forked from Wavyzz/dolibarr
New: add shareds thirparties between entities
This commit is contained in:
Regis Houssin
@@ -2196,7 +2196,9 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
|
||||
// More features to check
|
||||
$features = explode("&",$features);
|
||||
//var_dump($features);
|
||||
|
||||
// More parameters
|
||||
list($dbtablename, $sharedelement) = explode('&', $dbtablename);
|
||||
|
||||
// Check read permission from module
|
||||
// TODO Replace "feature" param into caller by first level of permission
|
||||
@@ -2390,7 +2392,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checksoc))
|
||||
@@ -2409,7 +2411,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " WHERE sc.fk_soc = ".$objectid;
|
||||
$sql.= " AND sc.fk_user = ".$user->id;
|
||||
$sql.= " AND sc.fk_soc = s.rowid";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
else if (! empty($conf->multicompany->enabled))
|
||||
@@ -2417,7 +2419,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT s.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
|
||||
$sql.= " WHERE s.rowid = ".$objectid;
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checkother))
|
||||
@@ -2438,7 +2440,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON dbt.fk_soc = sc.fk_soc AND sc.fk_user = '".$user->id."'";
|
||||
$sql.= " WHERE dbt.rowid = ".$objectid;
|
||||
$sql.= " AND (dbt.fk_soc IS NULL OR sc.fk_soc IS NOT NULL)"; // Contact not linked to a company or to a company of user
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
else if (! empty($conf->multicompany->enabled))
|
||||
@@ -2446,7 +2448,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT dbt.rowid";
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql.= " WHERE dbt.rowid = ".$objectid;
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
}
|
||||
else if (in_array($feature,$checkproject))
|
||||
@@ -2480,7 +2482,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
|
||||
$sql.= " AND sc.fk_soc = dbt.".$dbt_keyfield;
|
||||
$sql.= " AND dbt.".$dbt_keyfield." = s.rowid";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND s.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
$sql.= " AND sc.fk_user = ".$user->id;
|
||||
}
|
||||
// If multicompany and internal users with all permissions, check user is in correct entity
|
||||
@@ -2489,7 +2491,7 @@ function restrictedArea($user, $features='societe', $objectid=0, $dbtablename=''
|
||||
$sql = "SELECT dbt.".$dbt_select;
|
||||
$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
|
||||
$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$dbtablename]) ? $conf->entities[$dbtablename] : $conf->entity).")";
|
||||
$sql.= " AND dbt.entity IN (0,".(! empty($conf->entities[$sharedelement]) ? $conf->entities[$sharedelement] : $conf->entity).")";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user