); if ($resql) { // This assignment in condition is not a bug. It allows walking the results. diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index c85cc6cf24b..5321886f0fb 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -122,7 +122,7 @@ class PropaleStats extends Stats $sql = "SELECT date_format(".$this->field_date.",'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -147,8 +147,8 @@ class PropaleStats extends Stats $sql = "SELECT date_format(".$this->field_date.",'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; $sql .= " WHERE ".$this->where; @@ -171,8 +171,8 @@ class PropaleStats extends Stats $sql = "SELECT date_format(".$this->field_date.",'%m') as dm, SUM(p.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; $sql .= " WHERE ".$this->field_date." BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -196,8 +196,8 @@ class PropaleStats extends Stats $sql = "SELECT date_format(".$this->field_date.",'%m') as dm, AVG(p.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; $sql .= " WHERE ".$this->field_date." BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -219,8 +219,8 @@ class PropaleStats extends Stats $sql = "SELECT date_format(".$this->field_date.",'%Y') as year, COUNT(*) as nb, SUM(".$this->field.") as total, AVG(".$this->field.") as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; $sql .= " WHERE ".$this->where; @@ -247,8 +247,8 @@ class PropaleStats extends Stats $sql .= " FROM ".$this->from; $sql .= " INNER JOIN ".$this->from_line." ON p.rowid = tl.fk_propal"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product as product ON tl.fk_product = product.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; $sql .= " WHERE ".$this->where; diff --git a/htdocs/comm/propal/index.php b/htdocs/comm/propal/index.php index 8f58eaf2118..ce58344c3d9 100644 --- a/htdocs/comm/propal/index.php +++ b/htdocs/comm/propal/index.php @@ -82,15 +82,23 @@ if (isModEnabled("propal")) { $sql .= ", s.rowid as socid, s.nom as name, s.client, s.canvas, s.code_client, s.code_fournisseur, s.email, s.entity, s.code_compta"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut =".Propal::STATUS_DRAFT; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid if ($socid) { $sql .= " AND p.fk_soc = ".((int) $socid); } @@ -156,19 +164,27 @@ $sql = "SELECT c.rowid, c.entity, c.ref, c.fk_statut, date_cloture as datec"; $sql .= ", s.nom as socname, s.rowid as socid, s.canvas, s.client, s.email, s.code_compta"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} $sql .= " WHERE c.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND c.fk_soc = s.rowid"; -//$sql.= " AND c.fk_statut > 2"; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); -} $sql .= " ORDER BY c.tms DESC"; + $sql .= $db->plimit($max, 0); $resql = $db->query($sql); @@ -232,17 +248,25 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) { $sql .= ", p.rowid as propalid, p.entity, p.total_ttc, p.total_ht, p.ref, p.fk_statut, p.datep as dp, p.fin_validite as dfv"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."propal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity($propalstatic->element).")"; $sql .= " AND p.fk_statut = ".Propal::STATUS_VALIDATED; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); + $sql .= " AND p.fk_soc = ".((int) $socid); } $sql .= " ORDER BY p.rowid DESC"; @@ -307,155 +331,6 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) { } } -/* - * Proposals to process - */ - -/* -if (isModEnabled('propal')) -{ - $sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as name, s.rowid as socid"; - $sql.=" FROM ".MAIN_DB_PREFIX."propal as c"; - $sql.= ", ".MAIN_DB_PREFIX."societe as s"; - if (empty($user->rights->societe->client->voir) && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE c.fk_soc = s.rowid"; - $sql.= " AND c.entity = ".$conf->entity; - $sql.= " AND c.fk_statut = 1"; - if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (empty($user->rights->societe->client->voir) && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); - $sql.= " ORDER BY c.rowid DESC"; - - $resql=$db->query($sql); - if ($resql) - { - $num = $db->num_rows($resql); - - print '
'; - print ''; - print ''; - print ''; - - if ($num) - { - $i = 0; - while ($i < $num) - { - - $obj = $db->fetch_object($resql); - print ''; - print ''; - - print ''; - - print ''; - - print ''; - $i++; - } - } - - print "
'.$langs->trans("ProposalsToProcess").' '.$num.'
'; - - $propalstatic->id=$obj->rowid; - $propalstatic->ref=$obj->ref; - - print ''; - print ''; - - print ''; - - print '
'; - print $propalstatic->getNomUrl(1); - print ''; - print ' '; - print ''; - $filename=dol_sanitizeFileName($obj->ref); - $filedir=$conf->commande->dir_output . '/' . dol_sanitizeFileName($obj->ref); - $urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid; - print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir); - print '
'; - - print '		'.img_object($langs->trans("ShowCompany"),"company").' '.dol_trunc($obj->name,24).''.$propalstatic->LibStatut($obj->fk_statut,$obj->facture,5).'
"; - print "

"; - } - else dol_print_error($db); -} -*/ - -/* - * Proposal that are in a shipping process - */ - -/* -if (isModEnabled('propal')) -{ - $sql = "SELECT c.rowid, c.ref, c.fk_statut, c.facture, s.nom as name, s.rowid as socid"; - $sql.= " FROM ".MAIN_DB_PREFIX."commande as c"; - $sql.= ", ".MAIN_DB_PREFIX."societe as s"; - if (empty($user->rights->societe->client->voir) && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE c.fk_soc = s.rowid"; - $sql.= " AND c.entity = ".$conf->entity; - $sql.= " AND c.fk_statut = 2 "; - if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - if (empty($user->rights->societe->client->voir) && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .((int) $user->id); - $sql.= " ORDER BY c.rowid DESC"; - - $resql=$db->query($sql); - if ($resql) - { - $num = $db->num_rows($resql); - - print '
'; - print ''; - print ''; - print ''; - - if ($num) - { - $i = 0; - while ($i < $num) - { - - $obj = $db->fetch_object($resql); - print ''; - print ''; - - print ''; - - print ''; - - print ''; - $i++; - } - } - print "
'.$langs->trans("OnProcessOrders").' '.$num.'
'; - - $propalstatic->id=$obj->rowid; - $propalstatic->ref=$obj->ref; - - print ''; - print ''; - - print ''; - - print '
'; - print $propalstatic->getNomUrl(1); - print ''; - print ' '; - print ''; - $filename=dol_sanitizeFileName($obj->ref); - $filedir=$conf->commande->dir_output . '/' . dol_sanitizeFileName($obj->ref); - $urlsource=$_SERVER['PHP_SELF'].'?id='.$obj->rowid; - print $formfile->getDocumentsLink($propalstatic->element, $filename, $filedir); - print '
'; - - print '		'.img_object($langs->trans("ShowCompany"),"company").' '.$obj->name.''.$propalstatic->LibStatut($obj->fk_statut,$obj->facture,5).'
"; - print "

"; - } - else dol_print_error($db); -} -*/ - print ''; print ''; diff --git a/htdocs/comm/propal/stats/index.php b/htdocs/comm/propal/stats/index.php index 7c4e197bdec..4e0a4071ae0 100644 --- a/htdocs/comm/propal/stats/index.php +++ b/htdocs/comm/propal/stats/index.php @@ -112,7 +112,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/proposalsnbinyear-'.$user->id.'-'.$year.'.png'; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=propalstats&file=proposalsnbinyear-'.$user->id.'-'.$year.'.png'; } else { @@ -148,7 +148,7 @@ if (!$mesg) { $data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear, 0); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenameamount = $dir.'/proposalsamountinyear-'.$user->id.'-'.$year.'.png'; $fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=propalstats&file=proposalsamountinyear-'.$user->id.'-'.$year.'.png'; } else { @@ -183,7 +183,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); $fileurl_avg = ''; -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png'; diff --git a/htdocs/comm/prospect/index.php b/htdocs/comm/prospect/index.php index 25b4b4717df..551172f2674 100644 --- a/htdocs/comm/prospect/index.php +++ b/htdocs/comm/prospect/index.php @@ -75,20 +75,30 @@ if (isModEnabled("propal")) { /* * Prospects par statut - * */ $sql = "SELECT count(*) as cc, st.libelle as stcomm, st.picto, st.id"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."c_stcomm as st "; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} $sql .= " WHERE s.fk_stcomm = st.id"; $sql .= " AND s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " GROUP BY st.id"; $sql .= " ORDER BY st.id"; @@ -123,14 +133,25 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) { $sql = "SELECT p.rowid, p.ref, p.price, s.nom as sname"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE p.fk_statut = 0"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid + if ($socid) { + $sql .= " AND s.rowid = ".((int) $socid); } $resql = $db->query($sql); @@ -183,18 +204,26 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) { $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."c_propalst as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.fk_statut = c.id"; $sql .= " AND p.fk_statut = 1"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); + $sql .= " AND p.fk_soc = ".((int) $socid); } $sql .= " ORDER BY p.rowid DESC"; $sql .= $db->plimit(5, 0); @@ -239,18 +268,28 @@ if (isModEnabled("propal") && $user->hasRight('propal', 'lire')) { } /* - * Societes a contacter - * + * Companies to contact */ $sql = "SELECT s.nom as name, s.rowid as socid, s.client, s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} $sql .= " WHERE s.fk_stcomm = 1"; $sql .= " AND s.entity IN (".getEntity($companystatic->element).")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND s.rowid = ".((int) $socid); } $sql .= " ORDER BY s.tms ASC"; $sql .= $db->plimit(15, 0); diff --git a/htdocs/commande/class/commande.class.php b/htdocs/commande/class/commande.class.php index fbe6f01c404..98247a704c4 100644 --- a/htdocs/commande/class/commande.class.php +++ b/htdocs/commande/class/commande.class.php @@ -2737,16 +2737,16 @@ class Commande extends CommonOrder $sql = "SELECT s.rowid, s.nom as name, s.client,"; $sql .= " c.rowid as cid, c.ref"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user"; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction + if (!$user->hasRight('societe', 'client', 'voir')) { //restriction $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -3573,7 +3573,7 @@ class Commande extends CommonOrder $sql = "SELECT c.rowid, c.date_creation as datec, c.date_commande, c.date_livraison as delivery_date, c.fk_statut, c.total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; @@ -4077,7 +4077,7 @@ class Commande extends CommonOrder $sql = "SELECT count(co.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as co"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON co.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index be074c7dd28..5c9f3464937 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -123,7 +123,7 @@ class CommandeStats extends Stats $sql = "SELECT date_format(c.date_commande,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -148,7 +148,7 @@ class CommandeStats extends Stats $sql = "SELECT date_format(c.date_commande,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -172,7 +172,7 @@ class CommandeStats extends Stats $sql = "SELECT date_format(c.date_commande,'%m') as dm, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -197,7 +197,7 @@ class CommandeStats extends Stats $sql = "SELECT date_format(c.date_commande,'%m') as dm, AVG(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -220,7 +220,7 @@ class CommandeStats extends Stats $sql = "SELECT date_format(c.date_commande,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; @@ -246,7 +246,7 @@ class CommandeStats extends Stats $sql .= " FROM ".$this->from; $sql .= " INNER JOIN ".$this->from_line." ON c.rowid = tl.fk_commande"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."product as product ON tl.fk_product = product.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->join; diff --git a/htdocs/commande/customer.php b/htdocs/commande/customer.php index 077c18fc106..828722687d4 100644 --- a/htdocs/commande/customer.php +++ b/htdocs/commande/customer.php @@ -77,19 +77,10 @@ $thirdpartystatic = new Societe($db); */ $sql = "SELECT s.rowid, s.nom as name, s.client, s.town, s.datec, s.datea"; -$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta "; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", sc.fk_soc, sc.fk_user "; -} +$sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st, ".MAIN_DB_PREFIX."commande as c"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} $sql .= " WHERE s.fk_stcomm = st.id AND c.fk_soc = s.rowid"; $sql .= " AND s.entity IN (".getEntity('societe').")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); -} if (GETPOST("search_nom")) { $sql .= natural_search("s.nom", GETPOST("search_nom")); } @@ -102,8 +93,22 @@ if (GETPOST("search_code_client")) { if (dol_strlen($begin)) { $sql .= " AND s.nom like '".$db->escape($begin)."'"; } -if ($socid > 0) { - $sql .= " AND s.rowid = ".((int) $socid); +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND c.fk_soc = ".((int) $socid); } $sql .= " AND c.fk_statut in (1, 2) AND c.facture = 0"; $sql .= " GROUP BY s.nom"; diff --git a/htdocs/commande/index.php b/htdocs/commande/index.php index cf30a608387..81f94a5b823 100644 --- a/htdocs/commande/index.php +++ b/htdocs/commande/index.php @@ -99,7 +99,7 @@ if (isModEnabled('commande')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -108,7 +108,7 @@ if (isModEnabled('commande')) { if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -167,7 +167,7 @@ $sql .= ", s.code_client"; $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -176,7 +176,7 @@ $sql .= " AND c.entity IN (".getEntity('commande').")"; if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; @@ -251,7 +251,7 @@ if (isModEnabled('commande')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -260,7 +260,7 @@ if (isModEnabled('commande')) { if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; @@ -340,7 +340,7 @@ if (isModEnabled('commande')) { $sql .= ", s.canvas"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -349,7 +349,7 @@ if (isModEnabled('commande')) { if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid DESC"; diff --git a/htdocs/commande/stats/index.php b/htdocs/commande/stats/index.php index b1c4a814fc0..f7da50833e1 100644 --- a/htdocs/commande/stats/index.php +++ b/htdocs/commande/stats/index.php @@ -127,7 +127,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/ordersnbinyear-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersnbinyear-'.$user->id.'-'.$year.'.png'; @@ -174,7 +174,7 @@ $data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear); //var_dump($data); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenameamount = $dir.'/ordersamountinyear-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersamountinyear-'.