From 453ed8a05e757cfc38d308abe8d8c9da526738a1 Mon Sep 17 00:00:00 2001 From: Alexis ALGOUD Date: Mon, 28 Sep 2015 15:36:27 +0200 Subject: [PATCH 1/3] FIX error in SQL due to a previous fix --- htdocs/core/lib/security.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php index dd8c88162a5..c4989b3c087 100644 --- a/htdocs/core/lib/security.lib.php +++ b/htdocs/core/lib/security.lib.php @@ -448,7 +448,7 @@ function restrictedArea($user, $features, $objectid=0, $dbtablename='', $feature if (empty($dbt_keyfield)) dol_print_error('','Param dbt_keyfield is required but not defined'); - $sql = "SELECT dbt.id"; + $sql = "SELECT dbt.".$dbt_keyfield; $sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON (dbt.".$dbt_keyfield." = s.rowid)"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON (sc.fk_soc = dbt.".$dbt_keyfield.")"; From 0b7305d21a6053f3c5d57593ed16fa01f05c69e1 Mon Sep 17 00:00:00 2001 From: arnaud Date: Mon, 28 Sep 2015 16:52:46 +0200 Subject: [PATCH 2/3] FIX facturestat bad sql when customer view is limited --- htdocs/compta/facture/class/facturestats.class.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 5d8d22cfa9d..5a9493b83b0 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -168,7 +168,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(datef,'%m') as dm, AVG(f.".$this->field.")"; $sql.= " FROM ".$this->from; - if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE f.datef BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'"; $sql.= " AND ".$this->where; $sql.= " GROUP BY dm"; @@ -188,7 +188,7 @@ class FactureStats extends Stats $sql = "SELECT date_format(datef,'%Y') as year, COUNT(*) as nb, SUM(f.".$this->field.") as total, AVG(f.".$this->field.") as avg"; $sql.= " FROM ".$this->from; - if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; + if (!$user->rights->societe->client->voir && !$this->socid) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc"; $sql.= " WHERE ".$this->where; $sql.= " GROUP BY year"; $sql.= $this->db->order('year','DESC'); From 4da8fb901b0d28385fb5f94dd52f412b8c1e15fe Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Thu, 1 Oct 2015 10:48:09 +0200 Subject: [PATCH 3/3] Add comment --- htdocs/comm/propal/class/propalestats.class.php | 2 +- htdocs/commande/class/commandestats.class.php | 2 +- htdocs/compta/facture/class/facturestats.class.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/htdocs/comm/propal/class/propalestats.class.php b/htdocs/comm/propal/class/propalestats.class.php index dc8501c37ba..c56bb753ade 100644 --- a/htdocs/comm/propal/class/propalestats.class.php +++ b/htdocs/comm/propal/class/propalestats.class.php @@ -48,7 +48,7 @@ class PropaleStats extends Stats * Constructor * * @param DoliDB $db Database handler - * @param int $socid Id third party for filter + * @param int $socid Id third party for filter. This value must be forced during the new to external user company if user is an external user. * @param int $userid Id user for filter (creation user) */ function __construct($db, $socid=0, $userid=0) diff --git a/htdocs/commande/class/commandestats.class.php b/htdocs/commande/class/commandestats.class.php index 312e958a38e..1ab418a9daa 100644 --- a/htdocs/commande/class/commandestats.class.php +++ b/htdocs/commande/class/commandestats.class.php @@ -48,7 +48,7 @@ class CommandeStats extends Stats * Constructor * * @param DoliDB $db Database handler - * @param int $socid Id third party for filter + * @param int $socid Id third party for filter. This value must be forced during the new to external user company if user is an external user. * @param string $mode Option ('customer', 'supplier') * @param int $userid Id user for filter (creation user) */ diff --git a/htdocs/compta/facture/class/facturestats.class.php b/htdocs/compta/facture/class/facturestats.class.php index 5d8d22cfa9d..17589145726 100644 --- a/htdocs/compta/facture/class/facturestats.class.php +++ b/htdocs/compta/facture/class/facturestats.class.php @@ -45,7 +45,7 @@ class FactureStats extends Stats * Constructor * * @param DoliDB $db Database handler - * @param int $socid Id third party for filter + * @param int $socid Id third party for filter. This value must be forced during the new to external user company if user is an external user. * @param string $mode Option ('customer', 'supplier') * @param int $userid Id user for filter (creation user) */