Hi, voici encore un patch, avec:
- isproduct() et isservice() fonctions dans product.class.php et l'utiliser partout - contrôle qu'on peut pas créer un loop pour des sous-produits (sousproduits/fiche.php) - "bug" 18800 - contrôle d'accession dans document.php (la manière est toujours discutable, mais cela fonctionne) - contrôle d'accession dans commande.fiche.php - dans commande/fiche.php il-y-a le code $action = ''; D'après-moi, cela n'est pas correcte, mais je laisse ça à vous (j'ai corrigé cela dans le patch, mais peut-être ce n'est pas correcte) - meilleure contrôle dans compta/facture.php, sinon on a un erreur sql sur l'écran au lieu de "access denied" Franky
diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/adherents/adherent.class.php /var/www/localhost/htdocs/dolibarr/htdocs/adherents/adherent.class.php --- orig/dolibarr/htdocs/adherents/adherent.class.php 2007-01-16 23:02:36.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/adherents/adherent.class.php 2007-01-24 10:26:26.000000000 +0100 @@ -157,7 +158,7 @@ $this->nom, $infos, $infos, - "http://".$_SERVER["SERVER_NAME"]."/";, + DOL_MAIN_URL_ROOT, $this->societe, $this->adresse, $this->cp, diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/comm/propal.php /var/www/localhost/htdocs/dolibarr/htdocs/comm/propal.php --- orig/dolibarr/htdocs/comm/propal.php 2007-01-29 12:04:23.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/comm/propal.php 2007-01-31 13:51:03.000000000 +0100 @@ -54,7 +55,6 @@ $year=isset($_GET["year"])?$_GET["year"]:""; $month=isset($_GET["month"])?$_GET["month"]:""; - // Sécurité accés client $socid=''; if ($_GET["socid"]) { $socid=$_GET["socid"]; } @@ -102,6 +102,7 @@ $form=new Form($db); + /******************************************************************************/ /* Actions */ /******************************************************************************/ @@ -316,9 +317,12 @@ { $propal = new Propal($db); $propal->fetch($_GET['propalid']); + // prevent browser refresh from closing proposal several times + if ($propal->statut==1) { $propal->cloture($user, $_POST['statut'], $_POST['note']); } } +} /* * Envoi de la propale par mail diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/commande/fiche.php /var/www/localhost/htdocs/dolibarr/htdocs/commande/fiche.php --- orig/dolibarr/htdocs/commande/fiche.php 2007-01-29 12:04:23.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/commande/fiche.php 2007-01-27 10:08:15.000000000 +0100 @@ -57,10 +58,20 @@ $socid=0; if ($user->societe_id > 0) { - $action = ''; + unset($_GET["action"]); + unset($_POST["action"]); + unset($_REQUEST["action"]); $socid = $user->societe_id; } +if ($user->societe_id >0 && isset($_GET["id"]) && $_GET["id"]>0) { + $commande = new Commande($db); + $commande->fetch((int)$_GET['id']); + if ($user->societe_id != $commande->socid) { + accessforbidden(); + } +} + diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/compta/facture.php /var/www/localhost/htdocs/dolibarr/htdocs/compta/facture.php --- orig/dolibarr/htdocs/compta/facture.php 2007-01-29 12:04:23.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/compta/facture.php 2007-01-24 16:51:19.000000000 +0100 @@ -1608,8 +1609,10 @@ if ($mesg) print $mesg.'<br>'; $fac = New Facture($db); - if ( $fac->fetch($_GET['facid'], $user->societe_id) > 0) + if ($fac->fetch($_GET['facid'])) { + if ($user->societe_id>0 && $user->societe_id!=$fac->socid) accessforbidden('',0); + $soc = new Societe($db, $fac->socid); $soc->fetch($fac->socid); $absolute_discount=$soc->getCurrentDiscount(); diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/document.php /var/www/localhost/htdocs/dolibarr/htdocs/document.php --- orig/dolibarr/htdocs/document.php 2007-01-07 21:40:36.