Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[6812] trunk
|
From: <aga...@us...> - 2014-08-13 18:15:00
|
Revision: 6812
http://sourceforge.net/p/web-erp/reponame/6812
Author: agaluski
Date: 2014-08-13 18:14:57 +0000 (Wed, 13 Aug 2014)
Log Message:
-----------
Add Location Based security. Fix issues with PDFDIFOT.php where some queries said '<' and 1 used '>=' Changed all to '>=' so report would show the late deliveries
Modified Paths:
--------------
trunk/ConfirmDispatch_Invoice.php
trunk/Contracts.php
trunk/Credit_Invoice.php
trunk/CustomerBranches.php
trunk/CustomerPurchases.php
trunk/DeliveryDetails.php
trunk/EmailConfirmation.php
trunk/FreightCosts.php
trunk/InternalStockRequest.php
trunk/InternalStockRequestAuthorisation.php
trunk/InternalStockRequestFulfill.php
trunk/InventoryPlanning.php
trunk/InventoryPlanningPrefSupplier.php
trunk/InventoryValuation.php
trunk/MRPCreateDemands.php
trunk/NoSalesItems.php
trunk/PDFDIFOT.php
trunk/PDFDeliveryDifferences.php
trunk/PDFOrderStatus.php
trunk/PDFOrdersInvoiced.php
trunk/PDFPeriodStockTransListing.php
trunk/PDFStockTransfer.php
trunk/PO_Header.php
trunk/PO_OrderDetails.php
trunk/PO_SelectOSPurchOrder.php
trunk/PO_SelectPurchOrder.php
trunk/PrintCustOrder.php
trunk/SelectContract.php
trunk/SelectCreditItems.php
trunk/SelectOrderItems.php
trunk/includes/Contract_Readin.php
Modified: trunk/ConfirmDispatch_Invoice.php
===================================================================
--- trunk/ConfirmDispatch_Invoice.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/ConfirmDispatch_Invoice.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -83,6 +83,7 @@
ON debtorsmaster.currcode = currencies.currabrev
INNER JOIN locations
ON locations.loccode=salesorders.fromstkloc
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE salesorders.orderno = '" . $_GET['OrderNumber']."'";
if ($_SESSION['SalesmanLogin'] != '') {
Modified: trunk/Contracts.php
===================================================================
--- trunk/Contracts.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/Contracts.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -867,7 +867,7 @@
echo '</select><a target="_blank" href="'. $RootPath . '/StockCategories.php">' . _('Add or Modify Contract Categories') . '</a></td></tr>';
- $sql = "SELECT loccode, locationname FROM locations";
+ $sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$ErrMsg = _('The stock locations could not be retrieved because');
$DbgMsg = _('The SQL used to retrieve stock locations and failed was');
$result = DB_query($sql,$db,$ErrMsg,$DbgMsg);
@@ -884,7 +884,7 @@
}
echo '</select></td></tr>';
- $sql = "SELECT code, description FROM workcentres";
+ $sql = "SELECT code, description FROM workcentres INNER JOIN locationusers ON locationusers.loccode=workcentres.location AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$result = DB_query($sql,$db);
if (DB_num_rows($result)==0){
Modified: trunk/Credit_Invoice.php
===================================================================
--- trunk/Credit_Invoice.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/Credit_Invoice.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -71,6 +71,7 @@
AND stockmoves.type=debtortrans.type
INNER JOIN locations ON
stockmoves.loccode = locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE debtortrans.transno = '" . intval($_GET['InvoiceNumber']) . "'
AND stockmoves.type=10";
@@ -1520,7 +1521,7 @@
<td>' . _('Goods returned to location') . '</td>
<td><select tabindex="'.$j.'" name="Location">';
- $SQL="SELECT loccode, locationname FROM locations";
+ $SQL="SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$Result = DB_query($SQL,$db);
if (!isset($_POST['Location'])){
Modified: trunk/CustomerBranches.php
===================================================================
--- trunk/CustomerBranches.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/CustomerBranches.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -799,7 +799,7 @@
</tr>';
DB_data_seek($result,0);
- $SQL = "SELECT loccode, locationname FROM locations";
+ $SQL = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$result = DB_query($SQL,$db);
if (DB_num_rows($result)==0){
Modified: trunk/CustomerPurchases.php
===================================================================
--- trunk/CustomerPurchases.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/CustomerPurchases.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -47,7 +47,8 @@
INNER JOIN systypes
ON stockmoves.type=systypes.typeid
INNER JOIN locations
- ON stockmoves.loccode=locations.loccode";
+ ON stockmoves.loccode=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$SQLWhere=" WHERE stockmoves.debtorno='" . $DebtorNo . "'";
Modified: trunk/DeliveryDetails.php
===================================================================
--- trunk/DeliveryDetails.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/DeliveryDetails.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -1008,8 +1008,8 @@
