diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index 8621d3ebbe412..c0261e13f4906 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -10,6 +10,7 @@ * Copyright (C) 2023 Gauthier VERDOL * Copyright (C) 2024 Frédéric France * Copyright (C) 2024 MDW + * Copyright (C) 2024 Solution Libre SAS * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1631,12 +1632,12 @@ public function restrictedProjectArea(User $user, $mode = 'read') /** * Return array of projects a user has permission on, is affected to, or all projects * - * @param User $user User object - * @param int $mode 0=All project I have permission on (assigned to me or public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts - * @param int $list 0=Return array, 1=Return string list + * @param User $user User object + * @param int $mode 0=All project I have permission on (assigned to me or public), 1=Projects assigned to me only, 2=Will return list of all projects with no test on contacts + * @param int $list 0=Return array, 1=Return string list * @param int $socid 0=No filter on third party, id of third party * @param string $filter additional filter on project (statut, ref, ...) - * @return array|string Array of projects id, or string with projects id separated with "," if list is 1 + * @return array|string Array of projects id, or string with projects id separated with "," if list is 1 */ public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid = 0, $filter = '') { @@ -1659,11 +1660,19 @@ public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid $sql .= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; } + if ($user->socid > 0) { + $ctc_source = 'external'; + $ec_fk_socpeople = $user->contact_id; + } else { + $ctc_source = 'internal'; + $ec_fk_socpeople = $user->id; + } + // Get id of types of contacts for projects (This list never contains a lot of elements) $listofprojectcontacttype = array(); $sql2 = "SELECT ctc.rowid, ctc.code FROM ".MAIN_DB_PREFIX."c_type_contact as ctc"; $sql2 .= " WHERE ctc.element = '".$this->db->escape($this->element)."'"; - $sql2 .= " AND ctc.source = 'internal'"; + $sql2 .= " AND ctc.source = '".$this->db->escape($ctc_source)."'"; $resql = $this->db->query($sql2); if ($resql) { while ($obj = $this->db->fetch_object($resql)) { @@ -1679,13 +1688,13 @@ public function getProjectsAuthorizedForUser($user, $mode = 0, $list = 0, $socid if ($mode == 0) { $sql .= " AND ( p.public = 1"; $sql .= " OR ( ec.fk_c_type_contact IN (".$this->db->sanitize(implode(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; + $sql .= " AND ec.fk_socpeople = ".((int) $ec_fk_socpeople).")"; $sql .= " )"; } elseif ($mode == 1) { $sql .= " AND ec.element_id = p.rowid"; $sql .= " AND ("; $sql .= " ( ec.fk_c_type_contact IN (".$this->db->sanitize(implode(',', array_keys($listofprojectcontacttype))).")"; - $sql .= " AND ec.fk_socpeople = ".((int) $user->id).")"; + $sql .= " AND ec.fk_socpeople = ".((int) $ec_fk_socpeople).")"; $sql .= " )"; } elseif ($mode == 2) { // No filter. Use this if user has permission to see all project