Prepare 4.0.4 version

Conflicts:
	htdocs/core/class/html.formprojet.class.php

ChangeLog

@@ -12,6 +12,25 @@ Upgrading to any other version or any other database system is abolutely require
 make a Dolibarr upgrade.
 
 
+***** ChangeLog for 4.0.4 to 4.0.3 *****
+FIX: #6227 Document models table header "Unit" is shown in 2 lines in Spanish
+FIX: #6230
+FIX: #6237
+FIX: #6245 Thirdparty link in supplier invoices list, links to "comm/card" instead of "fourn/card" page
+FIX: #6253 Supplier invoice list filter does not respect "thirdparty" filter
+FIX: #6277
+FIX: project list and ajax completion return wrong list.
+FIX: bug margin calculation by user with multicompany
+FIX: Can make a stock transfert on product not on sale/purchase.
+FIX: extrafield input for varchar was not working with special char within (ie double quotes)
+FIX: javascript error
+FIX: link for not found photo when using gravatar. Must use external url.
+FIX: Protection so even if link is output for external user, links is disabled.
+FIX: repair tool was ko to restore extrafields with type select.
+FIX: Security access problem with external users on projects/tasks
+FIX: We must not drop extrafield column if there is still record on other entities.
+FIX: regression with sedning email when introducing security options to restrict nb of email sending.
+t 
 ***** ChangeLog for 4.0.3 to 4.0.2 *****
 FIX: #5853 $conf->global->$calc==0 || $conf->global->$calc==1
 FIX: #5958 no discount on supplier command made by replenishment

dev/initdemo/initdemo.sh

@@ -162,7 +162,7 @@ export res=$?
 
 
 # ---------------------------- copy demo files
-export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" `
+export documentdir=`cat $mydir/../../htdocs/conf/conf.php | grep '^\$dolibarr_main_data_root' | sed -e 's/$dolibarr_main_data_root=//' | sed -e 's/;//' | sed -e "s/'//g" | sed -e 's/"//g' `
 if [ "x$documentdir" != "x" ]
 then
 	echo cp -pr $mydir/documents_demo/* "$documentdir/"
@@ -174,7 +174,7 @@ then
 	echo cp -pr $mydir/../../doc/images/* "$documentdir/ecm/Images"
 	cp -pr $mydir/../../doc/images/* "$documentdir/ecm/Images"
 else
-	echo Detection of documents directory failed so demo files were not copied. 
+	echo Detection of documents directory $documentdir failed so demo files were not copied. 
 fi
 
 

htdocs/admin/modules.php

@@ -193,7 +193,7 @@ foreach ($modulesdir as $dir)
 		    					    }
 		    					    ksort($arrayofnatures);
 		    					}
-		    					
+
 		    					// Define array $categ with categ with at least one qualified module
 		    					if ($modulequalified > 0)
 		    					{
@@ -315,13 +315,13 @@ if ($mode != 'marketplace')
     print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
     print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
     print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
-    
+
     $moreforfilter = '';
     $moreforfilter.='<div class="divsearchfield">';
     $moreforfilter.= $langs->trans('Keyword') . ': <input type="text" name="search_keyword" value="'.dol_escape_htmltag($search_keyword).'">';
     $moreforfilter.= '</div>';
     $moreforfilter.='<div class="divsearchfield">';
-    $moreforfilter.= $langs->trans('Origin') . ': '.$form->selectarray('search_nature', $arrayofnatures, $search_nature, 1);
+    $moreforfilter.= $langs->trans('Origin') . ': '.$form->selectarray('search_nature', $arrayofnatures, dol_escape_htmltag($search_nature), 1);
     $moreforfilter.= '</div>';
     if (! empty($conf->global->MAIN_FEATURES_LEVEL))
     {
@@ -342,7 +342,7 @@ if ($mode != 'marketplace')
     $moreforfilter.=' ';
     $moreforfilter.='<input type="submit" name="buttonreset" class="button" value="'.dol_escape_htmltag($langs->trans("Reset")).'">';
     $moreforfilter.= '</div>';
-    
+
     if (! empty($moreforfilter))
     {
         //print '<div class="liste_titre liste_titre_bydiv centpercent">';
@@ -351,11 +351,11 @@ if ($mode != 'marketplace')
         $reshook=$hookmanager->executeHooks('printFieldPreListTitle',$parameters);    // Note that $action and $object may have been modified by hook
         print $hookmanager->resPrint;
         //print '</div>';
-    }    
-    
+    }
+
     print '<br><br><br>';
-    
-    
+
+
     // Show list of modules
 
     print '<table summary="list_of_modules" id="list_of_modules" class="liste" width="100%">'."\n";
@@ -370,7 +370,7 @@ if ($mode != 'marketplace')
         $modName = $filename[$key];
     	$objMod  = $modules[$key];
     	$dirofmodule = $dirmod[$key];
-    	 
+
     	$special = $objMod->special;
 