$ErrMsg = _('The stock locations could not be retrieved');
$DbgMsg = _('SQL used to retrieve the stock locations was') . ':';
-$StkLocsResult = DB_query("SELECT locationname,loccode
- FROM locations",$db, $ErrMsg, $DbgMsg);
+$StkLocsResult = DB_query("SELECT locationname,locations.loccode
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1",$db, $ErrMsg, $DbgMsg);
while ($myrow=DB_fetch_array($StkLocsResult)){
if ($_SESSION['Items'.$identifier]->Location==$myrow['loccode']){
Modified: trunk/EmailConfirmation.php
===================================================================
--- trunk/EmailConfirmation.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/EmailConfirmation.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -66,7 +66,8 @@
salesorders.datepackingslipprinted,
locations.locationname,
salesorders.deliverydate
- FROM salesorders,
+ FROM salesorders
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1,
debtorsmaster,
shippers,
locations
Modified: trunk/FreightCosts.php
===================================================================
--- trunk/FreightCosts.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/FreightCosts.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -46,9 +46,9 @@
<td>' . _('Select the warehouse') . ' (' . _('ship from location') . ')</td>
<td><select name="LocationFrom">';
- $sql = "SELECT loccode,
+ $sql = "SELECT locations.loccode,
locationname
- FROM locations";
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$LocationResults = DB_query($sql,$db);
while ($myrow = DB_fetch_array($LocationResults)){
Modified: trunk/InternalStockRequest.php
===================================================================
--- trunk/InternalStockRequest.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InternalStockRequest.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -215,9 +215,10 @@
</tr>
<tr>
<td>' . _('Location from which to request stock') . ':</td>';
-$sql="SELECT loccode,
+$sql="SELECT locations.loccode,
locationname
FROM locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE internalrequest = 1
ORDER BY locationname";
Modified: trunk/InternalStockRequestAuthorisation.php
===================================================================
--- trunk/InternalStockRequestAuthorisation.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InternalStockRequestAuthorisation.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -52,6 +52,7 @@
ON stockrequest.departmentid=departments.departmentid
INNER JOIN locations
ON stockrequest.loccode=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
INNER JOIN www_users
ON www_users.userid=departments.authoriser
WHERE stockrequest.authorised=0
Modified: trunk/InternalStockRequestFulfill.php
===================================================================
--- trunk/InternalStockRequestFulfill.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InternalStockRequestFulfill.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -217,8 +217,9 @@
<tr>
<td>' . _('Choose a location to issue requests from') . '</td>
<td><select name="Location">';
- $sql = "SELECT loccode, locationname
+ $sql = "SELECT locations.loccode, locationname
FROM locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE internalrequest = 1
ORDER BY locationname";
$resultStkLocs = DB_query($sql,$db);
Modified: trunk/InventoryPlanning.php
===================================================================
--- trunk/InventoryPlanning.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InventoryPlanning.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -59,7 +59,8 @@
stockcategory.categorydescription,
locstock.stockid,
SUM(locstock.quantity) AS qoh
- FROM locstock,
+ FROM locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1,
stockmaster,
stockcategory
WHERE locstock.stockid=stockmaster.stockid
@@ -81,7 +82,8 @@
stockmaster.description,
stockcategory.categorydescription,
locstock.quantity AS qoh
- FROM locstock,
+ FROM locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1,
stockmaster,
stockcategory
WHERE locstock.stockid=stockmaster.stockid
@@ -153,6 +155,7 @@
SUM(CASE WHEN prd='" . $Period_4 . "' THEN -qty ELSE 0 END) AS prd4,
SUM(CASE WHEN prd='" . $Period_5 . "' THEN -qty ELSE 0 END) AS prd5
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockid='" . $InventoryPlan['stockid'] . "'
AND (type=10 OR type=11)
AND stockmoves.hidemovt=0";
@@ -164,6 +167,7 @@
SUM(CASE WHEN prd='" . $Period_4 . "' THEN -qty ELSE 0 END) AS prd4,
SUM(CASE WHEN prd='" . $Period_5 . "' THEN -qty ELSE 0 END) AS prd5
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockid='" . $InventoryPlan['stockid'] . "'
AND stockmoves.loccode ='" . $_POST['Location'] . "'
AND (stockmoves.type=10 OR stockmoves.type=11)
@@ -191,6 +195,7 @@
$SQL = "SELECT SUM(salesorderdetails.quantity - salesorderdetails.qtyinvoiced) AS qtydemand
