Fix: bug on projects visibility for external users

htdocs/core/class/commonobject.class.php

@@ -321,7 +321,7 @@ abstract class CommonObject
 
         $tab=array();
 
-        $sql = "SELECT ec.rowid, ec.statut, ec.fk_socpeople as id";
+        $sql = "SELECT ec.rowid, ec.statut, ec.fk_socpeople as id";    // This field contains id of llx_socpeople or id of llx_user
         if ($source == 'internal') $sql.=", '-1' as socid";
         if ($source == 'external' || $source == 'thirdparty') $sql.=", t.fk_soc as socid";
         $sql.= ", t.civilite as civility, t.name as lastname, t.firstname, t.email";

htdocs/projet/class/project.class.php

@@ -242,11 +242,11 @@ class Project extends CommonObject
         $sql = "SELECT rowid, ref, title, description, public, datec";
         $sql.= ", tms, dateo, datee, fk_soc, fk_user_creat, fk_statut, note_private, note_public";
         $sql.= " FROM " . MAIN_DB_PREFIX . "projet";
-        if ($ref)
-        {
-        	$sql.= " WHERE ref='".$ref."'";
-        	$sql.= " AND entity IN (".getEntity('project').")";
-        }
+        if ($ref)
+        {
+        	$sql.= " WHERE ref='".$ref."'";
+        	$sql.= " AND entity IN (".getEntity('project').")";
+        }
         else $sql.= " WHERE rowid=".$id;
 
         dol_syslog("Project::fetch sql=" . $sql, LOG_DEBUG);
@@ -787,7 +787,13 @@ class Project extends CommonObject
                 $nblinks = 0;
                 while ($nblinks < $num)
                 {
-                    if (preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
+                    if ($source == 'internal' && preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
+                    {
+                        if ($mode == 'read'   && $user->rights->projet->lire)      $userAccess++;
+                        if ($mode == 'write'  && $user->rights->projet->creer)     $userAccess++;
+                        if ($mode == 'delete' && $user->rights->projet->supprimer) $userAccess++;
+                    }
+                    if ($source == 'external' && preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->contact_id == $userRole[$nblinks]['id'])
                     {
                         if ($mode == 'read'   && $user->rights->projet->lire)      $userAccess++;
                         if ($mode == 'write'  && $user->rights->projet->creer)     $userAccess++;
@@ -840,14 +846,14 @@ class Project extends CommonObject
             //$sql.= " OR p.fk_user_creat = ".$user->id;
             $sql.= " OR ( ctc.rowid = ec.fk_c_type_contact";
             $sql.= " AND ctc.element = '" . $this->element . "'";
-            $sql.= " AND ec.fk_socpeople = " . $user->id . " ) )";
+            $sql.= " AND ec.fk_socpeople = " . $user->contact_id . " ) )";
         }
         if ($mode == 1)
         {
             $sql.= " AND ec.element_id = p.rowid";
             $sql.= " AND ctc.rowid = ec.fk_c_type_contact";
             $sql.= " AND ctc.element = '" . $this->element . "'";
-            $sql.= " AND ec.fk_socpeople = " . $user->id;
+            $sql.= " AND ec.fk_socpeople = " . $user->contact_id;
         }
         if ($mode == 2)
         {

htdocs/user/class/user.class.php

@@ -66,8 +66,11 @@ class User extends CommonObject
 
 	var $datec;
 	var $datem;
+
 	//! If this is defined, it is an external user
 	var $societe_id;
+	var $contact_id;
+
 	var $fk_member;
 
 	var $webcal_login;