diff --git a/htdocs/adherents/class/adherentstats.class.php b/htdocs/adherents/class/adherentstats.class.php index b2644ec7c19..2f52eb502ba 100644 --- a/htdocs/adherents/class/adherentstats.class.php +++ b/htdocs/adherents/class/adherentstats.class.php @@ -88,7 +88,6 @@ class AdherentStats extends Stats { $sql = "SELECT date_format(p.dateadh,'%m') as dm, count(*)"; $sql .= " FROM ".$this->from; - //if (empty($user->rights->societe->client->voir) && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE ".dolSqlDateFilter('p.dateadh', 0, 0, (int) $year, 1); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; @@ -106,7 +105,6 @@ class AdherentStats extends Stats { $sql = "SELECT date_format(p.dateadh,'%Y') as dm, count(*)"; $sql .= " FROM ".$this->from; - //if (empty($user->rights->societe->client->voir) && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE ".$this->where; $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -125,7 +123,6 @@ class AdherentStats extends Stats { $sql = "SELECT date_format(p.dateadh,'%m') as dm, sum(p.".$this->field.")"; $sql .= " FROM ".$this->from; - //if (empty($user->rights->societe->client->voir) && !$user->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE ".dolSqlDateFilter('p.dateadh', 0, 0, (int) $year, 1); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; @@ -144,7 +141,6 @@ class AdherentStats extends Stats { $sql = "SELECT date_format(p.dateadh,'%m') as dm, avg(p.".$this->field.")"; $sql .= " FROM ".$this->from; - //if (empty($user->rights->societe->client->voir) && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE ".dolSqlDateFilter('p.dateadh', 0, 0, (int) $year, 1); $sql .= " AND ".$this->where; $sql .= " GROUP BY dm"; @@ -163,7 +159,6 @@ class AdherentStats extends Stats { $sql = "SELECT date_format(p.dateadh,'%Y') as year, count(*) as nb, sum(".$this->field.") as total, avg(".$this->field.") as avg"; $sql .= " FROM ".$this->from; - //if (empty($user->rights->societe->client->voir) && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " WHERE ".$this->where; $sql .= " GROUP BY year"; $sql .= $this->db->order('year', 'DESC'); diff --git a/htdocs/bom/class/api_boms.class.php b/htdocs/bom/class/api_boms.class.php index 89633e0ac6e..12b894f949d 100644 --- a/htdocs/bom/class/api_boms.class.php +++ b/htdocs/bom/class/api_boms.class.php @@ -99,8 +99,6 @@ class Boms extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->bom->read) { throw new RestException(401); } @@ -114,40 +112,27 @@ class Boms extends DolibarrApi // If the internal user must only see his customers, force searching by him $search_sale = 0; - if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + if ($restrictonsocid && !DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socid) { $search_sale = DolibarrApiAccess::$user->id; } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/comm/action/class/api_agendaevents.class.php b/htdocs/comm/action/class/api_agendaevents.class.php index d1c013bc59c..beb8bafa2a9 100644 --- a/htdocs/comm/action/class/api_agendaevents.class.php +++ b/htdocs/comm/action/class/api_agendaevents.class.php @@ -114,14 +114,11 @@ class AgendaEvents extends DolibarrApi } // case of external user - $socid = 0; - if (!empty(DolibarrApiAccess::$user->socid)) { - $socid = DolibarrApiAccess::$user->socid; - } + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; // If the internal user must only see his customers, force searching by him $search_sale = 0; - if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + if (!DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socid) { $search_sale = DolibarrApiAccess::$user->id; } if (!isModEnabled('societe')) { @@ -129,32 +126,22 @@ class AgendaEvents extends DolibarrApi } $sql = "SELECT t.id as rowid"; - if (isModEnabled("societe")) { - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - } - $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm AS t LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_extrafields AS ef ON (ef.fk_object = t.id)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - if (isModEnabled("societe")) { - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - } + $sql .= " FROM ".MAIN_DB_PREFIX."actioncomm AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_extrafields AS ef ON (ef.fk_object = t.id)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('agenda').')'; - if (isModEnabled("societe")) { - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } - } if ($user_ids) { $sql .= " AND t.fk_user_action IN (".$this->db->sanitize($user_ids).")"; } if ($socid > 0) { $sql .= " AND t.fk_soc = ".