From ead6c895f7aaada8b0a0f1cba0cf1e6ffdb9756d Mon Sep 17 00:00:00 2001 From: Rodolphe Quiedeville Date: Wed, 6 Aug 2003 12:07:24 +0000 Subject: [PATCH] Ajout droits --- htdocs/product/index.php3 | 77 +++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 31 deletions(-) diff --git a/htdocs/product/index.php3 b/htdocs/product/index.php3 index fe89b81b0dd..fccca04afd4 100644 --- a/htdocs/product/index.php3 +++ b/htdocs/product/index.php3 @@ -20,60 +20,75 @@ * */ require("./pre.inc.php3"); +$user->getrights('produit'); if (strlen($type) == 0) { -$type = 0; + $type = 0; } -$db = new Db(); - if ($action == 'update') { $sql = "UPDATE llx_product SET description='$desc' where rowid = $rowid"; $db->query($sql); } -if ($page == -1) { - $page = 0 ; +/* + * + * + */ + + + if ($page == -1) { + $page = 0 ; + } + + $limit = $conf->liste_limit; + $offset = $limit * $page ; + + if ($sortfield == "") + { + $sortfield="p.tms"; + } + if ($sortorder == "") + { + $sortorder="DESC"; + } + + $sql = "SELECT p.rowid, p.label, p.price, p.ref FROM llx_product as p"; + $sql .= " WHERE p.fk_product_type = $type"; + if ($sref) + { + $sql .= " AND lower(p.ref) like '%".strtolower($sref)."%'"; + } + if ($snom) + { + $sql .= " AND lower(p.label) like '%".strtolower($snom)."%'"; + } + +if ($user->rights->produit->lire == 0) +{ + // sécurité + $sql .= " AND 1 = 2"; } -$limit = $conf->liste_limit; -$offset = $limit * $page ; -if ($sortfield == "") -{ - $sortfield="p.tms"; -} -if ($sortorder == "") -{ - $sortorder="DESC"; -} + $sql .= " ORDER BY $sortfield $sortorder "; + $sql .= $db->plimit($limit + 1 ,$offset); + $result = $db->query($sql) ; -$sql = "SELECT p.rowid, p.label, p.price, p.ref FROM llx_product as p"; -$sql .= " WHERE p.fk_product_type = $type"; -if ($sref) -{ - $sql .= " AND lower(p.ref) like '%".strtolower($sref)."%'"; -} -if ($snom) -{ - $sql .= " AND lower(p.label) like '%".strtolower($snom)."%'"; -} -$sql .= " ORDER BY $sortfield $sortorder "; -$sql .= $db->plimit($limit + 1 ,$offset); - -if ( $db->query($sql) ) +if ($result) { $num = $db->num_rows(); - $i = 0; + $i = 0; + if ($num == 1) { $objp = $db->fetch_object($i); Header("Location: fiche.php3?id=$objp->rowid"); } - + llxHeader(); print_barre_liste("Liste des ".$types[$type]."s", $page, $PHP_SELF, "&sref=$sref&snom=$snom", $sortfield, $sortorder,'',$num);