     	//print $objMod->name." - ".$key." - ".$objMod->special.' - '.$objMod->version."<br>";
@@ -383,9 +383,9 @@ if ($mode != 'marketplace')
         	dol_syslog("Error for module ".$key." - Property name of module looks empty", LOG_WARNING);
       		continue;
         }
-        
+
         $const_name = 'MAIN_MODULE_'.strtoupper(preg_replace('/^mod/i','',get_class($objMod)));
-        
+
         // Check filters
         $modulename=$objMod->getName();
         $moduledesc=$objMod->getDesc();
@@ -396,7 +396,7 @@ if ($mode != 'marketplace')
         if ($search_keyword)
         {
             $qualified=0;
-            if (preg_match('/'.preg_quote($search_keyword).'/i', $modulename) 
+            if (preg_match('/'.preg_quote($search_keyword).'/i', $modulename)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesc)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduledesclong)
                 || preg_match('/'.preg_quote($search_keyword).'/i', $moduleauthor)
@@ -415,7 +415,7 @@ if ($mode != 'marketplace')
             {
                 //print $reg[1].'-'.dol_escape_htmltag($objMod->getPublisher());
                 $publisher=dol_escape_htmltag($objMod->getPublisher());
-                if ($reg[1] && $reg[1] != $publisher) continue;
+                if ($reg[1] && dol_escape_htmltag($reg[1]) != $publisher) continue;
                 if (! $reg[1] && ! empty($publisher)) continue;
             }
             if ($search_nature == 'core' && $objMod->isCoreOrExternalModule() == 'external') continue;
@@ -496,7 +496,7 @@ if ($mode != 'marketplace')
         $text='';
         if ($objMod->getDescLong()) $text.=$objMod->getDesc().'<br>'.$objMod->getDescLong().'<br>';
         else $text.=$objMod->getDesc().'<br>';
-        
+
         $textexternal='';
         if ($objMod->isCoreOrExternalModule() == 'external')
         {
@@ -522,7 +522,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddDictionaries").':</strong> ';
         if (isset($objMod->dictionaries) && isset($objMod->dictionaries['tablib']) && is_array($objMod->dictionaries['tablib']) && count($objMod->dictionaries['tablib']))
         {
@@ -534,7 +534,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddBoxes").':</strong> ';
         if (isset($objMod->boxes) && is_array($objMod->boxes) && count($objMod->boxes))
         {
@@ -553,14 +553,14 @@ if ($mode != 'marketplace')
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddSubstitutions").':</strong> ';
         if (isset($objMod->module_parts) && isset($objMod->module_parts['substitutions']) && $objMod->module_parts['substitutions'])
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddSheduledJobs").':</strong> ';
         if (isset($objMod->cronjobs) && is_array($objMod->cronjobs) && count($objMod->cronjobs))
         {
@@ -572,14 +572,14 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddTriggers").':</strong> ';
         if (isset($objMod->module_parts) && isset($objMod->module_parts['triggers']) && $objMod->module_parts['triggers'])
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddHooks").':</strong> ';
         if (isset($objMod->module_parts) && is_array($objMod->module_parts['hooks']) && count($objMod->module_parts['hooks']))
         {
@@ -603,14 +603,14 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddMenus").':</strong> ';
         if (isset($objMod->menu) && is_array($objMod->menu) && ! empty($objMod->menu))
         {
             $text.=$langs->trans("Yes");
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddExportProfiles").':</strong> ';
         if (isset($objMod->export_label) && is_array($objMod->export_label) && count($objMod->export_label))
         {
@@ -622,7 +622,7 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddImportProfiles").':</strong> ';
         if (isset($objMod->import_label) && is_array($objMod->import_label) && count($objMod->import_label))
         {
@@ -634,25 +634,25 @@ if ($mode != 'marketplace')
             }
         }
         else $text.=$langs->trans("No");
-        
+
         $text.='<br><strong>'.$langs->trans("AddOtherPagesOrServices").':</strong> ';
         $text.=$langs->trans("DetectionNotPossible");
-        
+
         print $form->textwithpicto('', $text, 1, 'help', 'minheight20');
 
-        // Picto warning 
+        // Picto warning
         $version=$objMod->getVersion(0);
         $versiontrans=$objMod->getVersion(1);
         if (preg_match('/development/i', $version))  print img_warning($langs->trans("Development"), 'style="float: right"');
         if (preg_match('/experimental/i', $version)) print img_warning($langs->trans("Experimental"), 'style="float: right"');
         if (preg_match('/deprecated/i', $version))   print img_warning($langs->trans("Deprecated"), 'style="float: right"');
-        
+
         // Picto external
         if ($textexternal) print img_picto($langs->trans("ExternalModule",$dirofmodule), 'external', 'style="float: right"');
-        
-        
+
+
         print '</td>';
-        
+
         // Version
         print '<td align="center" valign="top" class="nowrap">';
         print $versiontrans;

htdocs/comm/mailing/card.php

@@ -755,7 +755,7 @@ else
 
 				// MAILING_NO_USING_PHPMAIL may be defined or not.
 				// MAILING_LIMIT_SENDBYWEB is always defined to something != 0 (-1=forbidden).
-				// MAILING_LIMIT_SENDBYCLI may be defined ot not (-1=forbidden, 0=no limit).
+				// MAILING_LIMIT_SENDBYCLI may be defined ot not (-1=forbidden, 0 or undefined=no limit).
 				if (! empty($conf->global->MAILING_NO_USING_PHPMAIL) && $sendingmode == 'mail')
 				{
 					// EMailing feature may be a spam problem, so when you host several users/instance, having this option may force each user to use their own SMTP agent.
@@ -769,8 +769,8 @@ else
 				}
 				else if ($conf->global->MAILING_LIMIT_SENDBYWEB == '-1')
 				{
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_PHPMAIL, null, 'warnings');
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL, null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_PHPMAIL), null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL), null, 'warnings');
 				    
 					// The feature is forbidden from GUI, we show just message to use from command line.
 				    setEventMessages($langs->trans("MailingNeedCommand"), null, 'warnings');
@@ -783,8 +783,8 @@ else
 				}
 				else
 				{
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_PHPMAIL, null, 'warnings');
-				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL, null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_PHPMAIL) && $sendingmode == 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_PHPMAIL), null, 'warnings');
+				    if (! empty($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL) && $sendingmode != 'mail') setEventMessages($langs->transnoentitiesnoconv($conf->global->MAILING_LIMIT_WARNING_NOPHPMAIL), null, 'warnings');
 				    
 				    $text='';
 				    if ($conf->global->MAILING_LIMIT_SENDBYCLI >= 0)

htdocs/commande/class/api_commande.class.php

@@ -193,7 +193,7 @@ class CommandeApi extends DolibarrApi
      * @return  array   Array of order objects
      */
     function getListForSoc($socid = 0) {
-      return getList(0,"s.rowid","ASC",0,0,$socid);
+      return $this->getList(0,"s.rowid","ASC",0,0,$socid);
     }
 
