Fix stats on project

htdocs/projet/class/projectstats.class.php

@@ -57,10 +57,15 @@ class ProjectStats extends Stats
 		$sql = "SELECT";
 		$sql .= " SUM(t.opp_amount), t.fk_opp_status, cls.code, cls.label";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t";
-		if (! $user->rights->societe->client->voir && ! $user->socid)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->socid)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= ", ".MAIN_DB_PREFIX."c_lead_status as cls";
 		$sql .= $this->buildWhere();
+		// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+		//if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
 		$sql .= " AND t.fk_opp_status = cls.rowid";
 		$sql .= " AND t.fk_statut <> 0";     // We want historic also, so all projects not draft
 		$sql .= " GROUP BY t.fk_opp_status, cls.code, cls.label";
@@ -119,9 +124,11 @@ class ProjectStats extends Stats
 		$sql = "SELECT date_format(t.datec,'%Y') as year, COUNT(t.rowid) as nb, SUM(t.opp_amount) as total, AVG(t.opp_amount) as avg,";
 		$sql.= " SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100) as weighted";
 		$sql.= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls ON cls.rowid = t.fk_opp_status";
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql.= $this->buildWhere();
+		// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+		//if ($socid > 0) $sql.= " AND t.fk_soc = ".$socid;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
 		$sql.= " GROUP BY year";
 		$sql.= $this->db->order('year', 'DESC');
 
@@ -136,9 +143,16 @@ class ProjectStats extends Stats
 	 */
 	public function buildWhere()
 	{
+		global $user;
+
 		$sqlwhere_str = '';
 		$sqlwhere = array();
 
+		// Get list of project id allowed to user (in a string list separated by coma)
+		$object = new Project($this->db);
+		$projectsListId='';
+		if (! $user->rights->projet->all->lire) $projectsListId = $object->getProjectsAuthorizedForUser($user,0,1,$user->socid);
+
 		$sqlwhere[] = ' t.entity IN (' . getEntity('project') . ')';
 
 		if (! empty($this->userid))
@@ -154,6 +168,8 @@ class ProjectStats extends Stats
 		if (! empty($this->status))
 			$sqlwhere[] = " t.fk_opp_status IN (" . $this->status . ")";
 
+		if (! $user->rights->projet->all->lire) $sqlwhere[] = " AND p.rowid IN (".$projectsListId.")";     // public and assigned to, or restricted to company for external users
+
 		if (count($sqlwhere) > 0) {
 			$sqlwhere_str = ' WHERE ' . implode(' AND ', $sqlwhere);
 		}
@@ -176,8 +192,9 @@ class ProjectStats extends Stats
 
 		$sql = "SELECT date_format(t.datec,'%m') as dm, COUNT(*) as nb";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t";
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->soc_id)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= $this->buildWhere();
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -204,8 +221,9 @@ class ProjectStats extends Stats
 
 		$sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount)";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t";
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->soc_id)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= $this->buildWhere();
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -327,8 +345,9 @@ class ProjectStats extends Stats
 
 		$sql = "SELECT date_format(t.datec,'%m') as dm, SUM(t.opp_amount * ".$this->db->ifsql("t.opp_percent IS NULL".($wonlostfilter?" OR cls.code IN ('WON','LOST')":""), '0', 't.opp_percent')." / 100)";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t LEFT JOIN ".MAIN_DB_PREFIX.'c_lead_status as cls ON t.fk_opp_status = cls.rowid';
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->soc_id)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= $this->buildWhere();
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -436,8 +455,9 @@ class ProjectStats extends Stats
 
 		$sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t";
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->soc_id)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= $this->buildWhere();
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');
@@ -448,8 +468,9 @@ class ProjectStats extends Stats
 
 		$sql = "SELECT date_format(t.datec,'%m') as dm, count(t.opp_amount)";
 		$sql .= " FROM " . MAIN_DB_PREFIX . "projet as t";
-		if (! $user->rights->societe->client->voir && ! $user->soc_id)
-			$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
+		// No check is done on company permission because readability is managed by public status of project and assignement.
+		//if (! $user->rights->societe->client->voir && ! $user->soc_id)
+		//	$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "societe_commerciaux as sc ON sc.fk_soc=t.fk_soc AND sc.fk_user=" . $user->id;
 		$sql .= $this->buildWhere();
 		$sql .= " GROUP BY dm";
 		$sql .= $this->db->order('dm', 'DESC');