diff --git a/htdocs/comm/action/index.php b/htdocs/comm/action/index.php
index bffdaef9b42bd4b387a01f9fbda5fd48bbbded7d..73de43f2222c5868ef1f6e3890091032c5bacde5 100644
--- a/htdocs/comm/action/index.php
+++ b/htdocs/comm/action/index.php
@@ -38,12 +38,9 @@ $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
$page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
if ($page == -1) { $page = 0 ; }
$limit = $conf->liste_limit;
diff --git a/htdocs/comm/clients.php b/htdocs/comm/clients.php
index 6e39b03e240a0ff1175802471dd1fd943c615533..4aa19dddb7708b129d07af6e8006e83c4592d038 100644
--- a/htdocs/comm/clients.php
+++ b/htdocs/comm/clients.php
@@ -27,7 +27,8 @@
require("./pre.inc.php");
// Security check
-$result = restrictedArea($user, 'societe','','',1);
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];
diff --git a/htdocs/comm/contact.php b/htdocs/comm/contact.php
index 37effe7f9905ea79b8977aa99e5f217e288ba651..7538626e181ef19b6be0056b440b1a42cc56b7c6 100644
--- a/htdocs/comm/contact.php
+++ b/htdocs/comm/contact.php
@@ -38,11 +38,11 @@ if ($page < 0) { $page = 0 ; }
$limit = $conf->liste_limit;
$offset = $limit * $page ;
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
$type=$_GET["type"];
// Security check
-$result = restrictedArea($user, 'societe');
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
/*
diff --git a/htdocs/comm/fiche.php b/htdocs/comm/fiche.php
index ed05b27ad2220477758753a1820fea321646ab78..89a9447de4c92b79b7d6895547330a85ebaf8c29 100644
--- a/htdocs/comm/fiche.php
+++ b/htdocs/comm/fiche.php
@@ -41,10 +41,9 @@ $langs->load("bills");
$langs->load("contracts");
if ($conf->fichinter->enabled) $langs->load("interventions");
-$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-
// Security check
-$result = restrictedArea($user, 'societe', $socid);
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
diff --git a/htdocs/comm/prospect/fiche.php b/htdocs/comm/prospect/fiche.php
index 4dad131ba832a14976e8ae8125933ecd83594c53..9fbdd666e38b848ec8b55dc2c8a7bb3c96b9a8a4 100644
--- a/htdocs/comm/prospect/fiche.php
+++ b/htdocs/comm/prospect/fiche.php
@@ -35,28 +35,9 @@ $langs->load('companies');
$langs->load('projects');
$langs->load('propal');
-$socid = isset($_GET["id"])?$_GET["id"]:$_GET["socid"]; // Fonctionne si on passe id ou socid
-if ($socid == '') accessforbidden();
-
-// Protection quand utilisateur externe
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.client = 2";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
-
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
/*
diff --git a/htdocs/comm/prospect/prospects.php b/htdocs/comm/prospect/prospects.php
index 8cf622cfe0be9ae8d66fb48fc7013549800cd789..6c58ebfeedf8977b25be60b8d65e4f4ef10d25c8 100644
--- a/htdocs/comm/prospect/prospects.php
+++ b/htdocs/comm/prospect/prospects.php
@@ -32,13 +32,9 @@ require_once(DOL_DOCUMENT_ROOT."/prospect.class.php");
$langs->load("propal");
-// S�curit� acc�s client
-$socid=0;
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
$socname=isset($_GET["socname"])?$_GET["socname"]:$_POST["socname"];
$stcomm=isset($_GET["stcomm"])?$_GET["stcomm"]:$_POST["stcomm"];
diff --git a/htdocs/commande/liste.php b/htdocs/commande/liste.php
index a89541d2ec7fb3c06987fc09c67bbb34f4a0cfc2..68c5e2b2a4e423ee9a6c8a5edee997aad3e01e24 100644
--- a/htdocs/commande/liste.php
+++ b/htdocs/commande/liste.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2005 Marc Barilley / Ocebo <marc@ocebo.com>
* Copyright (C) 2005-2007 Regis Houssin <regis@dolibarr.fr>
*
@@ -17,15 +17,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/commande/liste.php
\ingroup commande
\brief Page liste des commandes
- \version $Revision$
+ \version $Id$
*/
@@ -35,9 +33,6 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
$langs->load('orders');
$langs->load('companies');
-if (!$user->rights->commande->lire)
- accessforbidden();
-
$year=isset($_GET["year"])?$_GET["year"]:$_POST["year"];
$month=isset($_GET["month"])?$_GET["month"]:$_POST["month"];
$sref=isset($_GET['sref'])?$_GET['sref']:$_POST['sref'];
@@ -45,13 +40,9 @@ $sref_client=isset($_GET['sref_client'])?$_GET['sref_client']:(isset($_POST['sre
$snom=isset($_GET['snom'])?$_GET['snom']:$_POST['snom'];
$sall=isset($_GET['sall'])?$_GET['sall']:$_POST['sall'];
-// S�curit� acc�s client
-$socid = $_GET['socid'];
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+$result = restrictedArea($user, 'commande', $orderid,'',1);
/*
diff --git a/htdocs/compta/commande/liste.php b/htdocs/compta/commande/liste.php
index bbc52d78c781dd21c12b858643da11725fe0d4a9..a795f037db67e41e77ffa4cb17a14d4e515cac64 100644
--- a/htdocs/compta/commande/liste.php
+++ b/htdocs/compta/commande/liste.php
@@ -42,13 +42,10 @@ if (! $sortorder) $sortorder="DESC";
$limit = $conf->liste_limit;
$offset = $limit * $_GET["page"] ;
-// S�curit� acc�s client
-$socid = $_GET["socid"];
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+$result = restrictedArea($user, 'commande',$orderid,'',1);
+
$langs->load('companies');
diff --git a/htdocs/compta/deplacement/fiche.php b/htdocs/compta/deplacement/fiche.php
index caa8ba84efb9837a4df285c4a1c73a2ea69a656c..49a12dde51b3161363ef0edec0a4d383f2d432fb 100644
--- a/htdocs/compta/deplacement/fiche.php
+++ b/htdocs/compta/deplacement/fiche.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,21 +15,21 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/compta/deplacement/fiche.php
\brief Page fiche d'un d�placement
+ \version $Id$
*/
require("./pre.inc.php");
$langs->load("trips");
+// Security check
$id=isset($_GET["id"])?$_GET["id"]:$_POST["id"];
+$result = restrictedArea($user, 'deplacement', $id,'',1);
$mesg = '';
@@ -38,7 +38,7 @@ $mesg = '';
/*
* Actions
*/
-if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
+if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes" && $user->rights->deplacement->supprimer)
{
$deplacement = new Deplacement($db);
$deplacement->delete($_GET["id"]);
@@ -46,53 +46,69 @@ if ($_POST["action"] == 'confirm_delete' && $_POST["confirm"] == "yes")
exit;
}
-if ($_POST["action"] == 'add' && $_POST["cancel"] <> $langs->trans("Cancel"))
+if ($_POST["action"] == 'add' && $user->rights->deplacement->creer)
{
- $deplacement = new Deplacement($db);
-
- $deplacement->date = mktime(12, 1 , 1,
- $_POST["remonth"],
- $_POST["reday"],
- $_POST["reyear"]);
-
- $deplacement->km = $_POST["km"];
- $deplacement->socid = $_POST["socid"];
- $deplacement->userid = $user->id; //$_POST["km"];
- $id = $deplacement->create($user);
-
- if ($id > 0)
+ if (! $_POST["cancel"])
{
- Header ( "Location: fiche.php?id=".$id);
- exit;
+ $deplacement = new Deplacement($db);
+
+ $deplacement->date = dolibarr_mktime(12, 0, 0,
+ $_POST["remonth"],
+ $_POST["reday"],
+ $_POST["reyear"]);
+
+ $deplacement->km = $_POST["km"];
+ $deplacement->socid = $_POST["socid"];
+ $deplacement->userid = $user->id; //$_POST["km"];
+ $id = $deplacement->create($user);
+
+ if ($id > 0)
+ {
+ Header ( "Location: fiche.php?id=".$id);
+ exit;
+ }
+ else
+ {
+ dolibarr_print_error($db,$deplacement->error);
+ }
}
else
{
- dolibarr_print_error($db,$deplacement->error);
+ Header ( "Location: index.php");
+ exit;
}
}
-if ($_POST["action"] == 'update' && $_POST["cancel"] <> $langs->trans("Cancel"))
+if ($_POST["action"] == 'update' && $user->rights->deplacement->creer)
{
- $deplacement = new Deplacement($db);
- $result = $deplacement->fetch($_POST["id"]);
-
- $deplacement->date = mktime(12, 1 , 1,
- $_POST["remonth"],
- $_POST["reday"],
- $_POST["reyear"]);
-
- $deplacement->km = $_POST["km"];
-
- $result = $deplacement->update($user);
-
- if ($result > 0)
+ if (! $_POST["cancel"])
{
- Header ( "Location: fiche.php?id=".$_POST["id"]);
- exit;
+ $deplacement = new Deplacement($db);
+ $result = $deplacement->fetch($_POST["id"]);
+
+ $deplacement->date = dolibarr_mktime(12, 0 , 0,
+ $_POST["remonth"],
+ $_POST["reday"],
+ $_POST["reyear"]);
+
+ $deplacement->km = $_POST["km"];
+
+ $result = $deplacement->update($user);
+
+ if ($result > 0)
+ {
+ Header ( "Location: fiche.php?id=".$_POST["id"]);
+ exit;
+ }
+ else
+ {
+ print $mesg=$langs->trans("ErrorUnknown");
+ }
}
else
{
- print $mesg=$langs->trans("ErrorUnknown");
+ Header ( "Location: index.php");
+ exit;
}
}
diff --git a/htdocs/compta/deplacement/index.php b/htdocs/compta/deplacement/index.php
index 4585135307c78c4c0d766ce6884d7418062c7c12..8bf8e5c781c05258ce7475d11bb698576bd993eb 100644
--- a/htdocs/compta/deplacement/index.php
+++ b/htdocs/compta/deplacement/index.php
@@ -17,14 +17,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/compta/deplacement/index.php
\brief Page liste des d�placements
+ \version $Id$
*/
require("./pre.inc.php");
@@ -34,6 +32,9 @@ $langs->load("companies");