     

htdocs/compta/paiement.php

@@ -391,10 +391,9 @@ if ($action == 'create' || $action == 'confirm_paiement' || $action == 'add_paie
 							var form = $("#payment_form");
 
 							json["invoice_type"] = $("#invoice_type").val();
-							json["amountPayment"] = $("#amountpayment").attr("value");
+            				json["amountPayment"] = $("#amountpayment").attr("value");
 							json["amounts"] = _elemToJson(form.find("input.amount"));
-							json["remains"] = _elemToJson(form.find("input.remain]"));
-
+							json["remains"] = _elemToJson(form.find("input.remain"));
 							if (imgId != null) {
 								json["imgClicked"] = imgId;
 							}

htdocs/contact/class/contact.class.php

@@ -130,6 +130,7 @@ class Contact extends CommonObject
 			$clause = "AND";
 		}
 		$sql.= ' '.$clause.' sp.entity IN ('.getEntity($this->element, 1).')';
+		$sql.= " AND (sp.priv='0' OR (sp.priv='1' AND sp.fk_user_creat=".$user->id."))";
         if ($user->societe_id > 0) $sql.=" AND sp.fk_soc = ".$user->societe_id;
         
 		$resql=$this->db->query($sql);

htdocs/core/class/CMailFile.class.php

@@ -153,7 +153,7 @@ class CMailFile
 		}
 
 		if (! empty($conf->global->MAIN_MAIL_FORCE_CONTENT_TYPE_TO_HTML)) $this->msgishtml=1; // To force to send everything with content type html.
-		    
+
 		// Detect images
 		if ($this->msgishtml)
 		{
@@ -210,7 +210,7 @@ class CMailFile
 			$this->trackid = $trackid;
 			$smtp_headers = $this->write_smtpheaders();
             if (! empty($moreinheader)) $smtp_headers.=$moreinheader;
-            
+
 			// Define mime_headers
 			$mime_headers = $this->write_mimeheaders($filename_list, $mimefilename_list);
 
@@ -270,7 +270,7 @@ class CMailFile
 			$smtps->setFrom($this->getValidAddress($from,0,1));
 			$smtps->setTrackId($trackid);
 			$smtps->setReplyTo($this->getValidAddress($from,0,1));   // Set property with this->smtps->setReplyTo after constructor if you want to use another value than the From
-					
+
 			if (! empty($this->html))
 			{
 				if (!empty($css))
@@ -365,7 +365,9 @@ class CMailFile
         {
             // Use Swift Mailer library
             // ------------------------------------------
-
+            
+            $host = dol_getprefix('email');
+            
             require_once DOL_DOCUMENT_ROOT.'/includes/swiftmailer/lib/swift_required.php';
             // Create the message
             $this->message = Swift_Message::newInstance();
@@ -373,7 +375,7 @@ class CMailFile
             // Adding a trackid header to a message
             $headers = $this->message->getHeaders();
             $headers->addTextHeader('X-Dolibarr-TRACKID', $trackid);
-            $headerID = time() . '.swiftmailer-dolibarr-' . $trackid . '@' . $conf->global->MAIN_MAIL_SMTP_SERVER;
+            $headerID = time() . '.swiftmailer-dolibarr-' . $trackid . '@' . $host;
             $msgid = $headers->get('Message-ID');
             $msgid->setId($headerID);
             $headers->addIdHeader('References', $headerID);
@@ -473,16 +475,16 @@ class CMailFile
                 'maildao'
             ));
             $reshook = $hookmanager->executeHooks('doactions', $parameters, $this, $action); // Note that $action and $object may have been modified by some hooks
-            if (! empty($reshook)) 
+            if (! empty($reshook))
             {
                 $this->error = "Error in hook maildao doactions " . $reshook;
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_ERR);
-                
+
                 return $reshook;
             }
 
             // Check number of recipient is lower or equal than MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL
-            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL=10;
             $tmparray1 = explode(',', $this->addr_to);
             if (count($tmparray1) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_TO_IN_SAME_EMAIL)
             {
@@ -490,6 +492,7 @@ class CMailFile
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL=10;
             $tmparray2 = explode(',', $this->addr_cc);
             if (count($tmparray2) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_CC_IN_SAME_EMAIL)
             {
@@ -497,6 +500,7 @@ class CMailFile
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL=10;
             $tmparray3 = explode(',', $this->addr_bcc);
             if (count($tmparray3) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_BCC_IN_SAME_EMAIL)
             {
@@ -504,14 +508,14 @@ class CMailFile
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
+            if (empty($conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)) $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL=10;
             if ((count($tmparray1)+count($tmparray2)+count($tmparray3)) > $conf->global->MAIL_MAX_NB_OF_RECIPIENTS_IN_SAME_EMAIL)
             {
                 $this->error = 'Too much recipients in to:, cc:, bcc:';
                 dol_syslog("CMailFile::sendfile: mail end error=" . $this->error, LOG_WARNING);
                 return false;
             }
-            
-                
+
 			// Action according to choosed sending method
 			if ($conf->global->MAIN_MAIL_SENDMODE == 'mail')
 			{
@@ -553,7 +557,7 @@ class CMailFile
                         $bounce .= ($bounce?' ':'').'-ba';
                     }
                     dol_syslog("CMailFile::sendfile: mail start HOST=".ini_get('SMTP').", PORT=".ini_get('smtp_port').", additionnal_parameters=".$bounce, LOG_DEBUG);
-                    
+
 					$this->message=stripslashes($this->message);
 
 					if (! empty($conf->global->MAIN_MAIL_DEBUG)) $this->dump_mail();
@@ -873,7 +877,7 @@ class CMailFile
 
 		// Receiver
 		if (isset($this->addr_cc)   && $this->addr_cc)   $out.= "Cc: ".$this->getValidAddress($this->addr_cc,2).$this->eol2;
-		if (isset($this->addr_bcc)  && $this->addr_bcc)  $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2;    // Question: bcc must not be into header, only into SMTP command "RCPT TO". Does php mail support this ? 
+		if (isset($this->addr_bcc)  && $this->addr_bcc)  $out.= "Bcc: ".$this->getValidAddress($this->addr_bcc,2).$this->eol2;    // Question: bcc must not be into header, only into SMTP command "RCPT TO". Does php mail support this ?
 
