diff --git a/htdocs/core/class/html.formprojet.class.php b/htdocs/core/class/html.formprojet.class.php
index 7ccb382a4a3103ff1bdd7fb8fb73c238f24d4a40..dcfd11a829db3b0372cfa8c56ab53a9b408ca689 100644
--- a/htdocs/core/class/html.formprojet.class.php
+++ b/htdocs/core/class/html.formprojet.class.php
@@ -483,7 +483,7 @@ class FormProjets
 		if ($linkedtothirdparty) $sql.=", ".MAIN_DB_PREFIX."societe as s";
 		$sql.= " WHERE ".$projectkey." is null";
 		if (! empty($socid) && $linkedtothirdparty) $sql.= " AND t.fk_soc=".$socid;
-		if (! in_array($table_element, array('expensereport_det'))) $sql.= ' AND t.entity='.getEntity('project');
+		if (! in_array($table_element, array('expensereport_det'))) $sql.= ' AND t.entity IN ('.getEntity('project',1).')';
 		if ($linkedtothirdparty) $sql.=" AND s.rowid = t.fk_soc";
 		if ($sqlfilter) $sql.= " AND ".$sqlfilter;
 		$sql.= " ORDER BY ref DESC";
diff --git a/htdocs/projet/card.php b/htdocs/projet/card.php
index 51b3477b2481c9b074aed027e0d18bb7e017bf97..4b929fea43812d04daf01620943ebdc09abf6161 100644
--- a/htdocs/projet/card.php
+++ b/htdocs/projet/card.php
@@ -69,7 +69,7 @@ if ($id > 0 || ! empty($ref))
 // Security check
 $socid=GETPOST('socid');
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $object->id);
+$result = restrictedArea($user, 'projet', $object->id,'projet&project');
 
 // fetch optionals attributes and labels
 $extralabels=$extrafields->fetch_name_optionals_label($object->table_element);
diff --git a/htdocs/projet/list.php b/htdocs/projet/list.php
index 627bb67ff539f8c54097b25022b5a911bd44fef6..f3905d5af5ed5576496a7951175153cc1823f675 100644
--- a/htdocs/projet/list.php
+++ b/htdocs/projet/list.php
@@ -223,7 +223,7 @@ if ($search_user > 0)
 	$sql.=", ".MAIN_DB_PREFIX."element_contact as ecp";
 }
 
-$sql.= " WHERE p.entity IN (".getEntity('project').')';
+$sql.= " WHERE p.entity IN (".getEntity('project',1).')';
 if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";     // public and assigned to, or restricted to company for external users
 // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
 if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
diff --git a/htdocs/projet/tasks/list.php b/htdocs/projet/tasks/list.php
index d258dbb1e38933ca80962b5e39ab6e1355efcd75..8caf413c8ee8888d79101ff06f6a038e2eb6a554 100644
--- a/htdocs/projet/tasks/list.php
+++ b/htdocs/projet/tasks/list.php
@@ -235,7 +235,7 @@ if ($search_task_user > 0)
     $sql.=", ".MAIN_DB_PREFIX."element_contact as ect";
 }
 $sql.= " WHERE t.fk_projet = p.rowid";
-$sql.= " AND p.entity IN (".getEntity('project').')';
+$sql.= " AND p.entity IN (".getEntity('project',1).')';
 if (! $user->rights->projet->all->lire) $sql.=" p.rowid IN (".join(',',$projectsListId).")";    // public and assigned to projects, or restricted to company for external users
 // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
 if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";