$langs->load("users");
$langs->load("trips");
+// Security check
+$result = restrictedArea($user, 'deplacement','','',1);
+
llxHeader();
diff --git a/htdocs/compta/facture/impayees.php b/htdocs/compta/facture/impayees.php
index cf7255f3e47ba334c219968ebdb44a204c2179d0..47dd9986d281d5c9e27faebd861e6c46b2c71083 100644
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -32,21 +32,11 @@ require_once(DOL_DOCUMENT_ROOT."/html.formfile.class.php");
require_once(DOL_DOCUMENT_ROOT."/facture.class.php");
require_once(DOL_DOCUMENT_ROOT."/paiement.class.php");
-if (!$user->rights->facture->lire)
-accessforbidden();
-
$langs->load("bills");
-
-
-if ($_GET["socid"]) { $socid=$_GET["socid"]; }
-
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$facid = isset($_GET["facid"])?$_GET["facid"]:'';
+$result = restrictedArea($user, 'facture',$facid,'',1);
llxHeader('',$langs->trans("BillsCustomersUnpayed"));
diff --git a/htdocs/compta/fiche.php b/htdocs/compta/fiche.php
index d93c1e22d5a0fd61ef8d41803b6a74b7a4f07d52..6d743339d6c6fadb871385a851128ae435d4ad54 100644
--- a/htdocs/compta/fiche.php
+++ b/htdocs/compta/fiche.php
@@ -33,30 +33,9 @@ $langs->load("companies");
if ($conf->facture->enabled) $langs->load("bills");
if ($conf->projet->enabled) $langs->load("projects");
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
-
-// Protection quand utilisateur externe
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- //print "eeeee".$socid."rr".$user->societe_id."oo".$user->rights->commercial->client->voir;
- $sql = "SELECT sc.fk_soc, s.client";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+$result = restrictedArea($user, 'societe',$socid,'',1);
/*
diff --git a/htdocs/compta/paiement/cheque/fiche.php b/htdocs/compta/paiement/cheque/fiche.php
index acaca8a4b6ea4ec48b8f7ed61a07953eccd9ff6d..1f3b4a843705e8aa1a3e39df5fd28d5dcf0c6d6b 100644
--- a/htdocs/compta/paiement/cheque/fiche.php
+++ b/htdocs/compta/paiement/cheque/fiche.php
@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/compta/paiement/cheque/fiche.php
\ingroup facture
\brief Onglet paiement cheque
- \version $Revision$
+ \version $Id$
*/
require('./pre.inc.php');
@@ -36,6 +34,9 @@ $langs->load('bills');
$langs->load('banks');
$langs->load('companies');
+// Security check
+$result = restrictedArea($user, 'banque', '','',0);
+
$mesg='';
$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
diff --git a/htdocs/compta/paiement/cheque/index.php b/htdocs/compta/paiement/cheque/index.php
index 329e6f04896146e8a76d5291518891bd64d14552..744a747c5814ba435697966ace546a56272e794e 100644
--- a/htdocs/compta/paiement/cheque/index.php
+++ b/htdocs/compta/paiement/cheque/index.php
@@ -1,6 +1,6 @@
<?php
-/* Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2007 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
+ * Copyright (C) 2007-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/compta/paiement/cheque/index.php
\ingroup compta
\brief Page liste des bordereau de remise de cheque
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -32,16 +30,9 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("banks");
-// S�curit� acc�s client
-if (! $user->rights->banque)
- accessforbidden();
+// Security check
+$result = restrictedArea($user, 'banque', '','',1);
-$socid=0;
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
$checkdepositstatic=new RemiseCheque($db);
$accountstatic=new Account($db);
diff --git a/htdocs/compta/paiement/cheque/liste.php b/htdocs/compta/paiement/cheque/liste.php
index bc1f9e5e3adae82c506885f5e390602552e3f0a5..bcb46a88ec55e8a857a231d069fd9d107336aa2e 100644
--- a/htdocs/compta/paiement/cheque/liste.php
+++ b/htdocs/compta/paiement/cheque/liste.php
@@ -30,16 +30,8 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("bills");
-// S�curit� acc�s client
-if (! $user->rights->facture->lire && ! $user->rights->adherent->cotisation->lire)
- accessforbidden();
-
-$socid=0;
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$result = restrictedArea($user, 'banque', '','',1);
$page=$_GET["page"];
$sortorder=$_GET["sortorder"];
diff --git a/htdocs/compta/paiement/liste.php b/htdocs/compta/paiement/liste.php
index e2afa8f4e025b3d615dbaaa5988d4aa452937691..58cd88968812282668150f0dc03c88f9eeffbd1c 100644
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -33,16 +33,10 @@ require_once(DOL_DOCUMENT_ROOT.'/compta/bank/account.class.php');
$langs->load("bills");
-// S�curit� acc�s client
-if (! $user->rights->facture->lire)
- accessforbidden();
+// Security check
+$facid = isset($_GET["facid"])?$_GET["facid"]:'';
+$result = restrictedArea($user, 'facture',$facid,'',1);
-$socid=0;
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
$paymentstatic=new Paiement($db);
$accountstatic=new Account($db);
@@ -50,8 +44,9 @@ $companystatic=new Societe($db);
/*
- * Affichage
- */
+* View
+*/
+
llxHeader('',$langs->trans("ListPayment"));
$page=$_GET["page"];
diff --git a/htdocs/compta/prelevement/demandes.php b/htdocs/compta/prelevement/demandes.php
index 8ac94d1db1b3e67dcec4be9ec3e3fd1d6c5a5e89..42565e974f01ea8a14e35d7de4612be8e15cceb3 100644
--- a/htdocs/compta/prelevement/demandes.php
+++ b/htdocs/compta/prelevement/demandes.php
@@ -30,15 +30,12 @@
require("./pre.inc.php");
require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
-if (!$user->rights->prelevement->bons->lire)
- accessforbidden();
-
$langs->load("widthdrawals");
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'prelevement','','',1);
+
llxHeader();
diff --git a/htdocs/compta/prelevement/index.php b/htdocs/compta/prelevement/index.php
index 28ce8856d188e66cfab79dba26408dcfddd0b676..bb49bcb1e592e3ea7b848ef5f34f7c8abe6d3048 100644
--- a/htdocs/compta/prelevement/index.php
+++ b/htdocs/compta/prelevement/index.php
@@ -32,16 +32,11 @@ require_once DOL_DOCUMENT_ROOT."/includes/modules/modPrelevement.class.php";
$langs->load("withdrawals");
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'prelevement','','',1);
-if (!$user->rights->prelevement->bons->lire)
- accessforbidden();
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
/*
diff --git a/htdocs/contact/exportimport.php b/htdocs/contact/exportimport.php
index c9edd4d194940a8c686fd7670dfc033de5afa1da..bd8638bd72cf6ae730321fce8bd38f6ea2c364f9 100644
--- a/htdocs/contact/exportimport.php
+++ b/htdocs/contact/exportimport.php
@@ -32,43 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
-
-$socid=0;
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contactid && ! $user->rights->commercial->client->voir)
-{
- $sql = "SELECT sc.fk_soc, sp.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
- $sql .= " WHERE sp.rowid = ".$contactid;
- if (! $user->rights->commercial->client->voir && ! $socid)
- {
- $sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
-
- $resql=$db->query($sql);
- if ($resql)
- {
- if ($db->num_rows() == 0) accessforbidden();
- }
- else
- {
- dolibarr_print_error($db);
- }
-}
+$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
- *
- *
- */
+* View
+*/
llxHeader();
diff --git a/htdocs/contact/fiche.php b/htdocs/contact/fiche.php
index 5a9a3154ec2ff8aacdacb99218e8231cd0a85124..e51458e21ee7b007d0f484ee9fbf4f04542d5d10 100644
--- a/htdocs/contact/fiche.php
+++ b/htdocs/contact/fiche.php
@@ -35,36 +35,17 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
$langs->load("users");
-
$error = array();
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
-// Protection quand utilisateur externe
+// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contact', $contactid,'',0);
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contactid && !$user->rights->commercial->client->voir)
-{
- $sql = "SELECT sc.fk_soc, sp.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
- $sql .= " WHERE sp.rowid = ".$contactid;
- if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
- {
- $sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($user->societe_id > 0) $sql .= " AND sp.fk_soc = ".$socid;
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+/*
+* Actions
+*/
// Creation utilisateur depuis contact
if ($user->rights->user->user->creer)
diff --git a/htdocs/contact/index.php b/htdocs/contact/index.php
index d039f140f9d5285267d8c74c07d810c432e0ee83..17f0ea57e589733c33d1e16dff597e8675b44c63 100644
--- a/htdocs/contact/index.php
+++ b/htdocs/contact/index.php
@@ -16,15 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/contact/index.php
\ingroup societe
\brief Page liste des contacts
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -33,17 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
$langs->load("companies");
$langs->load("suppliers");
-
-// S�curit� acc�s client
-$socid='';
-if ($_GET["socid"]) { $socid=$_GET["socid"]; }
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-
