[producer] Correction bug accès restreint des points de vente non pris en compte

producer/controllers/OrderController.php

@@ -42,6 +42,7 @@ use common\models\ProductDistribution ;
 use common\models\User ;
 use common\models\Producer ;
 use common\models\Order ;
+use common\models\UserPointSale ;
 use DateTime;
 
 class OrderController extends ProducerBaseController 
@@ -263,6 +264,15 @@ class OrderController extends ProducerBaseController
             } else {
                 $errorPointSale = true;
             }
+            
+            $userPointSale = UserPointSale::searchOne([
+                'id_user' => User::getCurrentId(),
+                'id_point_sale' => $pointSale->id
+            ]) ;
+            
+            if($pointSale->restricted_access && !$userPointSale) {
+                $errorPointSale = true;
+            }
         }
 
         $errors = [] ;
@@ -506,7 +516,7 @@ class OrderController extends ProducerBaseController
             // distribution
             $distribution = Distribution::initDistribution($date) ;
             $json['distribution'] = $distribution ;
-            
+                
             $pointsSaleArray = PointSale::find()
                 ->joinWith(['pointSaleDistribution' => function($query) use ($distribution) {
                         $query->where(['id_distribution' => $distribution->id]);
@@ -515,9 +525,9 @@ class OrderController extends ProducerBaseController
                 ->with(['userPointSale' => function($query) {
                     $query->onCondition(['id_user' => User::getCurrentId()]) ;
                 }])
-                ->where([
-                    'id_producer' => $distribution->id_producer,
-                ])
+                ->where(['id_producer' => $distribution->id_producer])
+                ->andWhere('restricted_access = 0 OR (restricted_access = 1 AND (SELECT COUNT(*) FROM user_point_sale WHERE point_sale.id = user_point_sale.id_point_sale AND user_point_sale.id_user = :id_user) > 0)')
+                ->params([':id_user' => User::getCurrentId()])
                 ->all();
 
             $creditFunctioningProducer = Producer::getConfig('credit_functioning') ;