From 76e1438fe667627851a5e105eec63309787d0ae8 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 1 Jun 2017 17:29:47 +0200
Subject: [PATCH] FIX REST api to get project when user has permission to read
 all.

---
 htdocs/core/lib/security.lib.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 7870824285a..7aa9e522b71 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -372,7 +372,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 		$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
 		$checksoc = array('societe');	 // Test for societe object
 		$checkother = array('contact');	 // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
-		$checkproject = array('projet'); // Test for project object
+		$checkproject = array('projet','project'); // Test for project object
 		$nocheck = array('barcode','stock','fournisseur');	// No test
 		$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
 
@@ -462,6 +462,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 			}
 			else
 			{
+			    if ($dbtablename == 'project') $dbtablename='projet';
 				$sql = "SELECT dbt.".$dbt_select;
 				$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
 				$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
-- 
GitLab