From 1199d54fb215f0cc4ac5edc038cc20f88e2dafb6 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 26 May 2014 17:21:48 +0200 Subject: [PATCH] Fix: When user has no permissions to see all other user, we must keep only user. --- htdocs/core/class/html.formother.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/class/html.formother.class.php b/htdocs/core/class/html.formother.class.php index 7f30f7c9c96..eced2a75729 100644 --- a/htdocs/core/class/html.formother.class.php +++ b/htdocs/core/class/html.formother.class.php @@ -363,7 +363,7 @@ class FormOther $sql_usr = "SELECT u.rowid, u.lastname, u.firstname, u.statut, u.login"; $sql_usr.= " FROM ".MAIN_DB_PREFIX."user as u"; $sql_usr.= " WHERE u.entity IN (0,".$conf->entity.")"; - if (empty($user->rights->user->user->lire)) $sql_usr.=" AND u.fk_societe = ".($user->societe_id?$user->societe_id:0); + if (empty($user->rights->user->user->lire)) $sql_usr.=" AND u.rowid = ".$user->id; // Add existing sales representatives of thirdparty of external user if (empty($user->rights->user->user->lire) && $user->societe_id) {