mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-02-08 00:52:01 +01:00
Fix: forged select for stats where wrong when filtering on a thirdparty
This commit is contained in:
Laurent Destailleur
@@ -1,6 +1,6 @@
|
||||
<?php
|
||||
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (c) 2005 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (c) 2005-2013 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis.houssin@capnetworks.com>
|
||||
* Copyright (C) 2012 Marcos García <marcosgdf@gmail.com>
|
||||
*
|
||||
@@ -30,7 +30,7 @@ include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
|
||||
|
||||
|
||||
/**
|
||||
* Class to manage order statistics
|
||||
* Class to manage order statistics (customer and supplier)
|
||||
*/
|
||||
class CommandeStats extends Stats
|
||||
{
|
||||
@@ -49,7 +49,7 @@ class CommandeStats extends Stats
|
||||
*
|
||||
* @param DoliDB $db Database handler
|
||||
* @param int $socid Id third party for filter
|
||||
* @param string $mode Option
|
||||
* @param string $mode Option ('customer', 'supplier')
|
||||
* @param int $userid Id user for filter (creation user)
|
||||
*/
|
||||
function __construct($db, $socid, $mode, $userid=0)
|
||||
@@ -60,12 +60,13 @@ class CommandeStats extends Stats
|
||||
|
||||
$this->socid = ($socid > 0 ? $socid : 0);
|
||||
$this->userid = $userid;
|
||||
|
||||
$this->cachefilesuffix = $mode;
|
||||
|
||||
if ($mode == 'customer')
|
||||
{
|
||||
$object=new Commande($this->db);
|
||||
$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
|
||||
$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
$this->field='total_ht';
|
||||
$this->where.= " c.fk_statut > 0"; // Not draft and not cancelled
|
||||
}
|
||||
@@ -73,16 +74,16 @@ class CommandeStats extends Stats
|
||||
{
|
||||
$object=new CommandeFournisseur($this->db);
|
||||
$this->from = MAIN_DB_PREFIX.$object->table_element." as c";
|
||||
$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
//$this->from.= ", ".MAIN_DB_PREFIX."societe as s";
|
||||
$this->field='total_ht';
|
||||
$this->where.= " c.fk_statut > 2"; // Only approved & ordered
|
||||
}
|
||||
$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
|
||||
|
||||
//$this->where.= " AND c.fk_soc = s.rowid AND c.entity = ".$conf->entity;
|
||||
$this->where.= " AND c.entity = ".$conf->entity;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $this->where .= " AND c.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if($this->socid)
|
||||
if ($this->socid)
|
||||
{
|
||||
$this->where .= " AND c.fk_soc = ".$this->socid;
|
||||
$this->where.=" AND c.fk_soc = ".$this->socid;
|
||||
}
|
||||
if ($this->userid > 0) $this->where.=' AND c.fk_user_author = '.$this->userid;
|
||||
}
|
||||
@@ -90,14 +91,14 @@ class CommandeStats extends Stats
|
||||
/**
|
||||
* Return orders number by month for a year
|
||||
*
|
||||
* @param int $year year for stats
|
||||
* @return array array with number by month
|
||||
* @param int $year Year to scan
|
||||
* @return array Array with number by month
|
||||
*/
|
||||
function getNbByMonth($year)
|
||||
{
|
||||
global $user;
|
||||
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, count(*) nb";
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, COUNT(*) as nb";
|
||||
$sql.= " FROM ".$this->from;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
|
||||
@@ -105,20 +106,21 @@ class CommandeStats extends Stats
|
||||
$sql.= " GROUP BY dm";
|
||||
$sql.= $this->db->order('dm','DESC');
|
||||
|
||||
return $this->_getNbByMonth($year, $sql);
|
||||
$res=$this->_getNbByMonth($year, $sql);
|
||||
return $res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return orders number by year
|
||||
* Return orders number per year
|
||||
*
|
||||
* @return array array with number by year
|
||||
* @return array Array with number by year
|
||||
*
|
||||
*/
|
||||
function getNbByYear()
|
||||
{
|
||||
global $user;
|
||||
|
||||
$sql = "SELECT date_format(c.date_commande,'%Y') as dm, count(*), sum(c.".$this->field.")";
|
||||
$sql = "SELECT date_format(c.date_commande,'%Y') as dm, COUNT(*) as nb, SUM(c.".$this->field.")";
|
||||
$sql.= " FROM ".$this->from;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE ".$this->where;
|
||||
@@ -131,14 +133,14 @@ class CommandeStats extends Stats
|
||||
/**
|
||||
* Return the orders amount by month for a year
|
||||
*
|
||||
* @param int $year year for stats
|
||||
* @return array array with number by month
|
||||
* @param int $year Year to scan
|
||||
* @return array Array with amount by month
|
||||
*/
|
||||
function getAmountByMonth($year)
|
||||
{
|
||||
global $user;
|
||||
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, sum(c.".$this->field.")";
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, SUM(c.".$this->field.")";
|
||||
$sql.= " FROM ".$this->from;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
|
||||
@@ -146,7 +148,8 @@ class CommandeStats extends Stats
|
||||
$sql.= " GROUP BY dm";
|
||||
$sql.= $this->db->order('dm','DESC');
|
||||
|
||||
return $this->_getAmountByMonth($year, $sql);
|
||||
$res=$this->_getAmountByMonth($year, $sql);
|
||||
return $res;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -159,7 +162,7 @@ class CommandeStats extends Stats
|
||||
{
|
||||
global $user;
|
||||
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, avg(c.".$this->field.")";
|
||||
$sql = "SELECT date_format(c.date_commande,'%m') as dm, AVG(c.".$this->field.")";
|
||||
$sql.= " FROM ".$this->from;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE c.date_commande BETWEEN '".$this->db->idate(dol_get_first_day($year))."' AND '".$this->db->idate(dol_get_last_day($year))."'";
|
||||
@@ -179,7 +182,7 @@ class CommandeStats extends Stats
|
||||
{
|
||||
global $user;
|
||||
|
||||
$sql = "SELECT date_format(c.date_commande,'%Y') as year, count(*) as nb, sum(c.".$this->field.") as total, avg(".$this->field.") as avg";
|
||||
$sql = "SELECT date_format(c.date_commande,'%Y') as year, COUNT(*) as nb, SUM(c.".$this->field.") as total, AVG(".$this->field.") as avg";
|
||||
$sql.= " FROM ".$this->from;
|
||||
if (!$user->rights->societe->client->voir && !$this->socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= " WHERE ".$this->where;
|
||||
@@ -190,4 +193,4 @@ class CommandeStats extends Stats
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
?>
|
||||
Reference in New Issue
Block a user