+// Security check
+$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contact', $contactid,'',1);
$search_nom=isset($_GET["search_nom"])?$_GET["search_nom"]:$_POST["search_nom"];
$search_prenom=isset($_GET["search_prenom"])?$_GET["search_prenom"]:$_POST["search_prenom"];
@@ -107,20 +97,17 @@ llxHeader();
$sql = "SELECT s.rowid as socid, s.nom, ";
$sql.= " p.rowid as cidp, p.name, p.firstname, p.email, p.phone, p.phone_mobile, p.fax,";
$sql.= " ".$db->pdate("p.tms")." as tms";
-if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
-$sql.= " FROM ";
-if (!$user->rights->commercial->client->voir && !$socid) $sql .= MAIN_DB_PREFIX."societe_commerciaux as sc,";
-$sql.= " ".MAIN_DB_PREFIX."socpeople as p";
+$sql.= " FROM ".MAIN_DB_PREFIX."socpeople as p";
$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid = p.fk_soc";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON s.rowid = sc.fk_soc";
$sql.= " WHERE 1=1 ";
-
-if ($_GET["userid"]) // statut commercial
+if (!$user->rights->commercial->client->voir && !$socid) //restriction
{
- $sql .= " AND p.fk_user_creat=".$_GET["userid"];
+ $sql .= " AND IFNULL(sc.fk_user, ".$user->id.") = " .$user->id;
}
-if (!$user->rights->commercial->client->voir && !$socid) //restriction
+if ($_GET["userid"]) // statut commercial
{
- $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ $sql .= " AND p.fk_user_creat=".$_GET["userid"];
}
if ($search_nom) // filtre sur le nom
{
diff --git a/htdocs/contact/info.php b/htdocs/contact/info.php
index 2c653bbef74b1cc8294d9e019ecdf8bfcbede867..efbd7647c745bc2895f2183e2d9e15d782f7bcfc 100644
--- a/htdocs/contact/info.php
+++ b/htdocs/contact/info.php
@@ -32,42 +32,15 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contact',$contactid,'',1);
-$socid=0;
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contactid && ! $user->rights->commercial->client->voir)
-{
- $sql = "SELECT sc.fk_soc, sp.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
- $sql .= " WHERE sp.rowid = ".$contactid;
- if (! $user->rights->commercial->client->voir && ! $socid)
- {
- $sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
-
- $resql=$db->query($sql);
- if ($resql)
- {
- if ($db->num_rows() == 0) accessforbidden();
- }
- else
- {
- dolibarr_print_error($db);
- }
-}
/*
- * Fiche info
- */
+* View
+*/
llxHeader();
diff --git a/htdocs/contact/ldap.php b/htdocs/contact/ldap.php
index d9a38555b1864f04e62aaf349ea6a9ee6dceb677..91de26bd3d9c376d578e23e2680f9472fd81fe3a 100644
--- a/htdocs/contact/ldap.php
+++ b/htdocs/contact/ldap.php
@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/contact/ldap.php
\ingroup ldap
\brief Page fiche LDAP contact
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -35,43 +33,14 @@ $langs->load("companies");
$langs->load("ldap");
$langs->load("admin");
-// Protection quand utilisateur externe
+// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
-
-$socid=0;
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contactid && ! $user->rights->commercial->client->voir)
-{
- $sql = "SELECT sc.fk_soc, sp.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
- $sql .= " WHERE sp.rowid = ".$contactid;
- if (! $user->rights->commercial->client->voir && ! $socid)
- {
- $sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
-
- $resql=$db->query($sql);
- if ($resql)
- {
- if ($db->num_rows() == 0) accessforbidden();
- }
- else
- {
- dolibarr_print_error($db);
- }
-}
+$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
- *
- *
- */
+* View
+*/
llxHeader();
diff --git a/htdocs/contact/perso.php b/htdocs/contact/perso.php
index 788de00999f91d3d63bc71e33ab7c8e42bf90f95..e3802b1f964b41327233d5bc332af080badc4bed 100644
--- a/htdocs/contact/perso.php
+++ b/htdocs/contact/perso.php
@@ -15,15 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/contact/perso.php
\ingroup societe
\brief Onglet informations personnelles d'un contact
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -32,59 +30,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/contact.lib.php");
$langs->load("companies");
-// Protection quand utilisateur externe
+// Security check
$contactid = isset($_GET["id"])?$_GET["id"]:'';
-
-$socid=0;
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-
-// Protection restriction commercial
-if ($contactid && ! $user->rights->commercial->client->voir)
-{
- $sql = "SELECT sc.fk_soc, sp.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."socpeople as sp";
- $sql .= " WHERE sp.rowid = ".$contactid;
- if (! $user->rights->commercial->client->voir && ! $socid)
- {
- $sql .= " AND sc.fk_soc = sp.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($socid) $sql .= " AND sp.fk_soc = ".$socid;
-
- $resql=$db->query($sql);
- if ($resql)
- {
- if ($db->num_rows() == 0) accessforbidden();
- }
- else
- {
- dolibarr_print_error($db);
- }
-}
-
-if ($_POST["action"] == 'update')
-{
- $contact = new Contact($db);
- $contact->id = $_POST["contactid"];
-
- if ($_POST["birthdayyear"] && $_POST["birthdaymonth"] && $_POST["birthdayday"])
- {
- $contact->birthday = dolibarr_mktime(0,0,0,$_POST["birthdaymonth"],$_POST["birthdayday"],$_POST["birthdayyear"]);
- }
-
- $contact->birthday_alert = $_POST["birthday_alert"];
-
- $result = $contact->update_perso($_POST["contactid"], $user);
-}
+$result = restrictedArea($user, 'contact',$contactid,'',1);
/*
- *
- *
- */
+* View
+*/
llxHeader();
diff --git a/htdocs/contrat/index.php b/htdocs/contrat/index.php
index eb4f29774f6e708008e3fc39404609ee11491112..d785e27fa5497b5f102232f266c0dadf05f85519 100644
--- a/htdocs/contrat/index.php
+++ b/htdocs/contrat/index.php
@@ -38,14 +38,9 @@ $page = isset($_GET["page"])?$_GET["page"]:$_POST["page"];
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
-// S�curit� acc�s client
-$socid='';
-if ($_GET["socid"]) { $socid=$_GET["socid"]; }
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);
diff --git a/htdocs/contrat/info.php b/htdocs/contrat/info.php
index fc17bd46053d350c646a55160e7eaa530ac04aae..01a2e5f970d7fbe84805aeac0ce165cc4e4b3b2e 100644
--- a/htdocs/contrat/info.php
+++ b/htdocs/contrat/info.php
@@ -31,42 +31,16 @@ require_once(DOL_DOCUMENT_ROOT."/contrat/contrat.class.php");
$langs->load("contracts");
-if (!$user->rights->contrat->lire)
- accessforbidden();
-
-// S�curit� acc�s client et commerciaux
+// Security check
$contratid = isset($_GET["id"])?$_GET["id"]:'';
-
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
-{
- $sql = "SELECT sc.fk_soc, c.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
- $sql .= " WHERE c.rowid = ".$contratid;
- if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
- {
- $sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
-
-llxHeader();
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
/*
- * Visualisation de la fiche
- *
- */
+* View
+*/
+
+llxHeader();
$contrat = new Contrat($db);
$contrat->fetch($_GET["id"]);
diff --git a/htdocs/contrat/liste.php b/htdocs/contrat/liste.php
index a7a7785ec3dd38239143bf948eaa182c8bc0bc57..abc8d988067cd7f2391fb518072a95175c5f1218 100644
--- a/htdocs/contrat/liste.php
+++ b/htdocs/contrat/liste.php
@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/contrat/liste.php
\ingroup contrat
\brief Page liste des contrats
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -50,12 +47,9 @@ $socid=$_GET["socid"];
if (! $sortfield) $sortfield="c.rowid";
if (! $sortorder) $sortorder="DESC";
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);
diff --git a/htdocs/contrat/note.php b/htdocs/contrat/note.php
index c116b9ddbbefc1e702d7ffbca13207719ea2218d..2925a948050d9fd106f048c5e34cb73c7382b7a2 100644
--- a/htdocs/contrat/note.php
+++ b/htdocs/contrat/note.php
@@ -36,32 +36,10 @@ if (!$user->rights->contrat->lire)
$langs->load("companies");
$langs->load("contracts");
-// S�curit� acc�s client et commerciaux
-$contratid = isset($_GET["id"])?$_GET["id"]:'';
+// Security check
+$contactid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contact',$contactid,'',1);
-if ($user->societe_id > 0)
-{
- unset($_GET["action"]);
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if ($contratid && (!$user->rights->commercial->client->voir || $user->societe_id > 0))
-{
- $sql = "SELECT sc.fk_soc, c.fk_soc";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."contrat as c";
- $sql .= " WHERE c.rowid = ".$contratid;
- if (!$user->rights->commercial->client->voir && !$user->societe_id > 0)
- {
- $sql .= " AND sc.fk_soc = c.fk_soc AND sc.fk_user = ".$user->id;
- }
- if ($user->societe_id > 0) $sql .= " AND c.fk_soc = ".$socid;
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
$contrat = new Contrat($db);
$contrat->fetch($_GET["id"]);
diff --git a/htdocs/contrat/services.php b/htdocs/contrat/services.php