 		// Delivery receipt
 		if (isset($this->deliveryreceipt) && $this->deliveryreceipt == 1) $out.= "Disposition-Notification-To: ".$this->getValidAddress($this->addr_from,2).$this->eol2;

htdocs/core/class/extrafields.class.php

@@ -739,7 +739,7 @@ class ExtraFields
 		}
 		elseif ($type == 'varchar')
 		{
-			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'" size="'.$showsize.'" maxlength="'.$size.'" value="'.$value.'"'.($moreparam?$moreparam:'').'>';
+			$out='<input type="text" class="flat" name="'.$keysuffix.'options_'.$key.$keyprefix.'" size="'.$showsize.'" maxlength="'.$size.'" value="'.dol_escape_htmltag($value).'"'.($moreparam?$moreparam:'').'>';
 		}
 		elseif ($type == 'text')
 		{

htdocs/core/class/html.form.class.php

@@ -5812,7 +5812,7 @@ class Form
 	                 */
                     global $dolibarr_main_url_root;
                     $ret.='<!-- Put link to gravatar -->';
-                    $ret.='<img class="photo'.$modulepart.($cssclass?' '.$cssclass:'').'" alt="Gravatar avatar" title="'.$email.' Gravatar avatar" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="https://www.gravatar.com/avatar/'.dol_hash(strtolower(trim($email)),3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,2)).'">';	// gravatar need md5 hash
+                    $ret.='<img class="photo'.$modulepart.($cssclass?' '.$cssclass:'').'" alt="Gravatar avatar" title="'.$email.' Gravatar avatar" border="0"'.($width?' width="'.$width.'"':'').($height?' height="'.$height.'"':'').' src="https://www.gravatar.com/avatar/'.dol_hash(strtolower(trim($email)),3).'?s='.$width.'&d='.urlencode(dol_buildpath($nophoto,3)).'">';	// gravatar need md5 hash
                 }
                 else
 				{

htdocs/core/class/html.formfile.class.php

@@ -76,7 +76,7 @@ class FormFile
         global $conf,$langs, $hookmanager;
         $hookmanager->initHooks(array('formfile'));
 
-        
+
         if (! empty($conf->browser->layout) && $conf->browser->layout != 'classic') $useajax=0;
 
 		if ((! empty($conf->global->MAIN_USE_JQUERY_FILEUPLOAD) && $useajax) || ($useajax==2))
@@ -276,7 +276,7 @@ class FormFile
 		if (0 !== $iconPDF) {
 			dol_syslog(__METHOD__ . ": passing iconPDF parameter is deprecated", LOG_WARNING);
 		}
-		
+
         global $langs, $conf, $user, $hookmanager;
         global $form, $bc;
 
@@ -288,7 +288,7 @@ class FormFile
         if (! empty($iconPDF)) {
         	return $this->getDocumentsLink($modulepart, $modulesubdir, $filedir);
         }
-        
+
         $printer=0;
         if (in_array($modulepart,array('facture','supplier_proposal','propal','proposal','order','commande','expedition', 'commande_fournisseur')))	// The direct print feature is implemented only for such elements
         {
@@ -506,7 +506,7 @@ class FormFile
 
             $addcolumforpicto=($delallowed || $printer || $morepicto);
             $out.= '<th align="center" colspan="'.(3+($addcolumforpicto?'2':'1')).'" class="formdoc liste_titre maxwidthonsmartphone">';
-            
+
             // Model
             if (! empty($modellist))
             {
@@ -863,8 +863,8 @@ class FormFile
 						    $minifile=getImageFileNameForSize($file['name'], '_mini'); // For new thumbs using same ext (in lower case howerver) than original
 						    if (! dol_is_file($file['path'].'/'.$minifile)) $minifile=getImageFileNameForSize($file['name'], '_mini', '.png'); // For backward compatibility of old thumbs that were created with filename in lower case and with .png extension
 						    //print $file['path'].'/'.$minifile.'<br>';
-						    print '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&file='.urlencode($relativepath.$fileinfo['filename'].'.'.strtolower($fileinfo['extension'])).'" class="aphoto" target="_blank">';
-							print '<img border="0" height="'.$maxheightmini.'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&file='.urlencode($relativepath.$minifile).'" title="">';
+						    print '<a href="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity)?$object->entity:$conf->entity).'&file='.urlencode($relativepath.$fileinfo['filename'].'.'.strtolower($fileinfo['extension'])).'" class="aphoto" target="_blank">';
+							print '<img border="0" height="'.$maxheightmini.'" src="'.DOL_URL_ROOT.'/viewimage.php?modulepart='.$modulepart.'&entity='.(!empty($object->entity)?$object->entity:$conf->entity).'&file='.urlencode($relativepath.$minifile).'" title="">';
 							print '</a>';
 						}
 						else print '&nbsp;';

htdocs/core/class/html.formprojet.class.php

@@ -140,8 +140,10 @@ class FormProjets
 		if ($socid == 0) $sql.= " AND (p.fk_soc=0 OR p.fk_soc IS NULL)";
 		if ($socid > 0 && empty($conf->global->PROJECT_ALLOW_TO_LINK_FROM_OTHER_COMPANY))  $sql.= " AND (p.fk_soc=".$socid." OR p.fk_soc IS NULL)";
 		if (!empty($filterkey)) {
-			$sql .= " AND p.title LIKE '%".$this->db->escape($filterkey)."%'";
-			$sql .= " OR p.ref LIKE '%".$this->db->escape($filterkey)."%'";
+			$sql .= ' AND (';
+			$sql .= ' p.title LIKE "%'.$this->db->escape($filterkey).'%"';
+			$sql .= ' OR p.ref LIKE "%'.$this->db->escape($filterkey).'%"';
+			$sql .= ')';
 		}
 		$sql.= " ORDER BY p.ref ASC";
 

htdocs/core/class/smtps.class.php

@@ -1190,7 +1190,7 @@ class SMTPs
 		$host=preg_replace('@tcp://@i','',$host);	// Remove prefix
 		$host=preg_replace('@ssl://@i','',$host);	// Remove prefix
 
-		$host=dol_getprefix('email').'-'.$host;
+		$host=dol_getprefix('email');
 		
