Merge branch '6.0' of git@github.com:Dolibarr/dolibarr.git into 7.0

Conflicts:
	htdocs/accountancy/admin/account.php
	htdocs/projet/class/task.class.php

htdocs/accountancy/admin/account.php

@@ -176,10 +176,10 @@ $pcgver = $conf->global->CHARTOFACCOUNTS;
 $sql = "SELECT aa.rowid, aa.fk_pcg_version, aa.pcg_type, aa.pcg_subtype, aa.account_number, aa.account_parent , aa.label, aa.active, ";
 $sql .= " a2.rowid as rowid2, a2.label as label2, a2.account_number as account_number2";
 $sql .= " FROM " . MAIN_DB_PREFIX . "accounting_account as aa";
-$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
+$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version AND aa.entity = " . $conf->entity;
 // Dirty hack wainting that foreign key account_parent is an integer to be compared correctly with rowid
-if ($db->type == 'pgsql') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS INTEGER)";
-else $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS UNSIGNED)";
+if ($db->type == 'pgsql') $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS INTEGER) AND a2.entity = " . $conf->entity;
+else $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."accounting_account as a2 ON a2.rowid = CAST(aa.account_parent AS UNSIGNED) AND a2.entity = " . $conf->entity;
 $sql .= " WHERE asy.rowid = " . $pcgver;
 
 if (strlen(trim($search_account)))			$sql .= natural_search("aa.account_number", $search_account);

htdocs/accountancy/admin/journals_list.php

@@ -86,7 +86,7 @@ $tablib[35]= "DictionaryAccountancyJournal";
 
 // Requests to extract data
 $tabsql=array();
-$tabsql[35]= "SELECT a.rowid as rowid, a.code as code, a.label, a.nature, a.active FROM ".MAIN_DB_PREFIX."accounting_journal as a";
+$tabsql[35]= "SELECT a.rowid as rowid, a.code as code, a.label, a.nature, a.active FROM ".MAIN_DB_PREFIX."accounting_journal as a WHERE a.entity=".$conf->entity;
 
 // Criteria to sort dictionaries
 $tabsqlsort=array();
@@ -102,7 +102,7 @@ $tabfieldvalue[35]= "code,label,nature";
 
 // Nom des champs dans la table pour insertion d'un enregistrement
 $tabfieldinsert=array();
-$tabfieldinsert[35]= "code,label,nature";
+$tabfieldinsert[35]= "code,label,nature,entity";
 
 // Nom du rowid si le champ n'est pas de type autoincrement
 // Example: "" if id field is "rowid" and has autoincrement on

htdocs/core/class/html.formaccounting.class.php

@@ -274,6 +274,7 @@ class FormAccounting extends Form
     		$sql .= " INNER JOIN " . MAIN_DB_PREFIX . "accounting_system as asy ON aa.fk_pcg_version = asy.pcg_version";
     		$sql .= " AND asy.rowid = " . $conf->global->CHARTOFACCOUNTS;
     		$sql .= " AND aa.active = 1";
+    		$sql .= " AND aa.entity=".$conf->entity;
     		$sql .= " ORDER BY aa.account_number";
 
     		dol_syslog(get_class($this) . "::select_account", LOG_DEBUG);

htdocs/fourn/class/fournisseur.facture.class.php

@@ -1402,6 +1402,11 @@ class FactureFournisseur extends CommonInvoice
         if (empty($txlocaltax1)) $txlocaltax1=0;
         if (empty($txlocaltax2)) $txlocaltax2=0;
 
+        if ($rang < 0) {
+            $rangmax = $this->line_max();
+            $rang = $rangmax + 1;
+        }
+        
         $localtaxes_type=getLocalTaxesFromRate($txtva, 0, $mysoc, $this->thirdparty);
 
         // Clean vat code

htdocs/projet/activity/perday.php

@@ -49,7 +49,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+//if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 $now=dol_now();

htdocs/projet/activity/perweek.php

@@ -49,7 +49,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+// if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 $now=dol_now();

htdocs/projet/class/project.class.php

@@ -1703,23 +1703,26 @@ class Project extends CommonObject
     {
         global $conf, $langs;
 
-        $mine=0; $socid=$user->societe_id;
-
-        $projectsListId = $this->getProjectsAuthorizedForUser($user,$mine?$mine:($user->rights->projet->all->lire?2:0),1,$socid);
+        // For external user, no check is done on company because readability is managed by public status of project and assignement.
+        //$socid=$user->societe_id;
 
+        if (! $user->rights->projet->all->lire) $projectsListId = $this->getProjectsAuthorizedForUser($user,0,1,$socid);
+        
         $sql = "SELECT p.rowid, p.fk_statut as status, p.fk_opp_status, p.datee as datee";
         $sql.= " FROM (".MAIN_DB_PREFIX."projet as p";
         $sql.= ")";
         $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+        // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+        //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
         $sql.= " WHERE p.fk_statut = 1";
         $sql.= " AND p.entity IN (".getEntity('project', 0).')';
-        if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+        if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
         // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
         //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
-
+        // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+        //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+        
+        //print $sql;
         $resql=$this->db->query($sql);
         if ($resql)
         {

htdocs/projet/class/task.class.php

@@ -1825,28 +1825,31 @@ class Task extends CommonObject
 	{
 		global $conf, $langs;
 
-		$mine=0; $socid=$user->societe_id;
-
+		// For external user, no check is done on company because readability is managed by public status of project and assignement.
+		//$socid=$user->societe_id;
+		
 		$projectstatic = new Project($this->db);
-		$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);
-
+		$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,0,1,$socid);
+		
 		// List of tasks (does not care about permissions. Filtering will be done later)
 		$sql = "SELECT p.rowid as projectid, p.fk_statut as projectstatus,";
 		$sql.= " t.rowid as taskid, t.progress as progress, t.fk_statut as status,";
 		$sql.= " t.dateo as date_start, t.datee as datee";
 		$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
 		$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
-		if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+		//if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
 		$sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
 		$sql.= " WHERE p.entity IN (".getEntity('project', 0).')';
 		$sql.= " AND p.fk_statut = 1";
 		$sql.= " AND t.fk_projet = p.rowid";
 		$sql.= " AND t.progress < 100";         // tasks to do
-		if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+		if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
 		// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
 		//if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
 		if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-		if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+		// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
+		// if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+		
 		//print $sql;
 		$resql=$this->db->query($sql);
 		if ($resql)

htdocs/projet/tasks/list.php

@@ -714,7 +714,7 @@ while ($i < min($num,$limit))
 			$showlineingray=0;$showproject=1;
 			print '<td class="center">';
 			if ($showlineingray) print '<i>';
-			else print '<a href="'.DOL_URL_ROOT.'/projet/tasks/time.php?id='.$lines[$i]->id.($showproject?'':'&withproject=1').'">';
+			else print '<a href="'.DOL_URL_ROOT.'/projet/tasks/time.php?id='.$object->id.($showproject?'':'&withproject=1').'">';
 			if ($obj->duration_effective) print convertSecondToTime($obj->duration_effective,$timespentoutputformat);
 			else print '--:--';
 			if ($showlineingray) print '</i>';