index 7bc7d1071442003617d035f00f5dc8066a0290f0..56870248601c67c44a8a130617b87009f4ca4bd6 100644
--- a/htdocs/contrat/services.php
+++ b/htdocs/contrat/services.php
@@ -51,12 +51,10 @@ $search_service=isset($_GET["search_service"])?$_GET["search_service"]:$_POST["s
$statut=isset($_GET["statut"])?$_GET["statut"]:1;
$socid=$_GET["socid"];
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$contratid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'contrat',$contratid,'',1);
+
$staticcontrat=new Contrat($db);
$staticcontratligne=new ContratLigne($db);
diff --git a/htdocs/expedition/index.php b/htdocs/expedition/index.php
index b1a6875d1d880a2e691806f6df0f6bc59fa08fd9..09438f943851cd207063d9903b406fb1386b5a96 100644
--- a/htdocs/expedition/index.php
+++ b/htdocs/expedition/index.php
@@ -16,22 +16,24 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/expedition/index.php
\ingroup expedition
\brief Page accueil du module expedition
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
$langs->load("sendings");
+
+/*
+* View
+*/
+
llxHeader('',$langs->trans("Sendings"),'ch-expedition.html',$form_search);
print_fiche_titre($langs->trans("SendingsArea"));
diff --git a/htdocs/expedition/liste.php b/htdocs/expedition/liste.php
index 29c2f46e32479baf1671b9454b7d8ec890c63073..5afa63f44428503befd91427b1c675ab40bca065 100644
--- a/htdocs/expedition/liste.php
+++ b/htdocs/expedition/liste.php
@@ -29,16 +29,12 @@
require("./pre.inc.php");
-if (!$user->rights->expedition->lire) accessforbidden();
-
$langs->load('companies');
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$expeditionid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'expedition',$expeditionid,'',1);
+
$sortfield=isset($_GET["sortfield"])?$_GET["sortfield"]:"";
$sortorder=isset($_GET["sortorder"])?$_GET["sortorder"]:"";
diff --git a/htdocs/fichinter/index.php b/htdocs/fichinter/index.php
index 6c42a1ad93a0363743be359a249bec3e4181be7d..4929a045e098c27837556475a038d29da22c8055 100644
--- a/htdocs/fichinter/index.php
+++ b/htdocs/fichinter/index.php
@@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/fichinter/index.php
\brief Page accueil espace fiches interventions
\ingroup ficheinter
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -40,11 +37,9 @@ $sortfield=$_GET["sortfield"]?$_GET["sortfield"]:$_POST["sortfield"];
$socid=$_GET["socid"]?$_GET["socid"]:$_POST["socid"];
$page=$_GET["page"]?$_GET["page"]:$_POST["page"];
-// Securit�
-if ($user->societe_id > 0)
-{
- $socid = $user->societe_id ;
-}
+// Security check
+$fichinterid = isset($_GET["id"])?$_GET["id"]:'';
+$result = restrictedArea($user, 'ficheinter', $fichinterid,'',1);
if (! $sortorder) $sortorder="DESC";
if (! $sortfield) $sortfield="f.datei";
@@ -55,6 +50,9 @@ $offset = $limit * $page ;
$pageprev = $page - 1;
$pagenext = $page + 1;
+/*
+* View
+*/
llxHeader();
diff --git a/htdocs/fourn/commande/index.php b/htdocs/fourn/commande/index.php
index ded28636c6172495563a2bd98e54ad266a64283f..6d32e31ccc8fe832ae2cd9c3a3fc5a49b4d0fb07 100644
--- a/htdocs/fourn/commande/index.php
+++ b/htdocs/fourn/commande/index.php
@@ -1,6 +1,6 @@
<?PHP
/* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2006 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,6 +27,10 @@
require("./pre.inc.php");
require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
+// Security check
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+$result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
+
/*
* View
@@ -34,13 +38,6 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
llxHeader('',$langs->trans("SuppliersOrdersArea"));
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
$commande = new CommandeFournisseur($db);
print_barre_liste($langs->trans("SuppliersOrdersArea"), $page, "index.php", "", $sortfield, $sortorder, '', $num);
@@ -49,9 +46,14 @@ print '<table class="notopnoleftnoright" width="100%">';
print '<tr valign="top"><td class="notopnoleft" width="30%">';
$sql = "SELECT count(cf.rowid), fk_statut";
-$sql.= " FROM ".MAIN_DB_PREFIX."societe as s,";
-$sql.= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql.= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql.= " WHERE cf.fk_soc = s.rowid ";
+if (!$user->rights->commercial->client->voir && !$socid) //restriction
+{
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+}
$sql.= " GROUP BY cf.fk_statut";
$resql = $db->query($sql);
diff --git a/htdocs/fourn/commande/liste.php b/htdocs/fourn/commande/liste.php
index 423dcc5c6c7616960109664e6c135b3893ca747b..71b114636516200f5a8ce155a91f8d5da314fb9b 100644
--- a/htdocs/fourn/commande/liste.php
+++ b/htdocs/fourn/commande/liste.php
@@ -1,6 +1,6 @@
<?PHP
/* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/fourn/commande/liste.php
\ingroup fournisseur
\brief Liste des commandes fournisseurs
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -36,14 +33,16 @@ $socid = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
$sortorder = $_GET["sortorder"];
$sortfield = $_GET["sortfield"];
-$title = $langs->trans("SuppliersOrders");
-
-if (!$user->rights->fournisseur->commande->lire) accessforbidden();
+// Security check
+$orderid = isset($_GET["orderid"])?$_GET["orderid"]:'';
+$result = restrictedArea($user, 'commande_fournisseur', $orderid,'',1);
-// S�curit� acc�s client/fournisseur
-if ($user->societe_id > 0) $socid = $user->societe_id;
+/*
+* View
+*/
+$title = $langs->trans("SuppliersOrders");
if ($socid > 0)
{
$fourn = new Fournisseur($db);
@@ -51,10 +50,6 @@ if ($socid > 0)
$title .= ' (<a href="liste.php">'.$fourn->nom.'</a>)';
}
-/*
- * Affichage
- */
-
llxHeader('',$title);
$commandestatic=new CommandeFournisseur($db);
@@ -71,10 +66,14 @@ $offset = $conf->liste_limit * $page ;
$sql = "SELECT s.rowid as socid, s.nom, ".$db->pdate("cf.date_commande")." as dc,";
$sql .= " cf.rowid,cf.ref, cf.fk_statut";
-$sql .= " FROM ".MAIN_DB_PREFIX."societe as s,";
-$sql .= " ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", sc.fk_soc, sc.fk_user";
+$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."commande_fournisseur as cf";
+if (!$user->rights->commercial->client->voir && !$socid) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
$sql .= " WHERE cf.fk_soc = s.rowid ";
-
+if (!$user->rights->commercial->client->voir && !$socid) //restriction
+{
+ $sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+}
if ($socid)
{
$sql .= " AND s.rowid = ".$socid;
diff --git a/htdocs/fourn/fiche-stats.php b/htdocs/fourn/fiche-stats.php
index b190e351676b4d046c8196e7f82812b8b80107d4..b305825917c46e6c87f410ebe8e946bce69dc1da 100644
--- a/htdocs/fourn/fiche-stats.php
+++ b/htdocs/fourn/fiche-stats.php
@@ -36,37 +36,19 @@ $langs->load('orders');
$langs->load('companies');
$langs->load('commercial');
-// S�curit� acc�s client
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-if (! $socid) accessforbidden();
-
+$result = restrictedArea($user, 'societe',$socid,'',1);
/*
* Actions
*/
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
/*
- * Mode fiche
+ * View
*/
$societe = new Fournisseur($db);
diff --git a/htdocs/fourn/fiche.php b/htdocs/fourn/fiche.php
index acbba71c80d291e23bd4eef3b82fe183ba32001e..0d51c72e7b5583de1c661d53c4dcf3b88c6924e6 100644
--- a/htdocs/fourn/fiche.php
+++ b/htdocs/fourn/fiche.php
@@ -36,34 +36,11 @@ $langs->load('orders');
$langs->load('companies');
$langs->load('commercial');
-// Securite acces client
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-if (! $socid) accessforbidden();
-
+$result = restrictedArea($user, 'societe',$socid,'',1);
-/*
- * Actions
- */
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_soc = s.rowid AND sc.fk_user = ".$user->id." AND s.fournisseur = 1";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
-
/*
* Mode fiche
diff --git a/htdocs/fourn/index.php b/htdocs/fourn/index.php
index 3ee266a7d00c00b1e96bb6ea587f7c97fd08188b..dd069402a954af688c99e956ff9e014d9d201d03 100644
--- a/htdocs/fourn/index.php
+++ b/htdocs/fourn/index.php
@@ -16,16 +16,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/fourn/index.php
\ingroup fournisseur
\brief Page accueil de la zone fournisseurs
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
@@ -36,16 +33,9 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
-if (!$user->rights->societe->lire)
- accessforbidden();
-
-// S�curit� acc�s client
-$socid='';
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
/*
diff --git a/htdocs/fourn/liste.php b/htdocs/fourn/liste.php
index 6a81a7f39708da552393f19492b077b135a47a3e..430aad9b68501e35ff5e745bb3dee804812d4721 100644
--- a/htdocs/fourn/liste.php
+++ b/htdocs/fourn/liste.php
@@ -33,9 +33,6 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
-if (!$user->rights->societe->lire)
- accessforbidden();
-
