From 828a9296b4aa000c4a4e2386fbf58a8b3b4be83c Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 20 Jun 2018 21:52:06 +0200 Subject: [PATCH] Fix stats on project --- htdocs/projet/class/projectstats.class.php | 49 +++++++++++++++------- 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/htdocs/projet/class/projectstats.class.php b/htdocs/projet/class/projectstats.class.php index 413ffa6be5e..61ca1735c1c 100644 --- a/htdocs/projet/class/projectstats.class.php +++ b/htdocs/projet/class/projectstats.class.php @@ -57,10 +57,15 @@ class ProjectStats extends Stats $sql = "SELECT"; $sql .= " SUM(t.opp_amount), t.fk_opp_status, cls.code, cls.label"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->socid) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->socid) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls"; $sql .= $this->buildWhere(); + // For external user, no check is done on company permission because readability is managed by public status of project and assignement. + //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql .= " AND t.fk_opp_status = cls.rowid"; $sql .= " AND t.fk_statut <> 0"; // We want historic also, so all projects not draft $sql .= " GROUP BY t.fk_opp_status, cls.code, cls.label"; @@ -119,9 +124,11 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb, SUM(t.opp_amount) as total, AVG(t.opp_amount) as avg,"; $sql.= " SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100) as weighted"; $sql.= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls ON cls.rowid = t.fk_opp_status"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql.= $this->buildWhere(); + // For external user, no check is done on company permission because readability is managed by public status of project and assignement. + //if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; $sql.= " GROUP BY year"; $sql.= $this->db->order('year', 'DESC'); @@ -136,9 +143,16 @@ class ProjectStats extends Stats */ public function buildWhere() { + global $user; + $sqlwhere_str = ''; $sqlwhere = array(); + // Get list of project id allowed to user (in a string list separated by coma) + $object = new Project($this->db); + $projectsListId=''; + if (! $user->rights->projet->all->lire) $projectsListId = $object->getProjectsAuthorizedForUser($user,0,1,$user->socid); + $sqlwhere[] = ' t.entity IN (' . getEntity('project') . ')'; if (! empty($this->userid)) @@ -154,6 +168,8 @@ class ProjectStats extends Stats if (! empty($this->status)) $sqlwhere[] = " t.fk_opp_status IN (" . $this->status . ")"; + if (! $user->rights->projet->all->lire) $sqlwhere[] = " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users + if (count($sqlwhere) > 0) { $sqlwhere_str = ' WHERE ' . implode(' AND ', $sqlwhere); } @@ -176,8 +192,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(*) as nb"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -204,8 +221,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -327,8 +345,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX.'c_lead_status as cls ON t.fk_opp_status = cls.rowid'; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -436,8 +455,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC'); @@ -448,8 +468,9 @@ class ProjectStats extends Stats $sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)"; $sql .= " FROM " . MAIN_DB_PREFIX . "projet as t"; - if (! $user->rights->societe->client->voir && ! $user->soc_id) - $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; + // No check is done on company permission because readability is managed by public status of project and assignement. + //if (! $user->rights->societe->client->voir && ! $user->soc_id) + // $sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id; $sql .= $this->buildWhere(); $sql .= " GROUP BY dm"; $sql .= $this->db->order('dm', 'DESC');