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/document.php 2007-01-24 16:32:07.000000000 +0100 @@ -31,9 +31,12 @@ require_once("main.inc.php"); - -// C'est un wrapper, donc header vierge -function llxHeader() { } +function llxHeader() { + global $user,$langs; + top_menu($head, $title); + $menu = new Menu(); + left_menu($menu->liste); +} $action = $_GET["action"]; @@ -54,6 +57,8 @@ //Suppression de la chaine de caractère ../ dans $original_file $original_file = str_replace("../","/", "$original_file"); +# find the subdirectory name as the reference +$refname=basename(dirname($original_file)."/"); $accessallowed=0; if ($modulepart) @@ -101,6 +106,7 @@ { $accessallowed=1; } + $original_file=$conf->propal->dir_output.'/'.$original_file; } // Wrapping pour les commandes @@ -290,6 +296,18 @@ } +// basic protection +// I hope all tables have the same name as $modulepart +// and also the columns "fk_soc" and "ref" +$sql = "SELECT fk_soc FROM ".MAIN_DB_PREFIX."$modulepart WHERE ref='$refname'"; +$resql = $db->query($sql); +if ($resql) { + $obj = $db->fetch_object($resql); + $num=$db->num_rows($resql); + if ($num>0 && $user->societe_id>0 && $user->societe_id != $obj->fk_soc) + $accessallowed=0; +} + // Limite accès si droits non corrects if (! $accessallowed) { diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php /var/www/localhost/htdocs/dolibarr/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php --- orig/dolibarr/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php 2006-12-24 02:42:10.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/expedition/mods/pdf/pdf_expedition_rouget.modules.php 2007-01-24 10:26:26.000000000 +0100 @@ -231,10 +232,10 @@ if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/includes/boxes/box_produits.php /var/www/localhost/htdocs/dolibarr/htdocs/includes/boxes/box_produits.php --- orig/dolibarr/htdocs/includes/boxes/box_produits.php 2006-06-18 03:34:16.000000000 +0200 +++ /var/www/localhost/htdocs/dolibarr/htdocs/includes/boxes/box_produits.php 2007-01-24 10:26:26.000000000 +0100 @@ -107,7 +108,7 @@ $this->info_box_contents[$i][0] = array( 'align' => 'left', - 'logo' => ($objp->fk_product_type?'object_service':'object_product'), + 'logo' => ($objp->fk_product_type==1?'object_service':'object_product'), 'text' => $objp->label, 'url' => DOL_URL_ROOT."/product/fiche.php?id=".$objp->rowid); diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/includes/boxes/box_services_vendus.php /var/www/localhost/htdocs/dolibarr/htdocs/includes/boxes/box_services_vendus.php --- orig/dolibarr/htdocs/includes/boxes/box_services_vendus.php 2006-06-18 03:34:16.000000000 +0200 +++ /var/www/localhost/htdocs/dolibarr/htdocs/includes/boxes/box_services_vendus.php 2007-01-24 10:26:26.000000000 +0100 @@ -117,7 +118,7 @@ } $this->info_box_contents[$i][0] = array('align' => 'left', - 'logo' => ($objp->fk_product_type?'object_service':'object_product'), + 'logo' => ($objp->fk_product_type==1?'object_service':'object_product'), 'text' => $objp->label, 'maxlength' => 16, 'url' => DOL_URL_ROOT."/contrat/fiche.php?id=".$objp->rowid); diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/includes/modules/commande/pdf_einstein.modules.php /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/commande/pdf_einstein.modules.php --- orig/dolibarr/htdocs/includes/modules/commande/pdf_einstein.modules.php 2006-12-16 17:38:10.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/commande/pdf_einstein.modules.php 2007-01-24 10:26:26.000000000 +0100 @@ -238,10 +239,10 @@ if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/includes/modules/facture/pdf_crabe.modules.php /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/facture/pdf_crabe.modules.php --- orig/dolibarr/htdocs/includes/modules/facture/pdf_crabe.modules.php 2006-12-24 22:43:28.