$page = isset($_GET["page"])?$_GET["page"]:'';
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -47,15 +44,10 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
-llxHeader();
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
-// S�curit� acc�s client
-$socid='';
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
if ($page == -1) { $page = 0 ; }
@@ -63,6 +55,13 @@ $offset = $conf->liste_limit * $page ;
if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="nom";
+
+/*
+* View
+*/
+
+llxHeader();
+
/*
* Mode Liste
*
diff --git a/htdocs/fourn/stats.php b/htdocs/fourn/stats.php
index ef1dcdc8d8b2a288ee0d3e4cbf4c78d9565b3cf7..f5d64d28825661096e8ff7fce7aaeb5b0abfbcff 100644
--- a/htdocs/fourn/stats.php
+++ b/htdocs/fourn/stats.php
@@ -33,10 +33,6 @@ $langs->load("suppliers");
$langs->load("orders");
$langs->load("companies");
-if (!$user->rights->societe->lire)
- accessforbidden();
-
-
$page = isset($_GET["page"])?$_GET["page"]:'';
$sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:'';
$sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:'';
@@ -44,13 +40,9 @@ $socname = isset($_GET["socname"])?$_GET["socname"]:'';
$search_nom = isset($_GET["search_nom"])?$_GET["search_nom"]:'';
$search_ville = isset($_GET["search_ville"])?$_GET["search_ville"]:'';
-// S�curit� acc�s client
-$socid='';
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+// Security check
+$socid = isset($_GET["socid"])?$_GET["socid"]:'';
+$result = restrictedArea($user, 'societe',$socid,'',1);
if ($page == -1) { $page = 0 ; }
diff --git a/htdocs/html.form.class.php b/htdocs/html.form.class.php
index 437eb7cea0cbe4d27bd2babf31ff3b32c0c1e837..a42965a9cd0af5f40cde742a0d7f5564c9fae670 100644
--- a/htdocs/html.form.class.php
+++ b/htdocs/html.form.class.php
@@ -572,32 +572,31 @@ class Form
/**
- * \brief Retourne la liste d�roulante des soci�t�s
- * \param selected Societe pr�-s�lectionn�e
- * \param htmlname Nom champ formulaire
- * \param filter Criteres optionnels de filtre
+ * \brief Output html form to select a third party
+ * \param selected Societe pr�-s�lectionn�e
+ * \param htmlname Nom champ formulaire
+ * \param filter Criteres optionnels de filtre
+ * \param showempty Add an empty field
*/
function select_societes($selected='',$htmlname='socid',$filter='',$showempty=0)
{
- global $conf;
+ global $conf,$user;
// On recherche les societes
- $sql = "SELECT s.rowid, s.nom FROM";
- $sql.= " ".MAIN_DB_PREFIX ."societe as s";
- if ($filter) $sql.= " WHERE ".$filter;
+ $sql = "SELECT s.rowid, s.nom";
+ $sql.= " FROM ".MAIN_DB_PREFIX ."societe as s";
+ if (!$user->rights->commercial->client->voir && !$user->societe_id) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
+ $sql.= " WHERE 1=1";
+ if ($filter) $sql.= " AND ".$filter;
if ($selected && $conf->use_javascript_ajax && $conf->global->COMPANY_USE_SEARCH_TO_SELECT)
{
- if ($filter)
- {
- $sql.= " AND";
- }
- else
- {
- $sql.= " WHERE";
- }
- $sql.= " rowid = ".$selected;
+ $sql.= " AND rowid = ".$selected;
}
- $sql.= " ORDER BY nom ASC";
+ if (!$user->rights->commercial->client->voir && !$user->societe_id) //restriction
+ {
+ $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+ }
+ $sql.= " ORDER BY nom ASC";
dolibarr_syslog("Form::select_societes sql=".$sql);
$resql=$this->db->query($sql);
diff --git a/htdocs/includes/menus/barre_left/eldy_backoffice.php b/htdocs/includes/menus/barre_left/eldy_backoffice.php
index 73e94ceef95ed54f138e57d13712c1739d9620a5..2eb81e7a6a17f7dfeccba4106a447988f09040f4 100644
--- a/htdocs/includes/menus/barre_left/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_left/eldy_backoffice.php
@@ -318,7 +318,7 @@ class MenuLeft {
$langs->load("orders");
$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
- if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
+ if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -464,7 +464,7 @@ class MenuLeft {
{
$langs->load("trips");
$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
- if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
+ if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
}
@@ -530,11 +530,11 @@ class MenuLeft {
}
// Gestion cheques
- if ($conf->facture->enabled)
+ if ($conf->facture->enabled && $conf->banque->enabled)
{
- $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
- if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
- if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->facture->lire);
+ $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->banque->lire);
+ if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->banque->creer);
+ if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/liste.php?leftmenu=checks",$langs->trans("MenuChequesReceipts"),1,$user->rights->banque->lire);
}
@@ -790,9 +790,11 @@ class MenuLeft {
*/
if ($mainmenu == 'members')
{
-
if ($conf->adherent->enabled)
{
+ $langs->load("members");
+ $langs->load("compta");
+
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);
diff --git a/htdocs/includes/menus/barre_left/eldy_frontoffice.php b/htdocs/includes/menus/barre_left/eldy_frontoffice.php
index 1ab88397311ac893279a62891069df62643e1517..4b98b4edc47da765c6d98cee3996e38015f7416f 100644
--- a/htdocs/includes/menus/barre_left/eldy_frontoffice.php
+++ b/htdocs/includes/menus/barre_left/eldy_frontoffice.php
@@ -301,7 +301,7 @@ class MenuLeft {
$langs->load("orders");
$newmenu->add(DOL_URL_ROOT."/commande/index.php?leftmenu=orders", $langs->trans("CustomersOrders"), 0 ,$user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/societe.php?leftmenu=orders", $langs->trans("NewOrder"), 1, $user->rights->commande->creer);
- if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->creer);
+ if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders", $langs->trans("List"), 1, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=0", $langs->trans("StatusOrderDraftShort"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=1", $langs->trans("StatusOrderValidated"), 2, $user->rights->commande->lire);
if ($leftmenu=="orders") $newmenu->add_submenu(DOL_URL_ROOT."/commande/liste.php?leftmenu=orders&viewstatut=2", $langs->trans("StatusOrderOnProcessShort"), 2, $user->rights->commande->lire);
@@ -449,7 +449,7 @@ class MenuLeft {
{
$langs->load("trips");
$newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("TripsAndExpenses"), 0, $user->rights->deplacement->lire);
- if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->lire);
+ if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/fiche.php?action=create&leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("New"), 1, $user->rights->deplacement->creer);
if ($leftmenu=="tripsandexpenses") $newmenu->add(DOL_URL_ROOT."/compta/deplacement/index.php?leftmenu=tripsandexpenses&mainmenu=accountancy", $langs->trans("List"), 1, $user->rights->deplacement->lire);
}
@@ -518,7 +518,7 @@ class MenuLeft {
// Gestion cheques
/*
- if ($conf->facture->enabled)
+ if ($conf->facture->enabled && $conf->banque->enabled)
{
$newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/index.php?leftmenu=checks",$langs->trans("MenuChequeDeposits"),0,$user->rights->facture->lire);
if (eregi("checks",$leftmenu)) $newmenu->add_submenu(DOL_URL_ROOT."/compta/paiement/cheque/fiche.php?leftmenu=checks&action=new",$langs->trans("NewChequeDeposit"),1,$user->rights->facture->creer);
@@ -759,9 +759,11 @@ class MenuLeft {
*/
if ($mainmenu == 'members')
{
-
if ($conf->adherent->enabled)
{
+ $langs->load("members");
+ $langs->load("compta");
+
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&mainmenu=members",$langs->trans("Members"),0,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/fiche.php?leftmenu=members&action=create",$langs->trans("NewMember"),1,$user->rights->adherent->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->lire);
@@ -771,7 +773,6 @@ class MenuLeft {
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&statut=1&filter=outofdate",$langs->trans("MenuMembersNotUpToDate"),1,$user->rights->adherent->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&statut=0",$langs->trans("MenuMembersResiliated"),1,$user->rights->adherent->lire);
- $langs->load("compta");
$newmenu->add(DOL_URL_ROOT."/adherents/index.php?leftmenu=members&mainmenu=members",$langs->trans("Subscriptions"),0,$user->rights->adherent->cotisation->lire);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/liste.php?leftmenu=members&statut=-1,1&mainmenu=members",$langs->trans("NewSubscription"),1,$user->rights->adherent->cotisation->creer);
$newmenu->add_submenu(DOL_URL_ROOT."/adherents/cotisations.php?leftmenu=members",$langs->trans("List"),1,$user->rights->adherent->cotisation->lire);
diff --git a/htdocs/includes/menus/barre_top/eldy_backoffice.php b/htdocs/includes/menus/barre_top/eldy_backoffice.php
