From 1ecd6db530dcbde0733a72c5716dd0957b5a194e Mon Sep 17 00:00:00 2001
From: Rodolphe Quiedeville <rodolphe@quiedeville.org>
Date: Tue, 30 Aug 2005 13:15:04 +0000
Subject: [PATCH] Modif permissions

---
 htdocs/telephonie/tarifs/index.php   | 20 ++++++++------
 htdocs/telephonie/tarifs/pre.inc.php | 12 ++++++--
 htdocs/telephonie/tarifs/tarif.php   | 41 +++++++---------------------
 3 files changed, 31 insertions(+), 42 deletions(-)

diff --git a/htdocs/telephonie/tarifs/index.php b/htdocs/telephonie/tarifs/index.php
index 471637ce8b1..0032f806fb1 100644
--- a/htdocs/telephonie/tarifs/index.php
+++ b/htdocs/telephonie/tarifs/index.php
@@ -75,14 +75,19 @@ $sql .= " , t.libelle as tarif, t.rowid as tarif_id";
 $sql .= " , m.temporel, m.fixe";
 $sql .= " , u.code";
 $sql .= " FROM ".MAIN_DB_PREFIX."telephonie_tarif_grille as d";
-$sql .= "," . MAIN_DB_PREFIX."telephonie_tarif_montant as m";
-$sql .= "," . MAIN_DB_PREFIX."telephonie_tarif as t";
-$sql .= "," . MAIN_DB_PREFIX."user as u";
+$sql .= ","    . MAIN_DB_PREFIX."telephonie_tarif_grille_rights as r";
+$sql .= ","    . MAIN_DB_PREFIX."telephonie_tarif_montant as m";
+$sql .= ","    . MAIN_DB_PREFIX."telephonie_tarif as t";
+$sql .= ","    . MAIN_DB_PREFIX."user as u";
 
 $sqlc .= " WHERE d.rowid = m.fk_tarif_desc";
 $sqlc .= " AND m.fk_tarif = t.rowid";
 $sqlc .= " AND m.fk_user = u.rowid";
 
+$sqlc .= " AND d.rowid = r.fk_grille";
+$sqlc .= " AND r.fk_user =".$user->id;
+$sqlc .= " AND r.pread = 1";
+
 if ($_GET["search_libelle"])
 {
   $sqlc .=" AND t.libelle LIKE '%".$_GET["search_libelle"]."%'";
@@ -98,14 +103,13 @@ if ($_GET["type"])
   $sqlc .= " AND d.type_tarif = '".$_GET["type"]."'";
 }
 
-
 $sql = $sql . $sqlc . " ORDER BY $sortfield $sortorder " . $db->plimit($conf->liste_limit+1, $offset);
 
 
-$result = $db->query($sql);
-if ($result)
+$resql = $db->query($sql);
+if ($resql)
 {
-  $num = $db->num_rows();
+  $num = $db->num_rows($resql);
   $i = 0;
   
   print_barre_liste("Tarifs", $page, "index.php", "&type=".$_GET["type"], $sortfield, $sortorder, '', $num);
@@ -139,7 +143,7 @@ if ($result)
 
   while ($i < min($num,$conf->liste_limit))
     {
-      $obj = $db->fetch_object($i);	
+      $obj = $db->fetch_object($resql);
       $var=!$var;
 
       print "<tr $bc[$var]>";
diff --git a/htdocs/telephonie/tarifs/pre.inc.php b/htdocs/telephonie/tarifs/pre.inc.php
index 66010fde907..51ddde31839 100644
--- a/htdocs/telephonie/tarifs/pre.inc.php
+++ b/htdocs/telephonie/tarifs/pre.inc.php
@@ -50,9 +50,11 @@ function llxHeader($head = "", $title="") {
 
   $menu->add(DOL_URL_ROOT."/telephonie/ligne/index.php", "Lignes");
 
-  $menu->add(DOL_URL_ROOT."/telephonie/ligne/commande/", "Commandes");
+  if ($user->rights->telephonie->ligne_commander)    
+    $menu->add(DOL_URL_ROOT."/telephonie/ligne/commande/", "Commandes");
 
-  $menu->add(DOL_URL_ROOT."/telephonie/stats/", "Statistiques");
+  if ($user->rights->telephonie->stats->lire)
+    $menu->add(DOL_URL_ROOT."/telephonie/stats/", "Statistiques");
 
