Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-06 01:28:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix: patch from forum "User permissions on modAgenda"

Browse Source
This commit is contained in:
Laurent Destailleur
2012-12-20 17:07:15 +01:00
parent e4855e153b
commit bcd2fead3d
4 changed files with 48 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/comm/action/class/actioncomm.class.php
View File

@@ -591,16 +591,17 @@ class ActionComm extends CommonObject
$now=dol_now(); $now=dol_now();
$this->nbtodo=$this->nbtodolate=0; $this->nbtodo=$this->nbtodolate=0;
$sql = "SELECT a.id, a.datep as dp"; $sql = "SELECT a.id, a.datep as dp";
$sql.= " FROM (".MAIN_DB_PREFIX."actioncomm as a"; $sql.= " FROM (".MAIN_DB_PREFIX."actioncomm as a";
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= ")"; $sql.= ")";
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql.= " WHERE a.percent >= 0 AND a.percent < 100"; $sql.= " WHERE a.percent >= 0 AND a.percent < 100";
$sql.= " AND a.entity = ".$conf->entity; $sql.= " AND a.entity = ".$conf->entity;
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND a.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
if ($user->societe_id) $sql.=" AND a.fk_soc = ".$user->societe_id; if ($user->societe_id) $sql.=" AND a.fk_soc = ".$user->societe_id;
//print $sql; if (! $user->rights->agenda->allactions->read) $sql.= " AND (a.fk_user_author = ".$user->id . " OR a.fk_user_action = ".$user->id . " OR a.fk_user_done = ".$user->id . ")";
$resql=$this->db->query($sql); $resql=$this->db->query($sql);
if ($resql) if ($resql)

4
htdocs/comm/action/index.php
View File

@@ -305,15 +305,15 @@ $sql.= ' a.priority, a.fulldayevent, a.location,';
$sql.= ' a.fk_soc, a.fk_contact,'; $sql.= ' a.fk_soc, a.fk_contact,';
$sql.= ' ca.code'; $sql.= ' ca.code';
$sql.= ' FROM ('.MAIN_DB_PREFIX.'c_actioncomm as ca,'; $sql.= ' FROM ('.MAIN_DB_PREFIX.'c_actioncomm as ca,';
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
$sql.= " ".MAIN_DB_PREFIX.'user as u,'; $sql.= " ".MAIN_DB_PREFIX.'user as u,';
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
$sql.= ' WHERE a.fk_action = ca.id'; $sql.= ' WHERE a.fk_action = ca.id';
$sql.= ' AND a.fk_user_author = u.rowid'; $sql.= ' AND a.fk_user_author = u.rowid';
$sql.= ' AND a.entity IN ('.getEntity().')'; $sql.= ' AND a.entity IN ('.getEntity().')';
if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'"; if ($actioncode) $sql.=" AND ca.code='".$db->escape($actioncode)."'";
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND a.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
if ($user->societe_id) $sql.= ' AND a.fk_soc = '.$user->societe_id; // To limit to external user company if ($user->societe_id) $sql.= ' AND a.fk_soc = '.$user->societe_id; // To limit to external user company
if ($action == 'show_day') if ($action == 'show_day')
{ {