FROM salesorderdetails INNER JOIN salesorders
ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.stkcode = '" . $InventoryPlan['stockid'] . "'
AND salesorderdetails.completed = 0
AND salesorders.quotation=0";
@@ -198,6 +203,7 @@
$SQL = "SELECT SUM(salesorderdetails.quantity - salesorderdetails.qtyinvoiced) AS qtydemand
FROM salesorderdetails INNER JOIN salesorders
ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND salesorderdetails.stkcode = '" . $InventoryPlan['stockid'] . "'
AND salesorderdetails.completed = 0
@@ -229,6 +235,7 @@
ON stockmaster.stockid=bom.parent
INNER JOIN salesorders
ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.quantity-salesorderdetails.qtyinvoiced > 0
AND bom.component='" . $InventoryPlan['stockid'] . "'
AND stockmaster.mbflag='A'
@@ -242,6 +249,7 @@
ON stockmaster.stockid=bom.parent
INNER JOIN salesorders
ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.quantity-salesorderdetails.qtyinvoiced > 0
AND salesorderdetails.quantity-salesorderdetails.qtyinvoiced > 0
AND bom.component='" . $InventoryPlan['stockid'] . "'
@@ -270,6 +278,7 @@
$SQL = "SELECT SUM(purchorderdetails.quantityord - purchorderdetails.quantityrecd) as qtyonorder
FROM purchorderdetails INNER JOIN purchorders
ON purchorderdetails.orderno = purchorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE purchorderdetails.itemcode = '" . $InventoryPlan['stockid'] . "'
AND purchorderdetails.completed = 0
AND purchorders.status <> 'Cancelled'
@@ -280,6 +289,7 @@
$SQL = "SELECT SUM(purchorderdetails.quantityord - purchorderdetails.quantityrecd) as qtyonorder
FROM purchorderdetails INNER JOIN purchorders
ON purchorderdetails.orderno = purchorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE purchorderdetails.itemcode = '" . $InventoryPlan['stockid'] . "'
AND purchorderdetails.completed = 0
AND purchorders.intostocklocation= '" . $_POST['Location'] . "'
@@ -414,7 +424,7 @@
<td>' . _('For Inventory in Location') . ':</td>
<td><select name="Location">';
- $sql = "SELECT loccode, locationname FROM locations";
+ $sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$LocnResult=DB_query($sql,$db);
echo '<option value="All">' . _('All Locations') . '</option>';
Modified: trunk/InventoryPlanningPrefSupplier.php
===================================================================
--- trunk/InventoryPlanningPrefSupplier.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InventoryPlanningPrefSupplier.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -152,7 +152,8 @@
suppliers.suppname,
purchdata.leadtime/30 AS monthsleadtime,
SUM(locstock.quantity) AS qoh
- FROM locstock,
+ FROM locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1,
stockmaster,
purchdata,
suppliers
@@ -179,7 +180,8 @@
locstock.stockid,
purchdata.leadtime/30 AS monthsleadtime,
locstock.quantity AS qoh
- FROM locstock,
+ FROM locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1,
stockmaster,
purchdata,
suppliers
@@ -246,6 +248,7 @@
SUM(CASE WHEN prd='" . $Period_3 . "' THEN -qty ELSE 0 END) AS prd3,
SUM(CASE WHEN prd='" . $Period_4 . "' THEN -qty ELSE 0 END) AS prd4
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockid='" . $InventoryPlan['stockid'] . "'
AND (type=10 OR type=11)
AND stockmoves.hidemovt=0";
@@ -257,6 +260,7 @@
SUM(CASE WHEN prd='" . $Period_3 . "' THEN -qty ELSE 0 END) AS prd3,
SUM(CASE WHEN prd='" . $Period_4 . "' THEN -qty ELSE 0 END) AS prd4
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockid='" . $InventoryPlan['stockid'] . "'
AND stockmoves.loccode ='" . $_POST['Location'] . "'
AND (stockmoves.type=10 OR stockmoves.type=11)
@@ -283,6 +287,7 @@
$SQL = "SELECT SUM(salesorderdetails.quantity - salesorderdetails.qtyinvoiced) AS qtydemand
FROM salesorderdetails INNER JOIN salesorders
ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.stkcode = '" . $InventoryPlan['stockid'] . "'
AND salesorderdetails.completed = 0
AND salesorders.quotation=0";
@@ -290,6 +295,7 @@
$SQL = "SELECT SUM(salesorderdetails.quantity - salesorderdetails.qtyinvoiced) AS qtydemand
FROM salesorderdetails INNER JOIN salesorders
ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND salesorderdetails.stkcode = '" . $InventoryPlan['stockid'] . "'
AND salesorderdetails.completed = 0
@@ -321,6 +327,7 @@
ON stockmaster.stockid=bom.parent
INNER JOIN salesorders
ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.quantity-salesorderdetails.qtyinvoiced > 0
AND bom.component='" . $InventoryPlan['stockid'] . "'
AND stockmaster.mbflag='A'
@@ -334,6 +341,7 @@
ON stockmaster.stockid=bom.parent
INNER JOIN salesorders
ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorderdetails.quantity-salesorderdetails.qtyinvoiced > 0
AND bom.component='" . $InventoryPlan['stockid'] . "'
AND salesorders.fromstkloc ='" . $_POST['Location'] . "'
@@ -361,6 +369,7 @@
FROM purchorderdetails
LEFT JOIN purchorders
ON purchorderdetails.orderno = purchorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