   $menu->add(DOL_URL_ROOT."/telephonie/facture/", "Factures");
 
@@ -66,7 +68,11 @@ function llxHeader($head = "", $title="") {
 
   $menu->add_submenu(DOL_URL_ROOT."/telephonie/tarifs/prefix.php", "Prefix");
 
-  $menu->add(DOL_URL_ROOT."/telephonie/fournisseurs.php", "Fournisseurs");
+  if ($user->rights->telephonie->tarif->permission)
+    $menu->add_submenu(DOL_URL_ROOT."/telephonie/tarifs/permissions.php", "Permissions");
+
+  if ($user->rights->telephonie->fournisseur->lire)
+    $menu->add(DOL_URL_ROOT."/telephonie/fournisseurs.php", "Fournisseurs");
 
 
   left_menu($menu->liste);
diff --git a/htdocs/telephonie/tarifs/tarif.php b/htdocs/telephonie/tarifs/tarif.php
index 96ce3153783..63317c1e80a 100644
--- a/htdocs/telephonie/tarifs/tarif.php
+++ b/htdocs/telephonie/tarifs/tarif.php
@@ -23,37 +23,6 @@ require("./pre.inc.php");
 
 llxHeader();
 
-/*
- * S�curit� acc�s client
- */
-if ($user->societe_id > 0) 
-{
-  $action = '';
-  $socidp = $user->societe_id;
-}
-
-
-
-/*
- * Recherche
- *
- *
- */
-if ($mode == 'search') {
-  if ($mode-search == 'soc') {
-    $sql = "SELECT s.idp FROM ".MAIN_DB_PREFIX."societe as s ";
-    $sql .= " WHERE lower(s.nom) like '%".strtolower($socname)."%'";
-  }
-      
-  if ( $db->query($sql) ) {
-    if ( $db->num_rows() == 1) {
-      $obj = $db->fetch_object(0);
-      $socid = $obj->idp;
-    }
-    $db->free();
-  }
-}
-
 /*
  * Mode Liste
  *
@@ -66,6 +35,7 @@ $sql = "SELECT d.libelle as tarif_desc, d.type_tarif, d.rowid";
 $sql .= " , t.libelle as tarif";
 $sql .= " , m.temporel, m.fixe";
 $sql .= " FROM ".MAIN_DB_PREFIX."telephonie_tarif_grille as d";
+$sql .= ","    . MAIN_DB_PREFIX."telephonie_tarif_grille_rights as r";
 $sql .= "," . MAIN_DB_PREFIX."telephonie_tarif_montant as m";
 $sql .= "," . MAIN_DB_PREFIX."telephonie_tarif as t";
 
@@ -73,6 +43,10 @@ $sql .= " WHERE d.rowid = m.fk_tarif_desc";
 $sql .= " AND m.fk_tarif = t.rowid";
 $sql .= " AND t.rowid = '".$_GET["id"]."'";
 $sql .= " AND d.type_tarif = 'vente'";
+$sql .= " AND d.rowid = r.fk_grille";
+$sql .= " AND r.fk_user =".$user->id;
+$sql .= " AND r.pread = 1";
+
 $sql .= " ORDER BY t.libelle asc";
 
 $resql = $db->query($sql);
@@ -122,6 +96,7 @@ $sql = "SELECT d.libelle as tarif_desc, d.type_tarif, d.rowid";
 $sql .= " , t.libelle as tarif";
 $sql .= " , m.temporel, m.fixe";
 $sql .= " FROM ".MAIN_DB_PREFIX."telephonie_tarif_grille as d";
+$sql .= ","    . MAIN_DB_PREFIX."telephonie_tarif_grille_rights as r";
 $sql .= "," . MAIN_DB_PREFIX."telephonie_tarif_montant as m";
 $sql .= "," . MAIN_DB_PREFIX."telephonie_tarif as t";
 
@@ -130,6 +105,10 @@ $sql .= " AND m.fk_tarif = t.rowid";
 $sql .= " AND t.rowid = '".$_GET["id"]."'";
 $sql .= " AND d.type_tarif = 'achat'";
 
+$sql .= " AND d.rowid = r.fk_grille";
+$sql .= " AND r.fk_user =".$user->id;
+$sql .= " AND r.pread = 1";
+
 $sql .= " ORDER BY t.libelle ASC";
 
 $resql = $db->query($sql);
-- 
GitLab