index 46420e6c83adfca28de6ab96bd5cb11a23aac5b7..a85c3a0e51130874b1f438a4d0d55bd9c5c3f6db 100644
--- a/htdocs/includes/menus/barre_top/eldy_backoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_backoffice.php
@@ -334,7 +334,7 @@ class MenuTop {
$class = 'class="tmenu"';
}
- print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
+ print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
}
diff --git a/htdocs/includes/menus/barre_top/eldy_frontoffice.php b/htdocs/includes/menus/barre_top/eldy_frontoffice.php
index c3d4661dbc3d40b32fc39bf5b41c686954ef4dbc..f238d1289877470a7105e0c2e8b4236af29ac0ee 100644
--- a/htdocs/includes/menus/barre_top/eldy_frontoffice.php
+++ b/htdocs/includes/menus/barre_top/eldy_frontoffice.php
@@ -299,7 +299,7 @@ class MenuTop {
$class = 'class="tmenu"';
}
- print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("Members").'</a></td>';
+ print '<td class="tmenu"><a '.$class.' href="'.DOL_URL_ROOT.'/adherents/index.php?mainmenu=members&leftmenu="'.($this->atarget?" target=$this->atarget":"").'>'.$langs->trans("MenuMembers").'</a></td>';
}
diff --git a/htdocs/includes/modules/modCommercial.class.php b/htdocs/includes/modules/modCommercial.class.php
index b9749b8be051ef601dbf7f90fa93b6bfad440e18..bbe806bef4df32d6a8d3f035601bfc88426f9893 100644
--- a/htdocs/includes/modules/modCommercial.class.php
+++ b/htdocs/includes/modules/modCommercial.class.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
*
@@ -17,12 +17,11 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/** \defgroup commercial Module commercial
- \brief Module pour g�rer les fonctions commerciales
+ \brief Module pour gerer les fonctions commerciales
+ \version $Id$
*/
/**
@@ -84,7 +83,7 @@ class modCommercial extends DolibarrModules
$this->rights_class = 'commercial';
$r = 1;
- // 261 : Permission g�n�rale
+ // 261 : Permission generale
$this->rights[$r][0] = 261;
$this->rights[$r][1] = 'Consulter informations commerciales';
$this->rights[$r][2] = 'r';
@@ -93,9 +92,9 @@ class modCommercial extends DolibarrModules
$this->rights[$r][5] = 'lire';
$r++;
- // 262 : Resteindre l'acc�s des commerciaux
+ // 262 : Resteindre l'acces des commerciaux
$this->rights[$r][0] = 262;
- $this->rights[$r][1] = 'Consulter tous les clients (effectifs pour utilisateurs internes uniquement)';
+ $this->rights[$r][1] = 'Consulter tous les tiers par utilisateurs internes (sinon uniquement si contact commercial). Non effectif pour utilisateurs externes (tjs limités à eux-meme).';
$this->rights[$r][2] = 'r';
$this->rights[$r][3] = 1;
$this->rights[$r][4] = 'client';
diff --git a/htdocs/includes/modules/modDeplacement.class.php b/htdocs/includes/modules/modDeplacement.class.php
index d5c7710dcb6827609317aee534094d6ed3a7e94a..2f64cd934796f76549850334558330d3bd9b8870 100644
--- a/htdocs/includes/modules/modDeplacement.class.php
+++ b/htdocs/includes/modules/modDeplacement.class.php
@@ -1,5 +1,5 @@
<?php
-/* Copyright (C) 2005-2007 Laurent Destailleur <eldy@users.sourceforge.net>
+/* Copyright (C) 2005-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -14,13 +14,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\defgroup deplacement Module deplacement et notes de frais
- \brief Module pour g�rer les d�placements et notes de frais
+ \brief Module pour gerer les deplacements et notes de frais
+ \version $Id$
*/
/**
@@ -81,19 +80,19 @@ class modDeplacement extends DolibarrModules
$this->rights_class = 'deplacement';
$this->rights[1][0] = 170;
- $this->rights[1][1] = 'Lire les d�placements';
+ $this->rights[1][1] = 'Lire les deplacements';
$this->rights[1][2] = 'r';
$this->rights[1][3] = 1;
$this->rights[1][4] = 'lire';
$this->rights[2][0] = 171;
- $this->rights[2][1] = 'Cr�er/modifier les d�placements';
+ $this->rights[2][1] = 'Creer/modifier les deplacements';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'creer';
$this->rights[3][0] = 172;
- $this->rights[3][1] = 'Supprimer les d�placements';
+ $this->rights[3][1] = 'Supprimer les deplacements';
$this->rights[3][2] = 'd';
$this->rights[3][3] = 0;
$this->rights[3][4] = 'supprimer';
diff --git a/htdocs/includes/modules/modFicheinter.class.php b/htdocs/includes/modules/modFicheinter.class.php
index 5fcc12436dac688974c880bae803d0a67eba571b..3a386c11fd7aeeca9422d57631c8a552a408b594 100644
--- a/htdocs/includes/modules/modFicheinter.class.php
+++ b/htdocs/includes/modules/modFicheinter.class.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2003 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2007 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
* Copyright (C) 2004 Sebastien Di Cintio <sdicintio@ressource-toi.org>
* Copyright (C) 2004 Benoit Mortier <benoit.mortier@opensides.be>
*
@@ -17,13 +17,12 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
- \defgroup ficheinter Module fiche interventions
- \brief Module pour g�rer la tenue de fiches d'interventions
+ \defgroup ficheinter Module intervention cards
+ \brief Module to manage intervention cards
+ \version $Id$
*/
/**
@@ -101,7 +100,7 @@ class modFicheinter extends DolibarrModules
$this->rights[1][4] = 'lire';
$this->rights[2][0] = 62;
- $this->rights[2][1] = 'Cr�er/modifier les fiches d\'intervention';
+ $this->rights[2][1] = 'Creer/modifier les fiches d\'intervention';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'creer';
diff --git a/htdocs/includes/modules/modPrelevement.class.php b/htdocs/includes/modules/modPrelevement.class.php
index b96cf57a171838131524f87565b9e48de1491f3d..eb618e7bae7ff46b2bbd401cf1f1b42698d34a6e 100644
--- a/htdocs/includes/modules/modPrelevement.class.php
+++ b/htdocs/includes/modules/modPrelevement.class.php
@@ -80,28 +80,28 @@ class modPrelevement extends DolibarrModules
$this->rights_class = 'prelevement';
$this->rights[1][0] = 151;
- $this->rights[1][1] = 'Consulter les pr�l�vements';
+ $this->rights[1][1] = 'Consulter les prelevements';
$this->rights[1][2] = 'r';
$this->rights[1][3] = 1;
$this->rights[1][4] = 'bons';
$this->rights[1][5] = 'lire';
$this->rights[2][0] = 152;
- $this->rights[2][1] = 'Configurer les pr�l�vements';
+ $this->rights[2][1] = 'Configurer les prelevements';
$this->rights[2][2] = 'w';
$this->rights[2][3] = 0;
$this->rights[2][4] = 'bons';
$this->rights[2][5] = 'configurer';
$this->rights[3][0] = 153;
- $this->rights[3][1] = 'Consulter les bons de pr�l�vements';
+ $this->rights[3][1] = 'Consulter les bons de prelevements';
$this->rights[3][2] = 'r';
$this->rights[3][3] = 0;
$this->rights[3][4] = 'bons';
$this->rights[3][5] = 'lire';
$this->rights[4][0] = 154;
- $this->rights[4][1] = 'Cr�er un bon de pr�l�vement';
+ $this->rights[4][1] = 'Creer un bon de prelevement';
$this->rights[4][2] = 'w';
$this->rights[4][3] = 0;
$this->rights[4][4] = 'bons';
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 598669da0fd40164628dd1ac185a8166ef0b0515..1c2f0e895ffd4a76889b04326228c3db09f57a20 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -372,7 +372,7 @@ Permission254=Delete or disable other users
Permission255=Create/modify his own user information
Permission256=Modify his own password
Permission261=Read commercial informations
-Permission262=Read all companies (Internal users only. Externals are always limited to themselves)
+Permission262=Read all third parties for internal users (otherwise require to be a commercial contact). Not affective for external users (always limited to themselves).
Permission281=Read contacts
Permission282=Create/modify contacts
Permission283=Delete contacts
diff --git a/htdocs/langs/en_US/main.lang b/htdocs/langs/en_US/main.lang
index 7b5313c87f3ee4578891752c3773d83eab7b1a3b..ac9c899ed0ac6898b507b4495cf24a7afe239140 100644
--- a/htdocs/langs/en_US/main.lang
+++ b/htdocs/langs/en_US/main.lang
@@ -412,6 +412,7 @@ TotalMan=Total
YouCanChangeValuesForThisListFromDictionnarySetup=You can change values for this list from menu setup - dictionnary
Color=Color
MenuECM=Documents
+MenuMembers=Members
# Week day
Monday=Monday
Tuesday=Tuesday
diff --git a/htdocs/langs/fr_FR/admin.lang b/htdocs/langs/fr_FR/admin.lang
index 0e151257a3a98fb5f773ecbdf8c5433928477f37..81291a2ee1af01aad578c8e691ebe11a0e4d4a01 100644
--- a/htdocs/langs/fr_FR/admin.lang
+++ b/htdocs/langs/fr_FR/admin.lang
@@ -371,7 +371,7 @@ Permission254=Supprimer ou d
Permission255=Cr�er/modifier ses propres infos utilisateur
Permission256=Modifier son propre mot de passe
Permission261=Consulter informations commerciales
-Permission262=Consulter toutes les soci�t�s (Utilisateurs internes uniquement. Externes tjs limit�s � eux m�me)
+Permission262=Consulter tous les tiers par utilisateurs internes (sinon requiert d'etre contact commercial). Non effectif pour utilisateurs externes (tjs limit�s � eux-meme).
