Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: mise en fonction de la vrification des droits d'accs users, clients et commerciaux

Browse Source
This commit is contained in:
Regis Houssin
2007-06-07 14:01:35 +00:00
parent d5179f5c3a
commit 3a2ae56973
8 changed files with 14 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/comm/propal/contact.php
View File

@@ -40,7 +40,7 @@ $langs->load("companies");
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:''; $propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'propale', $propalid, 'propal'); $socid = restrictedArea($user, 'propale', $propalid, 'propal');
/* /*
* Ajout d'un nouveau contact * Ajout d'un nouveau contact

2
htdocs/commande/contact.php
View File

@@ -40,7 +40,7 @@ $langs->load("companies");
$commandeid = isset($_GET["id"])?$_GET["id"]:''; $commandeid = isset($_GET["id"])?$_GET["id"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'commande', $commandeid); $socid = restrictedArea($user, 'commande', $commandeid);
/* /*
* Ajout d'un nouveau contact * Ajout d'un nouveau contact

2
htdocs/compta/facture/contact.php
View File

@@ -38,7 +38,7 @@ $langs->load("companies");
$facid = isset($_GET["facid"])?$_GET["facid"]:''; $facid = isset($_GET["facid"])?$_GET["facid"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'facture', $facid); $socid = restrictedArea($user, 'facture', $facid);
/* /*
* Ajout d'un nouveau contact * Ajout d'un nouveau contact

2
htdocs/contrat/contact.php
View File

@@ -39,7 +39,7 @@ $langs->load("companies");
$contratid = isset($_GET["id"])?$_GET["id"]:''; $contratid = isset($_GET["id"])?$_GET["id"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'contrat', $contratid); $socid = restrictedArea($user, 'contrat', $contratid);
/* /*
* Ajout d'un nouveau contact * Ajout d'un nouveau contact

2
htdocs/docsoc.php
View File

@@ -39,7 +39,7 @@ $mesg = "";
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = isset($_GET["socid"])?$_GET["socid"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'commercial', $socid, 'societe'); $socid = restrictedArea($user, 'commercial', $socid, 'societe');
/* /*
* Actions * Actions

12
htdocs/lib/functions.inc.php
View File

@@ -1281,27 +1281,27 @@ function dol_loginfunction($notused,$pearstatus)
{ {
$_GET["action"] = ''; $_GET["action"] = '';
$_POST["action"] = ''; $_POST["action"] = '';
$user_socid = $user->societe_id; $socid = $user->societe_id;
} }
if ($objectid) if ($objectid)
{ {
if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$user_socid > 0) if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$socid > 0)
{ {
$sql = "SELECT sc.fk_soc"; $sql = "SELECT sc.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id; $sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
} }
else if ($objectid && (!$user->rights->commercial->client->voir || $user_socid > 0)) else if ($objectid && (!$user->rights->commercial->client->voir || $socid > 0))
{ {
$sql = "SELECT sc.fk_soc, dbt.fk_soc"; $sql = "SELECT sc.fk_soc, dbt.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
$sql .= " WHERE dbt.rowid = ".$objectid; $sql .= " WHERE dbt.rowid = ".$objectid;
if (!$user->rights->commercial->client->voir && !$user_socid > 0) if (!$user->rights->commercial->client->voir && !$socid > 0)
{ {
$sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id; $sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
} }
if ($user_socid > 0) $sql .= " AND dbt.fk_soc = ".$user_socid; if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid;
} }
if ($db->query($sql)) if ($db->query($sql))
@@ -1312,7 +1312,7 @@ function dol_loginfunction($notused,$pearstatus)
} }
} }
} }
return 1; return $socid;
} }

3
htdocs/soc.php
View File

@@ -40,8 +40,7 @@ $langs->load("bills");
$socid = isset($_GET["socid"])?$_GET["socid"]:''; $socid = isset($_GET["socid"])?$_GET["socid"]:'';
// S<>curit<69> d'acc<63>s client et commerciaux // S<>curit<69> d'acc<63>s client et commerciaux
$security = restrictedArea($user, 'societe', $socid); $socid = restrictedArea($user, 'societe', $socid);
print $security;
// Initialisation de l'objet Societe // Initialisation de l'objet Societe
$soc = new Societe($db); $soc = new Societe($db);

14
htdocs/societe.php
View File

@@ -30,24 +30,14 @@
require_once("./pre.inc.php"); require_once("./pre.inc.php");
if (!$user->rights->societe->lire)
accessforbidden();
include_once(DOL_DOCUMENT_ROOT."/contact.class.php"); include_once(DOL_DOCUMENT_ROOT."/contact.class.php");
$langs->load("companies"); $langs->load("companies");
$langs->load("customers"); $langs->load("customers");
$langs->load("suppliers"); $langs->load("suppliers");
// S<>curit<69> d'acc<63>s client et commerciaux
// S<>curit<69> acc<63>s client $socid = restrictedArea($user, 'societe');
$socid=0;
if ($user->societe_id > 0)
{
$action = '';
$socid = $user->societe_id;
}
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"]; $search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
$search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"]; $search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];