minimexat 2e02df9002 Fix external user 'Access Forbidden' on agenda event card (#37362) ...

External users (fk_soc set) were blocked from opening agenda events
because GETPOSTINT('socid') returns 0 when no socid param is in the URL
(ActionComm::getNomUrl() only generates ?id=XXXXX).

The condition 0 != $user->socid then triggers accessforbidden() for
every external user.

Fix: fall back to $user->socid when socid is not in the URL, consistent
with the pattern used in all other card pages (contracts, invoices,
orders, etc.).

The existing restrictedArea() check still validates that the event's
fk_soc matches the user's company, so security is preserved.

Fixes #37361

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>

2026-02-27 16:37:29 +01:00

..

action

Fix external user 'Access Forbidden' on agenda event card (#37362)

2026-02-27 16:37:29 +01:00

admin

add dolBuildUrl (#35664)

2025-10-17 02:31:07 +02:00

mailing

Qual: Update spelling (#37199)

2026-02-12 16:29:11 +01:00

propal

Merge branch '23.0' of git@github.com:Dolibarr/dolibarr.git into develop

2026-02-26 15:47:36 +01:00

prospect

add baseline exclude for phpstan (#31632)

2024-11-04 23:53:20 +01:00

card.php

Look and feel Debug v23

2025-11-18 02:49:47 +01:00

contact.php

Clean code

2025-01-20 03:54:04 +01:00

index.php

Qual: Update comments from French to English (#37097)

2026-02-08 15:29:53 +01:00

multiprix.php

Qual: Fix phan notices (htdocs/compta) (#33427)

2025-03-12 20:41:50 +01:00

recap-client.php

Look and feel Debug v23

2025-11-18 02:49:47 +01:00

remise.php

Debug v23

2025-11-05 21:24:19 +01:00

remx.php

Merge branch '23.0' of git@github.com:Dolibarr/dolibarr.git into develop

2026-02-12 00:39:28 +01:00