$user->id.'-'.$year.'.png'; @@ -219,7 +219,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png'; diff --git a/htdocs/compta/clients.php b/htdocs/compta/clients.php index c747ad745cf..d128197a451 100644 --- a/htdocs/compta/clients.php +++ b/htdocs/compta/clients.php @@ -95,16 +95,16 @@ if ($mode == 'search') { $sql = "SELECT s.rowid, s.nom as name, s.client, s.town, s.datec, s.datea"; $sql .= ", st.libelle as stcomm, s.prefix_comm, s.code_client, s.code_compta "; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."c_stcomm as st"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.fk_stcomm = st.id AND s.client in (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (dol_strlen($stcomm)) { diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php index 1011937c5a2..e6f5043876d 100644 --- a/htdocs/compta/deplacement/index.php +++ b/htdocs/compta/deplacement/index.php @@ -151,17 +151,25 @@ $langs->load("boxes"); $sql = "SELECT u.rowid as uid, u.lastname, u.firstname, d.rowid, d.dated as date, d.tms as dm, d.km, d.fk_statut"; $sql .= " FROM ".MAIN_DB_PREFIX."deplacement as d, ".MAIN_DB_PREFIX."user as u"; -if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} $sql .= " WHERE u.rowid = d.fk_user"; $sql .= " AND d.entity = ".$conf->entity; if (!$user->hasRight('deplacement', 'readall') && !$user->hasRight('deplacement', 'lire_tous')) { $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } -if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " AND d.fk_soc = s. rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid if ($socid) { $sql .= " AND d.fk_soc = ".((int) $socid); } diff --git a/htdocs/compta/deplacement/list.php b/htdocs/compta/deplacement/list.php index dd7a4c26e71..a4599b1c03c 100644 --- a/htdocs/compta/deplacement/list.php +++ b/htdocs/compta/deplacement/list.php @@ -97,19 +97,27 @@ $sql .= " u.lastname, u.firstname"; // Qui $sql .= " FROM ".MAIN_DB_PREFIX."user as u"; $sql .= ", ".MAIN_DB_PREFIX."deplacement as d"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON d.fk_soc = s.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; -} $sql .= " WHERE d.fk_user = u.rowid"; $sql .= " AND d.entity = ".$conf->entity; if (!$user->hasRight('deplacement', 'readall') && !$user->hasRight('deplacement', 'lire_tous')) { $sql .= ' AND d.fk_user IN ('.$db->sanitize(join(',', $childids)).')'; } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR d.fk_soc IS NULL) "; +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; } +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = d.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); + $sql .= " AND d.fk_soc = ".((int) $socid); } if ($search_ref) { diff --git a/htdocs/compta/deplacement/stats/index.php b/htdocs/compta/deplacement/stats/index.php index 381baabadae..18f0544ee06 100644 --- a/htdocs/compta/deplacement/stats/index.php +++ b/htdocs/compta/deplacement/stats/index.php @@ -164,7 +164,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png'; diff --git a/htdocs/compta/facture/class/facture.class.php b/htdocs/compta/facture/class/facture.class.php index dd2deaa680e..f51d76e544b 100644 --- a/htdocs/compta/facture/class/facture.class.php +++ b/htdocs/compta/facture/class/facture.class.php @@ -4712,33 +4712,38 @@ class Facture extends CommonInvoice public function liste_array($shortlist = 0, $draft = 0, $excluser = null, $socid = 0, $limit = 0, $offset = 0, $sortfield = 'f.datef,f.rowid', $sortorder = 'DESC') { // phpcs:enable - global $conf, $user; + global $user; $ga = array(); $sql = "SELECT s.rowid, s.nom as name, s.client,"; $sql .= " f.rowid as fid, f.ref as ref, f.datef as df"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", sc.fk_soc, sc.fk_user"; - } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture as f"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " WHERE f.entity IN (".getEntity('invoice').")"; $sql .= " AND f.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); - } - if ($socid) { - $sql .= " AND s.rowid = ".((int) $socid); - } if ($draft) { $sql .= " AND f.fk_statut = ".self::STATUS_DRAFT; } if (is_object($excluser)) { $sql .= " AND f.fk_user_author <> ".((int) $excluser->id); } + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = f.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = f.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid + if ($socid) { + $sql .= " AND f.fk_soc = ".((int) $socid); + } $sql .= $this->db->order($sortfield, $sortorder); $sql .= $this->db->plimit($limit, $offset); @@ -4917,7 +4922,7 @@ class Facture extends CommonInvoice $sql = "SELECT f.rowid, f.date_lim_reglement as datefin, f.fk_statut as status, f.total_ht"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON f.fk_soc = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; @@ -5165,7 +5170,7 @@ class Facture extends CommonInvoice $sql = "SELECT count(f.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON f.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index bef1d442f72..3e4bd10aad7 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -85,7 +85,7 @@ class FactureStats extends Stats $this->where = " f.fk_statut >= 0"; $this->where .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $this->where .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($mode == 'customer') { @@ -136,7 +136,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(f.datef,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -162,7 +162,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(f.datef,'%Y') as dm, COUNT(*), SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -187,7 +187,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(datef,'%m') as dm, SUM(f.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -213,7 +213,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(datef,'%m') as dm, AVG(f.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -236,7 +236,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(datef,'%Y') as year, COUNT(*) as nb, SUM(f.".$this->field.") as total, AVG(f.".$this->field.") as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -260,7 +260,7 @@ class FactureStats extends Stats $sql = "SELECT product.ref, COUNT(product.ref) as nb, SUM(tl.".$this->field_line.") as total, AVG(tl.".$this->field_line.") as avg"; $sql .= " FROM ".$this->from.", ".$this->from_line.", ".MAIN_DB_PREFIX."product as product"; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -288,7 +288,7 @@ class FactureStats extends Stats $startYear = $endYear - $numberYears; $sql = "SELECT date_format(datef,'%Y') as dm, SUM(f.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; diff --git a/htdocs/compta/facture/invoicetemplate_list.php b/htdocs/compta/facture/invoicetemplate_list.php index bc49b41de4f..8819f8f7f46 100644 --- a/htdocs/compta/facture/invoicetemplate_list.php +++ b/htdocs/compta/facture/invoicetemplate_list.php @@ -300,7 +300,7 @@ $sqlfields = $sql; // $sql fields to remove for count total $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_rec as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_rec_extrafields as ef ON ef.fk_object = f.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } // Add table from hooks diff --git a/htdocs/compta/facture/list.php b/htdocs/compta/facture/list.php index ee173a077cd..7cc1c707d1a 100644 --- a/htdocs/compta/facture/list.php +++ b/htdocs/compta/facture/list.php @@ -297,7 +297,7 @@ include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_array_fields.tpl.php'; $object->fields = dol_sort_array($object->fields, 'position'); $arrayfields = dol_sort_array($arrayfields, 'position'); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $search_sale = $user->id; } diff --git a/htdocs/compta/facture/stats/index.php b/htdocs/compta/facture/stats/index.php index 54042ae0ec8..4ae358d682d 100644 --- a/htdocs/compta/facture/stats/index.php +++ b/htdocs/compta/facture/stats/index.php @@ -193,7 +193,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png'; diff --git a/htdocs/compta/index.php b/htdocs/compta/index.php index 14aa6143769..83884afc340 100644 --- a/htdocs/compta/index.php +++ b/htdocs/compta/index.php @@ -142,12 +142,12 @@ if (isModEnabled('facture') && $user->hasRight('facture', 'lire')) { $sql .= ", sum(pf.amount) as am"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays, ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf on f.rowid=pf.fk_facture"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/compta/paiement/rapport.php b/htdocs/compta/paiement/rapport.php index 923fdce67c5..9685b6821c2 100644 --- a/htdocs/compta/paiement/rapport.php +++ b/htdocs/compta/paiement/rapport.php @@ -40,7 +40,7 @@ if ($user->socid > 0) { } $dir = $conf->facture->dir_output.'/payments'; -if (!$user->hasRight('societe', 'client', 'voir') || $socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $dir .= '/private/'.$user->id; // If user has no permission to see all, output dir is specific to user } diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php index 488411b5ba8..1b5f390d078 100644 --- a/htdocs/compta/prelevement/demandes.php +++ b/htdocs/compta/prelevement/demandes.php @@ -140,12 +140,12 @@ if ($sourcetype != 'salary') { } $sql .= " ".MAIN_DB_PREFIX."societe as s,"; $sql .= " ".MAIN_DB_PREFIX."prelevement_demande as pd"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = f.fk_soc"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php index 0dae4afb696..ead17605ff1 100644 --- a/htdocs/compta/prelevement/index.php +++ b/htdocs/compta/prelevement/index.php @@ -106,7 +106,7 @@ $sql .= " pfd.date_demande, pfd.amount,"; $sql .= " s.nom as name, s.email, s.rowid as socid, s.tva_intra, s.siren as idprof1, s.siret as idprof2, s.ape as idprof3, s.idprof4, s.idprof5, s.idprof6"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " , ".MAIN_DB_PREFIX."prelevement_demande as pfd"; @@ -119,7 +119,7 @@ if (!getDolGlobalString('WITHDRAWAL_ALLOW_ANY_INVOICE_STATUS')) { $sql .= " AND pfd.traite = 0"; $sql .= " AND pfd.ext_payment_id IS NULL"; $sql .= " AND pfd.fk_facture = f.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/contact/class/contact.class.php b/htdocs/contact/class/contact.class.php index 2787353aa66..5931e4e5de6 100644 --- a/htdocs/contact/class/contact.class.php +++ b/htdocs/contact/class/contact.class.php @@ -413,7 +413,7 @@ class Contact extends CommonObject $sql = "SELECT count(sp.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."socpeople as sp"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE sp.fk_soc = s.rowid AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 01f549c10f7..09c70be50c3 100644 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -495,7 +495,7 @@ if (isset($extrafields->attributes[$object->table_element]['label']) && is_array $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_country as co ON co.rowid = p.fk_pays"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_stcommcontact as st ON st.id = p.fk_stcommcontact"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; } @@ -504,7 +504,7 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= ' WHERE p.entity IN ('.getEntity('contact').')'; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { //restriction +if (!$user->hasRight('societe', 'client', 'voir')) { //restriction $sql .= " AND (sc.fk_user = ".((int) $user->id)." OR p.fk_soc IS NULL)"; } if (!empty($userid)) { // propre au commercial diff --git a/htdocs/contrat/class/contrat.class.php b/htdocs/contrat/class/contrat.class.php index fae4cb4e8f7..cc7f992053c 100644 --- a/htdocs/contrat/class/contrat.class.php +++ b/htdocs/contrat/class/contrat.class.php @@ -2292,7 +2292,7 @@ class Contrat extends CommonObject $this->from = " FROM ".MAIN_DB_PREFIX."contrat as c"; $this->from .= ", ".MAIN_DB_PREFIX."contratdet as cd"; $this->from .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $this->from .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } @@ -2323,7 +2323,7 @@ class Contrat extends CommonObject if ($user->socid) { $sql .= " AND c.fk_soc = ".((int) $user->socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -2391,7 +2391,7 @@ class Contrat extends CommonObject $sql = "SELECT count(c.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON c.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php index ef2e857c863..be492d4cea0 100644 --- a/htdocs/contrat/index.php +++ b/htdocs/contrat/index.php @@ -95,7 +95,7 @@ $vals = array(); $sql = "SELECT count(cd.rowid) as nb, cd.statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; @@ -104,7 +104,7 @@ $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { $sql .= ' AND c.fk_soc = '.((int) $user->socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; @@ -132,7 +132,7 @@ if ($resql) { $sql = "SELECT count(cd.rowid) as nb, cd.statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd, ".MAIN_DB_PREFIX."contrat as c"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE cd.fk_contrat = c.rowid AND c.fk_soc = s.rowid"; @@ -141,7 +141,7 @@ $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; if ($user->socid) { $sql .= ' AND c.fk_soc = '.((int) $user->socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY cd.statut"; @@ -243,13 +243,13 @@ if (isModEnabled('contrat') && $user->hasRight('contrat', 'lire')) { $sql = "SELECT c.rowid, c.ref,"; $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = c.fk_soc"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut = 0"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -320,7 +320,7 @@ $sql .= " sum(".$db->ifsql("cd.statut=5", 1, 0).') as nb_closed,'; $sql .= " c.rowid as cid, c.ref, c.datec, c.tms, c.statut,"; $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s,"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; } $sql .= " ".MAIN_DB_PREFIX."contrat as c"; @@ -328,7 +328,7 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contra $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND c.statut > 0"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -410,7 +410,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity"; $sql .= " FROM (".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd"; @@ -418,7 +418,7 @@ $sql .= ") LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; $sql .= " WHERE c.entity IN (".getEntity('contract', 0).")"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -502,7 +502,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity"; $sql .= " FROM (".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd"; @@ -512,7 +512,7 @@ $sql .= " AND c.statut = 1"; $sql .= " AND cd.statut = 0"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -595,7 +595,7 @@ $sql .= " s.nom as name, s.name_alias, s.logo, s.rowid as socid, s.client, s.fou $sql .= " p.rowid as pid, p.ref as pref, p.label as plabel, p.fk_product_type as ptype, p.entity as pentity"; $sql .