LEFT JOIN purchdata
ON purchorders.supplierno=purchdata.supplierno
AND purchorderdetails.itemcode=purchdata.stockid
@@ -375,6 +384,7 @@
FROM purchorderdetails
LEFT JOIN purchorders
ON purchorderdetails.orderno = purchorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
LEFT JOIN purchdata
ON purchorders.supplierno=purchdata.supplierno
AND purchorderdetails.itemcode=purchdata.stockid
@@ -475,7 +485,8 @@
echo '<tr><td>' . _('For Inventory in Location') . ':</td>
<td><select name="Location">';
- $sql = "SELECT loccode, locationname FROM locations";
+ $sql = "SELECT locations.loccode, locationname FROM locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$LocnResult=DB_query($sql,$db);
echo '<option value="All">' . _('All Locations') . '</option>';
Modified: trunk/InventoryValuation.php
===================================================================
--- trunk/InventoryValuation.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/InventoryValuation.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -23,6 +23,7 @@
FROM stockmaster,
stockcategory,
locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.stockid=locstock.stockid
AND stockmaster.categoryid=stockcategory.categoryid
GROUP BY stockmaster.categoryid,
@@ -53,6 +54,7 @@
FROM stockmaster,
stockcategory,
locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.stockid=locstock.stockid
AND stockmaster.categoryid=stockcategory.categoryid
AND locstock.quantity!=0
@@ -265,9 +267,10 @@
<td>' . _('For Inventory in Location') . ':</td>
<td><select name="Location">';
- $sql = "SELECT loccode,
+ $sql = "SELECT locations.loccode,
locationname
- FROM locations";
+ FROM locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$LocnResult=DB_query($sql,$db);
Modified: trunk/MRPCreateDemands.php
===================================================================
--- trunk/MRPCreateDemands.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/MRPCreateDemands.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -61,6 +61,7 @@
SUM(salesorderdetails.quantity * salesorderdetails.unitprice ) AS totextqty
FROM salesorders INNER JOIN salesorderdetails
ON salesorders.orderno = salesorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
INNER JOIN stockmaster
ON salesorderdetails.stkcode = stockmaster.stockid
WHERE orddate >='" . FormatDateForSQL($_POST['FromDate']) ."'
@@ -224,9 +225,9 @@
<td><select name="Location">';
echo '<option selected="selected" value="All">' . _('All Locations') . '</option>';
-$result= DB_query("SELECT loccode,
+$result= DB_query("SELECT locations.loccode,
locationname
- FROM locations",$db);
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1",$db);
while ($myrow=DB_fetch_array($result)){
echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
Modified: trunk/NoSalesItems.php
===================================================================
--- trunk/NoSalesItems.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/NoSalesItems.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -20,8 +20,10 @@
<td>:</td>
<td><select name="Location[]" multiple="multiple">
<option value="All" selected="selected">' . _('All') . '</option>';;
- $sql = "SELECT loccode,locationname
- FROM locations ORDER BY locationname";
+ $sql = "SELECT locations.loccode,locationname
+ FROM locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
+ ORDER BY locationname";
$locationresult = DB_query($sql, $db);
$i=0;
while ($myrow = DB_fetch_array($locationresult)) {
@@ -104,23 +106,27 @@
stockmaster.description,
stockmaster.units
FROM stockmaster,locstock
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.stockid = locstock.stockid ".
$WhereStockCat . "
AND (locstock.quantity > 0)
AND NOT EXISTS (
SELECT *
FROM salesorderdetails, salesorders
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.stockid = salesorderdetails.stkcode
AND (salesorderdetails.orderno = salesorders.orderno)
AND salesorderdetails.actualdispatchdate > '" . $FromDate . "')
AND NOT EXISTS (
SELECT *
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmoves.stockid = stockmaster.stockid
AND stockmoves.trandate >= '" . $FromDate . "')
AND EXISTS (
SELECT *
FROM stockmoves
+ INNER JOIN locationusers ON locationusers.loccode=stockmoves.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmoves.stockid = stockmaster.stockid
AND stockmoves.trandate < '" . $FromDate . "'
AND stockmoves.qty >0)
@@ -148,6 +154,7 @@
locstock.quantity,
locations.locationname
FROM stockmaster,locstock,locations
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.stockid = locstock.stockid
AND (locstock.loccode = locations.loccode)".
$WhereLocation .
@@ -205,7 +212,9 @@
}
$QOHResult = DB_query("SELECT sum(quantity)
FROM locstock
- WHERE stockid = '" . $myrow['stockid'] . "'", $db);
+ INNER JOIN locationusers ON locationusers.loccode=locstock.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
+ WHERE stockid = '" . $myrow['stockid'] . "'" .
