11 年之前 · 85436f871c
--- a/htdocs/compta/facture/impayees.php
+++ b/htdocs/compta/facture/impayees.php
@@ -1,7 +1,7 @@
 
				 <?php
			
 
				 /* Copyright (C) 2002-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
			
 
				  * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
			
 
				- * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				+ * Copyright (C) 2004-2014 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				  * Copyright (C) 2005-2012 Regis Houssin        <regis.houssin@capnetworks.com>
			
 
				  *
			
 
				  * This program is free software; you can redistribute it and/or modify
			
@@ -38,12 +38,13 @@ $id = (GETPOST('facid','int') ? GETPOST('facid','int') : GETPOST('id','int'));
 
				 $action = GETPOST('action','alpha');
			
 
				 $option = GETPOST('option');
			
 
				 
			
 
				-$diroutputpdf=$conf->facture->dir_output . '/unpaid/temp';
			
 
				-
			
 
				 // Security check
			
 
				 if ($user->societe_id) $socid=$user->societe_id;
			
 
				 $result = restrictedArea($user,'facture',$id,'');
			
 
				 
			
 
				+$diroutputpdf=$conf->facture->dir_output . '/unpaid/temp';
			
 
				+if (! $user->rights->societe->client->voir || $socid) $diroutputpdf.='/private/'.$user->id;	// If user has no permission to see all, output dir is specific to user
			
 
				+
			
 
				 
			
 
				 /*
			
 
				  * Action
			
@@ -221,7 +222,7 @@ if ($search_societe)     $sql .= " AND s.nom LIKE '%".$db->escape($search_societ
 
				 if ($search_montant_ht)  $sql .= " AND f.total = '".$db->escape($search_montant_ht)."'";
			
 
				 if ($search_montant_ttc) $sql .= " AND f.total_ttc = '".$db->escape($search_montant_ttc)."'";
			
 
				 if (GETPOST('sf_ref'))   $sql .= " AND f.facnumber LIKE '%".$db->escape(GETPOST('sf_ref'))."%'";
			
 
				-$sql.= " GROUP BY s.nom, s.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.datef, f.date_lim_reglement, f.paye, f.rowid, f.fk_statut, f.type ";
			
 
				+$sql.= " GROUP BY s.nom, s.rowid, f.rowid, f.facnumber, f.increment, f.total, f.tva, f.total_ttc, f.localtax1, f.localtax2, f.revenuestamp, f.datef, f.date_lim_reglement, f.paye, f.fk_statut, f.type ";
			
 
				 if (! $user->rights->societe->client->voir && ! $socid) $sql .= ", sc.fk_soc, sc.fk_user ";
			
 
				 $sql.= " ORDER BY ";
			
 
				 $listfield=explode(',',$sortfield);
			
--- a/htdocs/compta/paiement/liste.php
+++ b/htdocs/compta/paiement/liste.php
@@ -29,6 +29,7 @@ require_once DOL_DOCUMENT_ROOT.'/compta/paiement/class/paiement.class.php';
 
				 require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
			
 
				 
			
 
				 $langs->load("bills");
			
 
				+$langs->load("compta");
			
 
				 
			
 
				 // Security check
			
 
				 $facid =GETPOST('facid','int');
			
--- a/htdocs/compta/paiement/rapport.php
+++ b/htdocs/compta/paiement/rapport.php
@@ -1,6 +1,6 @@
 
				 <?php
			
 
				 /* Copyright (C) 2003-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
			
 
				- * Copyright (C) 2004-2011 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				+ * Copyright (C) 2004-2014 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				  *
			
 
				  * This program is free software; you can redistribute it and/or modify
			
 
				  * it under the terms of the GNU General Public License as published by
			
@@ -32,16 +32,16 @@ if (! $user->rights->facture->lire) accessforbidden();
 
				 
			
 
				 $action=GETPOST('action');
			
 
				 
			
 
				-$dir = $conf->facture->dir_output.'/payments';
			
 
				-
			
 
				 $socid=0;
			
 
				 if ($user->societe_id > 0)
			
 
				 {
			
 
				     $action = '';
			
 
				     $socid = $user->societe_id;
			
 
				-    $dir = $conf->facture->dir_output.'/payments/private/'.$user->id;
			
 
				 }
			
 
				 
			
 
				+$dir = $conf->facture->dir_output.'/payments';
			