= " FROM (".MAIN_DB_PREFIX."contrat as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ", ".MAIN_DB_PREFIX."contratdet as cd"; @@ -606,7 +606,7 @@ $sql .= " AND cd.statut = 4"; $sql .= " AND cd.date_fin_validite < '".$db->idate($now)."'"; $sql .= " AND cd.fk_contrat = c.rowid"; $sql .= " AND c.fk_soc = s.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/contrat/services_list.php b/htdocs/contrat/services_list.php index 391e9885b47..88240d0efc3 100644 --- a/htdocs/contrat/services_list.php +++ b/htdocs/contrat/services_list.php @@ -247,7 +247,7 @@ $sql = "SELECT c.rowid as cid, c.ref, c.statut as cstatut, c.ref_customer, c.ref $sql .= " s.rowid as socid, s.nom as name, s.email, s.client, s.fournisseur,"; $sql .= " cd.rowid, cd.description, cd.statut, cd.product_type as type,"; $sql .= " p.rowid as pid, p.ref as pref, p.label as label, p.fk_product_type as ptype, p.tobuy, p.tosell, p.barcode, p.entity as pentity,"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " sc.fk_soc, sc.fk_user,"; } $sql .= " cd.date_ouverture_prevue,"; @@ -273,7 +273,7 @@ $reshook = $hookmanager->executeHooks('printFieldListSelect', $parameters, $obje $sql .= $hookmanager->resPrint; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c,"; $sql .= " ".MAIN_DB_PREFIX."societe as s,"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,"; } $sql .= " ".MAIN_DB_PREFIX."contratdet as cd"; @@ -290,7 +290,7 @@ if ($search_product_category > 0) { $sql .= " AND cp.fk_categorie = ".((int) $search_product_category); } $sql .= " AND c.fk_soc = s.rowid"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($search_status == "0") { diff --git a/htdocs/core/boxes/box_actions.php b/htdocs/core/boxes/box_actions.php index 111a2a593be..bf4aeb9caae 100644 --- a/htdocs/core/boxes/box_actions.php +++ b/htdocs/core/boxes/box_actions.php @@ -92,14 +92,14 @@ class box_actions extends ModeleBoxes $sql .= ", s.code_client, s.code_compta, s.client"; $sql .= ", s.logo, s.email, s.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm AS ta, ".MAIN_DB_PREFIX."actioncomm AS a"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE a.fk_action = ta.id"; $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; $sql .= " AND a.percent >= 0 AND a.percent < 100"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { diff --git a/htdocs/core/boxes/box_actions_future.php b/htdocs/core/boxes/box_actions_future.php index b48f0a79a51..1e1453bed82 100644 --- a/htdocs/core/boxes/box_actions_future.php +++ b/htdocs/core/boxes/box_actions_future.php @@ -94,14 +94,14 @@ class box_actions_future extends ModeleBoxes $sql .= ", s.code_client, s.code_compta, s.client"; $sql .= ", s.logo, s.email, s.entity"; $sql .= " FROM ".MAIN_DB_PREFIX."c_actioncomm AS ta, ".MAIN_DB_PREFIX."actioncomm AS a"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql .= " WHERE a.fk_action = ta.id"; $sql .= " AND a.entity IN (".getEntity('actioncomm').")"; //$sql .= " AND a.percent >= 0 AND a.percent < 100"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND (a.fk_soc IS NULL OR sc.fk_user = ".((int) $user->id).")"; } if ($user->socid) { diff --git a/htdocs/core/boxes/box_activity.php b/htdocs/core/boxes/box_activity.php index 58f48479759..f1fd4a35528 100644 --- a/htdocs/core/boxes/box_activity.php +++ b/htdocs/core/boxes/box_activity.php @@ -114,13 +114,13 @@ class box_activity extends ModeleBoxes $sql = "SELECT p.fk_statut, SUM(p.total_ttc) as Mnttot, COUNT(*) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ")"; $sql .= " WHERE p.entity IN (".getEntity('propal').")"; $sql .= " AND p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { @@ -203,13 +203,13 @@ class box_activity extends ModeleBoxes $sql = "SELECT c.fk_statut, sum(c.total_ttc) as Mnttot, count(*) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ")"; $sql .= " WHERE c.entity IN (".getEntity('commande').")"; $sql .= " AND c.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { @@ -288,12 +288,12 @@ class box_activity extends ModeleBoxes $data = array(); $sql = "SELECT f.fk_statut, SUM(f.total_ttc) as Mnttot, COUNT(*) as nb"; $sql .= " FROM (".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ")"; $sql .= " WHERE f.entity IN (".getEntity('invoice').')'; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_clients.php b/htdocs/core/boxes/box_clients.php index 66257dc41bb..9ece16a0930 100644 --- a/htdocs/core/boxes/box_clients.php +++ b/htdocs/core/boxes/box_clients.php @@ -92,12 +92,12 @@ class box_clients extends ModeleBoxes $sql .= ", s.logo, s.email, s.entity"; $sql .= ", s.datec, s.tms, s.status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks diff --git a/htdocs/core/boxes/box_commandes.php b/htdocs/core/boxes/box_commandes.php index 8e127cc5447..15f4c31a03a 100644 --- a/htdocs/core/boxes/box_commandes.php +++ b/htdocs/core/boxes/box_commandes.php @@ -100,7 +100,7 @@ class box_commandes extends ModeleBoxes $sql .= ", c.total_tva"; $sql .= ", c.total_ttc"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c, ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -108,7 +108,7 @@ class box_commandes extends ModeleBoxes if (getDolGlobalString('ORDER_BOX_LAST_ORDERS_VALIDATED_ONLY')) { $sql .= " AND c.fk_statut = 1"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_contacts.php b/htdocs/core/boxes/box_contacts.php index c7ced94d5ea..99b6b5530f5 100644 --- a/htdocs/core/boxes/box_contacts.php +++ b/htdocs/core/boxes/box_contacts.php @@ -107,11 +107,11 @@ class box_contacts extends ModeleBoxes if (getDolGlobalString('MAIN_COMPANY_PERENTITY_SHARED')) { $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as spe ON spe.fk_soc = s.rowid AND spe.entity = " . ((int) $conf->entity); } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE sp.entity IN (".getEntity('contact').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks diff --git a/htdocs/core/boxes/box_contracts.php b/htdocs/core/boxes/box_contracts.php index 7f63597bb82..d7064cff353 100644 --- a/htdocs/core/boxes/box_contracts.php +++ b/htdocs/core/boxes/box_contracts.php @@ -86,12 +86,12 @@ class box_contracts extends ModeleBoxes $sql .= " c.rowid, c.ref, c.statut as fk_statut, c.date_contrat, c.datec, c.tms as date_modification, c.fin_validite, c.date_cloture,"; $sql .= " c.ref_customer, c.ref_supplier"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity = ".$conf->entity; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php index ce3a0978bce..c5b8403c704 100644 --- a/htdocs/core/boxes/box_customers_outstanding_bill_reached.php +++ b/htdocs/core/boxes/box_customers_outstanding_bill_reached.php @@ -93,12 +93,12 @@ class box_customers_outstanding_bill_reached extends ModeleBoxes $sql .= ", s.outstanding_limit"; $sql .= ", s.datec, s.tms, s.status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.client IN (1, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_factures.php b/htdocs/core/boxes/box_factures.php index 6405566f575..100e62015cc 100644 --- a/htdocs/core/boxes/box_factures.php +++ b/htdocs/core/boxes/box_factures.php @@ -103,12 +103,12 @@ class box_factures extends ModeleBoxes $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf ON f.rowid = pf.fk_facture,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_factures_fourn.php b/htdocs/core/boxes/box_factures_fourn.php index 1d0335819a4..a5cebc35648 100644 --- a/htdocs/core/boxes/box_factures_fourn.php +++ b/htdocs/core/boxes/box_factures_fourn.php @@ -100,12 +100,12 @@ class box_factures_fourn extends ModeleBoxes $sql .= ', f.date_lim_reglement as datelimite, f.tms, f.type'; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."facture_fourn as f"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; $sql .= " AND f.entity = ".$conf->entity; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_factures_fourn_imp.php b/htdocs/core/boxes/box_factures_fourn_imp.php index bceb1200974..479cc6f5139 100644 --- a/htdocs/core/boxes/box_factures_fourn_imp.php +++ b/htdocs/core/boxes/box_factures_fourn_imp.php @@ -99,14 +99,14 @@ class box_factures_fourn_imp extends ModeleBoxes $sql2 = " FROM ".MAIN_DB_PREFIX."societe as s"; $sql2 .= ",".MAIN_DB_PREFIX."facture_fourn as f"; $sql2 .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf ON f.rowid = pf.fk_facturefourn"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql2 .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql2 .= " WHERE f.fk_soc = s.rowid"; $sql2 .= " AND f.entity IN (".getEntity('supplier_invoice').")"; $sql2 .= " AND f.paye = 0"; $sql2 .= " AND fk_statut = 1"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql2 .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_factures_imp.php b/htdocs/core/boxes/box_factures_imp.php index 797f9784df0..5837bbd77cc 100644 --- a/htdocs/core/boxes/box_factures_imp.php +++ b/htdocs/core/boxes/box_factures_imp.php @@ -109,7 +109,7 @@ class box_factures_imp extends ModeleBoxes if (getDolGlobalString('MAIN_COMPANY_PERENTITY_SHARED')) { $sql2 .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as spe ON spe.fk_soc = s.rowid AND spe.entity = " . ((int) $conf->entity); } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql2 .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql2 .= ", ".MAIN_DB_PREFIX."facture as f"; @@ -118,7 +118,7 @@ class box_factures_imp extends ModeleBoxes $sql2 .= " AND f.entity IN (".getEntity('invoice').")"; $sql2 .= " AND f.paye = 0"; $sql2 .= " AND fk_statut = 1"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql2 .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_ficheinter.php b/htdocs/core/boxes/box_ficheinter.php index 41803b7bb16..1f352e2ff80 100644 --- a/htdocs/core/boxes/box_ficheinter.php +++ b/htdocs/core/boxes/box_ficheinter.php @@ -95,7 +95,7 @@ class box_ficheinter extends ModeleBoxes $sql .= ", ".MAIN_DB_PREFIX."fichinter as f"; $sql .= " WHERE f.fk_soc = s.rowid "; $sql .= " AND f.entity = ".$conf->entity; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_fournisseurs.php b/htdocs/core/boxes/box_fournisseurs.php index c86de351694..5af8fb295e3 100644 --- a/htdocs/core/boxes/box_fournisseurs.php +++ b/htdocs/core/boxes/box_fournisseurs.php @@ -87,12 +87,12 @@ class box_fournisseurs extends ModeleBoxes $sql .= ", s.logo, s.email, s.entity"; $sql .= ", s.datec, s.tms, s.status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.fournisseur = 1"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks diff --git a/htdocs/core/boxes/box_propales.php b/htdocs/core/boxes/box_propales.php index f793b6facd9..32f1b6337b9 100644 --- a/htdocs/core/boxes/box_propales.php +++ b/htdocs/core/boxes/box_propales.php @@ -89,12 +89,12 @@ class box_propales extends ModeleBoxes $sql .= ", s.logo, s.email, s.entity"; $sql .= ", p.rowid, p.ref, p.fk_statut as status, p.datep as dp, p.datec, p.fin_validite, p.date_cloture, p.total_ht, p.total_tva, p.total_ttc, p.tms"; $sql .= " FROM ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_prospect.php b/htdocs/core/boxes/box_prospect.php index 0b0287dd2ee..3890004371a 100644 --- a/htdocs/core/boxes/box_prospect.php +++ b/htdocs/core/boxes/box_prospect.php @@ -93,12 +93,12 @@ class box_prospect extends ModeleBoxes $sql .= ", s.fk_stcomm"; $sql .= ", s.datec, s.tms, s.status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.client IN (2, 3)"; $sql .= " AND s.entity IN (".getEntity('societe').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } // Add where from hooks diff --git a/htdocs/core/boxes/box_services_contracts.php b/htdocs/core/boxes/box_services_contracts.php index 34f51f2c85f..a01f6397c70 100644 --- a/htdocs/core/boxes/box_services_contracts.php +++ b/htdocs/core/boxes/box_services_contracts.php @@ -95,7 +95,7 @@ class box_services_contracts extends ModeleBoxes $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contrat as c ON s.rowid = c.fk_soc"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."contratdet as cd ON c.rowid = cd.fk_contrat"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."product as p ON cd.fk_product = p.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= ")"; diff --git a/htdocs/core/boxes/box_services_expired.php b/htdocs/core/boxes/box_services_expired.php index 130fad8fd4f..dae6da58e9d 100644 --- a/htdocs/core/boxes/box_services_expired.php +++ b/htdocs/core/boxes/box_services_expired.php @@ -85,7 +85,7 @@ class box_services_expired extends ModeleBoxes $sql .= " s.nom as name, s.rowid as socid, s.email, s.client, s.fournisseur, s.code_client, s.code_fournisseur, s.code_compta, s.code_compta_fournisseur,"; $sql .= " MIN(cd.date_fin_validite) as date_line, COUNT(cd.rowid) as nb_services"; $sql .= " FROM ".MAIN_DB_PREFIX."contrat as c, ".MAIN_DB_PREFIX."societe s, ".MAIN_DB_PREFIX."contratdet as cd"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE cd.statut = 4 AND cd.date_fin_validite <= '".$this->db->idate($now)."'"; @@ -94,7 +94,7 @@ class box_services_expired extends ModeleBoxes if ($user->socid) { $sql .= ' AND c.fk_soc = '.((int) $user->socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.rowid, c.ref, c.statut, c.date_contrat, c.ref_customer, c.ref_supplier, s.nom, s.rowid"; diff --git a/htdocs/core/boxes/box_shipments.php b/htdocs/core/boxes/box_shipments.php index e4e38ea8f43..0c920233ad3 100644 --- a/htdocs/core/boxes/box_shipments.php +++ b/htdocs/core/boxes/box_shipments.php @@ -101,7 +101,7 @@ class box_shipments extends ModeleBoxes $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping' AND el.sourcetype IN ('commande')"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid AND el.sourcetype IN ('commande') AND el.targettype = 'shipping'"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; @@ -111,10 +111,10 @@ class box_shipments extends ModeleBoxes if ($user->socid > 0) { $sql.= " AND s.rowid = ".((int) $user->socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND sc.fk_user = ".((int) $user->id); } else { - $sql .= " ORDER BY e.date_delivery, e.ref DESC "; + $sql .= " ORDER BY e.date_delivery, e.ref DESC"; } $sql .= $this->db->plimit($max, 0); diff --git a/htdocs/core/boxes/box_supplier_orders.php b/htdocs/core/boxes/box_supplier_orders.php index 2099dae72f4..69568221b33 100644 --- a/htdocs/core/boxes/box_supplier_orders.php +++ b/htdocs/core/boxes/box_supplier_orders.php @@ -91,12 +91,12 @@ class box_supplier_orders extends ModeleBoxes $sql .= ", c.fk_statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php index 3b7d29d53c4..3d8eaa6e89a 100644 --- a/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php +++ b/htdocs/core/boxes/box_supplier_orders_awaiting_reception.php @@ -91,14 +91,14 @@ class box_supplier_orders_awaiting_reception extends ModeleBoxes $sql .= ", c.fk_statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; $sql .= " AND c.date_livraison IS NOT NULL"; $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".CommandeFournisseur::STATUS_RECEIVED_PARTIALLY.")