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/facture/pdf_crabe.modules.php 2007-01-24 10:26:26.000000000 +0100 @@ -232,10 +233,10 @@ if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/includes/modules/propale/pdf_propale_azur.modules.php /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/propale/pdf_propale_azur.modules.php --- orig/dolibarr/htdocs/includes/modules/propale/pdf_propale_azur.modules.php 2006-12-24 22:43:00.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/includes/modules/propale/pdf_propale_azur.modules.php 2007-01-24 10:26:26.000000000 +0100 @@ -230,10 +231,10 @@ if ($prodser->ref) { $prefix_prodserv = ""; - if($prodser->type == 0) - $prefix_prodserv = $outputlangs->transnoentities("Product")." "; - if($prodser->type == 1) + if($prodser->isservice()) $prefix_prodserv = $outputlangs->transnoentities("Service")." "; + else + $prefix_prodserv = $outputlangs->transnoentities("Product")." "; $libelleproduitservice=$prefix_prodserv.$prodser->ref." - ".$libelleproduitservice; } diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/lib/functions.inc.php /var/www/localhost/htdocs/dolibarr/htdocs/lib/functions.inc.php --- orig/dolibarr/htdocs/lib/functions.inc.php 2007-01-21 23:31:20.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/lib/functions.inc.php 2007-01-24 15:39:16.000000000 +0100 @@ -1242,12 +1242,12 @@ \param message Force error message \remarks L'appel a cette fonction termine le code. */ -function accessforbidden($message='') +function accessforbidden($message='',$printheader=1) { global $user, $langs; $langs->load("other"); - llxHeader(); + if ($printheader) llxHeader(); print '<div class="error">'; if (! $message) print $langs->trans("ErrorForbidden"); else print $message; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/lib/product.lib.php /var/www/localhost/htdocs/dolibarr/htdocs/lib/product.lib.php --- orig/dolibarr/htdocs/lib/product.lib.php 2007-01-02 16:30:33.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/lib/product.lib.php 2007-01-24 10:26:26.000000000 +0100 @@ -57,7 +58,7 @@ $h++; } - if($product->type == 0) + if($product->isproduct()) { if ($user->rights->barcode->lire) { @@ -113,7 +114,7 @@ $head[$h][2] = 'documents'; $h++; - if($product->type == 0) // Si produit stockable + if($product->isproduct()) // Si produit stockable { if ($conf->stock->enabled) { diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/master.inc.php /var/www/localhost/htdocs/dolibarr/htdocs/master.inc.php --- orig/dolibarr/htdocs/master.inc.php 2006-12-11 22:22:30.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/master.inc.php 2007-01-24 10:26:26.000000000 +0100 @@ -75,6 +76,7 @@ define('DOL_DOCUMENT_ROOT', $dolibarr_main_document_root); define('DOL_DATA_ROOT', $dolibarr_main_data_root); +define('DOL_MAIN_URL_ROOT', $dolibarr_main_url_root); $uri=eregi_replace('^http(s?)://','',$dolibarr_main_url_root); $pos = strstr ($uri, '/'); // $pos contient alors url sans nom domaine if ($pos == '/') $pos = ''; // si $pos vaut /, on le met a '' diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/barcode.php /var/www/localhost/htdocs/dolibarr/htdocs/product/barcode.php --- orig/dolibarr/htdocs/product/barcode.php 2007-01-02 16:23:19.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/barcode.php 2007-01-24 10:26:26.000000000 +0100 @@ -40,9 +41,6 @@ if (!$user->rights->barcode->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * Affiche historique prix */ diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/canvas/product.livre.class.php /var/www/localhost/htdocs/dolibarr/htdocs/product/canvas/product.livre.class.php --- orig/dolibarr/htdocs/product/canvas/product.livre.class.php 2007-01-29 12:04:25.