 		//NOTE: Message-ID should probably contain the username of the user who sent the msg
 		$_header .= 'Subject: '    . $this->getSubject()     . "\r\n";

htdocs/core/tpl/login.tpl.php

@@ -89,7 +89,7 @@ $(document).ready(function () {
 
 <div id="login_right">
 
-<table class="left centpercent" title="Login pass">
+<table class="left centpercent" title="<?php echo $langs->trans("EnterLoginDetail"); ?>">
 <!-- Login -->
 <tr>
 <td class="nowrap center valignmiddle">

htdocs/fichinter/card.php

@@ -583,7 +583,7 @@ if (empty($reshook))
 		}
 	}
 
-	// Classify Billed
+	// Classify unbilled
 	else if ($action == 'classifyunbilled' && $user->rights->ficheinter->creer)
 	{
 		$result=$object->setStatut(1);
@@ -598,6 +598,21 @@ if (empty($reshook))
 		}
 	}
 
+	// Classify Done
+	else if ($action == 'classifydone' && $user->rights->ficheinter->creer)
+	{
+	    $result=$object->setStatut(3);
+	    if ($result > 0)
+	    {
+	        header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
+	        exit;
+	    }
+	    else
+	    {
+	        setEventMessages($object->error, $object->errors, 'errors');
+	    }
+	}
+	
 	/*
 	 *  Mise a jour d'une ligne d'intervention
 	 */

htdocs/fourn/commande/dispatch.php

@@ -314,7 +314,7 @@ if ($id > 0 || ! empty($ref))
 
 			if ($commande->methode_commande)
 			{
-				print '<tr><td>'.$langs->trans("Method").'</td><td colspan="2">'.$commande->methode_commande.'</td></tr>';
+				print '<tr><td>'.$langs->trans("Method").'</td><td colspan="2">'.$commande->getInputMethod().'</td></tr>';
 			}
 		}
 

htdocs/fourn/facture/list.php

@@ -6,7 +6,7 @@
  * Copyright (C) 2013	   Florian Henry		<florian.henry@open-concept.pro>
  * Copyright (C) 2013      Cédric Salvador      <csalvador@gpcsolutions.fr>
  * Copyright (C) 2015      Marcos García        <marcosgdf@gmail.com>
- * Copyright (C) 2015	   juanjo Menent		<jmenent@2byte.es>
+ * Copyright (C) 2015-2007 Juanjo Menent		<jmenent@2byte.es>
  * Copyright (C) 2015 	   Abbes Bahfir 	<bafbes@gmail.com>
  * Copyright (C) 2015-2016 Ferran Marcet		<fmarcet@2byte.es>
  *
@@ -434,6 +434,7 @@ if ($resql)
 	print '<input type="hidden" name="sortfield" value="'.$sortfield.'">';
 	print '<input type="hidden" name="sortorder" value="'.$sortorder.'">';
 	print '<input type="hidden" name="viewstatut" value="'.$viewstatut.'">';
+	print '<input type="hidden" name="socid" value="'.$socid.'">';
 
 	print_barre_liste($langs->trans("BillsSuppliers").($socid?" $soc->name.":""),$page,$_SERVER["PHP_SELF"],$param,$sortfield,$sortorder,'',$num,$nbtotalofrecords,'title_accountancy',0,'','',$limit);
 	
@@ -788,7 +789,7 @@ if ($resql)
                 $thirdparty->name=$obj->name;
                 $thirdparty->client=$obj->client;
                 $thirdparty->code_client=$obj->code_client;
-                print $thirdparty->getNomUrl(1,'customer');
+                print $thirdparty->getNomUrl(1,'supplier');
                 print '</td>';
                 if (! $i) $totalarray['nbfield']++;
     		}

htdocs/langs/en_US/admin.lang

@@ -560,7 +560,7 @@ Permission34=Delete products
 Permission36=See/manage hidden products
 Permission38=Export products
 Permission41=Read projects and tasks (shared project and projects i'm contact for). Can also enter time consumed on assigned tasks (timesheet)
-Permission42=Create/modify projects (shared project and projects i'm contact for)
+Permission42=Create/modify projects (shared project and projects i'm contact for). Can also create tasks and assign users to project and tasks
 Permission44=Delete projects (shared project and projects i'm contact for)
 Permission45=Export projects
 Permission61=Read interventions
@@ -663,7 +663,7 @@ PermissionAdvanced253=Create/modify internal/external users and permissions
 Permission254=Create/modify external users only
 Permission255=Modify other users password
 Permission256=Delete or disable other users
-Permission262=Extend access to all third parties (not only those linked to user). Not effective for external users (always limited to themselves).
+Permission262=Extend access to all third parties (not only third parties that user is a sale representative). Not effective for external users (always limited to themselves for proposals, orders, invoices, contracts, etc). Not effective for projects (only rules on project permissions, visibility and assignement matters).
 Permission271=Read CA
 Permission272=Read invoices
 Permission273=Issue invoices

htdocs/langs/en_US/errors.lang

@@ -176,6 +176,7 @@ ErrorStockIsNotEnoughToAddProductOnShipment=Stock is not enough for product %s t
 ErrorStockIsNotEnoughToAddProductOnProposal=Stock is not enough for product %s to add it into a new proposal.
 ErrorFailedToLoadLoginFileForMode=Failed to get the login key for mode '%s'.
 ErrorPhpMailDelivery=Check that you don't use a too high number of recipients and that your email content is not similar to a Spam. Ask also your administrator to check firewall and server logs files for a more complete information.
+ErrorUserNotAssignedToTask=User must be assigned to task to be able to enter time consumed.
 
