From b018500fd4b85609714fc03ed38f8a386df18dd1 Mon Sep 17 00:00:00 2001
From: root <root@srv8.atm-consulting.fr>
Date: Thu, 31 Mar 2016 14:37:06 +0200
Subject: [PATCH] FIX multicompany project access

---
 htdocs/projet/class/task.class.php | 4 ++--
 htdocs/projet/contact.php          | 2 +-
 htdocs/projet/document.php         | 2 +-
 htdocs/projet/element.php          | 2 +-
 htdocs/projet/ganttview.php        | 2 +-
 htdocs/projet/note.php             | 2 +-
 htdocs/projet/tasks.php            | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/htdocs/projet/class/task.class.php b/htdocs/projet/class/task.class.php
index ca8ed73e10d..6ffb876bb7c 100644
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -586,7 +586,7 @@ class Task extends CommonObject
                 $sql.= ", ".MAIN_DB_PREFIX."element_contact as ec2";
                 $sql.= ", ".MAIN_DB_PREFIX."c_type_contact as ctc2";
             }
-            $sql.= " WHERE p.entity = ".$conf->entity;
+            $sql.= " WHERE p.entity IN (".getEntity('project',1).")";
             $sql.= " AND t.fk_projet = p.rowid";
         }
         elseif ($mode == 1)
@@ -607,7 +607,7 @@ class Task extends CommonObject
             {
                 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t on t.fk_projet = p.rowid";
             }
-            $sql.= " WHERE p.entity = ".$conf->entity;
+            $sql.= " WHERE p.entity IN (".getEntity('project',1).")";
         }
         else return 'BadValueForParameterMode';
 
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index ebfad425cf8..3ef4f777124 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -47,7 +47,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $id);
+$result = restrictedArea($user, 'projet', $id,'projet&project');
 
 
 /*
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index ce033f0e193..3834a6e7f6a 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -43,7 +43,7 @@ $mine 		= (GETPOST('mode','alpha') == 'mine' ? 1 : 0);
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result=restrictedArea($user,'projet',$id,'');
+$result=restrictedArea($user,'projet',$id,'projet&project');
 
 $object = new Project($db);
 
diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php
index 3839a9b0b06..d10c7f2441f 100644
--- a/htdocs/projet/element.php
+++ b/htdocs/projet/element.php
@@ -92,7 +92,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $projectid);
+$result = restrictedArea($user, 'projet', $projectid, 'projet&project');
 
 
 /*
diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php
index 091059d76e3..822489b643a 100644
--- a/htdocs/projet/ganttview.php
+++ b/htdocs/projet/ganttview.php
@@ -44,7 +44,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $id);
+$result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $langs->load("users");
 $langs->load("projects");
diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php
index 45c4cffd65b..47423491930 100644
--- a/htdocs/projet/note.php
+++ b/htdocs/projet/note.php
@@ -42,7 +42,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $id);
+$result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $permissionnote=$user->rights->projet->creer;	// Used by the include of actions_setnotes.inc.php
 
diff --git a/htdocs/projet/tasks.php b/htdocs/projet/tasks.php
index eb95fd33624..648871be6db 100644
--- a/htdocs/projet/tasks.php
+++ b/htdocs/projet/tasks.php
@@ -61,7 +61,7 @@ $extralabels_task=$extrafields_task->fetch_name_optionals_label($taskstatic->tab
 // Security check
 $socid=0;
 if ($user->societe_id > 0) $socid = $user->societe_id;
-$result = restrictedArea($user, 'projet', $id);
+$result = restrictedArea($user, 'projet', $id,'projet&project');
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
 $hookmanager->initHooks(array('projecttaskcard','globalcard'));
-- 
GitLab