((int) $socid); } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/comm/propal/class/api_proposals.class.php b/htdocs/comm/propal/class/api_proposals.class.php index be45153fb10..e460e2e4b8a 100644 --- a/htdocs/comm/propal/class/api_proposals.class.php +++ b/htdocs/comm/propal/class/api_proposals.class.php @@ -174,34 +174,24 @@ class Proposals extends DolibarrApi // If the internal user must only see his customers, force searching by him $search_sale = 0; - if (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) { + if (!DolibarrApiAccess::$user->rights->hasRight('societe', 'client', 'voir') && !$socids) { $search_sale = DolibarrApiAccess::$user->id; } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."propal AS t LEFT JOIN ".MAIN_DB_PREFIX."propal_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."propal AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."propal_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('propal').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/commande/class/api_orders.class.php b/htdocs/commande/class/api_orders.class.php index 31daad85e9b..b622f3d9d22 100644 --- a/htdocs/commande/class/api_orders.class.php +++ b/htdocs/commande/class/api_orders.class.php @@ -181,28 +181,19 @@ class Orders extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."commande AS t LEFT JOIN ".MAIN_DB_PREFIX."commande_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."commande AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('commande').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/compta/facture/class/api_invoices.class.php b/htdocs/compta/facture/class/api_invoices.class.php index 35e81b82f82..f9f2cc9cf6d 100644 --- a/htdocs/compta/facture/class/api_invoices.class.php +++ b/htdocs/compta/facture/class/api_invoices.class.php @@ -197,27 +197,20 @@ class Invoices extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."facture AS t LEFT JOIN ".MAIN_DB_PREFIX."facture_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."facture AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."facture_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('invoice').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } - // Filter by status if ($status == 'draft') { $sql .= " AND t.fk_statut IN (0)"; @@ -231,10 +224,6 @@ class Invoices extends DolibarrApi if ($status == 'cancelled') { $sql .= " AND t.fk_statut IN (3)"; } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); - } // Add sql filters if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/contrat/class/api_contracts.class.php b/htdocs/contrat/class/api_contracts.class.php index 51c3d63d412..2cd4ec3d349 100644 --- a/htdocs/contrat/class/api_contracts.class.php +++ b/htdocs/contrat/class/api_contracts.class.php @@ -121,28 +121,18 @@ class Contracts extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } $sql .= " FROM ".MAIN_DB_PREFIX."contrat AS t LEFT JOIN ".MAIN_DB_PREFIX."contrat_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - $sql .= ' WHERE t.entity IN ('.getEntity('contrat').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/expedition/class/api_shipments.class.php b/htdocs/expedition/class/api_shipments.class.php index 5076132bf4e..ee4c0c89a8b 100644 --- a/htdocs/expedition/class/api_shipments.class.php +++ b/htdocs/expedition/class/api_shipments.class.php @@ -119,28 +119,19 @@ class Shipments extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."expedition AS t LEFT JOIN ".MAIN_DB_PREFIX."expedition_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."expedition AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."expedition_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('expedition').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fichinter/class/api_interventions.class.php b/htdocs/fichinter/class/api_interventions.class.php index 114a8613c43..41c806b5113 100644 --- a/htdocs/fichinter/class/api_interventions.class.php +++ b/htdocs/fichinter/class/api_interventions.class.php @@ -130,28 +130,18 @@ class Interventions extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } $sql .= " FROM ".MAIN_DB_PREFIX."fichinter AS t LEFT JOIN ".MAIN_DB_PREFIX."fichinter_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - $sql .= ' WHERE t.entity IN ('.getEntity('intervention').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/api_supplier_invoices.class.php b/htdocs/fourn/class/api_supplier_invoices.class.php index 701a9a80462..fe82e8d6f1e 100644 --- a/htdocs/fourn/class/api_supplier_invoices.class.php +++ b/htdocs/fourn/class/api_supplier_invoices.class.php @@ -119,28 +119,12 @@ class SupplierInvoices extends DolibarrApi } $sql = "SELECT t.rowid"; - // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - if (!DolibarrApiAccess::$user->hasRight("societe", "client", "voir") || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; - } - $sql .