diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php index fcbdf687f3e..8044ecfcccf 100644 --- a/htdocs/comm/fiche.php +++ b/htdocs/comm/fiche.php @@ -3,7 +3,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Eric Seigne * Copyright (C) 2006 Andre Cianfarani - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Raphael Bertrand (Resultic) * Copyright (C) 2010-2011 Juanjo Menent * @@ -51,7 +51,7 @@ if (!empty($conf->global->MAIN_MODULE_CHRONODOCS)) $langs->load("chronodocs"); // Security check $id = (GETPOST('socid','int') ? GETPOST('socid','int') : GETPOST('id')); if ($user->societe_id > 0) $id=$user->societe_id; -$result = restrictedArea($user,'societe',$id,''); +$result = restrictedArea($user,'societe',$id,'&societe'); $action = GETPOST('action'); $mode = GETPOST("mode"); @@ -478,6 +478,7 @@ if ($id > 0) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."propal as p, ".MAIN_DB_PREFIX."c_propalst as c"; $sql.= " WHERE p.fk_soc = s.rowid AND p.fk_statut = c.id"; $sql.= " AND s.rowid = ".$object->id; + $sql.= " AND p.entity = ".$conf->entity; $sql.= " ORDER BY p.datep DESC"; $resql=$db->query($sql); @@ -536,6 +537,7 @@ if ($id > 0) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande as c"; $sql.= " WHERE c.fk_soc = s.rowid "; $sql.= " AND s.rowid = ".$object->id; + $sql.= " AND c.entity = ".$conf->entity; $sql.= " ORDER BY c.date_commande DESC"; $resql=$db->query($sql); @@ -585,10 +587,11 @@ if ($id > 0) $contratstatic=new Contrat($db); $sql = "SELECT s.nom, s.rowid, c.rowid as id, c.ref as ref, c.statut, c.datec as dc"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; - $sql .= " WHERE c.fk_soc = s.rowid "; - $sql .= " AND s.rowid = ".$object->id; - $sql .= " ORDER BY c.datec DESC"; + $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."contrat as c"; + $sql.= " WHERE c.fk_soc = s.rowid "; + $sql.= " AND s.rowid = ".$object->id; + $sql.= " AND c.entity = ".$conf->entity; + $sql.= " ORDER BY c.datec DESC"; $resql=$db->query($sql); if ($resql) @@ -642,10 +645,11 @@ if ($id > 0) if ($conf->ficheinter->enabled && $user->rights->ficheinter->lire) { $sql = "SELECT s.nom, s.rowid, f.rowid as id, f.ref, f.fk_statut, f.duree as duration, f.datei as startdate"; - $sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; - $sql .= " WHERE f.fk_soc = s.rowid"; - $sql .= " AND s.rowid = ".$object->id; - $sql .= " ORDER BY f.tms DESC"; + $sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."fichinter as f"; + $sql.= " WHERE f.fk_soc = s.rowid"; + $sql.= " AND s.rowid = ".$object->id; + $sql.= " AND f.entity = ".$conf->entity; + $sql.= " ORDER BY f.tms DESC"; $fichinter_static=new Fichinter($db); @@ -704,6 +708,7 @@ if ($id > 0) $sql.= " FROM ".MAIN_DB_PREFIX."societe as s,".MAIN_DB_PREFIX."facture as f"; $sql.= ' LEFT JOIN '.MAIN_DB_PREFIX.'paiement_facture as pf ON f.rowid=pf.fk_facture'; $sql.= " WHERE f.fk_soc = s.rowid AND s.rowid = ".$object->id; + $sql.= " AND f.entity = ".$conf->entity; $sql.= ' GROUP BY f.rowid, f.facnumber, f.type, f.amount, f.total, f.total_ttc,'; $sql.= ' f.datef, f.datec, f.paye, f.fk_statut,'; $sql.= ' s.nom, s.rowid'; @@ -863,8 +868,8 @@ else dol_print_error($db,'Bad value for socid parameter'); } +llxFooter(); + $db->close(); - -llxFooter(); ?> diff --git a/htdocs/comm/list.php b/htdocs/comm/list.php index 96f5a412a8a..10bd6545bf4 100755 --- a/htdocs/comm/list.php +++ b/htdocs/comm/list.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2009 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -99,7 +99,7 @@ if ($search_sale || !$user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_P if ($search_categ) $sql.= ", ".MAIN_DB_PREFIX."categorie_societe as cs"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (1, 3)"; -$sql.= " AND s.entity = ".$conf->entity; +$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; if (!$user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale diff --git a/htdocs/comm/prospect/list.php b/htdocs/comm/prospect/list.php index a9600493d98..a6529acd01f 100755 --- a/htdocs/comm/prospect/list.php +++ b/htdocs/comm/prospect/list.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2011 Philippe Grand * * This program is free software; you can redistribute it and/or modify @@ -178,7 +178,7 @@ $sql.