FIX #10789 External users cannot see projects

htdocs/projet/class/project.class.php

@@ -10,6 +10,7 @@
  * Copyright (C) 2023       Gauthier VERDOL         <[email protected]>
  * Copyright (C) 2024		Frédéric France         <[email protected]>
  * Copyright (C) 2024		MDW						<[email protected]>
+ * Copyright (C) 2024		Solution Libre SAS		<[email protected]>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -1631,12 +1632,12 @@ public function restrictedProjectArea(User $user, $mode = 'read')
 	/**
 	 * Return array of projects a user has permission on, is affected to, or all projects
 	 *
-	 * @param 	User	$user			User object
-	 * @param 	int		$mode			0=All project I have permission on (assigned to me or public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts
-	 * @param 	int		$list			0=Return array, 1=Return string list
+	 * @param	User	$user			User object
+	 * @param	int		$mode			0=All project I have permission on (assigned to me or public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts
+	 * @param	int		$list			0=Return array, 1=Return string list
 	 * @param	int		$socid			0=No filter on third party, id of third party
 	 * @param	string	$filter			additional filter on project (statut, ref, ...)
-	 * @return 	array|string			Array of projects id, or string with projects id separated with "," if list is 1
+	 * @return	array|string			Array of projects id, or string with projects id separated with "," if list is 1
 	 */
 	public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid = 0, $filter = '')
 	{
@@ -1659,11 +1660,19 @@ public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid
 			$sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")";
 		}
 
+		if ($user->socid > 0) {
+			$ctc_source = 'external';
+			$ec_fk_socpeople = $user->contact_id;
+		} else {
+			$ctc_source = 'internal';
+			$ec_fk_socpeople = $user->id;
+		}
+
 		// Get id of types of contacts for projects (This list never contains a lot of elements)
 		$listofprojectcontacttype = array();
 		$sql2 = "SELECT ctc.rowid, ctc.code FROM ".MAIN_DB_PREFIX."c_type_contact as ctc";
 		$sql2 .= " WHERE ctc.element = '".$this->db->escape($this->element)."'";
-		$sql2 .= " AND ctc.source = 'internal'";
+		$sql2 .= " AND ctc.source = '".$this->db->escape($ctc_source)."'";
 		$resql = $this->db->query($sql2);
 		if ($resql) {
 			while ($obj = $this->db->fetch_object($resql)) {
@@ -1679,13 +1688,13 @@ public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid
 		if ($mode == 0) {
 			$sql .= " AND ( p.public = 1";
 			$sql .= " OR ( ec.fk_c_type_contact IN (".$this->db->sanitize(implode(',', array_keys($listofprojectcontacttype))).")";
-			$sql .= " AND ec.fk_socpeople = ".((int) $user->id).")";
+			$sql .= " AND ec.fk_socpeople = ".((int) $ec_fk_socpeople).")";
 			$sql .= " )";
 		} elseif ($mode == 1) {
 			$sql .= " AND ec.element_id = p.rowid";
 			$sql .= " AND (";
 			$sql .= "  ( ec.fk_c_type_contact IN (".$this->db->sanitize(implode(',', array_keys($listofprojectcontacttype))).")";
-			$sql .= " AND ec.fk_socpeople = ".((int) $user->id).")";
+			$sql .= " AND ec.fk_socpeople = ".((int) $ec_fk_socpeople).")";
 			$sql .= " )";
 		} elseif ($mode == 2) {
 			// No filter. Use this if user has permission to see all project