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($user->socid) { diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php index 81b5709d900..eae31d08cb6 100644 --- a/htdocs/core/class/html.form.class.php +++ b/htdocs/core/class/html.form.class.php @@ -1447,7 +1447,7 @@ class Form if (getDolGlobalString('COMPANY_SHOW_ADDRESS_SELECTLIST')) { $sql .= " LEFT JOIN " . $this->db->prefix() . "c_country as dictp ON dictp.rowid = s.fk_pays"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", " . $this->db->prefix() . "societe_commerciaux as sc"; } $sql .= " WHERE s.entity IN (" . getEntity('societe') . ")"; @@ -1459,7 +1459,7 @@ class Form // if not, by testSqlAndScriptInject() only. $sql .= " AND (" . $filter . ")"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " . ((int) $user->id); } if (getDolGlobalString('COMPANY_HIDE_INACTIVE_IN_COMBOBOX')) { @@ -8219,7 +8219,7 @@ class Form $sql .= " INNER JOIN " . $this->db->prefix() . $tmparray[1] . " as parenttable ON parenttable.rowid = t." . $tmparray[0]; } if ($objecttmp->ismultientitymanaged === 'fk_soc@societe') { - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", " . $this->db->prefix() . "societe_commerciaux as sc"; } } @@ -8253,7 +8253,7 @@ class Form } } if ($objecttmp->ismultientitymanaged === 'fk_soc@societe') { - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND t.rowid = sc.fk_soc AND sc.fk_user = " . ((int) $user->id); } } diff --git a/htdocs/core/lib/agenda.lib.php b/htdocs/core/lib/agenda.lib.php index 0d8f026d1dd..01f64f98c16 100644 --- a/htdocs/core/lib/agenda.lib.php +++ b/htdocs/core/lib/agenda.lib.php @@ -161,12 +161,12 @@ function show_array_actions_to_do($max = 5) $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN "; $sql .= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -277,12 +277,12 @@ function show_array_last_actions_done($max = 5) $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a LEFT JOIN "; $sql .= " ".MAIN_DB_PREFIX."c_actioncomm as c ON c.id = a.fk_action "; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE a.entity IN (".getEntity('agenda').")"; $sql .= " AND (a.percent >= 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/core/lib/invoice.lib.php b/htdocs/core/lib/invoice.lib.php index 852b06cdb4d..5f4a4527a03 100644 --- a/htdocs/core/lib/invoice.lib.php +++ b/htdocs/core/lib/invoice.lib.php @@ -501,16 +501,16 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0) $sql .= ", s.rowid as socid, s.email"; $sql .= ", s.code_client, s.code_compta, s.code_fournisseur, s.code_compta_fournisseur"; $sql .= ", cc.rowid as country_id, cc.code as country_code"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."facture as f, ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".Facture::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -525,7 +525,7 @@ function getCustomerInvoiceDraftTable($maxCount = 500, $socid = 0) $sql .= " GROUP BY f.rowid, f.ref, f.datef, f.total_ht, f.total_tva, f.total_ttc, f.ref_client, f.type, f.fk_statut, f.paye,"; $sql .= " s.nom, s.rowid, s.email, s.code_client, s.code_compta, s.code_fournisseur, s.code_compta_fournisseur,"; $sql .= " cc.rowid, cc.code"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user"; } @@ -652,12 +652,12 @@ function getDraftSupplierTable($maxCount = 500, $socid = 0) $sql .= ", s.code_fournisseur, s.code_compta_fournisseur"; $sql .= ", cc.rowid as country_id, cc.code as country_code"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f, ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = f.fk_soc AND f.fk_statut = ".FactureFournisseur::STATUS_DRAFT; $sql .= " AND f.entity IN (".getEntity('invoice').')'; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -775,7 +775,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."facture as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -783,7 +783,7 @@ function getCustomerInvoiceLatestEditTable($maxCount = 5, $socid = 0) if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; @@ -883,7 +883,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) $sql .= " s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -891,7 +891,7 @@ function getPurchaseInvoiceLatestEditTable($maxCount = 5, $socid = 0) if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; @@ -1002,12 +1002,12 @@ function getCustomerInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= ", sum(pf.amount) as am"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s LEFT JOIN ".MAIN_DB_PREFIX."c_country as cc ON cc.rowid = s.fk_pays,".MAIN_DB_PREFIX."facture as f"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiement_facture as pf on f.rowid=pf.fk_facture"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = f.fk_soc AND f.paye = 0 AND f.fk_statut = ".Facture::STATUS_VALIDATED; $sql .= " AND f.entity IN (".getEntity('invoice').')'; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { @@ -1189,14 +1189,14 @@ function getPurchaseInvoiceUnpaidOpenTable($maxCount = 500, $socid = 0) $sql .= ", sum(pf.amount) as am"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."facture_fourn as ff"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."paiementfourn_facturefourn as pf on ff.rowid=pf.fk_facturefourn"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE s.rowid = ff.fk_soc"; $sql .= " AND ff.entity = ".$conf->entity; $sql .= " AND ff.paye = 0"; $sql .= " AND ff.fk_statut = ".FactureFournisseur::STATUS_VALIDATED; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/core/lib/order.lib.php b/htdocs/core/lib/order.lib.php index 38000affe4e..01effcb725d 100644 --- a/htdocs/core/lib/order.lib.php +++ b/htdocs/core/lib/order.lib.php @@ -243,7 +243,7 @@ function getCustomerOrderPieChart($socid = 0) $sql = "SELECT count(c.rowid) as nb, c.fk_statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."commande as c"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -251,7 +251,7 @@ function getCustomerOrderPieChart($socid = 0) if ($user->socid) { $sql .= ' AND c.fk_soc = '.((int) $user->socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY c.fk_statut"; diff --git a/htdocs/core/lib/propal.lib.php b/htdocs/core/lib/propal.lib.php index 5a4e166ec99..681ebe94eef 100644 --- a/htdocs/core/lib/propal.lib.php +++ b/htdocs/core/lib/propal.lib.php @@ -225,7 +225,7 @@ function getCustomerProposalPieChart($socid = 0) $sql = "SELECT count(p.rowid) as nb, p.fk_statut as status"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."propal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.entity IN (".getEntity($propalstatic->element).")"; @@ -233,7 +233,7 @@ function getCustomerProposalPieChart($socid = 0) if ($user->socid) { $sql .= ' AND p.fk_soc = '.((int) $user->socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (".$db->sanitize(implode(" ,", $listofstatus)).")"; diff --git a/htdocs/core/modules/modWebhook.class.php b/htdocs/core/modules/modWebhook.class.php index 505b465bfbc..40c6bfeec1a 100644 --- a/htdocs/core/modules/modWebhook.class.php +++ b/htdocs/core/modules/modWebhook.class.php @@ -278,176 +278,6 @@ class modWebhook extends DolibarrModules // Main menu entries to add $this->menu = array(); - $r = 0; - // Add here entries to declare new menus - /* BEGIN MODULEBUILDER TOPMENU */ - /*$this->menu[$r++] = array( - 'fk_menu'=>'', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'type'=>'top', // This is a Top menu entry - 'titre'=>'ModuleWebhookName', - 'prefix' => img_picto('', $this->picto, 'class="pictofixedwidth valignmiddle"'), - 'mainmenu'=>'webhook', - 'leftmenu'=>'', - 'url'=>'/webhook/webhookindex.php', - 'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'position'=>1000 + $r, - 'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. - 'perms'=>'1', // Use 'perms'=>'$user->rights->webhook->webhook_target->read' if you want your menu with a permission rules - 'target'=>'', - 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both - );*/ - /* END MODULEBUILDER TOPMENU */ - /* BEGIN MODULEBUILDER LEFTMENU WEBHOOK_TARGET - $this->menu[$r++]=array( - 'fk_menu'=>'fk_mainmenu=webhook', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'type'=>'left', // This is a Left menu entry - 'titre'=>'Webhook_target', - 'prefix' => img_picto('', $this->picto, 'class="paddingright pictofixedwidth valignmiddle"'), - 'mainmenu'=>'webhook', - 'leftmenu'=>'webhook_target', - 'url'=>'/webhook/webhookindex.php', - 'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'position'=>1000+$r, - 'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. - 'perms'=>'$user->rights->webhook->webhook_target->read', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules - 'target'=>'', - 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both - ); - $this->menu[$r++]=array( - 'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_target', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'type'=>'left', // This is a Left menu entry - 'titre'=>'List_Webhook_target', - 'mainmenu'=>'webhook', - 'leftmenu'=>'webhook_webhook_target_list', - 'url'=>'/webhook/webhook_target_list.php', - 'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'position'=>1000+$r, - 'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'$user->rights->webhook->webhook_target->read', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules - 'target'=>'', - 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both - ); - $this->menu[$r++]=array( - 'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_target', // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'type'=>'left', // This is a Left menu entry - 'titre'=>'New_Webhook_target', - 'mainmenu'=>'webhook', - 'leftmenu'=>'webhook_webhook_target_new', - 'url'=>'/webhook/webhook_target_card.php?action=create', - 'langs'=>'', // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'position'=>1000+$r, - 'enabled'=>'$conf->webhook->enabled', // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'perms'=>'$user->rights->webhook->webhook_target->write', // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules - 'target'=>'', - 'user'=>2, // 0=Menu for internal users, 1=external users, 2=both - ); - */ - - /*$this->menu[$r++]=array( - // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'fk_menu'=>'fk_mainmenu=webhook', - // This is a Left menu entry - 'type'=>'left', - 'titre'=>'List Webhook_target', - 'mainmenu'=>'webhook', - 'leftmenu'=>'webhook_webhook_target', - 'url'=>'/webhook/webhook_target_list.php', - // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'langs'=>'', - 'position'=>1100+$r, - // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'enabled'=>'$conf->webhook->enabled', - // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules - 'perms'=>'1', - 'target'=>'', - // 0=Menu for internal users, 1=external users, 2=both - 'user'=>2, - ); - $this->menu[$r++]=array( - // '' if this is a top menu. For left menu, use 'fk_mainmenu=xxx' or 'fk_mainmenu=xxx,fk_leftmenu=yyy' where xxx is mainmenucode and yyy is a leftmenucode - 'fk_menu'=>'fk_mainmenu=webhook,fk_leftmenu=webhook_webhook_target', - // This is a Left menu entry - 'type'=>'left', - 'titre'=>'New Webhook_target', - 'mainmenu'=>'webhook', - 'leftmenu'=>'webhook_webhook_target', - 'url'=>'/webhook/webhook_target_card.php?action=create', - // Lang file to use (without .lang) by module. File must be in langs/code_CODE/ directory. - 'langs'=>'', - 'position'=>1100+$r, - // Define condition to show or hide menu entry. Use '$conf->webhook->enabled' if entry must be visible if module is enabled. Use '$leftmenu==\'system\'' to show if leftmenu system is selected. - 'enabled'=>'$conf->webhook->enabled', - // Use 'perms'=>'$user->rights->webhook->level1->level2' if you want your menu with a permission rules - 'perms'=>'1', - 'target'=>'', - // 0=Menu for internal users, 1=external users, 2=both - 'user'=>2 - );*/ - - /* END MODULEBUILDER LEFTMENU WEBHOOK_TARGET */ - // Exports profiles provided by this module - $r = 1; - /* BEGIN MODULEBUILDER EXPORT WEBHOOK_TARGET */ - /* - $this->export_code[$r]=$this->rights_class.'_'.$r; - $this->export_label[$r]='Webhook_targetLines'; // Translation key (used only if key ExportDataset_xxx_z not found) - $this->export_icon[$r]='webhook_target@webhook'; - // Define $this->export_fields_array, $this->export_TypeFields_array and $this->export_entities_array - $keyforclass = 'Webhook_target'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_target@webhook'; - include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php'; - //$this->export_fields_array[$r]['t.fieldtoadd']='FieldToAdd'; $this->export_TypeFields_array[$r]['t.fieldtoadd']='Text'; - //unset($this->export_fields_array[$r]['t.fieldtoremove']); - //$keyforclass = 'Webhook_targetLine'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_targetline@webhook'; $keyforalias='tl'; - //include DOL_DOCUMENT_ROOT.'/core/commonfieldsinexport.inc.php'; - $keyforselect='webhook_target'; $keyforaliasextra='extra'; $keyforelement='webhook_target@webhook'; - include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; - //$keyforselect='webhook_targetline'; $keyforaliasextra='extraline'; $keyforelement='webhook_targetline@webhook'; - //include DOL_DOCUMENT_ROOT.'/core/extrafieldsinexport.inc.php'; - //$this->export_dependencies_array[$r] = array('webhook_targetline'=>array('tl.rowid','tl.ref')); // To force to activate one or several fields if we select some fields that need same (like to select a unique key if we ask a field of a child to avoid the DISTINCT to discard them, or for computed field than need several other fields) - //$this->export_special_array[$r] = array('t.field'=>'...'); - //$this->export_examplevalues_array[$r] = array('t.field'=>'Example'); - //$this->export_help_array[$r] = array('t.field'=>'FieldDescHelp'); - $this->export_sql_start[$r]='SELECT DISTINCT '; - $this->export_sql_end[$r] =' FROM '.MAIN_DB_PREFIX.'webhook_target as t'; - //$this->export_sql_end[$r] =' LEFT JOIN '.MAIN_DB_PREFIX.'webhook_target_line as tl ON tl.fk_webhook_target = t.rowid'; - $this->export_sql_end[$r] .=' WHERE 1 = 1'; - $this->export_sql_end[$r] .=' AND t.entity IN ('.getEntity('webhook_target').')'; - $r++; */ - /* END MODULEBUILDER EXPORT WEBHOOK_TARGET */ - - // Imports profiles provided by this module - $r = 1; - /* BEGIN MODULEBUILDER IMPORT WEBHOOK_TARGET */ - /* - $this->import_code[$r]=$this->rights_class.'_'.$r; - $this->import_label[$r]='Webhook_targetLines'; // Translation key (used only if key ExportDataset_xxx_z not found) - $this->import_icon[$r]='webhook_target@webhook'; - $this->import_tables_array[$r] = array('t' => MAIN_DB_PREFIX.'webhook_webhook_target', 'extra' => MAIN_DB_PREFIX.'webhook_webhook_target_extrafields'); - $this->import_tables_creator_array[$r] = array('t' => 'fk_user_author'); // Fields to store import user id - $import_sample = array(); - $keyforclass = 'Webhook_target'; $keyforclassfile='/webhook/class/webhook_target.class.php'; $keyforelement='webhook_target@webhook'; - include DOL_DOCUMENT_ROOT.'