= ", ".MAIN_DB_PREFIX."societe as s"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_departements as d on (d.rowid = s.fk_departement)"; $sql.= " WHERE s.fk_stcomm = st.id"; $sql.= " AND s.client IN (2, 3)"; -$sql.= " AND s.entity = ".$conf->entity; +$sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; if ($user->societe_id) $sql.= " AND s.rowid = " .$user->societe_id; if ($search_sale) $sql.= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale if ($search_categ) $sql.= " AND s.rowid = cs.fk_societe"; // Join for the needed table to filter by categ diff --git a/htdocs/contact/exportimport.php b/htdocs/contact/exportimport.php index e75b099a861..c2a469e0c0a 100644 --- a/htdocs/contact/exportimport.php +++ b/htdocs/contact/exportimport.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006 Regis Houssin + * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,7 +31,7 @@ $langs->load("companies"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact', $contactid, 'socpeople'); +$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); /* diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php index 487cc1788b8..9310c3984fa 100644 --- a/htdocs/contact/fiche.php +++ b/htdocs/contact/fiche.php @@ -2,7 +2,7 @@ /* Copyright (C) 2004-2005 Rodolphe Quiedeville * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2004 Benoit Mortier - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2007 Franky Van Liedekerke * * This program is free software; you can redistribute it and/or modify @@ -58,7 +58,7 @@ if (! empty($canvas)) } // Security check -$result = restrictedArea($user, 'contact', $id, 'socpeople', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe', '', '', '', $objcanvas); // If we create a contact with no company (shared contacts), no check on write permission // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'); diff --git a/htdocs/contact/info.php b/htdocs/contact/info.php index ad802afa59f..097c007ff49 100644 --- a/htdocs/contact/info.php +++ b/htdocs/contact/info.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -32,7 +33,7 @@ $langs->load("companies"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact',$contactid,'socpeople'); +$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); @@ -60,7 +61,8 @@ dol_print_object_info($contact); print ""; +llxFooter(); + $db->close(); -llxFooter(); ?> diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php index 3daa1b3b0de..15b359c8ff5 100644 --- a/htdocs/contact/ldap.php +++ b/htdocs/contact/ldap.php @@ -1,6 +1,6 @@ - * Copyright (C) 2006 Regis Houssin +/* Copyright (C) 2006-2010 Laurent Destailleur + * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -35,7 +35,7 @@ $langs->load("admin"); // Security check $contactid = isset($_GET["id"])?$_GET["id"]:''; if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact', $contactid, 'socpeople'); +$result = restrictedArea($user, 'contact', $contactid, 'socpeople&societe'); $contact = new Contact($db); $contact->fetch($_GET["id"], $user); diff --git a/htdocs/contact/list.php b/htdocs/contact/list.php index 5daadd88dde..025c550ea34 100755 --- a/htdocs/contact/list.php +++ b/htdocs/contact/list.php @@ -2,7 +2,7 @@ /* Copyright (C) 2001-2004 Rodolphe Quiedeville * Copyright (C) 2003 Eric Seigne * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -115,14 +115,13 @@ $form=new Form($db); $sql = "SELECT s.rowid as socid, s.nom,"; $sql.= " p.rowid as cidp, p.name, p.firstname, p.poste, p.email,"; -$sql.= " p.phone, p.phone_mobile, p.fax, p.fk_pays, p.priv,"; -$sql.= " p.tms,"; +$sql.= " p.phone, p.phone_mobile, p.fax, p.fk_pays, p.priv, p.tms,"; $sql.= " cp.code as pays_code"; $sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_pays as cp ON cp.rowid = p.fk_pays"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc"; if (!$user->rights->societe->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc"; -$sql.= " WHERE p.entity = ".$conf->entity; +$sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; if (!$user->rights->societe->client->voir && !$socid) //restriction { $sql .= " AND (sc.fk_user = " .