 # Warnings
 WarningPasswordSetWithNoAccount=A password was set for this member. However, no user account was created. So this password is stored but can't be used to login to Dolibarr. It may be used by an external module/interface but if you don't need to define any login nor password for a member, you can disable option "Manage a login for each member" from Member module setup. If you need to manage a login but don't need any password, you can keep this field empty to avoid this warning. Note: Email can also be used as a login if the member is linked to a user.  

htdocs/langs/en_US/main.lang

@@ -447,6 +447,7 @@ DeletePicture=Picture delete
 ConfirmDeletePicture=Confirm picture deletion?
 Login=Login
 CurrentLogin=Current login
+EnterLoginDetail=Enter login details
 January=January
 February=February
 March=March

htdocs/margin/agentMargins.php

@@ -124,6 +124,7 @@ $sql.= ", ".MAIN_DB_PREFIX."facturedet as d";
 $sql.= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql.= ", ".MAIN_DB_PREFIX."user as u";
 $sql.= " WHERE f.fk_soc = s.rowid";
+$sql.= " AND f.entity = ".$conf->entity;
 $sql.= " AND sc.fk_soc = f.fk_soc";
 $sql.= " AND (d.product_type = 0 OR d.product_type = 1)";
 if (! empty($conf->global->AGENT_CONTACT_TYPE))

htdocs/product/stats/card.php

@@ -44,6 +44,7 @@ $ref	= GETPOST('ref');
 $mode	= (GETPOST('mode') ? GETPOST('mode') : 'byunit');
 $error	= 0;
 $mesg	= '';
+$graphfiles=array();
 
 $socid='';
 if (! empty($user->societe_id)) $socid=$user->societe_id;
@@ -57,7 +58,7 @@ $result=restrictedArea($user,'produit|service',$fieldvalue,'product&product','',
 /*
  *	View
  */
- 
+
 $form = new Form($db);
 
 if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
@@ -68,7 +69,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
         llxHeader("",$langs->trans("ProductStatistics"));
 
    	    $type = GETPOST('type');
-	    
+
        	$helpurl='';
         if ($type == '0')
         {
@@ -88,13 +89,13 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
             //$title=$langs->trans("StatisticsOfProductsOrServices");
             $title=$langs->trans("Statistics");
         }
-        
+
         print load_fiche_titre($title, $mesg,'title_products.png');
     }
     else
     {
         $result = $object->fetch($id,$ref);
-        
+
 		$title = $langs->trans('ProductServiceCard');
 		$helpurl = '';
 		$shortlabel = dol_trunc($object->label,16);
@@ -111,8 +112,8 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 
 		llxHeader('', $title, $helpurl);
     }
-	
-    
+
+
 	if ($result && (! empty($id) || ! empty($ref)))
 	{
 		$head=product_prepare_head($object);
@@ -122,21 +123,21 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 		dol_fiche_head($head, 'stats', $titre, 0, $picto);
 
 		$linkback = '<a href="'.DOL_URL_ROOT.'/product/list.php">'.$langs->trans("BackToList").'</a>';
-		
+
         dol_banner_tab($object, 'ref', $linkback, ($user->societe_id?0:1), 'ref');
-        
+
 		dol_fiche_end();
 	}
 	if (GETPOST('id') == 'all')
 	{
         $h=0;
         $head = array();
-        
+
         $head[$h][0] = DOL_URL_ROOT.'/product/stats/card.php?id=all';
         $head[$h][1] = $langs->trans("Chart");
         $head[$h][2] = 'chart';
         $h++;
-        
+
     	$title = $langs->trans("ListProductServiceByPopularity");
         if ((string) $type == '1') {
         	$title = $langs->trans("ListServiceByPopularity");
@@ -144,49 +145,49 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
         if ((string) $type == '0') {
         	$title = $langs->trans("ListProductByPopularity");
         }
-        
+
         $head[$h][0] = DOL_URL_ROOT.'/product/popuprop.php'.($type != ''?'?type='.$type:'');
         $head[$h][1] = $title;
         $head[$h][2] = 'popularityprop';
         $h++;
-        
-        dol_fiche_head($head,'chart',$langs->trans("Statistics"));   
+
+        dol_fiche_head($head,'chart',$langs->trans("Statistics"));
 	}
-	
-	
+
+
 	if ($result || GETPOST('id') == 'all')
 	{
 	    if (GETPOST('id') == 'all')
 	    {
     		// Choice of type of product
     		if (! empty($conf->dol_use_jmobile)) print "\n".'<div class="fichecenter"><div class="nowrap">'."\n";
-    
+
     		if ((string) $type != '0') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).'&type=0'.($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("Products");
     		if ((string) $type != '0') print '</a>';
-    
+
     		if (! empty($conf->dol_use_jmobile)) print '</div>'."\n".'<div class="nowrap">'."\n";
     		else print ' &nbsp; / &nbsp; ';
-    
+
     		if ((string) $type != '1') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).'&type=1'.($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("Services");
     		if ((string) $type != '1') print '</a>';
-    
+
     		if (! empty($conf->dol_use_jmobile)) print '</div>'."\n".'<div class="nowrap">'."\n";
     		else print ' &nbsp; / &nbsp; ';
-    
+
     		if ((string) $type == '0' || (string) $type == '1') print '<a href="'.$_SERVER["PHP_SELF"].'?id='.(GETPOST('id')?GETPOST('id'):$object->id).($mode?'&mode='.$mode:'').'">';
     		else print img_picto('','tick').' ';
     		print $langs->trans("ProductsAndServices");
     		if ((string) $type == '0' || (string) $type == '1') print '</a>';
-    		
+
     		if (! empty($conf->dol_use_jmobile)) print '</div></div>';
     		else print '<br>';
     		print '<br>';
 	    }
-	    
+
 		// Choice of stats mode (byunit or bynumber)
 		if (! empty($conf->dol_use_jmobile)) print "\n".'<div class="fichecenter"><div class="nowrap">'."\n";
 
