Fix: bad restricted view of company

Dolibarr · Jan 30, 2011 · aa9ccb4 · aa9ccb4
1 parent 8b534d1
commit aa9ccb4
Showing 1 changed file with 14 additions and 9 deletions.
diff --git a/htdocs/societe/index.php b/htdocs/societe/index.php
@@ -1,7 +1,7 @@
 <?php
 /* Copyright (C) 2001-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
  * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2009 Regis Houssin        <regis@dolibarr.fr>
+ * Copyright (C) 2005-2011 Regis Houssin        <regis@dolibarr.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -79,18 +79,21 @@
 
 $sql = "SELECT s.rowid, s.client, s.fournisseur";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
+if (! $user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE s.entity = ".$conf->entity;
+if (! $user->rights->societe->client->voir) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
+
 $result = $db->query($sql);
 if ($result)
 {
-	while ($objp = $db->fetch_object($result))
-	{
-		if ($objp->client == 1 || $objp->client == 3) $third['customer']++;
-		if ($objp->client == 2 || $objp->client == 3) $third['prospect']++;
-		if ($objp->fournisseur) $third['supplier']++;
-
-		$total++;
-	}
+    while ($objp = $db->fetch_object($result))
+    {
+        if ($objp->client == 1 || $objp->client == 3) $third['customer']++;
+        if ($objp->client == 2 || $objp->client == 3) $third['prospect']++;
+        if ($objp->fournisseur) $third['supplier']++;
+
+        $total++;
+    }
 }
 else dol_print_error($db);
 
@@ -127,7 +130,9 @@
 $sql = "SELECT s.rowid, s.nom, s.client, s.fournisseur,";
 $sql.= " s.tms as datem";
 $sql.= " FROM ".MAIN_DB_PREFIX."societe as s";
+if (! $user->rights->societe->client->voir) $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= " WHERE s.entity = ".$conf->entity;
+if (! $user->rights->societe->client->voir) $sql.= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
 $sql.= " AND (";
 if (! empty($conf->societe->enabled)) $sql.=" s.client in (1,2,3)";
 if (! empty($conf->fournisseur->enabled)) $sql.=" OR s.fournisseur in (1)";