/core/commonfieldsinimport.inc.php'; - $import_extrafield_sample = array(); - $keyforselect='webhook_target'; $keyforaliasextra='extra'; $keyforelement='webhook_target@webhook'; - include DOL_DOCUMENT_ROOT.'/core/extrafieldsinimport.inc.php'; - $this->import_fieldshidden_array[$r] = array('extra.fk_object' => 'lastrowid-'.MAIN_DB_PREFIX.'webhook_webhook_target'); - $this->import_regex_array[$r] = array(); - $this->import_examplevalues_array[$r] = array_merge($import_sample, $import_extrafield_sample); - $this->import_updatekeys_array[$r] = array('t.ref' => 'Ref'); - $this->import_convertvalue_array[$r] = array( - 't.ref' => array( - 'rule'=>'getrefifauto', - 'class'=>(empty($conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON) ? 'mod_webhook_target_standard' : $conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON), - 'path'=>"/core/modules/commande/".(empty($conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON) ? 'mod_webhook_target_standard' : $conf->global->WEBHOOK_WEBHOOK_TARGET_ADDON).'.php' - 'classobject'=>'Webhook_target', - 'pathobject'=>'/webhook/class/webhook_target.class.php', - ), - 't.fk_soc' => array('rule' => 'fetchidfromref', 'file' => '/societe/class/societe.class.php', 'class' => 'Societe', 'method' => 'fetch', 'element' => 'ThirdParty'), - 't.fk_user_valid' => array('rule' => 'fetchidfromref', 'file' => '/user/class/user.class.php', 'class' => 'User', 'method' => 'fetch', 'element' => 'user'), - 't.fk_mode_reglement' => array('rule' => 'fetchidfromcodeorlabel', 'file' => '/compta/paiement/class/cpaiement.class.php', 'class' => 'Cpaiement', 'method' => 'fetch', 'element' => 'cpayment'), - ); - $r++; */ - /* END MODULEBUILDER IMPORT WEBHOOK_TARGET */ } /** diff --git a/htdocs/core/modules/rapport/pdf_paiement.class.php b/htdocs/core/modules/rapport/pdf_paiement.class.php index ea6d63195b6..e877ef29be2 100644 --- a/htdocs/core/modules/rapport/pdf_paiement.class.php +++ b/htdocs/core/modules/rapport/pdf_paiement.class.php @@ -226,7 +226,7 @@ class pdf_paiement extends CommonDocGenerator $sql .= " ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba,"; } $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid AND pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid"; @@ -235,7 +235,7 @@ class pdf_paiement extends CommonDocGenerator } $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { @@ -264,7 +264,7 @@ class pdf_paiement extends CommonDocGenerator $sql .= " ".MAIN_DB_PREFIX."bank as b, ".MAIN_DB_PREFIX."bank_account as ba,"; } $sql .= " ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid AND pf.fk_facturefourn = f.rowid AND pf.fk_paiementfourn = p.rowid"; @@ -273,7 +273,7 @@ class pdf_paiement extends CommonDocGenerator } $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year, $month))."' AND '".$this->db->idate(dol_get_last_day($year, $month))."'"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { diff --git a/htdocs/dav/dav.class.php b/htdocs/dav/dav.class.php index fce00dc4135..275827a0bf2 100644 --- a/htdocs/dav/dav.class.php +++ b/htdocs/dav/dav.class.php @@ -81,27 +81,17 @@ class CdavLib LEFT OUTER JOIN '.MAIN_DB_PREFIX.'user AS u ON (u.rowid=fk_element) WHERE ar.element_type=\'user\' AND fk_actioncomm=a.id) AS other_users FROM '.MAIN_DB_PREFIX.'actioncomm AS a'; - if (!$this->user->rights->societe->client->voir) { //FIXME si 'voir' on voit plus de chose ? - $sql .= ' LEFT OUTER JOIN '.MAIN_DB_PREFIX.'societe_commerciaux AS sc ON (a.fk_soc = sc.fk_soc AND sc.fk_user='.((int) $this->user->id).') - LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = sc.fk_soc) - LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.fk_soc = sc.fk_soc AND sp.rowid = a.fk_contact) - LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)'; - } else { - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'societe AS s ON (s.rowid = a.fk_soc) - LEFT JOIN '.MAIN_DB_PREFIX.'socpeople AS sp ON (sp.rowid = a.fk_contact) - LEFT JOIN '.MAIN_DB_PREFIX.'actioncomm_cdav AS ac ON (a.id = ac.fk_object)'; - } - - $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays + $sql .= " LEFT JOIN '.MAIN_DB_PREFIX.'c_country as co ON co.rowid = sp.fk_pays LEFT JOIN '.MAIN_DB_PREFIX.'c_country as cos ON cos.rowid = s.fk_pays - WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type=\'user\' AND ar.fk_element='.((int) $calid).') - AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type<>\'systemauto\') - AND a.entity IN ('.getEntity('societe', 1).')'; + WHERE a.id IN (SELECT ar.fk_actioncomm FROM '.MAIN_DB_PREFIX.'actioncomm_resources ar WHERE ar.element_type='user' AND ar.fk_element=".((int) $calid).") + AND a.code IN (SELECT cac.code FROM '.MAIN_DB_PREFIX.'c_actioncomm cac WHERE cac.type <> 'systemauto') + AND a.entity IN (".getEntity('societe', 1).")"; + // TODO Restrict on external users if ($oid !== false) { if ($ouri === false) { - $sql .= ' AND a.id = '.intval($oid); + $sql .= ' AND a.id = '.((int) $oid); } else { - $sql .= ' AND (a.id = '.intval($oid).' OR ac.uuidext = \''.$this->db->escape($ouri).'\')'; + $sql .= ' AND (a.id = '.((int) $oid)." OR ac.uuidext = '".$this->db->escape($ouri)."')"; } } diff --git a/htdocs/document.php b/htdocs/document.php index aac76610145..9efa37487b8 100644 --- a/htdocs/document.php +++ b/htdocs/document.php @@ -122,7 +122,7 @@ if ($user->socid > 0) { // For some module part, dir may be privates if (in_array($modulepart, array('facture_paiement', 'unpaid'))) { - if (!$user->hasRight('societe', 'client', 'voir') || $socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $original_file = 'private/'.$user->id.'/'.$original_file; // If user has no permission to see all, output dir is specific to user } } diff --git a/htdocs/don/stats/index.php b/htdocs/don/stats/index.php index 629125525d3..ad544c1b921 100644 --- a/htdocs/don/stats/index.php +++ b/htdocs/don/stats/index.php @@ -74,7 +74,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/donationnbinyear-'.$user->id.'-'.$year.'.png'; } else { $filenamenb = $dir.'/donationnbinyear-'.$year.'.png'; diff --git a/htdocs/expedition/class/expeditionstats.class.php b/htdocs/expedition/class/expeditionstats.class.php index 8a0241ac6d6..e670bacda30 100644 --- a/htdocs/expedition/class/expeditionstats.class.php +++ b/htdocs/expedition/class/expeditionstats.class.php @@ -96,7 +96,7 @@ class ExpeditionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity = ".$conf->entity; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { @@ -120,7 +120,7 @@ class ExpeditionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -144,7 +144,7 @@ class ExpeditionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; @@ -167,7 +167,7 @@ class ExpeditionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -191,7 +191,7 @@ class ExpeditionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, AVG(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= $this->join; @@ -213,7 +213,7 @@ class ExpeditionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php index b7a0da86761..8d8682be3fe 100644 --- a/htdocs/expedition/index.php +++ b/htdocs/expedition/index.php @@ -69,7 +69,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping'"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; @@ -141,11 +141,11 @@ $sql .= " FROM ".MAIN_DB_PREFIX."expedition as e"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'shipping' AND el.sourcetype IN ('commande')"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande as c ON el.fk_source = c.rowid AND el.sourcetype IN ('commande') AND el.targettype = 'shipping'"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; } $sql .= " WHERE e.entity IN (".getEntity('expedition').")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = ".Expedition::STATUS_VALIDATED; @@ -211,7 +211,7 @@ if ($resql) { $sql = "SELECT c.rowid, c.ref, c.ref_client as ref_customer, c.fk_statut as status, c.facture as billed, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."commande as c,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -220,7 +220,7 @@ $sql .= " AND c.fk_statut IN (".Commande::STATUS_VALIDATED.", ".Commande::STATUS if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; diff --git a/htdocs/expedition/stats/index.php b/htdocs/expedition/stats/index.php index b92ded68954..7c0bbb5a317 100644 --- a/htdocs/expedition/stats/index.php +++ b/htdocs/expedition/stats/index.php @@ -76,7 +76,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/shipmentsnbinyear-'.$user->id.'-'.$year.'.png'; } else { $filenamenb = $dir.'/shipmentsnbinyear-'.$year.'.png'; diff --git a/htdocs/expensereport/stats/index.php b/htdocs/expensereport/stats/index.php index dfac7dac39c..8add43345bb 100644 --- a/htdocs/expensereport/stats/index.php +++ b/htdocs/expensereport/stats/index.php @@ -149,7 +149,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/ordersaverage-'.$user->id.'-'.$year.'.png'; if ($mode == 'customer') { $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=orderstats&file=ordersaverage-'.$user->id.'-'.$year.'.png'; diff --git a/htdocs/fichinter/card-rec.php b/htdocs/fichinter/card-rec.php index 14ee149c8e4..ff7a656c8eb 100644 --- a/htdocs/fichinter/card-rec.php +++ b/htdocs/fichinter/card-rec.php @@ -783,7 +783,7 @@ if ($action == 'create') { $sql .= " FROM ".MAIN_DB_PREFIX."fichinter_rec as f"; $sql .= " , ".MAIN_DB_PREFIX."societe as s "; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " , ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -791,12 +791,14 @@ if ($action == 'create') { if (!empty($socid)) { $sql .= " AND s.rowid = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } + /* if (!empty($search_ref)) { $sql .= natural_search('f.titre', $search_ref); } + */ if (!empty($search_societe)) { $sql .= natural_search('s.nom', $search_societe); } diff --git a/htdocs/fichinter/class/fichinter.class.php b/htdocs/fichinter/class/fichinter.class.php index 9f4df88b6dc..165e1cbca6d 100644 --- a/htdocs/fichinter/class/fichinter.class.php +++ b/htdocs/fichinter/class/fichinter.class.php @@ -224,7 +224,7 @@ class Fichinter extends CommonObject $sql = "SELECT count(fi.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as fi"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON fi.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/fichinter/class/fichinterstats.class.php b/htdocs/fichinter/class/fichinterstats.class.php index afd981f9e4e..15d19eaba73 100644 --- a/htdocs/fichinter/class/fichinterstats.class.php +++ b/htdocs/fichinter/class/fichinterstats.class.php @@ -72,7 +72,7 @@ class FichinterStats extends Stats $this->field_line = '0'; //$this->where.= " AND c.fk_statut > 0"; // Not draft and not cancelled } - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $this->where .= (!empty($this->where) ? ' AND ' : '')." c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $this->where .= ($this->where ? ' AND ' : '')."c.entity IN (".getEntity('intervention').')'; @@ -98,7 +98,7 @@ class FichinterStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -122,7 +122,7 @@ class FichinterStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, 0"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; @@ -145,7 +145,7 @@ class FichinterStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, 0"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -169,7 +169,7 @@ class FichinterStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, 0"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -191,7 +191,7 @@ class FichinterStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, 0 as total, 0 as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php index 99b40882e0d..fc2e2c16ca7 100644 --- a/htdocs/fichinter/index.php +++ b/htdocs/fichinter/index.php @@ -75,7 +75,7 @@ print '
'; $sql = "SELECT count(f.rowid), f.fk_statut"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."fichinter as f"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; @@ -83,7 +83,7 @@ $sql .= " AND f.fk_soc = s.rowid"; if ($user->socid) { $sql .= ' AND f.fk_soc = '.((int) $user->socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " GROUP BY f.fk_statut"; @@ -176,7 +176,7 @@ if (isModEnabled('ficheinter')) { $sql = "SELECT f.rowid, f.ref, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; @@ -185,7 +185,7 @@ if (isModEnabled('ficheinter')) { if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -226,7 +226,7 @@ $sql = "SELECT f.rowid, f.ref, f.fk_statut, f.date_valid as datec, f.tms as date $sql .= " s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; @@ -235,7 +235,7 @@ $sql .= " AND f.fk_soc = s.rowid"; if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.tms DESC"; @@ -299,7 +299,7 @@ if (isModEnabled('ficheinter')) { $sql = "SELECT f.rowid, f.ref, f.fk_statut, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."fichinter as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.entity IN (".getEntity('intervention').")"; @@ -308,7 +308,7 @@ if (isModEnabled('ficheinter')) { if ($socid) { $sql .= " AND f.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY f.rowid DESC"; diff --git a/htdocs/fichinter/list.php b/htdocs/fichinter/list.php index 1aeaa3f89f4..b4d6eb6c20c 100644 --- a/htdocs/fichinter/list.php +++ b/htdocs/fichinter/list.php @@ -275,7 +275,7 @@ $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; -if (!$user->hasRight('societe', 'client', 'voir') && empty($socid)) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ", ".MAIN_DB_PREFIX."societe as s"; @@ -306,7 +306,7 @@ if ($search_desc) { if ($search_status != '' && $search_status >= 0) { $sql .= ' AND f.fk_statut = '.urlencode($search_status); } -if (!$user->hasRight('societe', 'client', 'voir') && empty($socid)) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/fichinter/stats/index.php b/htdocs/fichinter/stats/index.php index c6ab74da2ae..6cb69cf99f6 100644 --- a/htdocs/fichinter/stats/index.php +++ b/htdocs/fichinter/stats/index.php @@ -80,7 +80,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/interventionsnbinyear-'.$user->id.'-'.$year.'.png'; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsnbinyear-'.$user->id.'-'.$year.'.png'; } else { @@ -116,7 +116,7 @@ if (!$mesg) { $data = $stats->getAmountByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenameamount = $dir.'/interventionsamountinyear-'.$user->id.'-'.$year.'.png'; $fileurlamount = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsamountinyear-'.$user->id.'-'.$year.'.png'; } else { @@ -151,7 +151,7 @@ if (!$mesg) { $data = $stats->getAverageByMonthWithPrevYear($endyear, $startyear); -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filename_avg = $dir.'/interventionsaverage-'.$user->id.'-'.$year.'.png'; $fileurl_avg = DOL_URL_ROOT.'/viewimage.php?modulepart=interventionstats&file=interventionsaverage-'.$user->id.'-'.$year.'