From cbf1ddaa1701eeefd7ae3652336977dd2c61f6dd Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sun, 1 Dec 2013 16:01:33 +0100
Subject: [PATCH] Fix: [ bug #1079 ] External users can't access projects even
if it is a contact.
---
htdocs/install/mysql/data/llx_c_type_contact.sql | 10 ++++++----
htdocs/install/mysql/migration/3.4.0-3.5.0.sql | 4 ++++
htdocs/install/mysql/tables/llx_c_type_contact.sql | 2 +-
htdocs/projet/class/project.class.php | 4 ++--
htdocs/projet/liste.php | 3 ++-
5 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/htdocs/install/mysql/data/llx_c_type_contact.sql b/htdocs/install/mysql/data/llx_c_type_contact.sql
index 520193b9a5b..4acc8e467c5 100644
--- a/htdocs/install/mysql/data/llx_c_type_contact.sql
+++ b/htdocs/install/mysql/data/llx_c_type_contact.sql
@@ -70,12 +70,14 @@ insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) v
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (143,'order_supplier','external', 'CUSTOMER', 'Contact fournisseur suivi commande', 1);
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (145,'order_supplier','external', 'SHIPPING', 'Contact fournisseur livraison commande', 1);
+-- All project code must start with 'PROJECT'
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (160, 'project', 'internal', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project', 'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project', 'internal', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (170, 'project', 'external', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project', 'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project', 'external', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);
+-- All task code must start with 'TASK'
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (180, 'project_task', 'internal', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task', 'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task', 'internal', 'TASKCONTRIBUTOR', 'Intervenant', 1);
insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (190, 'project_task', 'external', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task', 'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task', 'external', 'TASKCONTRIBUTOR', 'Intervenant', 1);
diff --git a/htdocs/install/mysql/migration/3.4.0-3.5.0.sql b/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
index 92e23ef4a70..7a06eafb16a 100755
--- a/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
+++ b/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
@@ -20,6 +20,10 @@
DELETE FROM llx_menu where module='holiday';
+ALTER TABLE llx_c_type_contact MODIFY COLUMN code varchar(32) NOT NULL;
+UPDATE llx_c_type_contact set code = 'PROJECTCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project';
+UPDATE llx_c_type_contact set code = 'TASKCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project_task';
+
insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,localtax1,localtax1_type,note,active) values (143, 14,'5','0','9.975','1','TPS and TVQ rate',1);
-- Fix bad migration of 3.4 that make this text instead of varchar(50)
diff --git a/htdocs/install/mysql/tables/llx_c_type_contact.sql b/htdocs/install/mysql/tables/llx_c_type_contact.sql
index 47c1c43fe98..27bb90d3475 100644
--- a/htdocs/install/mysql/tables/llx_c_type_contact.sql
+++ b/htdocs/install/mysql/tables/llx_c_type_contact.sql
@@ -31,7 +31,7 @@ create table llx_c_type_contact
rowid integer PRIMARY KEY,
element varchar(30) NOT NULL,
source varchar(8) DEFAULT 'external' NOT NULL,
- code varchar(16) NOT NULL,
+ code varchar(32) NOT NULL,
libelle varchar(64) NOT NULL,
active tinyint DEFAULT 1 NOT NULL,
module varchar(32) NULL
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index fc88d75cb95..cea067d67e5 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -844,7 +844,7 @@ class Project extends CommonObject
$userAccess = 1;
}
else
- {
+ {
foreach (array('internal', 'external') as $source)
{
$userRole = $this->liste_contact(4, $source);
@@ -853,7 +853,7 @@ class Project extends CommonObject
$nblinks = 0;
while ($nblinks < $num)
{
- if ($source == 'internal' && preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
+ if ($source == 'internal' && preg_match('/^PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
{
if ($mode == 'read' && $user->rights->projet->lire) $userAccess++;
if ($mode == 'write' && $user->rights->projet->creer) $userAccess++;
diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
index 23ad699b512..a81a21c6c9b 100644
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@@ -100,10 +100,11 @@ if ($search_societe)
$sql.= $db->order($sortfield,$sortorder);
$sql.= $db->plimit($conf->liste_limit+1, $offset);
-$var=true;
+dol_syslog("list allowed project sql=".$sql);
$resql = $db->query($sql);
if ($resql)
{
+ $var=true;
$num = $db->num_rows($resql);
$i = 0;
--
GitLab