= " FROM " . MAIN_DB_PREFIX . "facture_fourn AS t LEFT JOIN " . MAIN_DB_PREFIX . "facture_fourn_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - // We need this table joined to the select in order to filter by sale - if (!DolibarrApiAccess::$user->hasRight("societe", "client", "voir") || $search_sale > 0) { - $sql .= ", " . MAIN_DB_PREFIX . "societe_commerciaux as sc"; - } - + $sql .= " FROM " . MAIN_DB_PREFIX . "facture_fourn AS t"; + $sql .= " LEFT JOIN " . MAIN_DB_PREFIX . "facture_fourn_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN (' . getEntity('supplier_invoice') . ')'; - if (!DolibarrApiAccess::$user->hasRight("societe", "client", "voir") || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (" . $this->db->sanitize($socids) . ")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Filter by status if ($status == 'draft') { $sql .= " AND t.fk_statut IN (0)"; @@ -154,9 +138,13 @@ class SupplierInvoices extends DolibarrApi if ($status == 'cancelled') { $sql .= " AND t.fk_statut IN (3)"; } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = " . ((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/fourn/class/api_supplier_orders.class.php b/htdocs/fourn/class/api_supplier_orders.class.php index 66fb7248bcd..e2de25659f4 100644 --- a/htdocs/fourn/class/api_supplier_orders.class.php +++ b/htdocs/fourn/class/api_supplier_orders.class.php @@ -117,30 +117,18 @@ class SupplierOrders extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->hasRight("societe", "client", "voir")) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur AS t LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->hasRight("societe", "client", "voir")) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."commande_fournisseur AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."commande_fournisseur_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields if (!empty($product_ids)) { $sql .= ", ".MAIN_DB_PREFIX."commande_fournisseurdet as cd"; // We need this table joined to the select in order to filter by product } - $sql .= ' WHERE t.entity IN ('.getEntity('supplier_order').')'; - if ((!DolibarrApiAccess::$user->hasRight("societe", "client", "voir")) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if (!empty($product_ids)) { $sql .= " AND cd.fk_commande = t.rowid AND cd.fk_product IN (".$this->db->sanitize($product_ids).")"; } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - // Filter by status if ($status == 'draft') { $sql .= " AND t.fk_statut IN (0)"; @@ -166,9 +154,13 @@ class SupplierOrders extends DolibarrApi if ($status == 'refused') { $sql .= " AND t.fk_statut IN (9)"; } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php index 32791ffcc7a..b85f363e7d0 100644 --- a/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php +++ b/htdocs/knowledgemanagement/class/api_knowledgemanagement.class.php @@ -136,8 +136,6 @@ class KnowledgeManagement extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $category = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - $obj_ret = array(); $tmpobject = new KnowledgeRecord($this->db); @@ -145,7 +143,7 @@ class KnowledgeManagement extends DolibarrApi throw new RestException(401); } - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object @@ -156,38 +154,25 @@ class KnowledgeManagement extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields if ($category > 0) { $sql .= ", ".$this->db->prefix()."categorie_knowledgemanagement as c"; } $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Select products of given category if ($category > 0) { diff --git a/htdocs/modulebuilder/template/class/api_mymodule.class.php b/htdocs/modulebuilder/template/class/api_mymodule.class.php index 62ad513d307..78f4cdebb68 100644 --- a/htdocs/modulebuilder/template/class/api_mymodule.class.php +++ b/htdocs/modulebuilder/template/class/api_mymodule.class.php @@ -107,8 +107,6 @@ class MyModuleApi extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - $obj_ret = array(); $tmpobject = new MyObject($this->db); @@ -116,46 +114,36 @@ class MyModuleApi extends DolibarrApi throw new RestException(401); } - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object // If the internal user must only see his customers, force searching by him $search_sale = 0; - if ($restrictonsocid && !DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) { + if ($restrictonsocid && !DolibarrApiAccess::$user->hasRight('societe', 'client', 'voir') && !