$user->id." OR p.fk_soc IS NULL)"; @@ -145,63 +144,63 @@ else if ($search_nom) // filtre sur le nom { - $sql .= " AND p.name like '%".$db->escape($search_nom)."%'"; + $sql .= " AND p.name LIKE '%".$db->escape($search_nom)."%'"; } if ($search_prenom) // filtre sur le prenom { - $sql .= " AND p.firstname like '%".$db->escape($search_prenom)."%'"; + $sql .= " AND p.firstname LIKE '%".$db->escape($search_prenom)."%'"; } if ($search_societe) // filtre sur la societe { - $sql .= " AND s.nom like '%".$db->escape($search_societe)."%'"; + $sql .= " AND s.nom LIKE '%".$db->escape($search_societe)."%'"; } if (strlen($search_poste)) // filtre sur la societe { - $sql .= " AND p.poste like '%".$db->escape($search_poste)."%'"; + $sql .= " AND p.poste LIKE '%".$db->escape($search_poste)."%'"; } if (strlen($search_phone)) { - $sql .= " AND (p.phone like '%".$db->escape($search_phone)."%' OR p.phone_perso like '%".$db->escape($search_phone)."%' OR p.phone_mobile like '%".$db->escape($search_phone)."%')"; + $sql .= " AND (p.phone LIKE '%".$db->escape($search_phone)."%' OR p.phone_perso LIKE '%".$db->escape($search_phone)."%' OR p.phone_mobile LIKE '%".$db->escape($search_phone)."%')"; } if (strlen($search_phoneper)) { - $sql .= " AND p.phone like '%".$db->escape($search_phoneper)."%'"; + $sql .= " AND p.phone LIKE '%".$db->escape($search_phoneper)."%'"; } if (strlen($search_phonepro)) { - $sql .= " AND p.phone_perso like '%".$db->escape($search_phonepro)."%'"; + $sql .= " AND p.phone_perso LIKE '%".$db->escape($search_phonepro)."%'"; } if (strlen($search_phonemob)) { - $sql .= " AND p.phone_mobile like '%".$db->escape($search_phonemob)."%'"; + $sql .= " AND p.phone_mobile LIKE '%".$db->escape($search_phonemob)."%'"; } if (strlen($search_fax)) { - $sql .= " AND p.fax like '%".$db->escape($search_fax)."%'"; + $sql .= " AND p.fax LIKE '%".$db->escape($search_fax)."%'"; } if (strlen($search_email)) // filtre sur l'email { - $sql .= " AND p.email like '%".$db->escape($search_email)."%'"; + $sql .= " AND p.email LIKE '%".$db->escape($search_email)."%'"; } if ($type == "o") // filtre sur type { $sql .= " AND p.fk_soc IS NULL"; } -if ($type == "f") // filtre sur type +else if ($type == "f") // filtre sur type { - $sql .= " AND fournisseur = 1"; + $sql .= " AND s.fournisseur = 1"; } -if ($type == "c") // filtre sur type +else if ($type == "c") // filtre sur type { - $sql .= " AND client IN (1, 3)"; + $sql .= " AND s.client IN (1, 3)"; } -if ($type == "p") // filtre sur type +else if ($type == "p") // filtre sur type { - $sql .= " AND client IN (2, 3)"; + $sql .= " AND s.client IN (2, 3)"; } if ($sall) { - $sql .= " AND (p.name like '%".$db->escape($sall)."%' OR p.firstname like '%".$db->escape($sall)."%' OR p.email like '%".$db->escape($sall)."%') "; + $sql .= " AND (p.name LIKE '%".$db->escape($sall)."%' OR p.firstname LIKE '%".$db->escape($sall)."%' OR p.email LIKE '%".$db->escape($sall)."%')"; } if ($socid) { diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php index 50376df2e5c..3699c0747e8 100644 --- a/htdocs/contact/perso.php +++ b/htdocs/contact/perso.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -29,39 +30,36 @@ require_once(DOL_DOCUMENT_ROOT."/core/lib/contact.lib.php"); $langs->load("companies"); $langs->load("other"); -// Security check -$contactid = isset($_GET["id"])?$_GET["id"]:''; -if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'contact', $contactid, 'socpeople'); +$id = GETPOST('id','int'); +$action = GETPOST('action','alpha'); +// Security check +if ($user->societe_id) $socid=$user->societe_id; +$result = restrictedArea($user, 'contact', $id, 'socpeople&societe'); +$object = new Contact($db); /* * Action */ -if ($user->rights->societe->contact->creer) +if ($action == 'update' && ! $_POST["cancel"] && $user->rights->societe->contact->creer) { - if ($_POST["action"] == 'update' && ! $_POST["cancel"]) - { - $contact = new Contact($db); - $contact->fetch($_POST["contactid"]); - - // Note: Correct date should be completed with location to have exact GM time of birth. - $contact->birthday = dol_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]); - $contact->birthday_alert = $_POST["birthday_alert"]; - - $result = $contact->update_perso($_POST["contactid"], $user); - - if ($result > 0) - { - $contact->old_name=''; - $contact->old_firstname=''; - } - else - { - $error = $contact->error; - } - } + $ret = $object->fetch($id); + + // Note: Correct date should be completed with location to have exact GM time of birth. + $object->birthday = dol_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]); + $object->birthday_alert = $_POST["birthday_alert"]; + + $result = $object->update_perso($id, $user); + if ($result > 0) + { + $object->old_name=''; + $object->old_firstname=''; + } + else + { + $error = $object->error; + } } @@ -75,44 +73,40 @@ llxHeader('',$langs->trans("ContactsAddresses"),'EN:Module_Third_Parties|FR:Modu $form = new Form($db); -$contact = new Contact($db); -$contact->fetch($_GET["id"], $user); +$object->fetch($id, $user); -$head = contact_prepare_head($contact); +$head = contact_prepare_head($object); dol_fiche_head($head, 'perso', $langs->trans("ContactsAddresses"), 0, 'contact'); - - -if ($_GET["action"] == 'edit') +if ($action == 'edit') { - /* - * Fiche en mode edition - */ - + /* + * Fiche en mode edition + */ print ''; - print ''; + print ''; print ''; print ''; - print ''; + print ''; // Ref print ''; // Name - print ''; - print ''; + print ''; + print ''; // Company if (empty($conf->global->SOCIETE_DISABLE_CONTACTS)) { - if ($contact->socid > 0) + if ($object->socid > 0) { $objsoc = new Societe($db); - $objsoc->fetch($contact->socid); + $objsoc->fetch($object->socid); print ''; } @@ -126,17 +120,17 @@ if ($_GET["action"] == 'edit') // Civility print ''; // Date To Birth print ''; print ''; } @@ -165,20 +159,20 @@ else // Ref print ''; // Name - print ''; - print ''; + print ''; + print ''; // Company if (empty($conf->global->SOCIETE_DISABLE_CONTACTS)) { - if ($contact->socid > 0) + if ($object->socid > 0) { $objsoc = new Societe($db); - $objsoc->fetch($contact->socid); + $objsoc->fetch($object->socid); print ''; } @@ -193,28 +187,28 @@ else // Civility print ''; // Date To Birth - if ($contact->birthday != '') + if ($object->birthday != '') { include_once(DOL_DOCUMENT_ROOT.'/core/lib/date.lib.php'); - print ''; } @@ -236,7 +230,7 @@ else if ($user->rights->societe->contact->creer) { - print ''.$langs->trans('Modify').''; + print ''.$langs->trans('Modify').''; } print ""; @@ -244,7 +238,8 @@ else } +llxFooter(); + $db->close(); -llxFooter(); ?> diff --git a/htdocs/contact/vcard.php b/htdocs/contact/vcard.php index 9690893087f..daca201b63c 100644 --- a/htdocs/contact/vcard.php +++ b/htdocs/contact/vcard.php @@ -1,6 +1,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/htdocs/core/class/commonobject.class.php b/htdocs/core/class/commonobject.class.php index 064386e306c..13bc1347a1d 100644 --- a/htdocs/core/class/commonobject.class.php +++ b/htdocs/core/class/commonobject.class.php @@ -1,21 +1,21 @@ - * Copyright (C) 2005-2011 Regis Houssin -* Copyright (C) 2010-2011 Juanjo Menent -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License as published by -* the Free Software Foundation; either version 2 of the License, or -* (at your option) any later version. -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program. If not, see . -*/ + * Copyright (C) 2005-2012 Regis Houssin + * Copyright (C) 2010-2011 Juanjo Menent + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ /** * \file htdocs/core/class/commonobject.class.php diff --git a/htdocs/core/class/conf.class.php b/htdocs/core/class/conf.class.php index c7083dcba99..b12210b5fd9 100644 --- a/htdocs/core/class/conf.class.php +++ b/htdocs/core/class/conf.class.php @@ -2,7 +2,7 @@ /* Copyright (C) 2003-2007 Rodolphe Quiedeville * Copyright (C) 2003 Xavier Dutoit * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2006 Jean Heimburger * * This program is free software; you can redistribute it and/or modify @@ -123,9 +123,7 @@ class Conf $resql = $db->query($sql); if ($resql) - { - $multicompany_sharing=array(); - + { $i = 0; $numr = $db->num_rows($resql); while ($i < $numr) @@ -195,15 +193,14 @@ class Conf $i++; } - // Load shared elements between entities + // Load multicompany configuration if (! empty($this->multicompany->enabled)) { $ret = @dol_include_once('/multicompany/class/actions_multicompany.class.php'); if ($ret) { $mc = new ActionsMulticompany($db); - $this->multicompany->entity = $mc->loadEntity(); - $this->entities = $mc->loadSharedElements(); + $mc->setValues($this); } } } diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php index c411388e1a4..d80fa593d5f 100644 --- a/htdocs/core/lib/functions.lib.php +++ b/htdocs/core/lib/functions.lib.php @@ -2196,7 +2196,9 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' // More features to check $features = explode("&",$features); - //var_dump($features); + + // More parameters + list($dbtablename, $sharedelement) = explode('&', $dbtablename); // Check read permission from module // TODO Replace "feature" param into caller by first level of permission @@ -2390,7 +2392,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' } else { - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } } else if (in_array($feature,$checksoc)) @@ -2409,7 +2411,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE sc.fk_soc = ".$objectid; $sql.= " AND sc.fk_user = ".$user->id; $sql.= " AND sc.fk_soc = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2417,7 +2419,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT s.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; $sql.= " WHERE s.rowid = ".$objectid; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } } else if (in_array($feature,$checkother)) @@ -2438,7 +2440,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'"; $sql.= " WHERE dbt.rowid = ".$objectid; $sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } // If multicompany and internal users with all permissions, check user is in correct entity else if (! empty($conf->multicompany->enabled)) @@ -2446,7 +2448,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.rowid"; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.rowid = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } } else if (in_array($feature,$checkproject)) @@ -2480,7 +2482,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; $sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield; $sql.= " AND dbt.".$dbt_keyfield." = s.rowid"; - $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; $sql.= " AND sc.fk_user = ".$user->id; } // If multicompany and internal users with all permissions, check user is in correct entity @@ -2489,7 +2491,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename='' $sql = "SELECT dbt.".$dbt_select; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " WHERE dbt.".$dbt_select." = ".$objectid; - $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")"; + $sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")"; } } diff --git a/htdocs/core/modules/societe/mod_codeclient_monkey.php b/htdocs/core/modules/societe/mod_codeclient_monkey.php index 7211f7aa2ee..89dc0653244 100644 --- a/htdocs/core/modules/societe/mod_codeclient_monkey.php +++ b/htdocs/core/modules/societe/mod_codeclient_monkey.php @@ -1,6 +1,7 @@ - * Copyright (C) 2006-2007 Laurent Destailleur +/* Copyright (C) 2004 Rodolphe Quiedeville + * Copyright (C) 2006-2007 Laurent Destailleur + * Copyright (C) 2006-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -116,6 +117,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode $sql = "SELECT MAX(SUBSTRING(".$field." FROM ".$posindice.")) as max"; // This is standard SQL $sql.= " FROM ".MAIN_DB_PREFIX."societe"; $sql.= " WHERE ".$field." LIKE '".$prefix."____-%'"; + $sql.= " AND entity = ".$conf->entity; $resql=$db->query($sql); if ($resql) @@ -126,7 +128,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode } else { - dol_syslog("mod_codeclient_monkey::getNextValue sql=".$sql); + dol_syslog(get_class($this)."::getNextValue sql=".$sql, LOG_ERR); return -1; } @@ -135,7 +137,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode $yymm = strftime("%y%m",$date); $num = sprintf("%04s",$max+1); - dol_syslog("mod_codeclient_monkey::getNextValue return ".$prefix.$yymm."-".$num); + dol_syslog(get_class($this)."::getNextValue return ".$prefix.$yymm."-".$num); return $prefix.$yymm."-".$num; } @@ -195,7 +197,7 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode } } - dol_syslog("mod_codeclient_monkey::verif type=".