.png'; } else { diff --git a/htdocs/margin/customerMargins.php b/htdocs/margin/customerMargins.php index 4b407e30a42..66ffc072e74 100644 --- a/htdocs/margin/customerMargins.php +++ b/htdocs/margin/customerMargins.php @@ -231,14 +231,14 @@ if (!empty($TSelectedCats)) { $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'categorie_product as cp ON cp.fk_product=d.fk_product'; } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; if ($socid > 0) { $sql .= ' AND s.rowid = '.((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND f.fk_statut NOT IN (".$db->sanitize(implode(', ', $invoice_status_except_list)).")"; diff --git a/htdocs/margin/tabs/productMargins.php b/htdocs/margin/tabs/productMargins.php index aaa25015c34..89de7e7d79f 100644 --- a/htdocs/margin/tabs/productMargins.php +++ b/htdocs/margin/tabs/productMargins.php @@ -142,7 +142,7 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT s.nom as name, s.rowid as socid, s.code_client,"; $sql .= " f.rowid as facid, f.ref, f.total_ht,"; $sql .= " f.datef, f.paye, f.fk_statut as statut, f.type,"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " sc.fk_soc, sc.fk_user,"; } $sql .= " sum(d.total_ht) as selling_price,"; // may be negative or positive @@ -152,7 +152,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."facture as f"; $sql .= ", ".MAIN_DB_PREFIX."facturedet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -160,11 +160,11 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND d.fk_facture = f.rowid"; $sql .= " AND d.fk_product = ".((int) $object->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!empty($socid)) { - $sql .= " AND f.fk_soc = $socid"; + $sql .= " AND f.fk_soc = ".((int) $socid); } $sql .= " AND d.buy_price_ht IS NOT NULL"; // We should not use this here. Option ForceBuyingPriceIfNull should have effect only when inserting data. Once data is recorded, it must be used as it is for report. @@ -173,7 +173,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND d.buy_price_ht <> 0"; } $sql .= " GROUP BY s.nom, s.rowid, s.code_client, f.rowid, f.ref, f.total_ht, f.datef, f.paye, f.fk_statut, f.type"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user"; } $sql .= $db->order($sortfield, $sortorder); diff --git a/htdocs/modulebuilder/template/myobject_list.php b/htdocs/modulebuilder/template/myobject_list.php index 5ebb8808848..0377c74a0a5 100644 --- a/htdocs/modulebuilder/template/myobject_list.php +++ b/htdocs/modulebuilder/template/myobject_list.php @@ -348,6 +348,25 @@ foreach ($search as $key => $val) { if ($search_all) { $sql .= natural_search(array_keys($fieldstosearchall), $search_all); } +/* +// If the internal user must only see his customers, force searching by him +$search_sale = 0; +if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; +} +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } +} +// Search on socid +if ($socid) { + $sql .= " AND t.fk_soc = ".((int) $socid); +} +*/ //$sql.= dolSqlDateFilter("t.field", $search_xxxday, $search_xxxmonth, $search_xxxyear); // Add where from extra fields include DOL_DOCUMENT_ROOT.'/core/tpl/extrafields_list_search_sql.tpl.php'; diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php index c32dc6f393b..443e3158683 100644 --- a/htdocs/product/class/product.class.php +++ b/htdocs/product/class/product.class.php @@ -2884,7 +2884,7 @@ class Product extends CommonObject $sql .= " SUM(mp.qty) as qty"; $sql .= " FROM ".$this->db->prefix()."mrp_mo as c"; $sql .= " INNER JOIN ".$this->db->prefix()."mrp_production as mp ON mp.fk_mo=c.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".$this->db->prefix()."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " WHERE "; @@ -3007,7 +3007,7 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."propaldet as pd"; $sql .= ", ".$this->db->prefix()."propal as p"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE p.rowid = pd.fk_propal"; @@ -3082,14 +3082,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."supplier_proposaldet as pd"; $sql .= ", ".$this->db->prefix()."supplier_proposal as p"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE p.rowid = pd.fk_supplier_proposal"; $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND pd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND pr.fk_statut != 0"; @@ -3138,14 +3138,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."commandedet as cd"; $sql .= ", ".$this->db->prefix()."commande as c"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'commande').")"; $sql .= " AND cd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3266,14 +3266,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."commande_fournisseurdet as cd"; $sql .= ", ".$this->db->prefix()."commande_fournisseur as c"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = cd.fk_commande"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'supplier_order').")"; $sql .= " AND cd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3329,7 +3329,7 @@ class Product extends CommonObject $sql .= ", ".$this->db->prefix()."commande as c"; $sql .= ", ".$this->db->prefix()."expedition as e"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE e.rowid = ed.fk_expedition"; @@ -3338,7 +3338,7 @@ class Product extends CommonObject $sql .= " AND e.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'expedition').")"; $sql .= " AND ed.fk_origin_line = cd.rowid"; $sql .= " AND cd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= " AND e.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3413,14 +3413,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."commande_fournisseur_dispatch as fd"; $sql .= ", ".$this->db->prefix()."commande_fournisseur as cf"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE cf.rowid = fd.fk_commande"; $sql .= " AND cf.fk_soc = s.rowid"; $sql .= " AND cf.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'supplier_order').")"; $sql .= " AND fd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3474,13 +3474,13 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."mrp_production as mp"; $sql .= ", ".$this->db->prefix()."mrp_mo as m"; $sql .= " LEFT JOIN ".$this->db->prefix()."societe as s ON s.rowid = m.fk_soc"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE m.rowid = mp.fk_mo"; $sql .= " AND m.entity IN (".getEntity($forVirtualStock && getDolGlobalString('STOCK_CALCULATE_VIRTUAL_STOCK_TRANSVERSE_MODE') ? 'stock' : 'mrp').")"; $sql .= " AND mp.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid && !$forVirtualStock) { + if (!$user->hasRight('societe', 'client', 'voir') && !$forVirtualStock) { $sql .= " AND m.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3570,14 +3570,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."contratdet as cd"; $sql .= ", ".$this->db->prefix()."contrat as c"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = cd.fk_contrat"; $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND c.statut != 0"; @@ -3644,14 +3644,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."facturedet as fd"; $sql .= ", ".$this->db->prefix()."facture as f"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE f.rowid = fd.fk_facture"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND fd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; @@ -3719,14 +3719,14 @@ class Product extends CommonObject $sql .= " FROM ".MAIN_DB_PREFIX."facturedet_rec as fd"; $sql .= ", ".MAIN_DB_PREFIX."facture_rec as f"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.rowid = fd.fk_facture"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; $sql .= " AND fd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; @@ -3793,14 +3793,14 @@ class Product extends CommonObject $sql .= " FROM ".$this->db->prefix()."facture_fourn_det as fd"; $sql .= ", ".$this->db->prefix()."facture_fourn as f"; $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE f.rowid = fd.fk_facture_fourn"; $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; $sql .= " AND fd.fk_product = ".((int) $this->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND f.fk_statut != 0"; @@ -3931,7 +3931,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE f.rowid = d.fk_facture"; @@ -3945,7 +3945,7 @@ class Product extends CommonObject } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('invoice').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -3985,7 +3985,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE f.rowid = d.fk_facture_fourn"; @@ -3999,7 +3999,7 @@ class Product extends CommonObject } $sql .= " AND f.fk_soc = s.rowid"; $sql .= " AND f.entity IN (".getEntity('facture_fourn').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND f.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4037,7 +4037,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as prod"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE p.rowid = d.fk_propal"; @@ -4051,7 +4051,7 @@ class Product extends CommonObject } $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('propal').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4090,7 +4090,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as prod"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE p.rowid = d.fk_supplier_proposal"; @@ -4104,7 +4104,7 @@ class Product extends CommonObject } $sql .= " AND p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4142,7 +4142,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = d.fk_commande"; @@ -4156,7 +4156,7 @@ class Product extends CommonObject } $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('commande').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4194,7 +4194,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE c.rowid = d.fk_commande"; @@ -4208,7 +4208,7 @@ class Product extends CommonObject } $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('supplier_order').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4246,10 +4246,9 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } - $sql .= " WHERE c.entity IN (".getEntity('contract').")"; $sql .= " AND c.rowid = d.fk_contrat"; @@ -4263,7 +4262,7 @@ class Product extends CommonObject } $sql .= " AND c.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { @@ -4300,7 +4299,7 @@ class Product extends CommonObject if ($filteronproducttype >= 0) { $sql .= ", ".$this->db->prefix()."product as p"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } @@ -4316,7 +4315,7 @@ class Product extends CommonObject $sql .= " AND p.rowid = d.fk_product AND p.fk_product_type = ".((int) $filteronproducttype); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND d.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid > 0) { diff --git a/htdocs/product/stats/commande.php b/htdocs/product/stats/commande.php index 70ddfeed681..199469264e0 100644 --- a/htdocs/product/stats/commande.php +++ b/htdocs/product/stats/commande.php @@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) { $sql .= " c.ref_client,"; $sql .= " c.date_commande, c.fk_statut as statut, c.facture, c.rowid as commandeid, d.rowid, d.qty,"; $sql .= " c.date_livraison as delivery_date"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."commande as c"; $sql .= ", ".MAIN_DB_PREFIX."commandedet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/commande_fournisseur.php b/htdocs/product/stats/commande_fournisseur.php index ea342530ded..6a5500456d5 100644 --- a/htdocs/product/stats/commande_fournisseur.php +++ b/htdocs/product/stats/commande_fournisseur.php @@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) { $sql .= " c.rowid, d.total_ht as total_ht, c.ref,"; $sql .= " c.date_commande, c.fk_statut as statut, c.rowid as commandeid, d.rowid, d.qty,"; $sql .= " c.date_livraison as delivery_date"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseur as c"; $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseurdet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(c.date_commande) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/contrat.php b/htdocs/product/stats/contrat.php index 24b61e92490..e8c773099e7 100644 --- a/htdocs/product/stats/contrat.php +++ b/htdocs/product/stats/contrat.php @@ -135,7 +135,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " c.rowid as rowid, c.ref, c.ref_customer, c.ref_supplier, c.date_contrat, c.statut as statut,"; $sql .= " s.nom as name, s.rowid as socid, s.code_client"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ", ".MAIN_DB_PREFIX."contrat as c"; @@ -144,7 +144,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " AND c.fk_soc = s.rowid"; $sql .= " AND c.entity IN (".getEntity('contract').")"; $sql .= " AND cd.fk_product = ".((int) $product->id); - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/facture.php b/htdocs/product/stats/facture.php index a3ca3c744ad..9eaf04992a3 100644 --- a/htdocs/product/stats/facture.php +++ b/htdocs/product/stats/facture.php @@ -193,7 +193,7 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client,"; $sql .= " f.ref, f.datef, f.paye, f.type, f.fk_statut as statut, f.rowid as facid,"; $sql .= " d.rowid, d.total_ht as total_ht, d.qty"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } // Add fields from extrafields @@ -214,7 +214,7 @@ if ($id > 0 || !empty($ref)) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.'facture'."_extrafields as ef on (f.rowid = ef.fk_object)"; } $sql .= ", ".MAIN_DB_PREFIX."facturedet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } // Add table from hooks @@ -232,7 +232,7 @@ if ($id > 0 || !empty($ref)) { if ($search_date_end) { $sql .= " AND f.datef <= '".$db->idate($search_date_end)."'"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/facture_fournisseur.php b/htdocs/product/stats/facture_fournisseur.php index 04f6d0ddf22..7951d82799e 100644 --- a/htdocs/product/stats/facture_fournisseur.php +++ b/htdocs/product/stats/facture_fournisseur.php @@ -140,13 +140,13 @@ if ($id > 0 || !empty($ref)) { if ($user->hasRight('fournisseur', 'facture', 'lire')) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client, d.rowid, d.total_ht as line_total_ht,"; $sql .= " f.rowid as facid, f.ref, f.ref_supplier, f.datef, f.libelle as label, f.total_ht, f.total_ttc, f.total_tva, f.paye, f.fk_statut as statut, d.qty"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."facture_fourn as f"; $sql .= ", ".MAIN_DB_PREFIX."facture_fourn_det as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -159,7 +159,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(f.datef) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/facturerec.php b/htdocs/product/stats/facturerec.php index 7cc7c83d400..3374f353391 100644 --- a/htdocs/product/stats/facturerec.php +++ b/htdocs/product/stats/facturerec.php @@ -158,13 +158,13 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, s.code_client,"; $sql .= "f.titre as title, f.datec, f.rowid as facid, f.suspended as suspended,"; $sql .