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/canvas/product.livre.class.php 2007-01-29 14:01:34.000000000 +0100 @@ -447,7 +447,7 @@ */ function LoadListDatas($limit, $offset, $sortfield, $sortorder) { - $sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, p.fk_product_type,'; + $sql = 'SELECT p.rowid, p.ref, p.label, pl.px_feuillet as price, '; $sql.= ' p.duration, p.envente as statut, p.stock_loc'; $sql.= ',pl.pages'; $sql.= ',SUM(fd.qty) as ventes'; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/fournisseurs.php /var/www/localhost/htdocs/dolibarr/htdocs/product/fournisseurs.php --- orig/dolibarr/htdocs/product/fournisseurs.php 2007-01-02 16:27:51.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/fournisseurs.php 2007-01-24 14:34:34.000000000 +0100 @@ -46,10 +47,6 @@ if (! $user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - /* * Actions */ @@ -276,9 +273,10 @@ print '<br>'; + if ($user->rights->fournisseur->lire) { // Titre liste des fournisseurs print '<table class="noborder" width="100%">'; - if ($product->type == 0) $nblignefour=4; + if ($product->isproduct()) $nblignefour=4; else $nblignefour=4; print '<tr class="liste_titre"><td valign="top">'; print $langs->trans("Suppliers").'</td>'; @@ -297,6 +295,7 @@ $sql.= " WHERE pf.fk_soc = s.idp AND pf.fk_product = ".$product->id; $sql.= " ORDER BY lower(s.nom), pfp.quantity"; + $resql=""; $resql=$db->query($sql); if ($resql) { @@ -355,6 +354,7 @@ } } } +} else { print $langs->trans("ErrorUnknown"); diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/index.php /var/www/localhost/htdocs/dolibarr/htdocs/product/index.php --- orig/dolibarr/htdocs/product/index.php 2007-01-29 12:04:25.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/index.php 2007-01-24 10:26:26.000000000 +0100 @@ -161,7 +162,10 @@ else print img_object($langs->trans("ShowProduct"),"product"); print "</a> <a href=\"fiche.php?id=$objp->rowid\">$objp->ref</a></td>\n"; print '<td>'.dolibarr_trunc($objp->label,40).'</td>'; - print '<td>'.$staticproduct->typeprodser[$objp->fk_product_type]."</td>"; + print "<td>"; + if ($objp->type==1) print $langs->trans("ShowService"); + else print $langs->trans("ShowProduct"); + print "</td>"; print '<td align="right" nowrap="nowrap">'; print $staticproduct->LibStatut($objp->envente,5); print "</td>"; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/liste.php /var/www/localhost/htdocs/dolibarr/htdocs/product/liste.php --- orig/dolibarr/htdocs/product/liste.php 2007-01-29 12:04:25.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/liste.php 2007-01-24 10:26:26.000000000 +0100 @@ -87,8 +88,7 @@ if (isset($_GET["type"]) || isset($_POST["type"])) { - $type=isset($_GET["type"])?$_GET["type"]:$_POST["type"]; - if ($type) { $texte = $langs->trans("Services"); } + if ($type==1) { $texte = $langs->trans("Services"); } else { $texte = $langs->trans("Products"); } } else { $texte = $langs->trans("ProductsAndServices"); @@ -116,9 +116,14 @@ { $sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')"; } +# if the type is not 1, we show all products (type = 0,2,3) if (strlen($_GET["type"]) || strlen($_POST["type"])) { - $sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]); + if ($type==1) { + $sql .= " AND p.fk_product_type = '1'"; + } else { + $sql .= " AND p.fk_product_type <> '1'"; + } } if ($sref) { diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/photos.php /var/www/localhost/htdocs/dolibarr/htdocs/product/photos.php --- orig/dolibarr/htdocs/product/photos.php 2007-01-02 16:27:51.