@@ -222,25 +223,25 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
     			}
     		}
 		}
-		
+
 		if($conf->propal->enabled) {
 			$graphfiles['propal']=array('modulepart'=>'productstats_proposals',
 			'file' => $object->id.'/propal12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsProposals"):$langs->transnoentitiesnoconv("NumberOfProposals")));
 		}
-		
+
 		if($conf->supplier_proposal->enabled) {
 			$graphfiles['proposalssuppliers']=array('modulepart'=>'productstats_proposalssuppliers',
 			'file' => $object->id.'/proposalssuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsSupplierProposals"):$langs->transnoentitiesnoconv("NumberOfSupplierProposals")));
 		}
-		
+
 		if($conf->order->enabled) {
 			$graphfiles['orders']=array('modulepart'=>'productstats_orders',
 			'file' => $object->id.'/orders12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsCustomerOrders"):$langs->transnoentitiesnoconv("NumberOfCustomerOrders")));
 		}
-		
+
 		if($conf->fournisseur->enabled) {
 			$graphfiles['orderssuppliers']=array('modulepart'=>'productstats_orderssuppliers',
 			'file' => $object->id.'/orderssuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
@@ -251,7 +252,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 			$graphfiles['invoices']=array('modulepart'=>'productstats_invoices',
 			'file' => $object->id.'/invoices12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsCustomerInvoices"):$langs->transnoentitiesnoconv("NumberOfCustomerInvoices")));
-			
+
 			$graphfiles['invoicessuppliers']=array('modulepart'=>'productstats_invoicessuppliers',
 			'file' => $object->id.'/invoicessuppliers12m'.((string) $type != '' ? '_type'.$type : '').'_'.$mode.'.png',
 			'label' => ($mode=='byunit'?$langs->transnoentitiesnoconv("NumberOfUnitsSupplierInvoices"):$langs->transnoentitiesnoconv("NumberOfSupplierInvoices")));
@@ -282,10 +283,10 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
     					if ($key == 'proposalssuppliers') $graph_data = $object->get_nb_propalsupplier($socid,$mode,((string) $type != '' ? $type : -1));
     					if ($key == 'invoicessuppliers')  $graph_data = $object->get_nb_achat($socid,$mode,((string) $type != '' ? $type : -1));
     					if ($key == 'orderssuppliers')    $graph_data = $object->get_nb_ordersupplier($socid,$mode,((string) $type != '' ? $type : -1));
-    				
+
     					// TODO Save cachefile $graphfiles[$key]['file']
 					}
-					
+
 					if (is_array($graph_data))
 					{
 						$px->SetData($graph_data);
@@ -383,7 +384,7 @@ if (! empty($id) || ! empty($ref) || GETPOST('id') == 'all')
 			print '<div class="clear"><div class="fichecenter"><br></div></div>'."\n";
 		}
 	}
-	
+
 	if (GETPOST('id') == 'all')
 	{
 	    dol_fiche_end();

htdocs/product/stock/massstockmove.php

@@ -372,7 +372,7 @@ else
 {
 	$limit = $conf->global->PRODUIT_LIMIT_SIZE;
 }
-print $form->select_produits($id_product,'productid',$filtertype,$limit);
+print $form->select_produits($id_product,'productid',$filtertype,$limit,0,-1);
 print '</td>';
 // Batch number
 if ($conf->productbatch->enabled)

htdocs/projet/card.php

@@ -68,7 +68,7 @@ if ($id > 0 || ! empty($ref))
 
 // Security check
 $socid=GETPOST('socid');
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $object->id,'projet&project');
 
 // fetch optionals attributes and labels

htdocs/projet/contact.php

@@ -46,7 +46,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 

htdocs/projet/document.php

@@ -42,7 +42,7 @@ $mine 		= (GETPOST('mode','alpha') == 'mine' ? 1 : 0);
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result=restrictedArea($user,'projet',$id,'projet&project');
 
 $object = new Project($db);

htdocs/projet/element.php

@@ -92,7 +92,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=$object->socid;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $projectid, 'projet&project');
 
 

htdocs/projet/ganttview.php

@@ -43,7 +43,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $langs->load("users");

htdocs/projet/index.php

@@ -37,7 +37,7 @@ $mine = GETPOST('mode')=='mine' ? 1 : 0;
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 $sortfield = GETPOST("sortfield",'alpha');

htdocs/projet/info.php

@@ -34,7 +34,7 @@ $langs->load("projects");
 // Security check
 $socid=0;
 $id = GETPOST("id",'int');
-if ($user->societe_id) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result=restrictedArea($user,'projet',$id,'');
 
 

htdocs/projet/list.php

@@ -40,7 +40,7 @@ $title = $langs->trans("Projects");
 
 // Security check
 $socid = (is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if ($socid > 0)
 {
 	$soc = new Societe($db);
@@ -220,7 +220,9 @@ if (is_array($extrafields->attribute_label) && count($extrafields->attribute_lab
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_lead_status as cls on p.fk_opp_status = cls.rowid";
 // We'll need this table joined to the select in order to filter by sale
-if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+//if ($search_sale > 0 || (! $user->rights->societe->client->voir && ! $socid)) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+if ($search_sale > 0) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
 if ($search_user > 0)
 {
 	$sql.=", ".MAIN_DB_PREFIX."element_contact as ecp";
@@ -271,7 +273,8 @@ if ($search_opp_status)
 }
 if ($search_public!='') $sql .= " AND p.public = ".$db->escape($search_public);
 if ($search_sale > 0) $sql.= " AND sc.fk_user = " .$search_sale;
-if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+// For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+//if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
 if ($search_user > 0) $sql.= " AND ecp.fk_c_type_contact IN (".join(',',array_keys($listofprojectcontacttype)).") AND ecp.element_id = p.rowid AND ecp.fk_socpeople = ".$search_user; 
 if ($search_opp_amount != '') $sql .= natural_search('p.opp_amount', $search_opp_amount, 1);
 if ($search_budget_amount != '') $sql .= natural_search('p.budget_amount', $search_budget_amount, 1);

htdocs/projet/note.php

@@ -41,7 +41,7 @@ include DOL_DOCUMENT_ROOT.'/core/actions_fetchobject.inc.php';  // Must be inclu
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 $permissionnote=$user->rights->projet->creer;	// Used by the include of actions_setnotes.inc.php

htdocs/projet/tasks.php

@@ -61,7 +61,7 @@ $extralabels_task=$extrafields_task->fetch_name_optionals_label($taskstatic->tab
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 $result = restrictedArea($user, 'projet', $id,'projet&project');
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
@@ -413,7 +413,8 @@ else if ($id > 0 || ! empty($ref))
 	