+ $WhereLocation , $db);
$QOHRow = DB_fetch_row($QOHResult);
$QOH = $QOHRow[0];
Modified: trunk/PDFDIFOT.php
===================================================================
--- trunk/PDFDIFOT.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFDIFOT.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -67,7 +67,7 @@
<td><select name="Location">
<option selected="selected" value="All">' . _('All Locations') . '</option>';
- $result= DB_query("SELECT loccode, locationname FROM locations",$db);
+ $result= DB_query("SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1",$db);
while ($myrow=DB_fetch_array($result)){
echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
@@ -111,9 +111,10 @@
FROM salesorderdetails INNER JOIN stockmaster
ON salesorderdetails.stkcode=stockmaster.stockid
INNER JOIN salesorders ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.deliverydate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.deliverydate <='" . FormatDateForSQL($_POST['ToDate']) . "'
- AND (TO_DAYS(salesorderdetails.actualdispatchdate) - TO_DAYS(salesorders.deliverydate)) <'" . filter_number_format($_POST['DaysAcceptable']) ."'";
+ AND (TO_DAYS(salesorderdetails.actualdispatchdate) - TO_DAYS(salesorders.deliverydate)) >='" . filter_number_format($_POST['DaysAcceptable']) . "'";
} elseif ($_POST['CategoryID']!='All' AND $_POST['Location']=='All') {
$sql= "SELECT salesorders.orderno,
@@ -129,11 +130,12 @@
FROM salesorderdetails INNER JOIN stockmaster
ON salesorderdetails.stkcode=stockmaster.stockid
INNER JOIN salesorders ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.deliverydate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.deliverydate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND stockmaster.categoryid='" . $_POST['CategoryID'] ."'
AND (TO_DAYS(salesorderdetails.actualdispatchdate)
- - TO_DAYS(salesorders.deliverydate)) <'" . filter_number_format($_POST['DaysAcceptable'])."'";
+ - TO_DAYS(salesorders.deliverydate)) >='" . filter_number_format($_POST['DaysAcceptable']) . "'";
} elseif ($_POST['CategoryID']=='All' AND $_POST['Location']!='All') {
@@ -150,11 +152,12 @@
FROM salesorderdetails INNER JOIN stockmaster
ON salesorderdetails.stkcode=stockmaster.stockid
INNER JOIN salesorders ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.deliverydate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.deliverydate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND salesorders.fromstkloc='" . $_POST['Location'] . "'
AND (TO_DAYS(salesorderdetails.actualdispatchdate)
- - TO_DAYS(salesorders.deliverydate)) <'" . filter_number_format($_POST['DaysAcceptable']) . "'";
+ - TO_DAYS(salesorders.deliverydate)) >='" . filter_number_format($_POST['DaysAcceptable']) . "'";
} elseif ($_POST['CategoryID']!='All' AND $_POST['Location']!='All'){
@@ -171,6 +174,7 @@
FROM salesorderdetails INNER JOIN stockmaster
ON salesorderdetails.stkcode=stockmaster.stockid
INNER JOIN salesorders ON salesorderdetails.orderno=salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.deliverydate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.deliverydate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND stockmaster.categoryid='" . $_POST['CategoryID'] ."'
@@ -248,7 +252,9 @@
if ($_POST['CategoryID']=='All' AND $_POST['Location']=='All'){
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
- ON salesorderdetails.orderno=debtortrans.order_
+ ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN salesorders
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='" . FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'";
@@ -256,7 +262,9 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN stockmaster
- ON salesorderdetails.stkcode=stockmaster.stockid
+ ON salesorderdetails.stkcode=stockmaster.stockid INNER JOIN salesorders
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='" . FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND stockmaster.categoryid='" . $_POST['CategoryID'] . "'";
@@ -266,7 +274,8 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN salesorders
- ON salesorderdetails.orderno = salesorders.orderno
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='". FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND salesorders.fromstkloc='" . $_POST['Location'] . "'";
@@ -276,6 +285,7 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans ON salesorderdetails.orderno=debtortrans.order_
INNER JOIN salesorders ON salesorderdetails.orderno = salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN stockmaster ON salesorderdetails.stkcode = stockmaster.stockid
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND categoryid='" . $_POST['CategoryID'] . "'
Modified: trunk/PDFDeliveryDifferences.php
===================================================================
--- trunk/PDFDeliveryDifferences.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFDeliveryDifferences.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -63,7 +63,7 @@
<td><select name="Location">
<option selected="selected" value="All">' . _('All Locations') . '</option>';
- $result= DB_query("SELECT loccode, locationname FROM locations",$db);
+ $result= DB_query("SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1",$db);
while ($myrow=DB_fetch_array($result)){
echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
@@ -105,6 +105,8 @@
orderdeliverydifferenceslog.branch
FROM orderdeliverydifferenceslog INNER JOIN stockmaster
ON orderdeliverydifferenceslog.stockid=stockmaster.stockid
+ INNER JOIN salesorders ON orderdeliverydifferenceslog.orderno = salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN debtortrans ON orderdeliverydifferenceslog.invoiceno=debtortrans.transno
AND debtortrans.type=10
AND trandate >='" . FormatDateForSQL($_POST['FromDate']) . "'
@@ -122,6 +124,8 @@
orderdeliverydifferenceslog.branch
FROM orderdeliverydifferenceslog INNER JOIN stockmaster
ON orderdeliverydifferenceslog.stockid=stockmaster.stockid
+ INNER JOIN salesorders ON orderdeliverydifferenceslog.orderno = salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN debtortrans ON orderdeliverydifferenceslog.invoiceno=debtortrans.transno
AND debtortrans.type=10
AND trandate >='" . FormatDateForSQL($_POST['FromDate']) . "'
@@ -144,6 +148,8 @@
ON orderdeliverydifferenceslog.invoiceno=debtortrans.transno
INNER JOIN salesorders
