From bd82ed8341280db15af6cc88827f4eaf823f568f Mon Sep 17 00:00:00 2001 From: "vincent@cubedesigners.com" Date: Wed, 19 Jan 2011 10:30:17 +0000 Subject: [PATCH] --- inc/commons/DAO/class.common.dao.client.php | 4 +- .../DAO/class.common.dao.entreprise.php | 27 ++++++-- .../DAO/class.common.dao.utilisateur.php | 24 +++++-- .../Metier/class.common.utilisateur.php | 1 + inc/commons/class.common.url.php | 6 +- inc/ws/Controlleur/class.ws.url.php | 67 +++++++++---------- inc/ws/DAO/class.ws.dao.book.php | 23 +++++-- 7 files changed, 95 insertions(+), 57 deletions(-) diff --git a/inc/commons/DAO/class.common.dao.client.php b/inc/commons/DAO/class.common.dao.client.php index 63df074ad..a0f948ba3 100644 --- a/inc/commons/DAO/class.common.dao.client.php +++ b/inc/commons/DAO/class.common.dao.client.php @@ -35,9 +35,9 @@ class commonDAOClient extends commonDAOUtilisateur { return $this->singleton($r); } - public function getListe($orderby = null, $sens = null, $limit = null, $where = null) + public function getListe($orderby = null, $sens = null, $limit = null, $where = null, $limitedToUserRights = false) { - $sql = $this->getQueryList('clients', $orderby, $sens, $limit, $where); + $sql = $this->getQueryList('clients', $orderby, $sens, $limit, $where,$limitedToUserRights); $r = $this->con->select($sql); return $this->factory($r); } diff --git a/inc/commons/DAO/class.common.dao.entreprise.php b/inc/commons/DAO/class.common.dao.entreprise.php index 327953269..9fdc46db8 100644 --- a/inc/commons/DAO/class.common.dao.entreprise.php +++ b/inc/commons/DAO/class.common.dao.entreprise.php @@ -59,7 +59,7 @@ class commonDAOEntreprise extends commonDAO { return $res; } - public function getListe($orderby = null, $sens = null, $limit = null) + public function getListe($orderby = null, $sens = null, $limit = null, $limitedToUserRights = false) { global $core; if (!is_null($this->q)) { @@ -73,6 +73,8 @@ class commonDAOEntreprise extends commonDAO { $where = $this->makeWhereFromFiltres(); } + $where .= $this->limitToUserRights($limitedToUserRights); + $orderby = is_null($orderby)?'entreprise_id':$orderby; $sens = is_null($sens)?'DESC':$sens; $limit = is_null($limit)?'':$this->con->limit($limit[0], $limit[1]); @@ -106,23 +108,36 @@ class commonDAOEntreprise extends commonDAO { return $liste; } + protected function limitToUserRights($user) + { + if ($user) { + return ' AND entreprise_id IN (SELECT entreprise FROM utilisateurs WHERE utilisateur_id IN(' . $user->ws_rights . ')) '; + } + return ''; + } + public function sauve($data) { global $core; $c = $this->con->openCursor('entreprises'); $c->nom = $data['nom']; - $c->date_creation = time(); + $c->adresse = $data['adresse']; $c->code_postal = $data['code_postal']; $c->ville = $data['ville']; $c->pays = $data['pays']; $c->tva_intra = $data['tva_intra']; $c->adresse_facturation = $data['adresse_facturation']; - $c->ws_admin = $data['ws_admin']; - $c->ws_grade = $data['ws_grade']; + if (isset($data['ws_admin'])) { + $c->ws_admin = $data['ws_admin']; + } + if (isset($data['ws_grade'])) { + $c->ws_grade = $data['ws_grade']; + } if ($data['entreprise_id'] == 'new' || $data['entreprise_id'] == '') { + $c->date_creation = TIME; $entreprise_id = $c->entreprise_id = $this->getNextId(); $c->insert(); } else { @@ -143,9 +158,9 @@ class commonDAOEntreprise extends commonDAO { return true; } - public function count() + public function count($limitedToUserRights = false) { - $r = $this->con->select('SELECT COUNT(*) AS nb FROM entreprises_vue WHERE ' . $this->makeWhereFromFiltres()); + $r = $this->con->select('SELECT COUNT(*) AS nb FROM entreprises_vue WHERE ' . $this->makeWhereFromFiltres() . ' ' . $this->limitToUserRights($limitedToUserRights)); return $r->nb; } diff --git a/inc/commons/DAO/class.common.dao.utilisateur.php b/inc/commons/DAO/class.common.dao.utilisateur.php index d81874454..d565ada13 100644 --- a/inc/commons/DAO/class.common.dao.utilisateur.php +++ b/inc/commons/DAO/class.common.dao.utilisateur.php @@ -51,6 +51,9 @@ class commonDAOUtilisateur extends commonDAO { if (isset($r->ws_grade)) { $utilisateur->ws_grade = $r->ws_grade; } + if (isset($r->ws_rights)) { + $utilisateur->ws_rights = $r->ws_rights; + } return $utilisateur; } @@ -123,10 +126,10 @@ class commonDAOUtilisateur extends commonDAO { return $r->utilisateur_id + 1; } - protected function getQueryList($table, $orderby = null, $sens = null, $limit = null, $where = null) + protected function getQueryList($table, $orderby = null, $sens = null, $limit = null, $where = null, $limitedToUserRights = false) { $wherec = $where; - $where = ''; + $where = '('; if (!is_null($this->q)) { $where = ''; @@ -138,19 +141,28 @@ class commonDAOUtilisateur extends commonDAO { } else { $where = $this->makeWhereFromFiltres(); } - $where .= ' ' . $wherec; + $where .= ' ' . $wherec . ' )'; + $where .= $this->limitToUserRights($limitedToUserRights); $orderby = is_null($orderby)?'utilisateur_id':$orderby; $sens = is_null($sens)?'DESC':$sens; $limit = is_null($limit)?'':$this->con->limit($limit[0], $limit[1]); $sql = 'SELECT * FROM ' . $table . ' WHERE (' . $where . ') ORDER BY ' . $orderby . ' ' . $sens . ' ' . $limit; + fb($sql); return $sql; } - public function getListe($orderby = null, $sens = null, $limit = null, $where = null) + protected function limitToUserRights($user) { - $sql = $this->getQueryList('utilisateurs_entreprise', $orderby, $sens, $limit, $where); - fb($sql); + if ($user) { + return ' AND utilisateur_id IN (' . $user->ws_rights . ')'; + } + return ''; + } + + public function getListe($orderby = null, $sens = null, $limit = null, $where = null, $limitedToUserRights = false) + { + $sql = $this->getQueryList('utilisateurs_entreprise', $orderby, $sens, $limit, $where, $limitedToUserRights); $r = $this->con->select($sql); return $this->factory($r); } diff --git a/inc/commons/Metier/class.common.utilisateur.php b/inc/commons/Metier/class.common.utilisateur.php index c29fd620a..ec731e90b 100644 --- a/inc/commons/Metier/class.common.utilisateur.php +++ b/inc/commons/Metier/class.common.utilisateur.php @@ -26,6 +26,7 @@ class commonUtilisateur extends cubeMetier { protected $ws_admin; protected $ws_grade; protected $ws_settings; + protected $ws_rights; public function getEmail() { diff --git a/inc/commons/class.common.url.php b/inc/commons/class.common.url.php index d972b4d83..9d61c3654 100644 --- a/inc/commons/class.common.url.php +++ b/inc/commons/class.common.url.php @@ -183,21 +183,21 @@ class commonUrl { } elseif ($args[1] == 'book') { $dao = new wsDAOBook($core->con); $dao->setSearch($q, true); - $books = $dao->getListe('date', 'DESC', 15); + $books = $dao->getListe('date', 'DESC', 15, $core->user); foreach($books as $book) { $suggestions[] = $book->book_id . ' - ' . $book->nom; } } elseif ($args[1] == 'wsuser') { $dao = new commonDAOClient($core->con); $dao->setSearch($q, true); - $clients = $dao->getListe(); + $clients = $dao->getListe('utilisateur_id','ASC',null,null,' AND ws_grade>0',$core->user); foreach($clients as $client) { $suggestions[] = $client->utilisateur_id . ' - ' . $client->rs . ' (' . $client->prenom . ' ' . $client->nom . ')'; } } elseif ($args[1] == 'wsadmin') { $dao = new commonDAOUtilisateur($core->con); $dao->setSearch($q, true); - $clients = $dao->getListe('utilisateur_id', 'ASC', null, null, 'AND ws_grade>=2'); + $clients = $dao->getListe('utilisateur_id', 'ASC', null, null, 'AND ws_grade>2',$core->user); foreach($clients as $client) { $suggestions[] = $client->utilisateur_id . ' - ' . $client->rs . ' (' . $client->prenom . ' ' . $client->nom . ')'; } diff --git a/inc/ws/Controlleur/class.ws.url.php b/inc/ws/Controlleur/class.ws.url.php index c82a79a23..d55efa65c 100644 --- a/inc/ws/Controlleur/class.ws.url.php +++ b/inc/ws/Controlleur/class.ws.url.php @@ -41,7 +41,7 @@ class wsUrl { $dao->setSearch($settings['search']); } $dao->setFiltres($settings['filtres']); - $liste = $dao->getListe($settings['orderby'], $settings['sens'], $settings['limit']); + $liste = $dao->getListe($settings['orderby'], $settings['sens'], $settings['limit'], $core->user); $res = ''; $res .