$socid) { $search_sale = DolibarrApiAccess::$user->id; } + if (!isModEnabled('societe')) { + $search_sale = 0; // If module thirdparty not enabled, sale representative is something that does not exists + } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/mrp/class/api_mos.class.php b/htdocs/mrp/class/api_mos.class.php index ff49948d284..242628d32a5 100644 --- a/htdocs/mrp/class/api_mos.class.php +++ b/htdocs/mrp/class/api_mos.class.php @@ -106,7 +106,7 @@ class Mos extends DolibarrApi $obj_ret = array(); $tmpobject = new Mo($this->db); - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object @@ -117,35 +117,22 @@ class Mos extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/partnership/class/api_partnerships.class.php b/htdocs/partnership/class/api_partnerships.class.php index e3ca8f23e2e..445d5650094 100644 --- a/htdocs/partnership/class/api_partnerships.class.php +++ b/htdocs/partnership/class/api_partnerships.class.php @@ -113,7 +113,7 @@ class Partnerships extends DolibarrApi throw new RestException(401); } - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object @@ -124,35 +124,22 @@ class Partnerships extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/projet/class/api_projects.class.php b/htdocs/projet/class/api_projects.class.php index 638c500a2ea..2d8b049b701 100644 --- a/htdocs/projet/class/api_projects.class.php +++ b/htdocs/projet/class/api_projects.class.php @@ -123,31 +123,22 @@ class Projects extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } $sql .= " FROM ".MAIN_DB_PREFIX."projet as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet_extrafields AS ef ON ef.fk_object = t.rowid"; // So we will be able to filter on extrafields if ($category > 0) { $sql .= ", ".MAIN_DB_PREFIX."categorie_project as c"; } - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - $sql .= ' WHERE t.entity IN ('.getEntity('project').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Select projects of given category if ($category > 0) { diff --git a/htdocs/projet/class/api_tasks.class.php b/htdocs/projet/class/api_tasks.class.php index bd53ae007eb..cbab93ce7a7 100644 --- a/htdocs/projet/class/api_tasks.class.php +++ b/htdocs/projet/class/api_tasks.class.php @@ -116,7 +116,7 @@ class Tasks extends DolibarrApi $obj_ret = array(); // case of external user, $thirdparty_ids param is ignored and replaced by user's socid - $socids = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socids = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; // If the internal user must only see his customers, force searching by him $search_sale = 0; @@ -125,28 +125,20 @@ class Tasks extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."projet_task AS t LEFT JOIN ".MAIN_DB_PREFIX."projet_task_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."projet_task AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields + $sql .= " INNER JOIN ".MAIN_DB_PREFIX."projet AS p ON p.rowid = t.fk_projet"; $sql .= ' WHERE t.entity IN ('.getEntity('project').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = p.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/reception/class/api_receptions.class.php b/htdocs/reception/class/api_receptions.class.php index 95a0318202a..976f3f396ec 100644 --- a/htdocs/reception/class/api_receptions.class.php +++ b/htdocs/reception/class/api_receptions.class.php @@ -100,8 +100,6 @@ class Receptions extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $thirdparty_ids = '', $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->reception->lire) { throw new RestException(401); } @@ -118,28 +116,19 @@ class Receptions extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."reception AS t LEFT JOIN ".MAIN_DB_PREFIX."reception_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."reception AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."reception_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('reception').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/recruitment/class/api_recruitments.class.php b/htdocs/recruitment/class/api_recruitments.class.php index a5cc43d6854..b68fe8602db 100644 --- a/htdocs/recruitment/class/api_recruitments.class.php +++ b/htdocs/recruitment/class/api_recruitments.class.php @@ -143,8 +143,6 @@ class Recruitments extends DolibarrApi */ public function indexJobPosition($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - $obj_ret = array(); $tmpobject = new RecruitmentJobPosition($this->db); @@ -152,7 +150,7 @@ class Recruitments extends DolibarrApi throw new RestException(401); } - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object @@ -163,35 +161,22 @@ class Recruitments extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; @@ -257,7 +242,7 @@ class Recruitments extends DolibarrApi throw new RestException(401); } - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; $restrictonsocid = 0; // Set to 1 if there is a field socid in table of object @@ -268,35 +253,22 @@ class Recruitments extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } + $sql .