= " d.rowid, d.total_ht as total_ht, d.qty"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."facture_rec as f"; $sql .= ", ".MAIN_DB_PREFIX."facturedet_rec as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE f.fk_soc = s.rowid"; @@ -177,7 +177,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(f.datec) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/propal.php b/htdocs/product/stats/propal.php index 991290e9b58..e2f26e810b7 100644 --- a/htdocs/product/stats/propal.php +++ b/htdocs/product/stats/propal.php @@ -142,13 +142,13 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, p.rowid as propalid, p.ref, d.total_ht as amount,"; $sql .= " p.ref_client,"; $sql .= "p.datep, p.fk_statut as statut, d.rowid, d.qty"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."propal as p"; $sql .= ", ".MAIN_DB_PREFIX."propaldet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.fk_soc = s.rowid"; @@ -161,7 +161,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stats/supplier_proposal.php b/htdocs/product/stats/supplier_proposal.php index 1234dec1db8..3f178ee0b7e 100644 --- a/htdocs/product/stats/supplier_proposal.php +++ b/htdocs/product/stats/supplier_proposal.php @@ -141,13 +141,13 @@ if ($id > 0 || !empty($ref)) { $sql = "SELECT DISTINCT s.nom as name, s.rowid as socid, p.rowid as propalid, p.ref, d.total_ht as amount,"; //$sql .= " p.ref_supplier,"; $sql .= "p.date_valid, p.fk_statut as statut, d.rowid, d.qty"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ",".MAIN_DB_PREFIX."supplier_proposal as p"; $sql .= ", ".MAIN_DB_PREFIX."supplier_proposaldet as d"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.fk_soc = s.rowid"; @@ -160,7 +160,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(p.datep) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stock/class/productlot.class.php b/htdocs/product/stock/class/productlot.class.php index 0867aadde04..4a1974d57b2 100644 --- a/htdocs/product/stock/class/productlot.class.php +++ b/htdocs/product/stock/class/productlot.class.php @@ -767,12 +767,12 @@ class Productlot extends CommonObject $sql .= " INNER JOIN ".$this->db->prefix()."expeditiondet as ed ON (ed.rowid = edb.fk_expeditiondet)"; $sql .= " INNER JOIN ".$this->db->prefix()."expedition as exp ON (exp.rowid = ed.fk_expedition)"; // $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE exp.entity IN (".getEntity('expedition').")"; $sql .= " AND edb.batch = '".($this->db->escape($this->batch))."'"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND exp.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND exp.fk_statut != 0"; @@ -842,12 +842,12 @@ class Productlot extends CommonObject $sql .= " INNER JOIN ".$this->db->prefix()."commande_fournisseurdet as cfd ON (cfd.rowid = cfdi.fk_commandefourndet)"; $sql .= " INNER JOIN ".$this->db->prefix()."commande_fournisseur as cf ON (cf.rowid = cfd.fk_commande)"; // $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE cf.entity IN (".getEntity('expedition').")"; $sql .= " AND cfdi.batch = '".($this->db->escape($this->batch))."'"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND cf.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND cf.fk_statut != 0"; @@ -916,12 +916,12 @@ class Productlot extends CommonObject $sql .= " FROM ".$this->db->prefix()."commande_fournisseur_dispatch as cfdi"; $sql .= " INNER JOIN ".$this->db->prefix()."reception as recep ON (recep.rowid = cfdi.fk_reception)"; // $sql .= ", ".$this->db->prefix()."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".$this->db->prefix()."societe_commerciaux as sc"; } $sql .= " WHERE recep.entity IN (".getEntity('reception').")"; $sql .= " AND cfdi.batch = '".($this->db->escape($this->batch))."'"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND recep.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } //$sql.= " AND exp.fk_statut != 0"; @@ -996,7 +996,7 @@ class Productlot extends CommonObject $sql .= " SUM(mp.qty) as qty"; $sql .= " FROM ".$this->db->prefix()."mrp_mo as c"; $sql .= " INNER JOIN ".$this->db->prefix()."mrp_production as mp ON mp.fk_mo=c.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= "INNER JOIN ".$this->db->prefix()."societe_commerciaux as sc ON sc.fk_soc=c.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " WHERE "; diff --git a/htdocs/product/stock/replenishorders.php b/htdocs/product/stock/replenishorders.php index 8102d10e48a..9a0e0847016 100644 --- a/htdocs/product/stock/replenishorders.php +++ b/htdocs/product/stock/replenishorders.php @@ -126,7 +126,7 @@ $sql .= ' cf.rowid, cf.ref, cf.fk_statut, cf.total_ttc, cf.fk_user_author,'; $sql .= ' u.login'; $sql .= ' FROM '.MAIN_DB_PREFIX.'societe as s, '.MAIN_DB_PREFIX.'commande_fournisseur as cf'; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX.'user as u ON cf.fk_user_author = u.rowid'; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ', '.MAIN_DB_PREFIX.'societe_commerciaux as sc'; } $sql .= ' WHERE cf.fk_soc = s.rowid '; @@ -138,7 +138,7 @@ if (getDolGlobalString('STOCK_CALCULATE_ON_SUPPLIER_VALIDATE_ORDER')) { } else { $sql .= ' AND cf.fk_statut < 5'; } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ' AND s.rowid = sc.fk_soc AND sc.fk_user = '.((int) $user->id); } if ($sref) { diff --git a/htdocs/product/stock/stats/commande_fournisseur.php b/htdocs/product/stock/stats/commande_fournisseur.php index 5fd0a1e425d..756f814f575 100644 --- a/htdocs/product/stock/stats/commande_fournisseur.php +++ b/htdocs/product/stock/stats/commande_fournisseur.php @@ -218,14 +218,14 @@ if ($id > 0 || !empty($ref)) { $sql .= " cf.ref, cf.date_commande, cf.date_livraison as delivery_date, cf.fk_statut as statut, cf.rowid as facid,"; $sql .= " cfd.rowid, SUM(cfdi.qty) as qty"; // $sql.= ", cfd.total_ht * SUM(cfdi.qty) / cfd.qty as total_ht_pondere"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur as cf ON (cf.fk_soc = s.rowid)"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseurdet as cfd ON (cfd.fk_commande = cf.rowid)"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as cfdi ON (cfdi.fk_commandefourndet = cfd.rowid)"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE cf.entity IN (".getEntity('product').")"; @@ -236,7 +236,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(cf.date_commande) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stock/stats/expedition.php b/htdocs/product/stock/stats/expedition.php index e8efff308f8..5596ff381d5 100644 --- a/htdocs/product/stock/stats/expedition.php +++ b/htdocs/product/stock/stats/expedition.php @@ -218,14 +218,14 @@ if ($id > 0 || !empty($ref)) { $sql .= " exp.ref, exp.date_creation, exp.fk_statut as statut, exp.rowid as facid,"; $sql .= " d.rowid, db.qty"; // $sql.= ", d.total_ht as total_ht"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expedition as exp ON (exp.fk_soc = s.rowid)"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expeditiondet as d ON (d.fk_expedition = exp.rowid)"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."expeditiondet_batch as db ON (db.fk_expeditiondet = d.rowid)"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE exp.entity IN (".getEntity('product').")"; @@ -236,7 +236,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(exp.date_creation) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/product/stock/stats/reception.php b/htdocs/product/stock/stats/reception.php index a117b2043fa..63c4b942310 100644 --- a/htdocs/product/stock/stats/reception.php +++ b/htdocs/product/stock/stats/reception.php @@ -218,13 +218,13 @@ if ($id > 0 || !empty($ref)) { $sql .= " recep.ref, recep.date_creation, recep.fk_statut as statut, recep.rowid as facid,"; $sql .= " d.qty"; // $sql.= ", d.total_ht as total_ht"; // We must keep the d.rowid here to not loose record because of the distinct used to ignore duplicate line when link on societe_commerciaux is used - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", sc.fk_soc, sc.fk_user "; } $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."reception as recep ON (recep.fk_soc = s.rowid)"; $sql .= " INNER JOIN ".MAIN_DB_PREFIX."commande_fournisseur_dispatch as d ON (d.fk_reception = recep.rowid)"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE recep.entity IN (".getEntity('product').")"; @@ -235,7 +235,7 @@ if ($id > 0 || !empty($ref)) { if (!empty($search_year)) { $sql .= ' AND YEAR(recep.date_creation) IN ('.$db->sanitize($search_year).')'; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php index e04aa4cf676..6706558523f 100644 --- a/htdocs/projet/class/task.class.php +++ b/htdocs/projet/class/task.class.php @@ -2350,7 +2350,7 @@ class Task extends CommonObjectLine $sql = "SELECT count(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid"; } $sql .= ", ".MAIN_DB_PREFIX."projet_task as t"; @@ -2364,7 +2364,7 @@ class Task extends CommonObjectLine if ($socid) { $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id).") OR (s.rowid IS NULL))"; } diff --git a/htdocs/projet/class/taskstats.class.php b/htdocs/projet/class/taskstats.class.php index 0a7d13fc47d..a314b848477 100644 --- a/htdocs/projet/class/taskstats.class.php +++ b/htdocs/projet/class/taskstats.class.php @@ -58,8 +58,8 @@ class TaskStats extends Stats $sql = "SELECT"; $sql .= " COUNT(t.rowid), t.priority"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->buildWhere(); //$sql .= " AND t.fk_statut <> 0"; // We want historic also, so all task not draft @@ -112,8 +112,8 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); + if (!$user->hasRight('societe', 'client', 'voir')) { + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= $this->buildWhere(); $sql .= " GROUP BY year"; @@ -174,7 +174,7 @@ class TaskStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(t.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."projet_task as t INNER JOIN ".MAIN_DB_PREFIX."projet as p ON p.rowid = t.fk_projet"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " INNER JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc=p.fk_soc AND sc.fk_user=".((int) $user->id); } $sql .= $this->buildWhere(); diff --git a/htdocs/reception/class/receptionstats.class.php b/htdocs/reception/class/receptionstats.class.php index e0fe16e7854..b56211933dd 100644 --- a/htdocs/reception/class/receptionstats.class.php +++ b/htdocs/reception/class/receptionstats.class.php @@ -70,7 +70,7 @@ class ReceptionStats extends Stats //$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity; $this->where .= " AND c.entity IN (".getEntity('reception').")"; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($this->socid) { @@ -94,7 +94,7 @@ class ReceptionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -118,7 +118,7 @@ class ReceptionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; @@ -141,7 +141,7 @@ class ReceptionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, SUM(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -165,7 +165,7 @@ class ReceptionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%m') as dm, AVG(c.".$this->field.")"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.date_valid BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; @@ -187,7 +187,7 @@ class ReceptionStats extends Stats $sql = "SELECT date_format(c.date_valid,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg"; $sql .= " FROM ".$this->from; - if (!$user->hasRight('societe', 'client', 'voir') && !$this->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE ".$this->where; diff --git a/htdocs/reception/index.php b/htdocs/reception/index.php index 9baecc185e8..4c923a3f307 100644 --- a/htdocs/reception/index.php +++ b/htdocs/reception/index.php @@ -88,7 +88,7 @@ $sql .= " FROM ".MAIN_DB_PREFIX."reception as e"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'reception'"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source = c.rowid"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; $sql .= $clause." sc.fk_user = ".((int) $user->id); $clause = " AND "; @@ -152,11 +152,11 @@ $sql .= " FROM ".MAIN_DB_PREFIX."reception as e"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."element_element as el ON e.rowid = el.fk_target AND el.targettype = 'reception' AND el.sourcetype IN ('order_supplier')"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur as c ON el.fk_source = c.rowid AND el.sourcetype IN ('order_supplier') AND el.targettype = 'reception'"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = e.fk_soc"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON e.fk_soc = sc.fk_soc"; } $sql .= " WHERE e.entity IN (".getEntity('reception').")"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND sc.fk_user = ".((int) $user->id); } $sql .= " AND e.fk_statut = 1"; @@ -213,7 +213,7 @@ if ($resql) { $sql = "SELECT c.rowid, c.ref, c.ref_supplier as ref_supplier, c.fk_statut as status, c.billed as billed, s.nom as name, s.rowid as socid"; $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur as c,"; $sql .= " ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -222,7 +222,7 @@ $sql .= " AND c.fk_statut IN (".CommandeFournisseur::STATUS_ORDERSENT.", ".Comma if ($socid > 0) { $sql .= " AND c.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.rowid ASC"; diff --git a/htdocs/reception/stats/index.php b/htdocs/reception/stats/index.php index e2b93a9a4a3..d8be5bd1862 100644 --- a/htdocs/reception/stats/index.php +++ b/htdocs/reception/stats/index.php @@ -71,7 +71,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/receptionsnbinyear-'.$user->id.'-'.$year.'.png'; } else { $filenamenb = $dir.'/receptionsnbinyear-'.$year.'.png'; diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 8bf79b2b7f7..e3583c439e0 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -64,7 +64,7 @@ class Client extends Societe $sql = "SELECT count(s.rowid) as nb, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index 854be79efc2..a954f0a0426 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -100,11 +100,11 @@ $total = 0; $sql = "SELECT s.rowid, s.client, s.fournisseur"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!$user->hasRight('fournisseur', 'lire')) { @@ -294,11 +294,11 @@ $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; if (getDolGlobalString('MAIN_COMPANY_PERENTITY_SHARED')) { $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "societe_perentity as spe ON spe.fk_soc = s.rowid AND spe.entity = " . ((int) $conf->entity); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ' WHERE s.entity IN ('.getEntity('societe').')'; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if (!$user->hasRight('fournisseur', 'lire')) { diff --git a/htdocs/societe/list.php b/htdocs/societe/list.php index 85489b2a314..0de0a878ab0 100644 --- a/htdocs/societe/list.php +++ b/htdocs/societe/list.php @@ -521,10 +521,6 @@ $sql .= " staff.code as staff_code,"; $sql .= " country.code as country_code, country.label as country_label,"; $sql .= " state.code_departement as state_code, state.nom as state_name,"; $sql .