lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix scrutinizer

Browse Source
This commit is contained in:
florian HENRY 2019-06-05 15:57:16 +02:00
parent 06e0ec5e0c
commit 1d4962cf81
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/projet/class/project.class.php
View File

@ -1738,7 +1738,7 @@ class Project extends CommonObject
$sql.= " AND pt.fk_projet = ".$this->id;
$sql.= " AND (ptt.task_date >= '".$this->db->idate($datestart)."' ";
$sql.= " AND ptt.task_date <= '".$this->db->idate(dol_time_plus_duree($datestart, 1, 'w') - 1)."')";
if ($task_id) $sql.= " AND ptt.fk_task=".$taskid;
if ($taskid) $sql.= " AND ptt.fk_task=".$taskid;
if (is_numeric($userid)) $sql.= " AND ptt.fk_user=".$userid;
//print $sql;
@ -1794,7 +1794,7 @@ class Project extends CommonObject
// For external user, no check is done on company because readability is managed by public status of project and assignement.
//$socid=$user->societe_id;
if (! $user->rights->projet->all->lire) $projectsListId = $this->getProjectsAuthorizedForUser($user, 0, 1, $socid);
if (! $user->rights->projet->all->lire) $projectsListId = $this->getProjectsAuthorizedForUser($user, 0, 1);
$sql = "SELECT p.rowid, p.fk_statut as status, p.fk_opp_status, p.datee as datee";
$sql.= " FROM (".MAIN_DB_PREFIX."projet as p";
@ -1804,7 +1804,7 @@ class Project extends CommonObject
//if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid";
$sql.= " WHERE p.fk_statut = 1";
$sql.= " AND p.entity IN (".getEntity('project').')';
if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
if (! empty($projectsListId)) $sql.= " AND p.rowid IN (".$projectsListId.")";
// No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser
//if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
// For external user, no check is done on company permission because readability is managed by public status of project and assignement.