diff --git a/htdocs/projet/activity/myactivity.php b/htdocs/projet/activity/myactivity.php
index 75861b4d74f..0317b32f8e0 100644
--- a/htdocs/projet/activity/myactivity.php
+++ b/htdocs/projet/activity/myactivity.php
@@ -29,6 +29,8 @@
 
 require("./pre.inc.php");
 
+$user->getrights('projet');
+
 if (!$user->rights->projet->lire) accessforbidden();
 
 /*
@@ -36,7 +38,6 @@ if (!$user->rights->projet->lire) accessforbidden();
  */
 if ($user->societe_id > 0) 
 {
-  $action = '';
   $socidp = $user->societe_id;
 }
 
@@ -69,6 +70,10 @@ $sql .= " , ".MAIN_DB_PREFIX."projet_task as t";
 if (!$user->rights->commercial->client->voir && !$socidp) $sql .= ", ".MAIN_DB_PREFIX."societe_commerciaux as sc";
 $sql .= " WHERE t.fk_projet = p.rowid";
 if (!$user->rights->commercial->client->voir && !$socidp) $sql .= " AND p.fk_soc = sc.fk_soc AND sc.fk_user = " .$user->id;
+if ($socidp)
+{ 
+  $sql .= " AND p.fk_soc = ".$socidp; 
+}
 
 $sql .= " GROUP BY p.rowid";
 
diff --git a/htdocs/projet/commandes.php b/htdocs/projet/commandes.php
index f21597ce7bb..933f516da91 100644
--- a/htdocs/projet/commandes.php
+++ b/htdocs/projet/commandes.php
@@ -36,6 +36,18 @@ $langs->load("projects");
 $langs->load("companies");
 $langs->load("orders");
 
+$user->getrights('projet');
+
+if (!$user->rights->projet->lire) accessforbidden();
+
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $socidp = $user->societe_id;
+}
+
 
 llxHeader("","../");
 
diff --git a/htdocs/projet/facture.php b/htdocs/projet/facture.php
index d23a17f95f2..f8b0cb8f6eb 100644
--- a/htdocs/projet/facture.php
+++ b/htdocs/projet/facture.php
@@ -39,8 +39,36 @@ $langs->load("bills");
 
 $user->getrights('projet');
 
-if (!$user->rights->projet->lire)
-  accessforbidden();
+if (!$user->rights->projet->lire) accessforbidden();
+
+/*
+ * Sécurité accés client
+ */
+$projetid='';
+if ($_GET["id"]) { $projetid=$_GET["id"]; }
+
+if ($projetid == '') accessforbidden();
+
+$socidp = 0
+
+if ($user->societe_id > 0) 
+{
+  $socidp = $user->societe_id;
+}
+
+// Protection restriction commercial
+if (!$user->rights->commercial->client->voir && $projetid && !$user->societe_id > 0)
+{
+        $sql = "SELECT sc.fk_soc, p.rowid, p.fk_soc";
+        $sql .= " FROM ".MAIN_DB_PREFIX."societe_commerciaux as sc, ".MAIN_DB_PREFIX."projet as p";
+        $sql .= " WHERE p.rowid = ".$projetid." AND sc.fk_soc = p.fk_soc AND fk_user = ".$user->id;
+
+        if ( $db->query($sql) )
+        {
+          if ( $db->num_rows() == 0) accessforbidden();
+        }
+}
+  
 
 llxHeader("","../");
 
diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php
index 07b5efc8a27..b636b33694e 100644
--- a/htdocs/projet/index.php
+++ b/htdocs/projet/index.php
@@ -36,7 +36,6 @@ if (!$user->rights->projet->lire) accessforbidden();
 // Sécurité accés client
 if ($user->societe_id > 0) 
 {
-  $action = '';
   $socidp = $user->societe_id;
 }
 
diff --git a/htdocs/projet/propal.php b/htdocs/projet/propal.php
index f4d03b3013a..63d7e571a1d 100644
--- a/htdocs/projet/propal.php
+++ b/htdocs/projet/propal.php
@@ -37,6 +37,18 @@ $langs->load("projects");
 $langs->load("companies");
 $langs->load("propal");
 
+$user->getrights('projet');
+
+if (!$user->rights->projet->lire) accessforbidden();
+
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $socidp = $user->societe_id;
+}
+
 
 llxHeader("","../");
 
diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php
index 0ca71daf24f..382bc39bc6a 100644
--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks/fiche.php
@@ -29,8 +29,19 @@
 
 require("./pre.inc.php");
 
+$user->getrights('projet');
+
 if (!$user->rights->projet->lire) accessforbidden();
 
+/*
+ * Sécurité accés client
+ */
+if ($user->societe_id > 0) 
+{
+  $action = '';
+  $socidp = $user->societe_id;
+}
+
 Function PLines(&$inc, $parent, $lines, &$level, $actors)
 {
   $form = new Form($db); // $db est null ici mais inutile pour la fonction select_date()