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/photos.php 2007-01-24 10:26:26.000000000 +0100 @@ -45,10 +46,6 @@ if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - /* * Actions */ diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/popuprop.php /var/www/localhost/htdocs/dolibarr/htdocs/product/popuprop.php --- orig/dolibarr/htdocs/product/popuprop.php 2007-01-29 12:04:25.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/popuprop.php 2007-01-24 10:26:26.000000000 +0100 @@ -116,7 +117,10 @@ else print img_object($langs->trans("ShowProduct"),"product"); print " "; print $objp->ref.'</a></td>'; - print '<td>'.$staticproduct->typeprodser[$objp->fk_product_type].'</td>'; + print '<td>'; + if ($objp->type==1) print $langs->trans("ShowService"); + else print $langs->trans("ShowProduct"); + print '</td>'; print '<td>'.$objp->label.'</td>'; print '<td align="right">'.$objp->c.'</td>'; print "</tr>\n"; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/price.php /var/www/localhost/htdocs/dolibarr/htdocs/product/price.php --- orig/dolibarr/htdocs/product/price.php 2007-01-05 13:37:52.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/price.php 2007-01-24 10:26:26.000000000 +0100 @@ -42,9 +43,6 @@ if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - $html = new Form($db); /* diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/reassort.php /var/www/localhost/htdocs/dolibarr/htdocs/product/reassort.php --- orig/dolibarr/htdocs/product/reassort.php 2007-01-29 12:04:25.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/reassort.php 2007-01-24 10:26:26.000000000 +0100 @@ -101,9 +102,11 @@ { $sql .= " AND (p.ref like '%".addslashes($sall)."%' OR p.label like '%".addslashes($sall)."%' OR p.description like '%".addslashes($sall)."%' OR p.note like '%".addslashes($sall)."%')"; } -if (strlen($_GET["type"]) || strlen($_POST["type"])) +if ($type==1) { - $sql .= " AND p.fk_product_type = ".(strlen($_GET["type"])?$_GET["type"]:$_POST["type"]); + $sql .= " AND p.fk_product_type = '1'; +} else + $sql .= " AND p.fk_product_type <> '1'; } if ($sref) { @@ -154,8 +157,7 @@ if (isset($_GET["type"]) || isset($_POST["type"])) { - $type=isset($_GET["type"])?$_GET["type"]:$_POST["type"]; - if ($type) { $texte = $langs->trans("Services"); } + if ($type==1) { $texte = $langs->trans("Services"); } else { $texte = $langs->trans("Products"); } } else { $texte = $langs->trans("ProductsAndServices"); @@ -189,7 +191,7 @@ print_liste_field_titre($langs->trans("Ref"),"reassort.php", "p.ref","&envente=$envente".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","","",$sortfield); print_liste_field_titre($langs->trans("Label"),"reassort.php", "p.label","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","","",$sortfield); print_liste_field_titre($langs->trans("StockAvailable"),"reassort.php", "p.stock_dispo","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); - if ($conf->service->enabled && $type != 0) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="center"',$sortfield); + if ($conf->service->enabled && $type == 1) print_liste_field_titre($langs->trans("Duration"),"reassort.php", "p.duration","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="center"',$sortfield); print_liste_field_titre($langs->trans("StockInstant"),"reassort.php", "stock","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); print_liste_field_titre($langs->trans("Status"),"reassort.php", "p.envente","&envente=$envente&".(isset($type)?"&type=$type":"")."&fourn_id=$fourn_id&snom=$snom&sref=$sref","",'align="right"',$sortfield); print "</tr>\n"; @@ -206,7 +208,7 @@ print '<td class="liste_titre" valign="right">'; print '<input class="flat" type="text" name="snom" value="'.$snom.'">'; print '</td>'; - if ($conf->service->enabled && $type != 0) + if ($conf->service->enabled && $type == 1) { print '<td class="liste_titre">'; print ' '; @@ -265,7 +267,7 @@ print '<a href="fiche.php?id='.