Permission281=Consulter les contacts
Permission282=Cr�er/modifier les contacts
Permission283=Supprimer les contacts
diff --git a/htdocs/langs/fr_FR/main.lang b/htdocs/langs/fr_FR/main.lang
index 140fd9e0be4a53c8bc7f0403c898e34e31389971..c201ee9bb9c1ed82b01cb38b122b96a56a5a0d4a 100644
--- a/htdocs/langs/fr_FR/main.lang
+++ b/htdocs/langs/fr_FR/main.lang
@@ -414,6 +414,7 @@ TotalMan=Total
YouCanChangeValuesForThisListFromDictionnarySetup=Vous pouvez changer ces valeurs depuis le menu configuration - dictionnaires
Color=Couleur
MenuECM=Documents
+MenuMembers=Adh�rents
# Week day
Monday=Lundi
Tuesday=Mardi
diff --git a/htdocs/lib/company.lib.php b/htdocs/lib/company.lib.php
index a50d146259f63443594512263bbb4d4b94132f1a..8f4dd72538f705bfbca50515a4dd3be1f978298d 100644
--- a/htdocs/lib/company.lib.php
+++ b/htdocs/lib/company.lib.php
@@ -37,91 +37,123 @@ function societe_prepare_head($objsoc)
$head[$h][2] = 'company';
$h++;
- if ($objsoc->client==1)
- {
- $head[$h][0] = DOL_URL_ROOT.'/comm/fiche.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Customer");;
- $head[$h][2] = 'customer';
- $h++;
- }
- if ($objsoc->client==2)
- {
- $head[$h][0] = DOL_URL_ROOT.'/comm/prospect/fiche.php?id='.$objsoc->id;
- $head[$h][1] = $langs->trans("Prospect");
- $head[$h][2] = 'prospect';
- $h++;
- }
- if ($objsoc->fournisseur)
- {
- $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Supplier");
- $head[$h][2] = 'supplier';
- $h++;
- }
- if ($conf->facture->enabled || $conf->compta->enabled || $conf->comptaexpert->enabled)
- {
- $langs->load("compta");
- $head[$h][0] = DOL_URL_ROOT.'/compta/fiche.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Accountancy");
- $head[$h][2] = 'compta';
- $h++;
- }
- //affichage onglet cat�gorie
+ if ($objsoc->client==1)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/comm/fiche.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Customer");;
+ $head[$h][2] = 'customer';
+ $h++;
+ }
+ if ($objsoc->client==2)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/comm/prospect/fiche.php?id='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Prospect");
+ $head[$h][2] = 'prospect';
+ $h++;
+ }
+ if ($objsoc->fournisseur)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Supplier");
+ $head[$h][2] = 'supplier';
+ $h++;
+ }
+ if ($conf->facture->enabled || $conf->compta->enabled || $conf->comptaexpert->enabled)
+ {
+ $langs->load("compta");
+ $head[$h][0] = DOL_URL_ROOT.'/compta/fiche.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Accountancy");
+ $head[$h][2] = 'compta';
+ $h++;
+ }
+
+ //show categorie tab
if ($conf->categorie->enabled)
- {
+ {
$head[$h][0] = DOL_URL_ROOT.'/categories/categorie.php?socid='.$objsoc->id;
$head[$h][1] = $langs->trans('Categories');
$head[$h][2] = 'category';
$h++;
- }
- if ($user->societe_id == 0)
- {
- $head[$h][0] = DOL_URL_ROOT.'/socnote.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Note");
- $head[$h][2] = 'note';
- $h++;
- }
- if ($user->societe_id == 0)
- {
- $head[$h][0] = DOL_URL_ROOT.'/docsoc.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Documents");
- $head[$h][2] = 'document';
- $h++;
- }
-
- if ($conf->notification->enabled && $user->societe_id == 0)
- {
- $head[$h][0] = DOL_URL_ROOT.'/societe/notify/fiche.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Notifications");
- $head[$h][2] = 'notify';
- $h++;
- }
+ }
+ if ($user->societe_id == 0)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/socnote.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Note");
+ $head[$h][2] = 'note';
+ $h++;
+ }
+ if ($user->societe_id == 0)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/docsoc.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Documents");
+ $head[$h][2] = 'document';
+ $h++;
+ }
- if ($objsoc->fournisseur)
- {
- $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche-stats.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Statistics");
- $head[$h][2] = 'supplierstat';
+ if ($conf->notification->enabled && $user->societe_id == 0)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/societe/notify/fiche.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Notifications");
+ $head[$h][2] = 'notify';
+ $h++;
+ }
+
+ if ($objsoc->fournisseur)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/fourn/fiche-stats.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Statistics");
+ $head[$h][2] = 'supplierstat';
+ $h++;
+ }
+
+ if ($user->societe_id == 0)
+ {
+ $head[$h][0] = DOL_URL_ROOT.'/societe/info.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Info");
+ $head[$h][2] = 'info';
+ $h++;
+ }
+
+ if ($conf->bookmark->enabled && $user->rights->bookmark->creer)
+ {
+ $head[$h][0] = DOL_URL_ROOT."/bookmarks/fiche.php?action=add&socid=".$objsoc->id."&urlsource=".$_SERVER["PHP_SELF"]."?socid=".$objsoc->id;
+ $head[$h][1] = img_object($langs->trans("BookmarkThisPage"),'bookmark');
+ $head[$h][2] = 'image';
+ $h++;
+ }
+
+ return $head;
+}
+
+
+
+function societe_prepare_head2($objsoc)
+{
+ global $langs, $conf, $user;
+ $h = 0;
+ $head = array();
+
+ $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Card");
+ $head[$h][2] = 'company';
$h++;
- }
-
- if ($user->societe_id == 0)
- {
- $head[$h][0] = DOL_URL_ROOT.'/societe/info.php?socid='.$objsoc->id;
- $head[$h][1] = $langs->trans("Info");
- $head[$h][2] = 'info';
+
+ $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("BankAccount")." $account->number";
+ $head[$h][2] = 'rib';
$h++;
- }
-
- if ($conf->bookmark->enabled && $user->rights->bookmark->creer)
- {
- $head[$h][0] = DOL_URL_ROOT."/bookmarks/fiche.php?action=add&socid=".$objsoc->id."&urlsource=".$_SERVER["PHP_SELF"]."?socid=".$objsoc->id;
- $head[$h][1] = img_object($langs->trans("BookmarkThisPage"),'bookmark');
- $head[$h][2] = 'image';
+
+ $head[$h][0] = 'lien.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("Links");
+ $head[$h][2] = 'links';
+ $h++;
+
+ $head[$h][0] = 'commerciaux.php?socid='.$objsoc->id;
+ $head[$h][1] = $langs->trans("SalesRepresentative");
+ $head[$h][2] = 'salesrepresentative';
$h++;
- }
- return $head;
+ return $head;
}
diff --git a/htdocs/lib/functions.inc.php b/htdocs/lib/functions.inc.php
index 22a873147b4afe098b70893a327ff5855927734b..24a47aff21b4f91abd5b653358a5b9be842dd18e 100644
--- a/htdocs/lib/functions.inc.php
+++ b/htdocs/lib/functions.inc.php
@@ -1221,44 +1221,79 @@ function info_admin($texte,$infoonimgalt=0)
/**
\brief V�rifie les droits de l'utilisateur
- \param user Utilisateur courant
- \param module Module a v�rifier
- \param objectid ID de l'element (optionnel)
- \param dbtable Table de la base correspondant au module (optionnel)
- \param list D�fini si la page sert de liste et donc ne fonctionne pas avec un id
+ \param user Utilisateur courant
+ \param feature Feature to check (in most cases, it's module name)
+ \param objectid ID de l'element (optionnel)
+ \param dbtable Table de la base correspondant au module (optionnel)
+ \param list D�fini si la page sert de liste et donc ne fonctionne pas avec un id
*/
-function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list=0)
+function restrictedArea($user, $feature, $objectid='', $dbtablename='', $list=0)
{
global $db;
// Clean parameters
- if (! $modulename)
+ if (! $feature)
{
- $modulename = 'societe';
+ $feature = 'societe';
$list = 1;
}
$objectid = 0;
$socid = 0;
+ //print "$user->id, $feature, $objectid, $dbtablename, $list ".$user->rights->societe->contact->lire;
+
// Check read permission from module
$readok=1;
- if ($modulename == 'societe')
+ if ($feature == 'societe')
{
if (! $user->rights->societe->lire && ! $user->rights->fournisseur->lire) $readok=0;
}
+ else if ($feature == 'contact')
+ {
+ if (! $user->rights->societe->contact->lire) $readok=0;
+ }
+ else if ($feature == 'prelevement')
+ {
+ if (! $user->rights->prelevement->bons->lire) $readok=0;
+ }
+ else if ($feature == 'commande_fournisseur')
+ {
+ if (! $user->rights->fournisseur->commande->lire) $readok=0;
+ }
else
{
- if (! $user->rights->$modulename->lire) $readok=0;
+ if (! $user->rights->$feature->lire) $readok=0;
}
if (! $readok) accessforbidden();
+ //print "Read access is ok";
// Check write permission from module
$createok=1;
if ($_GET["action"] == 'create' || $_POST["action"] == 'create')
{
- if (! $user->rights->$modulename->creer) $createok=0;
+ if ($feature == 'societe')
+ {
+ if (! $user->rights->societe->creer && ! $user->rights->fournisseur->creer) $createok=0;
+ }
+ else if ($feature == 'contact')
+ {
+ if (! $user->rights->societe->contact->creer) $createok=0;
+ }
+ else if ($feature == 'prelevement')
+ {
+ if (! $user->rights->prelevement->bons->creer) $createok=0;
+ }
+ else if ($feature == 'commande_fournisseur')
+ {
+ if (! $user->rights->fournisseur->commande->creer) $createok=0;
+ }
+ else
+ {
+ if (! $user->rights->$feature->creer) $createok=0;
+ }
if (! $createok) accessforbidden();
+ //print "Write access is ok";
}
// Check permission from company affiliation
@@ -1268,12 +1303,12 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
$_POST["action"] = '';
$socid = $user->societe_id;
if (!$objectid) $objectid = $socid;
- if ($modulename == 'societe' && $socid <> $objectid) accessforbidden();
+ if ($feature == 'societe' && $socid <> $objectid) accessforbidden();
}
if ($objectid)
{
- if ($modulename == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
+ if ($feature == 'societe' && ! $user->rights->commercial->client->voir && ! $socid > 0)
{
$sql = "SELECT sc.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
@@ -1282,7 +1317,7 @@ function restrictedArea($user, $modulename, $objectid='', $dbtablename='', $list
else if (! $user->rights->commercial->client->voir || $socid > 0)
{
// Si dbtable non d�fini, m�me nom que le module
- if (!$dbtablename) $dbtablename = $modulename;