= ''; @@ -103,7 +103,7 @@ class wsUrl { if (!isset($settings['search']) || is_null($settings['search'])) { $odd = cubeMath::isOdd($i)?' class="odd"':''; $res .= ''; } @@ -344,10 +344,16 @@ html{height:100%}' . "\n"; return $res; } - public static function changeBookProprietaire() + public static function changeBookProprietaire($book_id) { + global $core; commonDroits::min(3); - $res = ''; + + $dao=new wsDAOBook($core->con); + $book=$dao->selectById($book_id); + + $res = ''; + $res .= ''; return $res; } @@ -440,7 +446,7 @@ html{height:100%}' . "\n"; $dao->setSearch($settings['search']); } $dao->setFiltres($settings['filtres']); - $liste = $dao->getListe($settings['orderby'], $settings['sens'], $settings['limit']); + $liste = $dao->getListe($settings['orderby'], $settings['sens'], $settings['limit'], $core->user); $res = '
' . commonUrl::orderby('#', 'book_id', $settings, 'sort' . $change) . ''; - $res .= commonPage::pager($settings['page'], $dao->count() , $settings['par_page'], 'page' . $change . '/%d'); + $res .= commonPage::pager($settings['page'], $dao->count($core->user) , $settings['par_page'], 'page' . $change . '/%d'); $res .= commonUrl::formParPage('parPage' . $change, $settings['par_page'], __('publications'), false); $res .= '
' . __('Rechercher un utilisateur') . ' : ' . form::field('book_proprietaire', 64, 1024) . form::hidden('proprietaire', '') . '
' . __('Propriétaire actuel') . ' : '.$book->proprietaire.'
' . __('Rechercher un utilisateur') . ' : ' . form::field('book_proprietaire', 64, 1024) . form::hidden('proprietaire', '') . '
'; $res .= ''; @@ -473,7 +479,7 @@ html{height:100%}' . "\n"; if (!isset($settings['search']) || is_null($settings['search'])) { $odd = cubeMath::isOdd($i)?' class="odd"':''; $res .= ''; } @@ -501,25 +507,28 @@ html{height:100%}' . "\n"; $res .= ''; $res .= ''; $res .= ''; - $res .= ''; - $res .= ''; - if ($entreprise_id == 'new' || !$client->ws_admin) { - $class = 'empty-field'; - $default_id = ''; - $default = __('Entrez le nom du revendeur ou de l\'administrateur'); - } else { - $class = ''; - $default_id = $client->ws_admin; - $wsa = $daoUtilisateur->selectById($client->ws_admin, 'utilisateurs_entreprise'); - $default = $wsa->utilisateur_id . ' - ' . $wsa->rs . ' (' . $wsa->prenom . ' ' . $wsa->nom . ')'; - } + // Bloc Fluidbook Workshop + if (wsDroits::admin(false)) { + $res .= ''; + $res .= ''; + if ($entreprise_id == 'new' || !$client->ws_admin) { + $class = 'empty-field'; + $default_id = ''; + $default = __('Entrez le nom du revendeur ou de l\'administrateur'); + } else { + $class = ''; + $default_id = $client->ws_admin; + $wsa = $daoUtilisateur->selectById($client->ws_admin, 'utilisateurs_entreprise'); + $default = $wsa->utilisateur_id . ' - ' . $wsa->rs . ' (' . $wsa->prenom . ' ' . $wsa->nom . ')'; + } - $d = $dao->getWSDatas($entreprise_id); + $d = $dao->getWSDatas($entreprise_id); - $res .= ''; - if (!is_null($d)) { - $res .= ''; - $res .= ''; + $res .= ''; + if (!is_null($d)) { + $res .= ''; + $res .= ''; + } } if ($entreprise_id == 'new') { $daoContact = new commonDAOClient($core->con); @@ -594,18 +603,6 @@ html{height:100%}' . "\n"; } return $res; } - - public static function formNotes($utilisateur_id) - { - global $core; - commonDroits::min(5); - $dao = new commonDAOUtilisateur($core->con); - $utilisateur = $dao->selectById($utilisateur_id); - $res = ''; - $res .= ''; - $res .= ''; - return $res; - } } ?