ON orderdeliverydifferenceslog.orderno=salesorders.orderno
+ INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.type=10
AND salesorders.fromstkloc='". $_POST['Location'] . "'
AND trandate >='" . FormatDateForSQL($_POST['FromDate']) . "'
@@ -167,6 +173,8 @@
AND debtortrans.type=10
INNER JOIN salesorders
ON orderdeliverydifferenceslog.orderno = salesorders.orderno
+ INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.fromstkloc='" . $_POST['Location'] . "'
AND categoryid='" . $_POST['CategoryID'] . "'
AND trandate >='" . FormatDateForSQL($_POST['FromDate']) . "'
@@ -239,7 +247,9 @@
if ($_POST['CategoryID']=='All' AND $_POST['Location']=='All'){
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
- ON salesorderdetails.orderno=debtortrans.order_
+ ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN salesorders
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='" . FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'";
@@ -247,7 +257,9 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN stockmaster
- ON salesorderdetails.stkcode=stockmaster.stockid
+ ON salesorderdetails.stkcode=stockmaster.stockid INNER JOIN salesorders
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='" . FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND stockmaster.categoryid='" . $_POST['CategoryID'] . "'";
@@ -257,7 +269,8 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans
ON salesorderdetails.orderno=debtortrans.order_ INNER JOIN salesorders
- ON salesorderdetails.orderno = salesorders.orderno
+ ON salesorderdetails.orderno = salesorders.orderno INNER JOIN locationusers
+ ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtortrans.trandate>='". FormatDateForSQL($_POST['FromDate']) . "'
AND debtortrans.trandate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND salesorders.fromstkloc='" . $_POST['Location'] . "'";
@@ -267,6 +280,7 @@
$sql = "SELECT COUNT(salesorderdetails.orderno)
FROM salesorderdetails INNER JOIN debtortrans ON salesorderdetails.orderno=debtortrans.order_
INNER JOIN salesorders ON salesorderdetails.orderno = salesorders.orderno
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN stockmaster ON salesorderdetails.stkcode = stockmaster.stockid
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND categoryid='" . $_POST['CategoryID'] . "'
Modified: trunk/PDFOrderStatus.php
===================================================================
--- trunk/PDFOrderStatus.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFOrderStatus.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -62,7 +62,7 @@
<td><select name="Location">
<option selected="selected" value="All">' . _('All Locations') . '</option>';
- $result= DB_query("SELECT loccode, locationname FROM locations",$db);
+ $result= DB_query("SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1",$db);
while ($myrow=DB_fetch_array($result)){
echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
@@ -127,6 +127,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'
AND salesorders.quotation=0";
@@ -162,6 +163,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.categoryid ='" . $_POST['CategoryID'] . "'
AND orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'
@@ -199,6 +201,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND salesorders.orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND salesorders.orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'
@@ -237,6 +240,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.categoryid ='" . $_POST['CategoryID'] . "'
AND salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND salesorders.orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
Modified: trunk/PDFOrdersInvoiced.php
===================================================================
--- trunk/PDFOrdersInvoiced.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFOrdersInvoiced.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -65,7 +65,7 @@
<td><select required="required" name="Location">
<option selected="selected" value="All">' . _('All Locations') . '</option>';
- $result= DB_query("SELECT loccode, locationname FROM locations",$db);
+ $result= DB_query("SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1",$db);
while ($myrow=DB_fetch_array($result)){
echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
}
@@ -120,6 +120,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'";
@@ -154,6 +155,7 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.categoryid ='" . $_POST['CategoryID'] . "'
AND orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'";
@@ -188,12 +190,12 @@
AND custbranch.branchcode=salesorders.branchcode
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
AND orddate <='" . FormatDateForSQL($_POST['ToDate']) . "'";
} elseif ($_POST['CategoryID']!='All' AND $_POST['location']!='All'){
-
$sql= "SELECT salesorders.orderno,
salesorders.debtorno,
salesorders.branchcode,
@@ -209,8 +211,6 @@
locations.locationname,
SUM(salesorderdetails.quantity) AS totqty,
SUM(salesorderdetails.qtyinvoiced) AS totqtyinvoiced
- INNER JOIN locations
- ON salesorders.fromstkloc=locations.loccode
FROM salesorders
INNER JOIN salesorderdetails
ON salesorders.orderno = salesorderdetails.orderno
@@ -221,6 +221,9 @@
INNER JOIN custbranch
ON custbranch.debtorno=salesorders.debtorno
AND custbranch.branchcode=salesorders.branchcode
+ INNER JOIN locations
+ ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE stockmaster.categoryid ='" . $_POST['CategoryID'] . "'
AND salesorders.fromstkloc ='" . $_POST['Location'] . "'
AND orddate >='" . FormatDateForSQL($_POST['FromDate']) . "'
Modified: trunk/PDFPeriodStockTransListing.php
===================================================================
--- trunk/PDFPeriodStockTransListing.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFPeriodStockTransListing.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -49,7 +49,7 @@
</select></td>
</tr>';
- $sql = "SELECT loccode, locationname FROM locations";
+ $sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$resultStkLocs = DB_query($sql, $db);
echo '<tr>
@@ -105,6 +105,7 @@
ON stockmoves.stockid=stockmaster.stockid
LEFT JOIN locations
ON stockmoves.loccode=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE type='" . $_POST['TransType'] . "'
AND date_format(trandate, '%Y-%m-%d')>='".FormatDateForSQL($_POST['FromDate'])."'