= " region.code_region as region_code, region.nom as region_name"; -// We'll need these fields in order to filter by sale (including the case where the user can only see his prospects) -if ($search_sale && $search_sale != '-1') { - $sql .= ", sc.fk_soc, sc.fk_user"; -} // Add fields from extrafields if (!empty($extrafields->attributes[$object->table_element]['label'])) { foreach ($extrafields->attributes[$object->table_element]['label'] as $key => $val) { @@ -552,32 +548,21 @@ $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_effectif as staff on (staff.id = s.fk_ef $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as state on (state.rowid = s.fk_departement)"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_regions as region on (region.code_region = state.fk_region)"; $sql .= ' LEFT JOIN '.MAIN_DB_PREFIX."c_stcomm as st ON s.fk_stcomm = st.id"; -// We'll need this table joined to the select in order to filter by sale -if ($search_sale == -2) { - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid"; - //elseif ($search_sale || (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid)) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} elseif (!empty($search_sale) && $search_sale != '-1' || (!$user->hasRight('societe', 'client', 'voir') && !$socid)) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -} // Add table from hooks $parameters = array(); $reshook = $hookmanager->executeHooks('printFieldListFrom', $parameters, $object, $action); // Note that $action and $object may have been modified by hook $sql .= $hookmanager->resPrint; $sql .= " WHERE s.entity IN (".getEntity('societe').")"; -//if (empty($user->rights->societe->client->voir) && (empty($conf->global->MAIN_USE_ADVANCED_PERMS) || empty($user->rights->societe->client->readallthirdparties_advance)) && !$socid) $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { - $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); -} -if ($search_sale && $search_sale != '-1' && $search_sale != '-2') { - $sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale -} if (!$user->hasRight('fournisseur', 'lire')) { $sql .= " AND (s.fournisseur <> 1 OR s.client <> 0)"; // client=0, fournisseur=0 must be visible } -if ($search_sale == -2) { - $sql .= " AND sc.fk_user IS NULL"; -} elseif ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); +// Search on sale representative +if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = s.rowid AND sc.fk_user = ".((int) $search_sale).")"; + } } $searchCategoryCustomerList = $search_categ_cus ? array($search_categ_cus) : array(); $searchCategoryCustomerOperator = 0; diff --git a/htdocs/supplier_proposal/class/supplier_proposal.class.php b/htdocs/supplier_proposal/class/supplier_proposal.class.php index ffe975640e2..f877fddc2c2 100644 --- a/htdocs/supplier_proposal/class/supplier_proposal.class.php +++ b/htdocs/supplier_proposal/class/supplier_proposal.class.php @@ -2223,7 +2223,7 @@ class SupplierProposal extends CommonObject $sql = "SELECT p.rowid, p.ref, p.datec as datec, p.date_cloture as datefin"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON p.fk_soc = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = " AND"; @@ -2380,7 +2380,7 @@ class SupplierProposal extends CommonObject $sql = "SELECT count(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/supplier_proposal/index.php b/htdocs/supplier_proposal/index.php index e69bad34b72..34bfb83eed3 100644 --- a/htdocs/supplier_proposal/index.php +++ b/htdocs/supplier_proposal/index.php @@ -67,7 +67,7 @@ print '
'; $sql = "SELECT count(p.rowid), p.fk_statut"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."supplier_proposal as p"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.fk_soc = s.rowid"; @@ -75,7 +75,7 @@ $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; if ($user->socid) { $sql .= ' AND p.fk_soc = '.((int) $user->socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " AND p.fk_statut IN (0,1,2,3,4)"; @@ -167,7 +167,7 @@ if (isModEnabled('supplier_proposal')) { $sql = "SELECT c.rowid, c.ref, s.nom as socname, s.rowid as socid, s.canvas, s.client"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -176,7 +176,7 @@ if (isModEnabled('supplier_proposal')) { if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -225,7 +225,7 @@ $sql = "SELECT c.rowid, c.ref, c.fk_statut, s.nom as socname, s.rowid as socid, $sql .= " date_cloture as datec"; $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal as c"; $sql .= ", ".MAIN_DB_PREFIX."societe as s"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE c.fk_soc = s.rowid"; @@ -234,7 +234,7 @@ $sql .= " AND c.entity = ".$conf->entity; if ($socid) { $sql .= " AND c.fk_soc = ".((int) $socid); } -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } $sql .= " ORDER BY c.tms DESC"; @@ -306,13 +306,13 @@ if (isModEnabled('supplier_proposal') && $user->hasRight('supplier_proposal', 'l $sql = "SELECT s.nom as socname, s.rowid as socid, s.canvas, s.client, p.rowid as supplier_proposalid, p.total_ttc, p.total_tva, p.total_ht, p.ref, p.fk_statut, p.datec as dp"; $sql .= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql .= ", ".MAIN_DB_PREFIX."supplier_proposal as p"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= " WHERE p.fk_soc = s.rowid"; $sql .= " AND p.entity IN (".getEntity('supplier_proposal').")"; $sql .= " AND p.fk_statut = 1"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } if ($socid) { diff --git a/htdocs/ticket/class/ticket.class.php b/htdocs/ticket/class/ticket.class.php index 9b6bcd90be8..75e106f0454 100644 --- a/htdocs/ticket/class/ticket.class.php +++ b/htdocs/ticket/class/ticket.class.php @@ -792,8 +792,8 @@ class Ticket extends CommonObject $sql .= " t.date_read,"; $sql .= " t.date_last_msg_sent,"; $sql .= " t.date_close,"; - $sql .= " t.tms"; - $sql .= ", type.label as type_label, category.label as category_label, severity.label as severity_label"; + $sql .= " t.tms,"; + $sql .= " type.label as type_label, category.label as category_label, severity.label as severity_label"; // Add fields for extrafields if ($extrafields->attributes[$this->table_element]['count']> 0) { foreach ($extrafields->attributes[$this->table_element]['label'] as $key => $val) { @@ -801,21 +801,17 @@ class Ticket extends CommonObject } } $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=t.fk_soc"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as uc ON uc.rowid=t.fk_user_create"; - $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON ua.rowid=t.fk_user_assign"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code = t.type_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code = t.category_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code = t.severity_code"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = t.fk_soc"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as uc ON uc.rowid = t.fk_user_create"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON ua.rowid = t.fk_user_assign"; if ($extrafields->attributes[$this->table_element]['count']> 0) { if (is_array($extrafields->attributes[$this->table_element]['label']) && count($extrafields->attributes[$this->table_element]['label'])) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."ticket_extrafields as ef on (t.rowid = ef.fk_object)"; } } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } - $sql .= " WHERE t.entity IN (".getEntity('ticket').")"; // Manage filter @@ -838,10 +834,25 @@ class Ticket extends CommonObject } } } - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { - $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); - } elseif ($user->socid) { - $sql .= " AND t.fk_soc = ".((int) $user->socid); + + // Case of external user + $socid = $user->socid ? $user->socid : 0; + // If the internal user must only see his customers, force searching by him + $search_sale = 0; + if (!$user->hasRight('societe', 'client', 'voir')) { + $search_sale = $user->id; + } + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } + } + // Search on socid + if ($socid) { + $sql .= " AND t.fk_soc = ".((int) $socid); } $sql .= $this->db->order($sortfield, $sortorder); @@ -3060,7 +3071,7 @@ class Ticket extends CommonObject $sql = "SELECT count(p.rowid) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."ticket as p"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON p.fk_soc = s.rowid"; - if (!$user->hasRight('societe', 'client', 'voir') && !$user->socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; $sql .= " WHERE sc.fk_user = ".((int) $user->id); $clause = "AND"; diff --git a/htdocs/ticket/index.php b/htdocs/ticket/index.php index 011826f9095..79668bb3c8c 100644 --- a/htdocs/ticket/index.php +++ b/htdocs/ticket/index.php @@ -156,13 +156,13 @@ $tick = array( $sql = "SELECT t.fk_statut, COUNT(t.fk_statut) as nb"; $sql .= " FROM ".MAIN_DB_PREFIX."ticket as t"; -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= dolSqlDateFilter('datec', 0, 0, $endyear); -if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } @@ -332,13 +332,13 @@ if ($user->hasRight('ticket', 'read')) { $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_type as type ON type.code=t.type_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_category as category ON category.code=t.category_code"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."c_ticket_severity as severity ON severity.code=t.severity_code"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; } $sql .= ' WHERE t.entity IN ('.getEntity('ticket').')'; $sql .= " AND t.fk_statut = 0"; - if (!$user->hasRight('societe', 'client', 'voir') && !$socid) { + if (!$user->hasRight('societe', 'client', 'voir')) { $sql .= " AND t.fk_soc = sc.fk_soc AND sc.fk_user = ".((int) $user->id); } diff --git a/htdocs/ticket/stats/index.php b/htdocs/ticket/stats/index.php index bcc74cc0e0c..5bd47cff622 100644 --- a/htdocs/ticket/stats/index.php +++ b/htdocs/ticket/stats/index.php @@ -83,7 +83,7 @@ $data = $stats->getNbByMonthWithPrevYear($endyear, $startyear); // $data = array(array('Lib',val1,val2,val3),...) -if (!$user->hasRight('societe', 'client', 'voir') || $user->socid) { +if (!$user->hasRight('societe', 'client', 'voir')) { $filenamenb = $dir.'/ticketsnbinyear-'.$user->id.'-'.$year.'.png'; $fileurlnb = DOL_URL_ROOT.'/viewimage.php?modulepart=ticketstats&file=ticketsnbinyear-'.$user->id.'-'.$year.'.png'; } else { diff --git a/htdocs/webhook/webhookindex.php b/htdocs/webhook/webhookindex.php deleted file mode 100644 index 2886d3f5e1c..00000000000 --- a/htdocs/webhook/webhookindex.php +++ /dev/null @@ -1,208 +0,0 @@ - - * Copyright (C) 2004-2015 Laurent Destailleur - * Copyright (C) 2005-2012 Regis Houssin - * Copyright (C) 2015 Jean-François Ferry - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -/** - * \file webhook/webhookindex.php - * \ingroup webhook - * \brief Home page of webhook top menu - */ - -// Load Dolibarr environment -require '../main.inc.php'; -require_once DOL_DOCUMENT_ROOT.'/core/class/html.formfile.class.php'; - -// Parameters -$action = GETPOST('action', 'aZ09'); - -// Security check -// if (! $user->rights->webhook->myobject->read) { -// accessforbidden(); -// } -$socid = GETPOST('socid', 'int'); -if (isset($user->socid) && $user->socid > 0) { - $action = ''; - $socid = $user->socid; -} - -$max = 5; -$now = dol_now(); - - -/* - * Actions - */ - -// None - - -/* - * View - */ - -$form = new Form($db); -$formfile = new FormFile($db); - -llxHeader("", $langs->trans("WebhookArea")); - -print load_fiche_titre($langs->trans("WebhookArea"), '', 'webhook.png@webhook'); - -print '
'; - - -/* BEGIN MODULEBUILDER DRAFT MYOBJECT -// Draft MyObject -if (!empty($conf->webhook->enabled) && $user->rights->webhook->read) { - $langs->load("orders"); - - $sql = "SELECT c.rowid, c.ref, c.ref_client, c.total_ht, c.tva as total_tva, c.total_ttc, s.rowid as socid, s.nom as name, s.client, s.canvas"; - $sql.= ", s.code_client"; - $sql.= " FROM ".MAIN_DB_PREFIX."commande as c"; - $sql.= ", ".MAIN_DB_PREFIX."societe as s"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE c.fk_soc = s.rowid"; - $sql.= " AND c.fk_statut = 0"; - $sql.= " AND c.entity IN (".getEntity('commande').")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); - if ($socid) $sql.= " AND c.fk_soc = ".((int) $socid); - - $resql = $db->query($sql); - if ($resql) - { - $total = 0; - $num = $db->num_rows($resql); - - print ''; - print ''; - print ''; - - $var = true; - if ($num > 0) - { - $i = 0; - while ($i < $num) - { - - $obj = $db->fetch_object($resql); - print ''; - print ''; - print ''; - $i++; - $total += $obj->total_ttc; - } - if ($total>0) - { - - print '"; - } - } - else - { - - print ''; - } - print "
'.$langs->trans("DraftMyObjects").($num?''.$num.'':'').'
'; - - $myobjectstatic->id=$obj->rowid; - $myobjectstatic->ref=$obj->ref; - $myobjectstatic->ref_client=$obj->ref_client; - $myobjectstatic->total_ht = $obj->total_ht; - $myobjectstatic->total_tva = $obj->total_tva; - $myobjectstatic->total_ttc = $obj->total_ttc; - - print $myobjectstatic->getNomUrl(1); - print ''; - print ''.price($obj->total_ttc).'
'.$langs->trans("Total").''.price($total)."
'.$langs->trans("NoOrder").'

"; - - $db->free($resql); - } - else - { - dol_print_error($db); - } -} -END MODULEBUILDER DRAFT MYOBJECT */ - - -print '
'; - - -$NBMAX = getDolGlobalString('MAIN_SIZE_SHORTLIST_LIMIT'); -$max = getDolGlobalInt('MAIN_SIZE_SHORTLIST_LIMIT'); - -/* BEGIN MODULEBUILDER LASTMODIFIED MYOBJECT -// Last modified myobject -if (!empty($conf->webhook->enabled) && $user->rights->webhook->read) -{ - $sql = "SELECT s.rowid, s.ref, s.label, s.date_creation, s.tms"; - $sql.= " FROM ".MAIN_DB_PREFIX."webhook_myobject as s"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - $sql.= " WHERE s.entity IN (".getEntity($myobjectstatic->element).")"; - //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = ".((int) $user->id); - //if ($socid) $sql.= " AND s.rowid = $socid"; - $sql .= " ORDER BY s.tms DESC"; - $sql .= $db->plimit($max, 0); - - $resql = $db->query($sql); - if ($resql) - { - $num = $db->num_rows($resql); - $i = 0; - - print ''; - print ''; - print ''; - print ''; - print ''; - if ($num) - { - while ($i < $num) - { - $objp = $db->fetch_object($resql); - - $myobjectstatic->id=$objp->rowid; - $myobjectstatic->ref=$objp->ref; - $myobjectstatic->label=$objp->label; - $myobjectstatic->status = $objp->status; - - print ''; - print ''; - print '"; - print '"; - print ''; - $i++; - } - - $db->free($resql); - } else { - print ''; - } - print "
'; - print $langs->trans("BoxTitleLatestModifiedMyObjects", $max); - print ''.$langs->trans("DateModificationShort").'
'.$myobjectstatic->getNomUrl(1).''; - print "'.dol_print_date($db->jdate($objp->tms), 'day')."
'.$langs->trans("None").'

"; - } -} -*/ - -print '
'; - -// End of page -llxFooter(); -$db->close();