Merge pull request #8720 from atm-florian/6.0_pjAndTskCounter

fix project and task visibility same as list
2026-01-03 07:32:32 +01:00 · 2018-05-05 13:13:25 +02:00
parent 8d52c4f919 3657857d21
commit 2f79a12c6b
4 changed files with 35 additions and 28 deletions
--- a/htdocs/projet/activity/perday.php
+++ b/htdocs/projet/activity/perday.php
@@ -49,7 +49,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];

 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+//if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);

 $now=dol_now();
--- a/htdocs/projet/activity/perweek.php
+++ b/htdocs/projet/activity/perweek.php
@@ -50,7 +50,8 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];

 // Security check
 $socid=0;
-if ($user->societe_id > 0) $socid=$user->societe_id;
+// For external user, no check is done on company because readability is managed by public status of project and assignement.
+// if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);

 $now=dol_now();
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -1662,23 +1662,26 @@ class Project extends CommonObject
    {
        global $conf, $langs;

-        $mine=0; $socid=$user->societe_id;
-
-        $projectsListId = $this->getProjectsAuthorizedForUser($user,$mine?$mine:($user->rights->projet->all->lire?2:0),1,$socid);
+        // For external user, no check is done on company because readability is managed by public status of project and assignement.
+        //$socid=$user->societe_id;

+        if (! $user->rights->projet->all->lire) $projectsListId = $this->getProjectsAuthorizedForUser($user,0,1,$socid);
+        
        $sql = "SELECT p.rowid, p.fk_statut as status, p.fk_opp_status, p.datee as datee";
        $sql.= " FROM (".MAIN_DB_PREFIX."projet as p";
        $sql.= ")";
        $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+        // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+        //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
        $sql.= " WHERE p.fk_statut = 1";
        $sql.= " AND p.entity IN (".getEntity('project', 0).')';
-        if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+        if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
        // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
        //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
-
+        // For external user, no check is done on company permission because readability is managed by public status of project and assignement.
+        //if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+        
+        //print $sql;
        $resql=$this->db->query($sql);
        if ($resql)
        {
--- a/htdocs/projet/class/task.class.php
+++ b/htdocs/projet/class/task.class.php
@@ -1701,29 +1701,31 @@ class Task extends CommonObject
 	{
 	    global $conf, $langs;

-	    $mine=0; $socid=$user->societe_id;
-
+	    // For external user, no check is done on company because readability is managed by public status of project and assignement.
+	    //$socid=$user->societe_id;
+	    
 	    $projectstatic = new Project($this->db);
-	    $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1,$socid);
-
+	    $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,0,1,$socid);
+	    
 	    // List of tasks (does not care about permissions. Filtering will be done later)
 	    $sql = "SELECT p.rowid as projectid, p.fk_statut as projectstatus,";
 	    $sql.= " t.rowid as taskid, t.progress as progress, t.fk_statut as status,";
 	    $sql.= " t.dateo as date_start, t.datee as datee";
-        $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
-        $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
-        $sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
-        $sql.= " WHERE p.entity IN (".getEntity('project', 0).')';
-        $sql.= " AND p.fk_statut = 1";
-        $sql.= " AND t.fk_projet = p.rowid";
-        $sql.= " AND t.progress < 100";         // tasks to do
-        if ($mine || ! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
-        // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
-        //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
-        if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
-        //print $sql;
+	    $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
+	    $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
+	    //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
+	    $sql.= ", ".MAIN_DB_PREFIX."projet_task as t";
+	    $sql.= " WHERE p.entity IN (".getEntity('project', 0).')';
+	    $sql.= " AND p.fk_statut = 1";
+	    $sql.= " AND t.fk_projet = p.rowid";
+	    if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+	    // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
+	    //if ($socid || ! $user->rights->societe->client->voir)	$sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
+	    if ($socid) $sql.= "  AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
+	    // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
+	    // if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
+
+	    //print $sql;
 	    $resql=$this->db->query($sql);
 	    if ($resql)
 	    {