AND date_format(trandate, '%Y-%m-%d')<='".FormatDateForSQL($_POST['ToDate'])."'";
@@ -124,6 +125,7 @@
ON stockmoves.stockid=stockmaster.stockid
LEFT JOIN locations
ON stockmoves.loccode=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE type='" . $_POST['TransType'] . "'
AND date_format(trandate, '%Y-%m-%d')>='".FormatDateForSQL($_POST['FromDate'])."'
AND date_format(trandate, '%Y-%m-%d')<='".FormatDateForSQL($_POST['ToDate'])."'
Modified: trunk/PDFStockTransfer.php
===================================================================
--- trunk/PDFStockTransfer.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PDFStockTransfer.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -81,6 +81,7 @@
ON stockmoves.stockid=stockmaster.stockid
INNER JOIN locations
ON stockmoves.loccode=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE transno='".$_GET['TransferNo']."'
AND qty < 0
AND type=16";
Modified: trunk/PO_Header.php
===================================================================
--- trunk/PO_Header.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PO_Header.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -889,9 +889,9 @@
<td>' . _('Warehouse') . ':</td>
<td><select required="required" name="StkLocation" onchange="ReloadForm(form1.LookupDeliveryAddress)">';
- $sql = "SELECT loccode,
+ $sql = "SELECT locations.loccode,
locationname
- FROM locations";
+ FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$LocnResult = DB_query($sql, $db);
while ($LocnRow = DB_fetch_array($LocnResult)) {
@@ -1160,7 +1160,7 @@
echo ':</h3></th>
</tr>
<tr>
- <td colspan="4"><textarea name="Comments" style="width:100%" rows="5" cols="200">' . $_POST['Comments'] . '</textarea></td>
+ <td colspan="4"><textarea name="Comments" style="width:100%" rows="5" cols="200">' . stripcslashes($_POST['Comments']) . '</textarea></td>
</tr>
</table>
<br />';
Modified: trunk/PO_OrderDetails.php
===================================================================
--- trunk/PO_OrderDetails.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PO_OrderDetails.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -49,6 +49,7 @@
locations.locationname,
currencies.decimalplaces AS currdecimalplaces
FROM purchorders
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
INNER JOIN locations
ON locations.loccode=purchorders.intostocklocation
INNER JOIN suppliers
@@ -71,7 +72,7 @@
echo '<table class="table_index">
<tr>
<td class="menu_group_item">
- <li><a href="'. $RootPath . '/PO_SelectPurchOrder.php">' . _('Outstanding Sales Orders') . '</a></li>
+ <li><a href="'. $RootPath . '/PO_SelectPurchOrder.php">' . _('Outstanding Purchase Orders') . '</a></li>
</td>
</tr>
</table>';
@@ -86,7 +87,7 @@
/* SHOW ALL THE ORDER INFO IN ONE PLACE */
echo '<p class="page_title_text"><img src="'.$RootPath.'/css/'.$Theme.'/images/supplier.png" title="' .