+ if (!$dbtablename) $dbtablename = $feature;
$sql = "SELECT sc.fk_soc, dbt.fk_soc";
$sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX.$dbtablename." as dbt";
diff --git a/htdocs/societe/commerciaux.php b/htdocs/societe/commerciaux.php
index f192170c710a062d65778b7e7384fc5f95220468..76aeeb302b35017668274102560436fb75bcfa46 100644
--- a/htdocs/societe/commerciaux.php
+++ b/htdocs/societe/commerciaux.php
@@ -15,18 +15,17 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
*/
/**
\file htdocs/societe/commerciaux.php
\ingroup societe
\brief Page d'affectations des commerciaux aux societes
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
+require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langs->load("companies");
$langs->load("commercial");
@@ -34,32 +33,14 @@ $langs->load("customers");
$langs->load("suppliers");
$langs->load("banks");
-if ( !$user->rights->societe->creer)
- accessforbidden();
-
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
-
-
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
+$result = restrictedArea($user, 'societe','','',1);
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+/*
+* Actions
+*/
if($_GET["socid"] && $_GET["commid"])
{
@@ -88,42 +69,31 @@ if($_GET["socid"] && $_GET["delcommid"])
$soc->del_commercial($user, $_GET["delcommid"]);
Header("Location: commerciaux.php?socid=".$soc->id);
+ exit;
}
else
{
Header("Location: commerciaux.php?socid=".$_GET["socid"]);
+ exit;
}
}
+/*
+* View
+*/
+
llxHeader();
-if($_GET["socid"])
+if ($_GET["socid"])
{
$soc = new Societe($db);
$soc->id = $_GET["socid"];
- $soc->fetch($_GET["socid"]);
-
- $h=0;
-
- $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("Company");
- $h++;
+ $result=$soc->fetch($_GET["socid"]);
- $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("BankAccount")." $account->number";
- $h++;
-
- $head[$h][0] = 'lien.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("Links");
- $h++;
-
- $head[$h][0] = 'commerciaux.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("SalesRepresentative");
- $hselected=$h;
- $h++;
-
- dolibarr_fiche_head($head, $hselected, $soc->nom);
+ $head=societe_prepare_head2($soc);
+
+ dolibarr_fiche_head($head, 'salesrepresentative', $langs->trans("ThirdParty"));
/*
* Fiche soci�t� en mode visu
@@ -185,7 +155,7 @@ if($_GET["socid"])
{
print '<a href="'.DOL_URL_ROOT.'/user/fiche.php?id='.$obj->rowid.'">';
print img_object($langs->trans("ShowUser"),"user").' ';
- print stripslashes($obj->firstname)." " .stripslashes($obj->name)."\n";
+ print $obj->firstname." " .$obj->name."\n";
print '</a> ';
print '<a href="commerciaux.php?socid='.$_GET["socid"].'&delcommid='.$obj->rowid.'">';
print img_delete();
diff --git a/htdocs/societe/info.php b/htdocs/societe/info.php
index f9e53d72463439004b65307a6178117def20f25b..d7e601ce703e921558eb4c376a139b48ba61102f 100644
--- a/htdocs/societe/info.php
+++ b/htdocs/societe/info.php
@@ -30,27 +30,9 @@ require_once(DOL_DOCUMENT_ROOT."/societe.class.php");
$langs->load("companies");
$langs->load("other");
-// S�curit� acc�s client
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- $sql = "SELECT sc.fk_soc, s.client";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+$result = restrictedArea($user, 'societe','','',1);
/*
diff --git a/htdocs/societe/lien.php b/htdocs/societe/lien.php
index 9b9879b088bd4ebff3f9ceeb76491763cfaf5fa0..331079afef809ee7993371ec3805314f64f72517 100644
--- a/htdocs/societe/lien.php
+++ b/htdocs/societe/lien.php
@@ -1,6 +1,6 @@
<?php
/* Copyright (C) 2001-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -15,55 +15,31 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/societe/lien.php
\ingroup societe
- \brief Page des societes
- \version $Revision$
+ \brief Page of links to other third parties
+ \version $Id$
*/
require("./pre.inc.php");
+require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
$langs->load("companies");
$langs->load("customers");
$langs->load("suppliers");
$langs->load("banks");
-if ( !$user->rights->societe->creer)
- accessforbidden();
-
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
-
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+$result = restrictedArea($user, 'societe','','',1);
/*
- * Actions
- */
+* Actions
+*/
// Positionne companie parente
if($_GET["socid"] && $_GET["select"])
@@ -117,27 +93,9 @@ if($_GET["socid"])
$soc->id = $_GET["socid"];
$soc->fetch($_GET["socid"]);
- $h=0;
-
- $head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("Company");
- $h++;
-
- $head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("BankAccount")." $account->number";
- $h++;
-
- $head[$h][0] = 'lien.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("Links");
- $hselected=$h;
- $h++;
-
- $head[$h][0] = 'commerciaux.php?socid='.$soc->id;
- $head[$h][1] = $langs->trans("SalesRepresentative");
- $h++;
-
+ $head=societe_prepare_head2($soc);
- dolibarr_fiche_head($head, $hselected, $soc->nom);
+ dolibarr_fiche_head($head, 'links', $langs->trans("ThirdParty"));
/*
* Fiche soci�t� en mode visu
diff --git a/htdocs/societe/notify/fiche.php b/htdocs/societe/notify/fiche.php
index 7984e9d9a437384e0f0211d1c57207b7244d1c74..11c34ab9130713b5c339361f6cd1578ccf0c5c41 100644
--- a/htdocs/societe/notify/fiche.php
+++ b/htdocs/societe/notify/fiche.php
@@ -15,16 +15,13 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/societe/notify/fiche.php
\ingroup societe, notification
\brief Onglet notifications pour une societe
- \version $Revision$
+ \version $Id$
*/
require("pre.inc.php");
@@ -34,27 +31,9 @@ require_once(DOL_DOCUMENT_ROOT."/contact.class.php");
$langs->load("companies");
$langs->load("mails");
-// S�curit� acc�s client
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if ($socid == '') accessforbidden();
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid && !$user->societe_id > 0)
-{
- $sql = "SELECT sc.fk_soc, s.client";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."societe as s";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id." AND s.client = 1";
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
+$result = restrictedArea($user, 'societe','','',1);
$sortorder=$_GET["sortorder"];
$sortfield=$_GET["sortfield"];
@@ -62,6 +41,10 @@ if (! $sortorder) $sortorder="ASC";
if (! $sortfield) $sortfield="c.name";
+/*
+* View
+*/
+
llxHeader();
/*
diff --git a/htdocs/societe/rib.php b/htdocs/societe/rib.php
index 8b03ba985033224640cdf6a4ca366155c09bd615..2d059864db02bbeb008d59b6ac80c645901056c9 100644
--- a/htdocs/societe/rib.php
+++ b/htdocs/societe/rib.php
@@ -1,7 +1,7 @@
<?php
/* Copyright (C) 2002-2004 Rodolphe Quiedeville <rodolphe@quiedeville.org>
* Copyright (C) 2003 Jean-Louis Bergamo <jlb@j1b.org>
- * Copyright (C) 2004-2005 Laurent Destailleur <eldy@users.sourceforge.net>
+ * Copyright (C) 2004-2008 Laurent Destailleur <eldy@users.sourceforge.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,58 +16,35 @@
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * $Id$
- * $Source$
*/
/**
\file htdocs/societe/rib.php
\ingroup societe
\brief Onglet rib de societe
- \version $Revision$
+ \version $Id$
*/
require("./pre.inc.php");
-require_once DOL_DOCUMENT_ROOT . "/companybankaccount.class.php";
+require_once(DOL_DOCUMENT_ROOT."/lib/company.lib.php");
+require_once DOL_DOCUMENT_ROOT."/companybankaccount.class.php";
$langs->load("companies");
$langs->load("banks");
-if ( !$user->rights->societe->creer)
- accessforbidden();
-
+// Security check
$socid = isset($_GET["socid"])?$_GET["socid"]:'';
-if (!$socid) accessforbidden();
-
-
-// S�curit� acc�s client
-if ($user->societe_id > 0)
-{
- $action = '';
- $socid = $user->societe_id;
-}
-
-// Protection restriction commercial
-if (!$user->rights->commercial->client->voir && $socid)
-{
- $sql = "SELECT sc.rowid";
- $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc";
- $sql .= " WHERE sc.fk_soc = ".$socid." AND sc.fk_user = ".$user->id;
-
- if ( $db->query($sql) )
- {
- if ( $db->num_rows() == 0) accessforbidden();
- }
-}
-
-
-llxHeader();
+$result = restrictedArea($user, 'societe','','',1);
$soc = new Societe($db);
$soc->id = $_GET["socid"];
$soc->fetch($_GET["socid"]);
+
+/*
+* Actions
+*/
+
if ($_POST["action"] == 'update' && ! $_POST["cancel"])
{
// Modification
@@ -101,28 +78,13 @@ if ($_POST["action"] == 'update' && ! $_POST["cancel"])
/*
- * Affichage onglets
- */
-$h = 0;
-
-$head[$h][0] = DOL_URL_ROOT.'/soc.php?socid='.$soc->id;
-$head[$h][1] = $langs->trans("Company");
-$h++;
-
-$head[$h][0] = DOL_URL_ROOT .'/societe/rib.php?socid='.$soc->id;
-$head[$h][1] = $langs->trans("BankAccount")." $account->number";
-$hselected=$h;
-$h++;
-
-$head[$h][0] = 'lien.php?socid='.$soc->id;
-$head[$h][1] = $langs->trans("Links");
-$h++;
+* View
+*/
+llxHeader();
-$head[$h][0] = 'commerciaux.php?socid='.$soc->id;
-$head[$h][1] = $langs->trans("SalesRepresentative");
-$h++;
+$head=societe_prepare_head2($soc);
-dolibarr_fiche_head($head, $hselected, $soc->nom);
+dolibarr_fiche_head($head, 'rib', $langs->trans("ThirdParty"));
$account = new CompanyBankAccount($db, $soc->id);
$account->fetch();
diff --git a/htdocs/user/perms.php b/htdocs/user/perms.php
index b831271472ff68de9aceba179ddd4a0fcd8a2df7..596b5be866c1d48945d06c86339c15063b29784a 100644
--- a/htdocs/user/perms.php
+++ b/htdocs/user/perms.php
@@ -249,7 +249,7 @@ if ($result)
{
// On affiche ligne pour modifier droits
print '<tr '. $bc[$var].'>';
- print '<td>'.img_object('',$picto).' '.$objMod->getName();
+ print '<td nowrap="nowrap">'.img_object('',$picto).' '.$objMod->getName();
print '<a name="'.$objMod->getName().'"> </a></td>';
print '<td align="center" nowrap>';
print '<a title='.$langs->trans("All").' alt='.$langs->trans("All").' href="perms.php?id='.$fuser->id.'&action=addrights&module='.$obj->module.'#'.$objMod->getName().'">'.$langs->trans("All")."</a>";