Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

NEW - See the documents of my subordinates (#28318)

Browse Source 
* NEW - See the documents of my subordinates

* cop

* Rewriting

* up

* ok

* FIX - Restriction on sale representative

---------

Co-authored-by: Anthony Berton <anthony.berton@bb2a.fr>
Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
This commit is contained in:
Anthony Berton
2024-03-07 22:47:29 +01:00
committed by GitHub
parent 3035a7bc7f
commit ff03f86a50
3 changed files with 39 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
htdocs/commande/list.php
View File

@@ -11,7 +11,7 @@
* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
* Copyright (C) 2016-2023 Ferran Marcet <fmarcet@2byte.es>
* Copyright (C) 2018-2023 Charlene Benke <charlene@patas-monkey.com>
* Copyright (C) 2021 Anthony Berton <anthony.berton@bb2a.fr>
* Copyright (C) 2021-2024 Anthony Berton <anthony.berton@bb2a.fr>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -62,6 +62,10 @@ $toselect = GETPOST('toselect', 'array');
$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'orderlist';
$mode = GETPOST('mode', 'alpha');
if (getDolGlobalInt('MAIN_SEE_SUBORDINATES')) {
$userschilds = $user->getAllChildIds();
}
// Search Parameters
$search_datecloture_start = GETPOSTINT('search_datecloture_start');
if (empty($search_datecloture_start)) {
@@ -223,15 +227,16 @@ $object->fields = dol_sort_array($object->fields, 'position');
//$arrayfields['anotherfield'] = array('type'=>'integer', 'label'=>'AnotherField', 'checked'=>1, 'enabled'=>1, 'position'=>90, 'csslist'=>'right');
$arrayfields = dol_sort_array($arrayfields, 'position');
if (!$user->hasRight('societe', 'client', 'voir')) {
$search_sale = $user->id;
}
// Security check
$id = (GETPOST('orderid') ? GETPOSTINT('orderid') : GETPOSTINT('id'));
if ($user->socid) {
$socid = $user->socid;
}
$permissiontoreadallthirdparty = $user->hasRight('societe', 'client', 'voir');
$result = restrictedArea($user, 'commande', $id, '');
$error = 0;
@@ -879,6 +884,16 @@ $sql .= ' AND c.entity IN ('.getEntity('commande').')';
if ($socid > 0) {
$sql .= ' AND s.rowid = '.((int) $socid);
}
// Restriction on sale representative
if (!$permissiontoreadallthirdparty) {
$sql .= " AND (EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user = ".((int) $user->id).")";
if (getDolGlobalInt('MAIN_SEE_SUBORDINATES') && $userschilds) {
$sql .= " OR EXISTS (SELECT sc.fk_soc FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc WHERE sc.fk_soc = c.fk_soc AND sc.fk_user IN (".$db->sanitize(implode(',', $userschilds))."))";
}
$sql .= ")";
}
if ($search_ref) {
$sql .= natural_search('c.ref', $search_ref);
}