_('Purchase Order') . '" alt="" />' . ' ' . $Title . '</p>';
-echo '<a href="' . $RootPath . '/PO_SelectPurchOrder.php">' . _('Outstanding Sales Orders') . '</a>';
+echo '<a href="' . $RootPath . '/PO_SelectPurchOrder.php">' . _('Outstanding Purchase Orders') . '</a>';
echo '<table class="selection" cellpadding="2">
<tr>
<th colspan="8"><b>' . _('Order Header Details'). '</b></th>
Modified: trunk/PO_SelectOSPurchOrder.php
===================================================================
--- trunk/PO_SelectOSPurchOrder.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PO_SelectOSPurchOrder.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -77,6 +77,8 @@
ON stockmaster.stockid = locstock.stockid
INNER JOIN purchorderdetails
ON stockmaster.stockid=purchorderdetails.itemcode
+ INNER JOIN purchorders on purchorders.orderno=purchorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE purchorderdetails.completed=0
AND stockmaster.description " . LIKE . " '" . $SearchString . "'
AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
@@ -97,6 +99,8 @@
ON stockmaster.stockid = locstock.stockid
INNER JOIN purchorderdetails
ON stockmaster.stockid=purchorderdetails.itemcode
+ INNER JOIN purchorders on purchorders.orderno=purchorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE purchorderdetails.completed=0
AND stockmaster.stockid " . LIKE . " '%" . $_POST['StockCode'] . "%'
AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
@@ -115,6 +119,8 @@
ON stockmaster.stockid = locstock.stockid
INNER JOIN purchorderdetails
ON stockmaster.stockid=purchorderdetails.itemcode
+ INNER JOIN purchorders on purchorders.orderno=purchorderdetails.orderno
+ INNER JOIN locationusers ON locationusers.loccode=purchorders.intostocklocation AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE purchorderdetails.completed=0
AND stockmaster.categoryid='" . $_POST['StockCat'] . "'
GROUP BY stockmaster.stockid,
Modified: trunk/PO_SelectPurchOrder.php
===================================================================
--- trunk/PO_SelectPurchOrder.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PO_SelectPurchOrder.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -116,7 +116,7 @@
echo _('For the part') . ':<b>' . $SelectedStockItem . '</b> ' . _('and') . ' <input type="hidden" name="SelectedStockItem" value="' . $SelectedStockItem . '" />';
}
echo _('Order Number') . ': <input class="integer" name="OrderNumber" autofocus="autofocus" maxlength="8" size="9" /> ' . _('Into Stock Location') . ':<select name="StockLocation"> ';
- $sql = "SELECT loccode, locationname FROM locations";
+ $sql = "SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
$resultStkLocs = DB_query($sql, $db);
while ($myrow = DB_fetch_array($resultStkLocs)) {
if (isset($_POST['StockLocation'])) {
Modified: trunk/PrintCustOrder.php
===================================================================
--- trunk/PrintCustOrder.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/PrintCustOrder.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -67,6 +67,7 @@
ON salesorders.shipvia=shippers.shipper_id
INNER JOIN locations
ON salesorders.fromstkloc=locations.loccode
+ INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE salesorders.orderno='" . $_GET['TransNo'] . "'";
if ($_SESSION['SalesmanLogin'] != '') {
Modified: trunk/SelectContract.php
===================================================================
--- trunk/SelectContract.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/SelectContract.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -86,6 +86,7 @@
requireddate
FROM contracts INNER JOIN debtorsmaster
ON contracts.debtorno = debtorsmaster.debtorno
+ INNER JOIN locationusers ON locationusers.loccode=contracts.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE contractref " . LIKE . " '%" . $_POST['ContractRef'] ."%'";
} else { //contractref not selected
@@ -104,6 +105,7 @@
requireddate
FROM contracts INNER JOIN debtorsmaster
ON contracts.debtorno = debtorsmaster.debtorno
+ INNER JOIN locationusers ON locationusers.loccode=contracts.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1
WHERE debtorno='". $_POST['SelectedCustomer'] ."'";
if ($_POST['Status']!=4){
$SQL .= " AND status='" . $_POST['Status'] . "'";
@@ -121,7 +123,8 @@
customerref,
requireddate
FROM contracts INNER JOIN debtorsmaster
- ON contracts.debtorno = debtorsmaster.debtorno";
+ ON contracts.debtorno = debtorsmaster.debtorno
+ INNER JOIN locationusers ON locationusers.loccode=contracts.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canview=1";
if ($_POST['Status']!=4){
$SQL .= " AND status='" . $_POST['Status'] . "'";
}
Modified: trunk/SelectCreditItems.php
===================================================================
--- trunk/SelectCreditItems.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/SelectCreditItems.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -881,7 +881,7 @@
<td>' . _('Goods Returned to Location') . ' :</td>
<td><select name="Location">';
- $SQL="SELECT loccode, locationname FROM locations";
+ $SQL="SELECT locations.loccode, locationname FROM locations $SQL="SELECT locations.loccode, locationname FROM locations INNER JOIN locationusers ON locationusers.loccode=locations.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1";
$Result = DB_query($SQL,$db);
if (!isset($_POST['Location'])){
Modified: trunk/SelectOrderItems.php
===================================================================
--- trunk/SelectOrderItems.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/SelectOrderItems.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -133,6 +133,7 @@
ON locations.loccode=salesorders.fromstkloc
INNER JOIN currencies
ON debtorsmaster.currcode=currencies.currabrev
+ INNER JOIN locationusers ON locationusers.loccode=salesorders.fromstkloc AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE salesorders.orderno = '" . $_GET['ModifyOrderNumber'] . "'";
$ErrMsg = _('The order cannot be retrieved because');
Modified: trunk/includes/Contract_Readin.php
===================================================================
--- trunk/includes/Contract_Readin.php 2014-08-13 17:53:49 UTC (rev 6811)
+++ trunk/includes/Contract_Readin.php 2014-08-13 18:14:57 UTC (rev 6812)
@@ -24,6 +24,7 @@
INNER JOIN custbranch
ON debtorsmaster.debtorno=custbranch.debtorno
AND contracts.branchcode=custbranch.branchcode
+ INNER JOIN locationusers ON locationusers.loccode=contracts.loccode AND locationusers.userid='" . $_SESSION['UserID'] . "' AND locationusers.canupd=1
WHERE contractref= '" . $ContractRef . "'";
$ErrMsg = _('The contract cannot be retrieved because');
|
