mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2025-12-05 17:18:13 +01:00
Fix: patch from forum "User permissions on modAgenda"
This commit is contained in:
Laurent Destailleur
@@ -591,16 +591,17 @@ class ActionComm extends CommonObject
|
||||
$now=dol_now();
|
||||
|
||||
$this->nbtodo=$this->nbtodolate=0;
|
||||
$sql = "SELECT a.id, a.datep as dp";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."actioncomm as a";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
|
||||
$sql.= ")";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " WHERE a.percent >= 0 AND a.percent < 100";
|
||||
$sql.= " AND a.entity = ".$conf->entity;
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND a.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($user->societe_id) $sql.=" AND a.fk_soc = ".$user->societe_id;
|
||||
//print $sql;
|
||||
|
||||
$sql = "SELECT a.id, a.datep as dp";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."actioncomm as a";
|
||||
$sql.= ")";
|
||||
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " WHERE a.percent >= 0 AND a.percent < 100";
|
||||
$sql.= " AND a.entity = ".$conf->entity;
|
||||
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
|
||||
if ($user->societe_id) $sql.=" AND a.fk_soc = ".$user->societe_id;
|
||||
if (! $user->rights->agenda->allactions->read) $sql.= " AND (a.fk_user_author = ".$user->id . " OR a.fk_user_action = ".$user->id . " OR a.fk_user_done = ".$user->id . ")";
|
||||
|
||||
$resql=$this->db->query($sql);
|
||||
if ($resql)
|
||||
|
||||
@@ -304,16 +304,16 @@ $sql.= ' a.fk_user_author,a.fk_user_action,a.fk_user_done,';
|
||||
$sql.= ' a.priority, a.fulldayevent, a.location,';
|
||||
$sql.= ' a.fk_soc, a.fk_contact,';
|
||||
$sql.= ' ca.code';
|
||||
$sql.= ' FROM ('.MAIN_DB_PREFIX.'c_actioncomm as ca,';
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
|
||||
$sql.= " ".MAIN_DB_PREFIX.'user as u,';
|
||||
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
|
||||
$sql.= ' WHERE a.fk_action = ca.id';
|
||||
$sql.= ' AND a.fk_user_author = u.rowid';
|
||||
$sql.= ' AND a.entity IN ('.getEntity().')';
|
||||
if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'";
|
||||
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND a.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
$sql.= ' FROM ('.MAIN_DB_PREFIX.'c_actioncomm as ca,';
|
||||
$sql.= " ".MAIN_DB_PREFIX.'user as u,';
|
||||
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
|
||||
$sql.= ' WHERE a.fk_action = ca.id';
|
||||
$sql.= ' AND a.fk_user_author = u.rowid';
|
||||
$sql.= ' AND a.entity IN ('.getEntity().')';
|
||||
if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'";
|
||||
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
|
||||
if ($user->societe_id) $sql.= ' AND a.fk_soc = '.$user->societe_id; // To limit to external user company
|
||||
if ($action == 'show_day')
|
||||
{
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
|
||||
* Copyright (C) 2003 Eric Seigne <erics@rycks.com>
|
||||
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
|
||||
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
@@ -146,29 +146,28 @@ if ($type) $param.="&type=".$type;
|
||||
|
||||
$sql = "SELECT s.nom as societe, s.rowid as socid, s.client,";
|
||||
$sql.= " a.id, a.datep as dp, a.datep2 as dp2,";
|
||||
//$sql.= " a.datea as da, a.datea2 as da2,";
|
||||
$sql.= " a.fk_contact, a.note, a.label, a.percent as percent,";
|
||||
$sql.= " c.code as acode, c.libelle,";
|
||||
$sql.= " ua.login as loginauthor, ua.rowid as useridauthor,";
|
||||
$sql.= " ut.login as logintodo, ut.rowid as useridtodo,";
|
||||
$sql.= " ud.login as logindone, ud.rowid as useriddone,";
|
||||
$sql.= " sp.name, sp.firstname";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,";
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
|
||||
$sql.= " ".MAIN_DB_PREFIX.'user as u,';
|
||||
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON a.fk_user_author = ua.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ut ON a.fk_user_action = ut.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ud ON a.fk_user_done = ud.rowid";
|
||||
$sql.= " WHERE c.id = a.fk_action";
|
||||
$sql.= ' AND a.fk_user_author = u.rowid';
|
||||
$sql.= ' AND a.entity IN ('.getEntity().')'; // To limit to entity
|
||||
if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'";
|
||||
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,";
|
||||
$sql.= " ".MAIN_DB_PREFIX.'user as u,';
|
||||
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON a.fk_user_author = ua.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ut ON a.fk_user_action = ut.rowid";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ud ON a.fk_user_done = ud.rowid";
|
||||
$sql.= " WHERE c.id = a.fk_action";
|
||||
$sql.= ' AND a.fk_user_author = u.rowid';
|
||||
$sql.= ' AND a.entity IN ('.getEntity().')'; // To limit to entity
|
||||
if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'";
|
||||
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
|
||||
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
|
||||
if ($socid) $sql.= " AND s.rowid = ".$socid;
|
||||
if ($type) $sql.= " AND c.id = ".$type;
|
||||
if ($status == 'done') { $sql.= " AND (a.percent = 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; }
|
||||
if ($status == 'todo') { $sql.= " AND ((a.percent >= 0 AND a.percent < 100) OR (a.percent = -1 AND a.datep2 > '".$db->idate($now)."'))"; }
|
||||
|
||||
@@ -75,15 +75,16 @@ class box_actions extends ModeleBoxes
|
||||
$sql = "SELECT a.id, a.label, a.datep as dp, a.percent as percentage,";
|
||||
$sql.= " ta.code,";
|
||||
$sql.= " s.nom, s.rowid as socid";
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm AS ta, ";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux AS sc, ";
|
||||
$sql.= MAIN_DB_PREFIX."actioncomm AS a)";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " WHERE a.fk_action = ta.id";
|
||||
$sql.= " AND a.entity = ".$conf->entity;
|
||||
$sql.= " AND a.percent >= 0 AND a.percent < 100";
|
||||
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
|
||||
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
|
||||
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm AS ta, ";
|
||||
$sql.= MAIN_DB_PREFIX."actioncomm AS a)";
|
||||
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
|
||||
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
|
||||
$sql.= " WHERE a.fk_action = ta.id";
|
||||
$sql.= " AND a.entity = ".$conf->entity;
|
||||
$sql.= " AND a.percent >= 0 AND a.percent < 100";
|
||||
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
|
||||
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
|
||||
if (! $user->rights->agenda->allactions->read) $sql.= " AND (a.fk_user_author = ".$user->id . " OR a.fk_user_action = ".$user->id . " OR a.fk_user_done = ".$user->id . ")";
|
||||
$sql.= " ORDER BY a.datec DESC";
|
||||
$sql.= $db->plimit($max, 0);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user