 
				+if (! $user->rights->societe->client->voir || $socid) $dir.='/private/'.$user->id;	// If user has no permission to see all, output dir is specific to user
			
 
				+
			
 
				 $year = $_GET["year"];
			
 
				 if (! $year) { $year=date("Y"); }
			
 
				 
			
--- a/htdocs/core/modules/rapport/pdf_paiement.class.php
+++ b/htdocs/core/modules/rapport/pdf_paiement.class.php
@@ -1,6 +1,6 @@
 
				 <?php
			
 
				 /* Copyright (C) 2003-2006 Rodolphe Quiedeville <rodolphe@quiedeville.org>
			
 
				- * Copyright (C) 2006-2009 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				+ * Copyright (C) 2006-2014 Laurent Destailleur  <eldy@users.sourceforge.net>
			
 
				  *
			
 
				  * This program is free software; you can redistribute it and/or modify
			
 
				  * it under the terms of the GNU General Public License as published by
			
@@ -93,6 +93,9 @@ class pdf_paiement
 
				 
			
 
				 		global $user,$langs,$conf;
			
 
				 
			
 
				+		$socid=0;
			
 
				+		if ($user->societe_id) $socid=$user->societe_id;
			
 
				+		
			
 
				 		if (! is_object($outputlangs)) $outputlangs=$langs;
			
 
				 		// For backward compatibility with FPDF, force output charset to ISO, because FPDF expect text to be encoded in ISO
			
 
				 		if (! empty($conf->global->MAIN_USE_FPDF)) $outputlangs->charset_output='ISO-8859-1';
			
@@ -136,11 +139,21 @@ class pdf_paiement
 
				 		$sql.= ", pf.amount as pf_amount ";
			
 
				 		$sql.= ", p.rowid as prowid";
			
 
				 		$sql.= " FROM ".MAIN_DB_PREFIX."paiement as p, ".MAIN_DB_PREFIX."facture as f,";
			
 
				-		$sql.= " ".MAIN_DB_PREFIX."c_paiement as c, ".MAIN_DB_PREFIX."paiement_facture as pf";
			
 
				-		$sql.= " WHERE pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid";
			
 
				+		$sql.= " ".MAIN_DB_PREFIX."c_paiement as c, ".MAIN_DB_PREFIX."paiement_facture as pf,";
			
 
				+		$sql.= " ".MAIN_DB_PREFIX."societe as s";
			
 
				+		if (! $user->rights->societe->client->voir && ! $socid) 
			
 
				+		{
			
 
				+			$sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
			
 
				+		}
			
 
				+		$sql.= " WHERE f.fk_soc = s.rowid AND pf.fk_facture = f.rowid AND pf.fk_paiement = p.rowid";
			
 
				 		$sql.= " AND f.entity = ".$conf->entity;
			
 
				 		$sql.= " AND p.fk_paiement = c.id ";
			
 
				 		$sql.= " AND p.datep BETWEEN '".$this->db->idate(dol_get_first_day($year,$month))."' AND '".$this->db->idate(dol_get_last_day($year,$month))."'";
			
 
				+		if (! $user->rights->societe->client->voir && ! $socid) 
			
 
				+		{
			
 
				+			$sql .= " AND s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id;
			
 
				+		}
			
 
				+		if (! empty($socid)) $sql .= " AND s.rowid = ".$socid;
			
 
				 		$sql.= " ORDER BY p.datep ASC, pf.fk_paiement ASC";
			
 
				 
			
 
				 		dol_syslog(get_class($this)."::write_file sql=".$sql);
			
--- a/htdocs/document.php
+++ b/htdocs/document.php
@@ -66,6 +66,14 @@ $entity=GETPOST('entity')?GETPOST('entity','int'):$conf->entity;
 
				 // Security check
			
 
				 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart');
			
 
				 
			
 
				+$socid=0;
			
 
				+if ($user->societe_id > 0) $socid = $user->societe_id;
			
 
				+
			
 
				+// For some module part, dir may be privates
			
 
				+if (in_array($modulepart,array('facture_paiement','unpaid')))
			
 
				+{
			
 
				+	if (! $user->rights->societe->client->voir || $socid) $original_file='private/'.$user->id.'/'.$original_file;	// If user has no permission to see all, output dir is specific to user
			
 
				+}
			
 
				 
			
 
				 /*
			
 
				  * Action