= " FROM ".MAIN_DB_PREFIX.$tmpobject->table_element." AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX.$tmpobject->table_element."_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity($tmpobject->element).')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = ''; diff --git a/htdocs/societe/class/api_contacts.class.php b/htdocs/societe/class/api_contacts.class.php index 4ea6f184fe7..3d37b274d99 100644 --- a/htdocs/societe/class/api_contacts.class.php +++ b/htdocs/societe/class/api_contacts.class.php @@ -196,27 +196,19 @@ class Contacts extends DolibarrApi $sql .= ", ".MAIN_DB_PREFIX."categorie_contact as c"; } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople_extrafields as te ON te.fk_object = t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - // We need this table joined to the select in order to filter by sale - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; - } $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON t.fk_soc = s.rowid"; $sql .= ' WHERE t.entity IN ('.getEntity('contact').')'; if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } - if ($search_sale > 0) { - $sql .= " AND s.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); - } - // Select contacts of given category if ($category > 0) { $sql .= " AND c.fk_categorie = ".((int) $category); diff --git a/htdocs/societe/class/api_thirdparties.class.php b/htdocs/societe/class/api_thirdparties.class.php index d01c109e8fb..9604137ed10 100644 --- a/htdocs/societe/class/api_thirdparties.class.php +++ b/htdocs/societe/class/api_thirdparties.class.php @@ -139,7 +139,7 @@ class Thirdparties extends DolibarrApi } // case of external user, we force socids - $socids = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socids = DolibarrApiAccess::$user->socid ? (string) DolibarrApiAccess::$user->socid : ''; // If the internal user must only see his customers, force searching by him $search_sale = 0; @@ -148,9 +148,6 @@ class Thirdparties extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } $sql .= " FROM ".MAIN_DB_PREFIX."societe as t"; $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_extrafields AS ef ON ef.fk_object = t.rowid"; // So we will be able to filter on extrafields if ($category > 0) { @@ -161,13 +158,9 @@ class Thirdparties extends DolibarrApi $sql .= ", ".MAIN_DB_PREFIX."categorie_fournisseur as cc"; } } - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } $sql .= ", ".MAIN_DB_PREFIX."c_stcomm as st"; $sql .= " WHERE t.entity IN (".getEntity('societe').")"; $sql .= " AND t.fk_stcomm = st.id"; - if ($mode == 1) { $sql .= " AND t.client IN (1, 3)"; } elseif ($mode == 2) { @@ -177,7 +170,6 @@ class Thirdparties extends DolibarrApi } elseif ($mode == 4) { $sql .= " AND t.fournisseur IN (1)"; } - // Select thirdparties of given category if ($category > 0) { if (!empty($mode) && $mode != 4) { @@ -188,20 +180,16 @@ class Thirdparties extends DolibarrApi $sql .= " AND ((c.fk_categorie = ".((int) $category)." AND c.fk_soc = t.rowid) OR (cc.fk_categorie = ".((int) $category)." AND cc.fk_soc = t.rowid))"; } } - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; - } - //if ($email != NULL) $sql.= " AND s.email = \"".$email."\""; if ($socids) { $sql .= " AND t.rowid IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.rowid)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.rowid AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php index 7bc8f9a8a3f..54574fa9325 100644 --- a/htdocs/supplier_proposal/class/api_supplier_proposals.class.php +++ b/htdocs/supplier_proposal/class/api_supplier_proposals.class.php @@ -112,28 +112,19 @@ class SupplierProposals extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal AS t LEFT JOIN ".MAIN_DB_PREFIX."supplier_proposal_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."supplier_proposal AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."supplier_proposal_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('propal').')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socids) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socids) { $sql .