$type." result=".$result); + dol_syslog(get_class($this)."::verif type=".$type." result=".$result); return $result; } @@ -213,7 +215,8 @@ class mod_codeclient_monkey extends ModeleThirdPartyCode $sql = "SELECT code_client FROM ".MAIN_DB_PREFIX."societe"; $sql.= " WHERE code_client = '".$code."'"; if ($soc->id > 0) $sql.= " AND rowid != ".$soc->id; - + + dol_syslog(get_class($this)."::verif_dispo sql=".$sql, LOG_DEBUG); $resql=$db->query($sql); if ($resql) { diff --git a/htdocs/product/liste.php b/htdocs/product/liste.php index 7e998254897..ae26cb791c2 100644 --- a/htdocs/product/liste.php +++ b/htdocs/product/liste.php @@ -136,7 +136,7 @@ else //$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur as pf ON p.rowid = pf.fk_product"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."product_fournisseur_price as pfp ON p.rowid = pfp.fk_product"; //} - $sql.= ' WHERE p.entity IN (0,'.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; + $sql.= ' WHERE p.entity IN ('.(! empty($conf->entities['product']) ? $conf->entities['product'] : $conf->entity).')'; if ($search_categ) $sql.= " AND p.rowid = cp.fk_product"; // Join for the needed table to filter by categ if ($sall) { diff --git a/htdocs/societe/class/client.class.php b/htdocs/societe/class/client.class.php index 1d8d9c57213..92bf3472ea1 100644 --- a/htdocs/societe/class/client.class.php +++ b/htdocs/societe/class/client.class.php @@ -35,13 +35,11 @@ class Client extends Societe /** * Constructor * - * @param DoliDB $DB Database handler + * @param DoliDB $db Database handler */ - function Client($DB) + function __construct($db) { - global $config; - - $this->db = $DB; + $this->db = $db; } /** @@ -64,8 +62,8 @@ class Client extends Societe $sql.= " WHERE sc.fk_user = " .$user->id; $clause = "AND"; } - $sql.= " ".$clause." s.client in (1,2,3)"; - $sql.= " AND s.entity = ".$conf->entity; + $sql.= " ".$clause." s.client IN (1,2,3)"; + $sql.= ' AND s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; $sql.= " GROUP BY s.client"; $resql=$this->db->query($sql); diff --git a/htdocs/societe/class/societe.class.php b/htdocs/societe/class/societe.class.php index 6fca0d96dee..a91cfcd6e76 100644 --- a/htdocs/societe/class/societe.class.php +++ b/htdocs/societe/class/societe.class.php @@ -380,12 +380,7 @@ class Societe extends CommonObject dol_syslog(get_class($this)."::Update id=".$id." call_trigger=".$call_trigger." allowmodcodeclient=".$allowmodcodeclient." allowmodcodefournisseur=".$allowmodcodefournisseur); // For triggers - if ($call_trigger) - { - $objectstatic=new Societe($this->db); - $objectstatic->fetch($id); - $this->oldobject = $objectstatic; - } + if ($call_trigger) $this->oldobject = dol_clone($this); $now=dol_now(); diff --git a/htdocs/societe/document.php b/htdocs/societe/document.php index 3dd92a3947d..d81aa99cc76 100644 --- a/htdocs/societe/document.php +++ b/htdocs/societe/document.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2010 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2010 Juanjo Menent * * This program is free software; you can redistribute it and/or modify @@ -46,7 +46,7 @@ if ($user->societe_id > 0) $action=''; $socid = $user->societe_id; } -$result = restrictedArea($user, 'societe', $socid); +$result = restrictedArea($user, 'societe', $socid, '&societe'); // Get parameters $sortfield = GETPOST("sortfield",'alpha'); diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php index ebbdbfd7292..06eebc64ee8 100644 --- a/htdocs/societe/index.php +++ b/htdocs/societe/index.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -37,8 +37,6 @@ $result=restrictedArea($user,'societe',0,'','','',''); $thirdparty_static = new Societe($db); - - /* * View */ @@ -61,7 +59,7 @@ $rowspan=2; print ''; print ''; print '
'.$langs->trans("Ref").''; - print $contact->id; + print $object->id; print '
'.$langs->trans("Lastname").' / '.$langs->trans("Label").''.$contact->nom.''.$langs->trans("Firstname").''.$contact->prenom.'
'.$langs->trans("Lastname").' / '.$langs->trans("Label").''.$object->lastname.''.$langs->trans("Firstname").''.$object->firstname.'
'.$langs->trans("Company").''.$objsoc->getNomUrl(1).'