$objp->rowid.'">'.$objp->ref.'</a></td>'; print '<td>'.$objp->label.'</td>'; - if ($conf->service->enabled && $type != 0) + if ($conf->service->enabled && $type == 1) { print '<td align="center">'; if (eregi('([0-9]+)y',$objp->duration,$regs)) print $regs[1].' '.$langs->trans("DurationYear"); diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/sousproduits/fiche.php /var/www/localhost/htdocs/dolibarr/htdocs/product/sousproduits/fiche.php --- orig/dolibarr/htdocs/product/sousproduits/fiche.php 2007-01-02 16:27:51.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/sousproduits/fiche.php 2007-01-24 10:26:26.000000000 +0100 @@ -59,8 +60,6 @@ if (!$user->rights->produit->lire) accessforbidden(); $html = new Form($db); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); // Action association d'un sousproduit if ($action == 'add_prod' && @@ -102,7 +101,8 @@ // action recherche des produits par mot-clé et/ou par catégorie if($action == 'search' ) { - $sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type'; + #$sql = 'SELECT p.rowid, p.ref, p.label, p.price, p.fk_product_type'; + $sql = 'SELECT p.rowid, p.ref, p.label, p.price'; $sql.= ' FROM '.MAIN_DB_PREFIX.'product as p'; if($conf->categorie->enabled && $catMere != -1) { @@ -160,8 +160,8 @@ print "<tr>"; $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; // Reference print '<td width="15%">'.$langs->trans("Ref").'</td><td>'; @@ -220,7 +220,11 @@ if (($action == 'edit' || $action == 'search' || $action == 're-edit') && $user->rights->produit->creer) { - print_fiche_titre($langs->trans('EditAssociate').' '.$types[$product->type].' : '.$product->ref, ""); + if ($product->isservice()) { + print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Service').' : '.$product->ref, ""); + } else { + print_fiche_titre($langs->trans('EditAssociate').' '.$langs->trans('Product').' : '.$product->ref, ""); + } if ($mesg) { print '<br><div class="error">'.$mesg.'</div><br>'; @@ -231,8 +235,8 @@ print "<tr>"; $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; // Reference print '<td width="15%">'.$langs->trans("Ref").'</td><td>'; @@ -294,6 +298,25 @@ $objp = $db->fetch_object($resql); if($objp->rowid != $id) { + // check if a product is not already a parent product of this one + $prod_arbo=new Product($db,$objp->rowid); + if ($prod_arbo->type==2 || $prod_arbo->type==3) { + $is_pere=0; + $prod_arbo->get_sousproduits_arbo (); + // associations sousproduits + $prods_arbo = $prod_arbo->get_arbo_each_prod(); + if(sizeof($prods_arbo) > 0) { + foreach($prods_arbo as $key => $value) { + if ($value[1]==$id) { + $is_pere=1; + } + } + } + if ($is_pere==1) { + $i++; + continue; + } + } print "\n<tr>"; print '<td>'.$objp->ref.'</td>'; print '<td>'.$objp->label.'</td>'; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/stats/fiche.php /var/www/localhost/htdocs/dolibarr/htdocs/product/stats/fiche.php --- orig/dolibarr/htdocs/product/stats/fiche.php 2007-01-14 14:56:56.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/stats/fiche.php 2007-01-24 10:26:26.000000000 +0100 @@ -39,9 +40,6 @@ $langs->load("products"); $langs->load("bills"); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - if ($user->societe_id > 0) { $action = ''; @@ -104,7 +102,7 @@ print '</td></tr>'; // Stock - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print '<tr><td>'.$langs->trans("Stock").'</td>'; if ($product->no_stock) diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/stats/index.php /var/www/localhost/htdocs/dolibarr/htdocs/product/stats/index.php --- orig/dolibarr/htdocs/product/stats/index.php 2006-08-19 01:16:40.000000000 +0200 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/stats/index.php 2007-01-24 10:26:26.000000000 +0100 @@ -47,7 +48,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } -$sql .