From 0126be54a330c0cf1830146404fa69289968889b Mon Sep 17 00:00:00 2001
From: Thomas Negre <tnegre@open-dsi.fr>
Date: Tue, 25 Jan 2022 15:12:32 +0100
Subject: [PATCH] fix ticket : an external user should be able to access only
 its own company tickets.

---
 htdocs/ticket/list.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/ticket/list.php b/htdocs/ticket/list.php
index e4ba75b84c5..44b9edf358e 100644
--- a/htdocs/ticket/list.php
+++ b/htdocs/ticket/list.php
@@ -157,6 +157,8 @@ $arrayfields = dol_sort_array($arrayfields, 'position');
 if (!$user->rights->ticket->read) {
 	accessforbidden();
 }
+// restrict view to current user's company
+if ($user->socid > 0) $socid = $user->socid;
 
 // Store current page url
 $url_page_current = DOL_URL_ROOT.'/ticket/list.php';