'.$langs->trans("UserTitle").''; - print $contact->getCivilityLabel(); + print $object->getCivilityLabel(); print '
'.$langs->trans("DateToBirth").''; $form=new Form($db); - print $form->select_date($contact->birthday,'birthday',0,0,1,"perso"); + print $form->select_date($object->birthday,'birthday',0,0,1,"perso"); print ''.$langs->trans("Alert").': '; - if ($contact->birthday_alert) + if ($object->birthday_alert) { print '
'.$langs->trans("Ref").''; - print $form->showrefnav($contact,'id'); + print $form->showrefnav($object,'id'); print '
'.$langs->trans("Lastname").' / '.$langs->trans("Label").''.$contact->name.''.$langs->trans("Firstname").''.$contact->firstname.'
'.$langs->trans("Lastname").' / '.$langs->trans("Label").''.$object->lastname.''.$langs->trans("Firstname").''.$object->firstname.'
'.$langs->trans("Company").''.$objsoc->getNomUrl(1).'
'.$langs->trans("UserTitle").''; - print $contact->getCivilityLabel(); + print $object->getCivilityLabel(); print '
'.$langs->trans("DateToBirth").''.dol_print_date($contact->birthday,"day"); + print '
'.$langs->trans("DateToBirth").''.dol_print_date($object->birthday,"day"); print '   '; //var_dump($birthdatearray); //print ($now-$birthdate).' - '.ConvertSecondToTime($now-$birthdate,'year').'
'; - $ageyear=ConvertSecondToTime($now-$contact->birthday,'year')-1970; - $agemonth=ConvertSecondToTime($now-$contact->birthday,'month')-1; + $ageyear=ConvertSecondToTime($now-$object->birthday,'year')-1970; + $agemonth=ConvertSecondToTime($now-$object->birthday,'month')-1; if ($ageyear >= 2) print '('.$ageyear.' '.$langs->trans("DurationYears").')'; else if ($agemonth >= 2) print '('.$agemonth.' '.$langs->trans("DurationMonths").')'; else print '('.$agemonth.' '.$langs->trans("DurationMonth").')'; print '   -   '; - if ($contact->birthday_alert) print $langs->trans("BirthdayAlertOn"); + if ($object->birthday_alert) print $langs->trans("BirthdayAlertOn"); else print $langs->trans("BirthdayAlertOff"); print '
'; -print ""; +print ''; print ''; print "'; @@ -83,7 +81,7 @@ $total=0; $sql = "SELECT s.rowid, s.client, s.fournisseur"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= " WHERE s.entity = ".$conf->entity; +$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; @@ -152,7 +150,7 @@ $max=15; $sql = "SELECT s.rowid, s.nom as name, s.client, s.fournisseur, s.canvas, s.tms as datem, s.status as status"; $sql.= " FROM ".MAIN_DB_PREFIX."societe as s"; if (! $user->rights->societe->client->voir && !$socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; -$sql.= " WHERE s.entity = ".$conf->entity; +$sql.= ' WHERE s.entity IN ('.(! empty($conf->entities['societe']) ? $conf->entities['societe'] : $conf->entity).')'; if (! $user->rights->societe->client->voir && !$socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if ($socid) $sql.= " AND s.rowid = ".$socid; $sql.= " AND ("; @@ -243,7 +241,8 @@ else print '
'.$langs->trans("Search").'