> \ No newline at end of file diff --git a/inc/ws/DAO/class.ws.dao.book.php b/inc/ws/DAO/class.ws.dao.book.php index 124a83428..db543f498 100644 --- a/inc/ws/DAO/class.ws.dao.book.php +++ b/inc/ws/DAO/class.ws.dao.book.php @@ -154,9 +154,11 @@ class wsDAOBook extends commonDAO { return $this->con->execute('DELETE FROM books WHERE book_id=\'' . $this->con->escape($book_id) . '\''); } - public function count() + public function count($limitedToUserRights = false) { - $r = $this->con->select('SELECT COUNT(*) AS nb FROM books WHERE ' . $this->makeWhereFromFiltres()); + $where = '(' . $this->makeWhereFromFiltres() . ')'; + $where .= $this->limitToUserRights($limitedToUserRights); + $r = $this->con->select('SELECT COUNT(*) AS nb FROM books WHERE ' . $where); return $r->nb; } @@ -252,10 +254,10 @@ class wsDAOBook extends commonDAO { $this->con->execute('UPDATE book_pages SET book_page=book_page' . $decalage . ' WHERE book_page>' . $this->con->escape($after_page) . ' AND book_id=\'' . $this->con->escape($book_id) . '\''); } - public function getListe($orderby = null, $sens = null, $limit = null) + public function getListe($orderby = null, $sens = null, $limit = null, $limitedToUserRights = false) { if (!is_null($this->q)) { - $where = ''; + $where = '('; if ($this->search_id) { $where .= ' book_id=\'' . $this->con->escape($this->q) . '\' OR '; } @@ -263,9 +265,12 @@ class wsDAOBook extends commonDAO { $daoClient = new commonDAOClient($this->con); $where .= ' OR proprietaire_id IN(' . $daoClient->querySearchByName($this->q) . ')'; $limit = null; + $where .= ')'; } else { - $where = $this->makeWhereFromFiltres(); + $where = '(' . $this->makeWhereFromFiltres() . ')'; } + $where .= $this->limitToUserRights($limitedToUserRights); + $orderby = is_null($orderby)?'book_id':$orderby; $sens = is_null($sens)?'DESC':$sens; $limit = is_null($limit)?'':$this->con->limit($limit); @@ -275,6 +280,14 @@ class wsDAOBook extends commonDAO { return $this->factory($r); } + protected function limitToUserRights($utilisateur) + { + if ($utilisateur) { + return ' AND proprietaire IN (' . $utilisateur->ws_rights . ')'; + } + return ''; + } + protected function makeWhereFromFiltres() { if (!is_null($this->filtres)) { -- 2.39.5
' . commonUrl::orderby('#', 'entreprise_id', $settings, 'sort' . $change) . ''; - $res .= commonPage::pager($settings['page'], $dao->count() , $settings['par_page'], 'page' . $change . '/%d'); + $res .= commonPage::pager($settings['page'], $dao->count($core->user) , $settings['par_page'], 'page' . $change . '/%d'); $res .= commonUrl::formParPage('parPage' . $change, $settings['par_page'], __('clients')); $res .= '
' . __('Pays') . '' . form::combo('pays', cubeCountry::getList(), $client->pays) . '
' . __('Adresse de facturation') . '' . form::textarea('adresse_facturation', 40, 3, $client->adresse_facturation) . '
' . __('Numéro de TVA intracommunautaire') . '' . form::field('tva_intra', 15, 13, $client->tva_intra) . '
' . __('Fluidbook Workshop') . '
' . __('Grade') . '' . form::combo('ws_grade', array_flip($core->ws_grades), $client->ws_grade) . '
' . __('Fluidbook Workshop') . '
' . __('Grade') . '' . form::combo('ws_grade', array_flip($core->ws_grades), $client->ws_grade) . '
' . __('Revendeur / Administrateur') . '' . form::field('ws_admin_nom', 60, 128, $default, $class) . form::hidden('ws_admin', $default_id) . '
' . __('Entité facturable') . '' . $d->facturable->prenom . ' ' . $d->facturable->nom . ' (' . $d->facturable->rs . ')
' . __('Administrateur responsable') . '' . $d->administrateur->prenom . ' ' . $d->administrateur->nom . ' (' . $d->administrateur->rs . ')
' . __('Revendeur / Administrateur') . '' . form::field('ws_admin_nom', 60, 128, $default, $class) . form::hidden('ws_admin', $default_id) . '
' . __('Entité facturable') . '' . $d->facturable->prenom . ' ' . $d->facturable->nom . ' (' . $d->facturable->rs . ')
' . __('Administrateur responsable') . '' . $d->administrateur->prenom . ' ' . $d->administrateur->nom . ' (' . $d->administrateur->rs . ')
' . form::hidden('utilisateur_id', $utilisateur_id) . '
' . form::textarea('notes', 100, 30, $utilisateur->notes) . '