From d82c62c40d9558d9c97c49a5cf62053d0ffc5125 Mon Sep 17 00:00:00 2001
From: abb <bafbes@gmail.com>
Date: Fri, 12 Feb 2021 23:53:05 +0100
Subject: [PATCH] New:Constant MAIN_SHOW_SOCIETE2EXTERN to allow access to any
 thirdparty for external users

---
 htdocs/core/lib/security.lib.php | 2 +-
 htdocs/societe/card.php          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 2f1e3d5596b..f2714dc9fb2 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -493,7 +493,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 		} elseif (in_array($feature, $checksoc))	// We check feature = checksoc
 		{
 			// If external user: Check permission for external users
-			if ($user->socid > 0)
+			if ($user->socid > 0  && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN))
 			{
 				if ($user->socid <> $objectid) return false;
 			} // If internal user: Check permission for internal users that are restricted on their objects
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index b471ca23ead..757b168e0cf 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -64,7 +64,7 @@ $backtopage = GETPOST('backtopage', 'alpha');
 $confirm	= GETPOST('confirm', 'alpha');
 
 $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int');
-if ($user->socid) $socid = $user->socid;
+if ($user->socid && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN)) $socid = $user->socid;
 if (empty($socid) && $action == 'view') $action = 'create';
 
 $object = new Societe($db);