= " WHERE p.fk_product_type = 0"; +$sql .= " WHERE p.fk_product_type <> 1"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -65,7 +66,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } -$sql .= " WHERE p.envente = 0 AND p.fk_product_type = 0"; +$sql .= " WHERE p.envente = 0 AND p.fk_product_type <> '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -111,7 +112,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } - $sql .= " WHERE p.fk_product_type = 1"; + $sql .= " WHERE p.fk_product_type = '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; @@ -129,7 +130,7 @@ $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie_product as cp ON cp.fk_product = p.rowid"; $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."categorie as c ON cp.fk_categorie = c.rowid"; } - $sql .= " WHERE p.envente = 0 AND p.fk_product_type = 1"; + $sql .= " WHERE p.envente = 0 AND p.fk_product_type = '1'"; if ($conf->categorie->enabled && !$user->rights->categorie->voir) { $sql.= ' AND IFNULL(c.visible,1)=1'; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/stock/product.php /var/www/localhost/htdocs/dolibarr/htdocs/product/stock/product.php --- orig/dolibarr/htdocs/product/stock/product.php 2007-01-02 16:55:20.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/stock/product.php 2007-01-24 10:26:26.000000000 +0100 @@ -41,16 +42,12 @@ $user->getrights('produit'); $mesg = ''; -if (! $user->rights->produit->lire || ! $product->type == 0 || ! $conf->stock->enabled) +if (! $user->rights->produit->lire || ! $product->type == 0 || ! $conf->stock->enabled) { accessforbidden(); } -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - - if ($_POST["action"] == "create_stock") { $product = new Product($db); @@ -231,7 +228,9 @@ print '<option value="0">'.$langs->trans("Add").'</option>'; print '<option value="1">'.$langs->trans("Delete").'</option>'; print '</select></td>'; - print '<td width="20%">'.$langs->trans("NumberOfUnit").'</td><td width="20%"><input class="flat" name="nbpiece" size="10" value=""></td></tr>'; + print '<td width="20%">'.$langs->trans("NumberOfUnit").'</td><td width="20%"><input class="flat" name="nbpiece" size="10" value=""></td>'; + + print '</tr>'; print '<tr><td colspan="5" align="center"><input type="submit" class="button" value="'.$langs->trans('Save').'"> '; print '<input type="submit" class="button" name="cancel" value="'.$langs->trans("Cancel").'"></td></tr>'; print '</table>'; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/traduction.php /var/www/localhost/htdocs/dolibarr/htdocs/product/traduction.php --- orig/dolibarr/htdocs/product/traduction.php 2007-01-02 16:22:22.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/traduction.php 2007-01-24 10:26:26.000000000 +0100 @@ -40,9 +41,6 @@ if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * Actions */ diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product/fiche.php /var/www/localhost/htdocs/dolibarr/htdocs/product/fiche.php --- orig/dolibarr/htdocs/product/fiche.php 2007-01-14 14:56:56.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product/fiche.php 2007-01-31 14:19:57.000000000 +0100 @@ -44,9 +44,6 @@ if (!$user->rights->produit->lire) accessforbidden(); -$types[0] = $langs->trans("Product"); -$types[1] = $langs->trans("Service"); - /* * */ @@ -436,8 +433,8 @@ print '<input type="hidden" name="action" value="add">'; print '<input type="hidden" name="type" value="'.$_GET["type"].'">'."