 	// Get list of tasks in tasksarray and taskarrayfiltered
 	// We need all tasks (even not limited to a user because a task to user can have a parent that is not affected to him).
-	$tasksarray=$taskstatic->getTasksArray(0, 0, $object->id, $socid, 0);
+	$filteronthirdpartyid = $socid;
+	$tasksarray=$taskstatic->getTasksArray(0, 0, $object->id, $filteronthirdpartyid, 0);
 	// We load also tasks limited to a particular user
 	$tasksrole=($mode=='mine' ? $taskstatic->getUserRolesForProjectsOrTasks(0,$user,$object->id,0) : '');
 	//var_dump($tasksarray);

htdocs/projet/tasks/contact.php

@@ -42,7 +42,7 @@ $project_ref=GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 //$result = restrictedArea($user, 'projet', $id, 'projet_task');
 if (! $user->rights->projet->lire) accessforbidden();
 

htdocs/projet/tasks/document.php

@@ -47,7 +47,7 @@ $project_ref = GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 //$result=restrictedArea($user,'projet',$id,'');
 if (!$user->rights->projet->lire) accessforbidden();
 

htdocs/projet/tasks/list.php

@@ -75,7 +75,7 @@ $search_array_options=$extrafields->getOptionalsFromPost($extralabels,'','search
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 $limit = GETPOST("limit")?GETPOST("limit","int"):$conf->liste_limit;

htdocs/projet/tasks/note.php

@@ -39,7 +39,7 @@ $project_ref = GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 //$result = restrictedArea($user, 'projet', $id, '', 'task'); // TODO ameliorer la verification
 

htdocs/projet/tasks/task.php

@@ -47,7 +47,7 @@ $planned_workload=((GETPOST('planned_workloadhour')!='' && GETPOST('planned_work
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (! $user->rights->projet->lire) accessforbidden();
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array

htdocs/projet/tasks/time.php

@@ -43,7 +43,7 @@ $project_ref=GETPOST('project_ref','alpha');
 
 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid = $user->societe_id;
+//if ($user->societe_id > 0) $socid = $user->societe_id;    // For external user, no check is done on company because readability is managed by public status of project and assignement.
 if (!$user->rights->projet->lire) accessforbidden();
 
 // Initialize technical object to manage hooks of thirdparties. Note that conf->hooks_modules contains array array
@@ -128,7 +128,7 @@ if ($action == 'addtimespent' && $user->rights->projet->lire)
 	}
 }
 
-if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->creer)
+if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->lire)
 {
 	$error=0;
 
@@ -141,7 +141,8 @@ if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->cree
 	if (! $error)
 	{
 		$object->fetch($id, $ref);
-
+		// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
+		
 		$object->timespent_id = $_POST["lineid"];
 		$object->timespent_note = $_POST["timespent_note_line"];
 		$object->timespent_old_duration = $_POST["old_duration"];
@@ -175,9 +176,10 @@ if ($action == 'updateline' && ! $_POST["cancel"] && $user->rights->projet->cree
 	}
 }
 
-if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->projet->creer)
+if ($action == 'confirm_delete' && $confirm == "yes" && $user->rights->projet->lire)
 {
 	$object->fetchTimeSpent($_GET['lineid']);
+	// TODO Check that ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
 	$result = $object->delTimeSpent($user);
 
 	if ($result < 0)
@@ -585,6 +587,8 @@ if (($id > 0 || ! empty($ref)) || $projectidforalltimes > 0)
 
 		$tasktmp = new Task($db);
 		
+		$childids = $user->getAllChildIds();
+		
 		$total = 0;
 		$totalvalue = 0;
 		foreach ($tasks as $task_time)
@@ -688,17 +692,20 @@ if (($id > 0 || ! empty($ref)) || $projectidforalltimes > 0)
 				print '<br>';
 				print '<input type="submit" class="button" name="cancel" value="'.$langs->trans('Cancel').'">';
 			}
-			else if ($user->rights->projet->creer)
+			else if ($user->rights->projet->lire)    // Read project and enter time consumed on assigned tasks
 			{
-				print '&nbsp;';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=editline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
-				print img_edit();
-				print '</a>';
-
-				print '&nbsp;';
-				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=deleteline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
-				print img_delete();
-				print '</a>';
+			    if ($task_time->fk_user == $user->id || in_array($task_time->fk_user, $childids))
+			    {
+    				print '&nbsp;';
+    				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=editline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
+    				print img_edit();
+    				print '</a>';
+    
+    				print '&nbsp;';
+    				print '<a href="'.$_SERVER["PHP_SELF"].'?'.($projectidforalltimes?'projectid='.$projectidforalltimes.'&amp;':'').'id='.$task_time->fk_task.'&amp;action=deleteline&amp;lineid='.$task_time->rowid.($withproject?'&amp;withproject=1':'').'">';
+    				print img_delete();
+    				print '</a>';
+			    }
 			}
 			print '</td>';
 

htdocs/societe/class/api_contact.class.php

@@ -17,7 +17,7 @@
 
 use Luracast\Restler\RestException;
 
-//require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
+require_once DOL_DOCUMENT_ROOT . '/contact/class/contact.class.php';
 
 /**
  * API class for contact object

htdocs/societe/class/societe.class.php

@@ -1915,7 +1915,14 @@ class Societe extends CommonObject
         }
         $link.='>';
         $linkend='</a>';
-
+        
+        global $user;
+        if (! $user->rights->societe->client->voir && $user->societe_id > 0 && $this->id != $user->societe_id)
+        {
+            $link='';
+            $linkend='';
+        }
+        
         if ($withpicto) $result.=($link.img_object(($notooltip?'':$label), 'company', ($notooltip?'':'class="classfortooltip"')).$linkend);
         if ($withpicto && $withpicto != 2) $result.=' ';
         if ($withpicto != 2) $result.=$link.($maxlen?dol_trunc($name,$maxlen):$name).$linkend;

htdocs/user/class/user.class.php

@@ -1050,7 +1050,8 @@ class User extends CommonObject
 		$this->town         = $contact->town;
 		$this->state_id     = $contact->state_id;
 		$this->country_id   = $contact->country_id;
-
+        $this->employee     = 0;
+        
 		if (empty($login)) $login=strtolower(substr($contact->firstname, 0, 4)) . strtolower(substr($contact->lastname, 0, 4));
 		$this->login = $login;