7
htdocs/comm/action/listactions.php
View File

@@ -1,7 +1,7 @@
<?php <?php
/* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org> /* Copyright (C) 2001-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Eric Seigne <erics@rycks.com> * Copyright (C) 2003 Eric Seigne <erics@rycks.com>
* Copyright (C) 2004-2011 Laurent Destailleur <eldy@users.sourceforge.net> * Copyright (C) 2004-2012 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr> * Copyright (C) 2005-2012 Regis Houssin <regis@dolibarr.fr>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
@@ -146,7 +146,6 @@ if ($type) $param.="&type=".$type;
$sql = "SELECT s.nom as societe, s.rowid as socid, s.client,"; $sql = "SELECT s.nom as societe, s.rowid as socid, s.client,";
$sql.= " a.id, a.datep as dp, a.datep2 as dp2,"; $sql.= " a.id, a.datep as dp, a.datep2 as dp2,";
//$sql.= " a.datea as da, a.datea2 as da2,";
$sql.= " a.fk_contact, a.note, a.label, a.percent as percent,"; $sql.= " a.fk_contact, a.note, a.label, a.percent as percent,";
$sql.= " c.code as acode, c.libelle,"; $sql.= " c.code as acode, c.libelle,";
$sql.= " ua.login as loginauthor, ua.rowid as useridauthor,"; $sql.= " ua.login as loginauthor, ua.rowid as useridauthor,";
@@ -154,9 +153,9 @@ $sql.= " ut.login as logintodo, ut.rowid as useridtodo,";
$sql.= " ud.login as logindone, ud.rowid as useriddone,"; $sql.= " ud.login as logindone, ud.rowid as useriddone,";
$sql.= " sp.name, sp.firstname"; $sql.= " sp.name, sp.firstname";
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,"; $sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm as c,";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux as sc,";
$sql.= " ".MAIN_DB_PREFIX.'user as u,'; $sql.= " ".MAIN_DB_PREFIX.'user as u,';
$sql.= " ".MAIN_DB_PREFIX."actioncomm as a)"; $sql.= " ".MAIN_DB_PREFIX."actioncomm as a)";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."socpeople as sp ON a.fk_contact = sp.rowid";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON a.fk_user_author = ua.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."user as ua ON a.fk_user_author = ua.rowid";
@@ -167,7 +166,7 @@ $sql.= ' AND a.fk_user_author = u.rowid';
$sql.= ' AND a.entity IN ('.getEntity().')'; // To limit to entity $sql.= ' AND a.entity IN ('.getEntity().')'; // To limit to entity
if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'"; if ($actioncode) $sql.=" AND c.code='".$db->escape($actioncode)."'";
if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid); if ($pid) $sql.=" AND a.fk_project=".$db->escape($pid);
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
if ($socid) $sql.= " AND s.rowid = ".$socid; if ($socid) $sql.= " AND s.rowid = ".$socid;
if ($type) $sql.= " AND c.id = ".$type; if ($type) $sql.= " AND c.id = ".$type;
if ($status == 'done') { $sql.= " AND (a.percent = 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; } if ($status == 'done') { $sql.= " AND (a.percent = 100 OR (a.percent = -1 AND a.datep2 <= '".$db->idate($now)."'))"; }

5
htdocs/core/boxes/box_actions.php
View File

@@ -76,14 +76,15 @@ class box_actions extends ModeleBoxes
$sql.= " ta.code,"; $sql.= " ta.code,";
$sql.= " s.nom, s.rowid as socid"; $sql.= " s.nom, s.rowid as socid";
$sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm AS ta, "; $sql.= " FROM (".MAIN_DB_PREFIX."c_actioncomm AS ta, ";
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " ".MAIN_DB_PREFIX."societe_commerciaux AS sc, ";
$sql.= MAIN_DB_PREFIX."actioncomm AS a)"; $sql.= MAIN_DB_PREFIX."actioncomm AS a)";
if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
$sql.= " WHERE a.fk_action = ta.id"; $sql.= " WHERE a.fk_action = ta.id";
$sql.= " AND a.entity = ".$conf->entity; $sql.= " AND a.entity = ".$conf->entity;
$sql.= " AND a.percent >= 0 AND a.percent < 100"; $sql.= " AND a.percent >= 0 AND a.percent < 100";
if (!$user->rights->societe->client->voir && !$user->societe_id) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id; if (! $user->rights->societe->client->voir && ! $user->societe_id) $sql.= " AND (a.fk_soc IS NULL OR sc.fk_user = " .$user->id . ")";
if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id; if($user->societe_id) $sql.= " AND s.rowid = ".$user->societe_id;
if (! $user->rights->agenda->allactions->read) $sql.= " AND (a.fk_user_author = ".$user->id . " OR a.fk_user_action = ".$user->id . " OR a.fk_user_done = ".$user->id . ")";
$sql.= " ORDER BY a.datec DESC"; $sql.= " ORDER BY a.datec DESC";
$sql.= $db->plimit($max, 0); $sql.= $db->plimit($max, 0);