forked from Wavyzz/dolibarr
Fix: mise en fonction de la vrification des droits d'accs users, clients et commerciaux
This commit is contained in:
Regis Houssin
@@ -40,7 +40,7 @@ $langs->load("companies");
|
||||
$propalid = isset($_GET["propalid"])?$_GET["propalid"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'propale', $propalid, 'propal');
|
||||
$socid = restrictedArea($user, 'propale', $propalid, 'propal');
|
||||
|
||||
/*
|
||||
* Ajout d'un nouveau contact
|
||||
|
||||
@@ -40,7 +40,7 @@ $langs->load("companies");
|
||||
$commandeid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'commande', $commandeid);
|
||||
$socid = restrictedArea($user, 'commande', $commandeid);
|
||||
|
||||
/*
|
||||
* Ajout d'un nouveau contact
|
||||
|
||||
@@ -38,7 +38,7 @@ $langs->load("companies");
|
||||
$facid = isset($_GET["facid"])?$_GET["facid"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'facture', $facid);
|
||||
$socid = restrictedArea($user, 'facture', $facid);
|
||||
|
||||
/*
|
||||
* Ajout d'un nouveau contact
|
||||
|
||||
@@ -39,7 +39,7 @@ $langs->load("companies");
|
||||
$contratid = isset($_GET["id"])?$_GET["id"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'contrat', $contratid);
|
||||
$socid = restrictedArea($user, 'contrat', $contratid);
|
||||
|
||||
/*
|
||||
* Ajout d'un nouveau contact
|
||||
|
||||
@@ -39,7 +39,7 @@ $mesg = "";
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'commercial', $socid, 'societe');
|
||||
$socid = restrictedArea($user, 'commercial', $socid, 'societe');
|
||||
|
||||
/*
|
||||
* Actions
|
||||
|
||||
@@ -1281,27 +1281,27 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
{
|
||||
$_GET["action"] = '';
|
||||
$_POST["action"] = '';
|
||||
$user_socid = $user->societe_id;
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
if ($objectid)
|
||||
{
|
||||
if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$user_socid > 0)
|
||||
if ($modulename == 'societe' && !$user->rights->commercial->client->voir && !$socid > 0)
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql .= " WHERE sc.fk_soc = ".$objectid." AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
else if ($objectid && (!$user->rights->commercial->client->voir || $user_socid > 0))
|
||||
else if ($objectid && (!$user->rights->commercial->client->voir || $socid > 0))
|
||||
{
|
||||
$sql = "SELECT sc.fk_soc, dbt.fk_soc";
|
||||
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql .= " WHERE dbt.rowid = ".$objectid;
|
||||
if (!$user->rights->commercial->client->voir && !$user_socid > 0)
|
||||
if (!$user->rights->commercial->client->voir && !$socid > 0)
|
||||
{
|
||||
$sql .= " AND sc.fk_soc = dbt.fk_soc AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
if ($user_socid > 0) $sql .= " AND dbt.fk_soc = ".$user_socid;
|
||||
if ($socid > 0) $sql .= " AND dbt.fk_soc = ".$socid;
|
||||
}
|
||||
|
||||
if ($db->query($sql))
|
||||
@@ -1312,7 +1312,7 @@ function dol_loginfunction($notused,$pearstatus)
|
||||
}
|
||||
}
|
||||
}
|
||||
return 1;
|
||||
return $socid;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -40,8 +40,7 @@ $langs->load("bills");
|
||||
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$security = restrictedArea($user, 'societe', $socid);
|
||||
print $security;
|
||||
$socid = restrictedArea($user, 'societe', $socid);
|
||||
|
||||
// Initialisation de l'objet Societe
|
||||
$soc = new Societe($db);
|
||||
|
||||
@@ -30,24 +30,14 @@
|
||||
|
||||
require_once("./pre.inc.php");
|
||||
|
||||
if (!$user->rights->societe->lire)
|
||||
accessforbidden();
|
||||
|
||||
include_once(DOL_DOCUMENT_ROOT."/contact.class.php");
|
||||
|
||||
$langs->load("companies");
|
||||
$langs->load("customers");
|
||||
$langs->load("suppliers");
|
||||
|
||||
|
||||
// S<>curit<69> acc<63>s client
|
||||
$socid=0;
|
||||
if ($user->societe_id > 0)
|
||||
{
|
||||
$action = '';
|
||||
$socid = $user->societe_id;
|
||||
}
|
||||
|
||||
// S<>curit<69> d'acc<63>s client et commerciaux
|
||||
$socid = restrictedArea($user, 'societe');
|
||||
|
||||
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
|
||||
$search_ville=isset($_GET["search_ville"])?$_GET["search_ville"]:$_POST["search_ville"];
|
||||
|
||||
Reference in New Issue
Block a user