\n"; - if ($_GET["type"]==0) { $title=$langs->trans("NewProduct"); } - if ($_GET["type"]==1) { $title=$langs->trans("NewService"); } + if ($_GET["type"]==1) $title=$langs->trans("NewService"); + else $title=$langs->trans("NewProduct"); print_fiche_titre($title); print '<table class="border" width="100%">'; @@ -484,7 +481,7 @@ print '</select>'; print '</td></tr>'; - if ($_GET["type"] == 0 && $conf->stock->enabled) + if ($_GET["type"] != 1 && $conf->stock->enabled) { print '<tr><td>Seuil stock</td><td>'; print '<input name="seuil_stock_alerte" size="4" value="0">'; @@ -657,8 +654,8 @@ $nblignes=6; - if ($product->type == 0 && $conf->stock->enabled) $nblignes++; - if ($product->type == 1) $nblignes++; + if ($product->isproduct() && $conf->stock->enabled) $nblignes++; + if ($product->isservice()) $nblignes++; if ($product->is_photo_available($conf->produit->dir_output)) { // Photo @@ -734,7 +731,7 @@ print '<tr><td>'.$langs->trans("VATRate").'</td><td>'.$product->tva_tx.'%</td></tr>'; // Stock - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print '<tr><td>'.$langs->trans("Stock").'</td>'; if ($product->no_stock) @@ -759,7 +756,7 @@ print '<tr><td valign="top">'.$langs->trans("Description").'</td><td>'.nl2br($product->description).'</td></tr>'; // Durée - if ($product->type == 1) + if ($product->isservice()) { print '<tr><td>'.$langs->trans("Duration").'</td><td>'.$product->duration_value.' '; if ($product->duration_value > 1) @@ -798,7 +795,11 @@ */ if ($_GET["action"] == 'edit' && $user->rights->produit->creer) { - print_fiche_titre($langs->trans('Edit').' '.$types[$product->type].' : '.$product->ref, ""); + if ($product->isservice()) { + print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Service').' : '.$product->ref, ""); + } else { + print_fiche_titre($langs->trans('Edit').' '.$langs->trans('Product').' : '.$product->ref, ""); + } if ($mesg) { print '<br><div class="error">'.$mesg.'</div><br>'; @@ -831,7 +832,7 @@ print '<option value="0" selected="true">'.$langs->trans("NotOnSell").'</option>'; } print '</td></tr>'; - if ($product->type == 0 && $conf->stock->enabled) + if ($product->isproduct() && $conf->stock->enabled) { print "<tr>".'<td>Seuil stock</td><td colspan="2">'; print '<input name="seuil_stock_alerte" size="4" value="'.$product->seuil_stock_alerte.'">'; @@ -860,7 +861,7 @@ print "</td></tr>"; print "\n"; - if ($product->type == 1) + if ($product->isservice()) { print '<tr><td>'.$langs->trans("Duration").'</td><td colspan="2"><input name="duration_value" size="3" maxlength="5" value="'.$product->duration_value.'">'; print ' '; @@ -939,14 +940,14 @@ } /* - if ($product->type == 0 && $user->rights->commande->creer) + if ($product->isproduct() && $user->rights->commande->creer) { $langs->load('orders'); print '<a class="tabAction" href="fiche.php?action=fastappro&id='.$product->id.'">'; print $langs->trans("CreateCustomerOrder").'</a>'; } - if ($product->type == 0 && $user->rights->fournisseur->commande->creer) + if ($product->isproduct() && $user->rights->fournisseur->commande->creer) { $langs->load('orders'); print '<a class="tabAction" href="fiche.php?action=fastappro&id='.$product->id.'">'; diff -wur --ignore-matching-lines='$Id:' --ignore-matching-lines='$Revision:' --ignore-matching-lines=Copyright orig/dolibarr/htdocs/product.class.php /var/www/localhost/htdocs/dolibarr/htdocs/product.class.php --- orig/dolibarr/htdocs/product.class.php 2007-01-29 12:04:23.000000000 +0100 +++ /var/www/localhost/htdocs/dolibarr/htdocs/product.class.php 2007-01-31 14:11:30.000000000 +0100 @@ -2524,5 +2524,22 @@ { } + + function isproduct() { + if ($this->type != 1) { + return 1; + } else { + return 0; + } + } + + function isservice() { + if ($this->type==1) { + return 1; + } else { + return 0; + } + } + } ?>
_______________________________________________ Dolibarr-dev mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dolibarr-dev