= " AND t.fk_soc IN (".$this->db->sanitize($socids).")"; } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/ticket/class/api_tickets.class.php b/htdocs/ticket/class/api_tickets.class.php index 508a9cbf768..cba87aa04a9 100644 --- a/htdocs/ticket/class/api_tickets.class.php +++ b/htdocs/ticket/class/api_tickets.class.php @@ -201,17 +201,13 @@ class Tickets extends DolibarrApi */ public function index($socid = 0, $sortfield = "t.rowid", $sortorder = "ASC", $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->ticket->read) { throw new RestException(403); } $obj_ret = array(); - if (!$socid && DolibarrApiAccess::$user->socid) { - $socid = DolibarrApiAccess::$user->socid; - } + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : $socid; $search_sale = null; // If the internal user must only see his customers, force searching by him @@ -221,29 +217,19 @@ class Tickets extends DolibarrApi } $sql = "SELECT t.rowid"; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", sc.fk_soc, sc.fk_user"; // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - } - $sql .= " FROM ".MAIN_DB_PREFIX."ticket AS t LEFT JOIN ".MAIN_DB_PREFIX."ticket_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields - - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } - + $sql .= " FROM ".MAIN_DB_PREFIX."ticket AS t"; + $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."ticket_extrafields AS ef ON (ef.fk_object = t.rowid)"; // Modification VMR Global Solutions to include extrafields as search parameters in the API GET call, so we will be able to filter on extrafields $sql .= ' WHERE t.entity IN ('.getEntity('ticket', 1).')'; - if ((!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($socid > 0) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($search_sale > 0) { - $sql .= " AND t.rowid = sc.fk_soc"; // Join for the needed table to filter by sale - } - - // Insert sale filter - if ($search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } // Add sql filters if ($sqlfilters) { diff --git a/htdocs/zapier/class/api_zapier.class.php b/htdocs/zapier/class/api_zapier.class.php index 89a7b808e6d..ef9bce784f4 100644 --- a/htdocs/zapier/class/api_zapier.class.php +++ b/htdocs/zapier/class/api_zapier.class.php @@ -56,7 +56,8 @@ class Zapier extends DolibarrApi */ public function __construct() { - global $db, $conf; + global $db; + $this->db = $db; $this->hook = new Hook($this->db); } @@ -144,15 +145,13 @@ class Zapier extends DolibarrApi */ public function index($sortfield = "t.rowid", $sortorder = 'ASC', $limit = 100, $page = 0, $sqlfilters = '', $properties = '') { - global $db, $conf; - if (!DolibarrApiAccess::$user->rights->zapier->read) { throw new RestException(401); } $obj_ret = array(); - $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : ''; + $socid = DolibarrApiAccess::$user->socid ? DolibarrApiAccess::$user->socid : 0; // Set to 1 if there is a field socid in table of object $restrictonsocid = 0; @@ -164,38 +163,22 @@ class Zapier extends DolibarrApi } $sql = "SELECT t.rowid"; - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - // We need these fields in order to filter by sale (including the case where the user can only see his prospects) - $sql .= ", sc.fk_soc, sc.fk_user"; - } $sql .= " FROM ".MAIN_DB_PREFIX."hook_mytable as t"; - - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; // We need this table joined to the select in order to filter by sale - } $sql .= " WHERE 1 = 1"; - - // Example of use $mode - //if ($mode == 1) $sql.= " AND s.client IN (1, 3)"; - //if ($mode == 2) $sql.= " AND s.client IN (2, 3)"; - $tmpobject = new Hook($this->db); if ($tmpobject->ismultientitymanaged) { $sql .= ' AND t.entity IN ('.getEntity('hook').')'; } - if ($restrictonsocid && (!DolibarrApiAccess::$user->rights->societe->client->voir && !$socid) || $search_sale > 0) { - $sql .= " AND t.fk_soc = sc.fk_soc"; - } if ($restrictonsocid && $socid) { $sql .= " AND t.fk_soc = ".((int) $socid); } - if ($restrictonsocid && $search_sale > 0) { - // Join for the needed table to filter by sale - $sql .= " AND t.rowid = sc.fk_soc"; - } - // Insert sale filter - if ($restrictonsocid && $search_sale > 0) { - $sql .= " AND sc.fk_user = ".((int) $search_sale); + // Search on sale representative + if ($search_sale && $search_sale != '-1') { + if ($search_sale == -2) { + $sql .= " AND NOT EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc)"; + } elseif ($search_sale > 0) { + $sql .= " AND EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = t.fk_soc AND sc.fk_user = ".((int) $search_sale).")"; + } } if ($sqlfilters) { $errormessage = '';