"; print $langs->trans("Name").':
'; +llxFooter(); + $db->close(); -llxFooter(); ?> diff --git a/htdocs/societe/soc.php b/htdocs/societe/soc.php index a30531e35a9..c0e2f5293b4 100644 --- a/htdocs/societe/soc.php +++ b/htdocs/societe/soc.php @@ -3,7 +3,7 @@ * Copyright (C) 2003 Brian Fraval * Copyright (C) 2004-2011 Laurent Destailleur * Copyright (C) 2005 Eric Seigne - * Copyright (C) 2005-2011 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2008 Patrick Raguin * Copyright (C) 2010-2011 Juanjo Menent * @@ -66,7 +66,7 @@ if (! empty($canvas)) } // Security check -$result = restrictedArea($user, 'societe', $socid, '', '', '', '', $objcanvas); +$result = restrictedArea($user, 'societe', $socid, '&societe', '', '', '', $objcanvas); // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array include_once(DOL_DOCUMENT_ROOT.'/core/class/hookmanager.class.php'); diff --git a/htdocs/societe/socnote.php b/htdocs/societe/socnote.php index 6bd3b3e01e0..1e0d8e621f1 100644 --- a/htdocs/societe/socnote.php +++ b/htdocs/societe/socnote.php @@ -1,7 +1,7 @@ * Copyright (C) 2004-2011 Laurent Destailleur - * Copyright (C) 2005-2006 Regis Houssin + * Copyright (C) 2005-2012 Regis Houssin * Copyright (C) 2010 Juanjo Menent * * This program is free software; you can redistribute it and/or modify @@ -32,11 +32,11 @@ $action = isset($_GET["action"])?$_GET["action"]:$_POST["action"]; $langs->load("companies"); // Security check -$socid = isset($_GET["socid"])?$_GET["socid"]:$_POST["socid"]; +$socid = GETPOST('socid','int'); if ($user->societe_id) $socid=$user->societe_id; -$result = restrictedArea($user, 'societe', $socid); - +$result = restrictedArea($user, 'societe', $socid, '&societe'); +$object = new Societe($db); /* * Actions @@ -44,11 +44,9 @@ $result = restrictedArea($user, 'societe', $socid); if ($action == 'add' && ! GETPOST('cancel')) { - $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($_POST["note"])."' WHERE rowid=".$_POST["socid"]; + // TODO move to DAO class + $sql = "UPDATE ".MAIN_DB_PREFIX."societe SET note='".$db->escape($_POST["note"])."' WHERE rowid=".$socid; $result = $db->query($sql); - - $_GET["socid"]=$_POST["socid"]; // Pour retour sur fiche - $socid = $_GET["socid"]; } @@ -65,49 +63,48 @@ llxHeader('',$langs->trans("ThirdParty").' - '.$langs->trans("Notes"),$help_url) if ($socid > 0) { - $societe = new Societe($db); - $societe->fetch($socid); + $object->fetch($socid); /* * Affichage onglets */ if ($conf->notification->enabled) $langs->load("mails"); - $head = societe_prepare_head($societe); + $head = societe_prepare_head($object); dol_fiche_head($head, 'note', $langs->trans("ThirdParty"),0,'company'); - print ""; + print ''; print ''; print ''; print ''; print ''; if (! empty($conf->global->SOCIETE_USEPREFIX)) // Old not used prefix field { - print ''; + print ''; } - if ($societe->client) + if ($object->client) { print ''; } - if ($societe->fournisseur) + if ($object->fournisseur) { print ''; } @@ -115,17 +112,17 @@ if ($socid > 0) print '"; @@ -156,14 +153,14 @@ if ($action != 'edit') if ($user->rights->societe->creer) { - print ''.$langs->trans("Modify").''; + print ''.$langs->trans("Modify").''; } print ''; } +llxFooter(); $db->close(); -llxFooter(); ?>
'.$langs->trans('ThirdPartyName').''; - print $form->showrefnav($societe,'socid','',($user->societe_id?0:1),'rowid','nom'); + print $form->showrefnav($object,'socid','',($user->societe_id?0:1),'rowid','nom'); print '
'.$langs->trans('Prefix').''.$societe->prefix_comm.'
'.$langs->trans('Prefix').''.$object->prefix_comm.'
'; print $langs->trans('CustomerCode').''; - print $societe->code_client; - if ($societe->check_codeclient() <> 0) print ' ('.$langs->trans("WrongCustomerCode").')'; + print $object->code_client; + if ($object->check_codeclient() <> 0) print ' ('.$langs->trans("WrongCustomerCode").')'; print '
'; print $langs->trans('SupplierCode').''; - print $societe->code_fournisseur; - if ($societe->check_codefournisseur() <> 0) print ' ('.$langs->trans("WrongSupplierCode").')'; + print $object->code_fournisseur; + if ($object->check_codefournisseur() <> 0) print ' ('.$langs->trans("WrongSupplierCode").')'; print '
'; if ($action == 'edit' && $user->rights->societe->creer) { - print ""; - print "id."\">"; + print ''; + print ''; // Editeur wysiwyg require_once(DOL_DOCUMENT_ROOT."/core/class/doleditor.class.php"); - $doleditor=new DolEditor('note',$societe->note,'',360,'dolibarr_notes','In',true,false,$conf->global->FCKEDITOR_ENABLE_SOCIETE,20,70); + $doleditor=new DolEditor('note',$object->note,'',360,'dolibarr_notes','In',true,false,$conf->global->FCKEDITOR_ENABLE_SOCIETE,20,70); $doleditor->Create(); } else { - print dol_textishtml($societe->note)?$societe->note:dol_nl2br($societe->note,1,true); + print dol_textishtml($object->note)?$object->note:dol_nl2br($object->note,1,true); } print "