From bc3a210d12add514e6f96f1ec61bef5f6bd2a995 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Mon, 3 Feb 2020 11:46:18 +0100
Subject: [PATCH 01/10] FIX compatibility with multicompany (avoid duplicate
 data)

---
 htdocs/holiday/class/holiday.class.php | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 66a118c744b..1e3567549a9 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -1658,19 +1658,19 @@ class Holiday extends CommonObject
 			{
 				// Si utilisateur de Dolibarr
 
-				$sql = "SELECT u.rowid";
+				$sql = "SELECT DISTINCT u.rowid";
 				$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 
 				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
 				{
-					$sql.= ", ".MAIN_DB_PREFIX."usergroup_user as ug";
-					$sql.= " WHERE (ug.fk_user = u.rowid";
-					$sql.= " AND ug.entity = ".$conf->entity.")";
-					$sql.= " OR u.admin = 1";
+					$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
+					$sql.= " WHERE ((ug.fk_user = u.rowid";
+					$sql.= " AND ug.entity IN (".getEntity('user')."))";
+					$sql.= " OR u.entity = 0)"; // Show always superadmin
 				}
 				else
 				{
-					$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
+					$sql.= " WHERE u.entity IN (".getEntity('user').")";
 				}
 				$sql.= " AND u.statut > 0";
 				if ($filters) $sql.=$filters;
@@ -1754,18 +1754,20 @@ class Holiday extends CommonObject
 			// List for Dolibarr users
 			if ($type)
 			{
-				$sql = "SELECT u.rowid, u.lastname, u.firstname, u.gender, u.photo, u.employee, u.statut, u.fk_user";
+				$sql = "SELECT DISTINCT u.rowid, u.lastname, u.firstname, u.gender, u.photo, u.employee, u.statut, u.fk_user";
 				$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 
 				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))
 				{
-					$sql.= ", ".MAIN_DB_PREFIX."usergroup_user as ug";
-					$sql.= " WHERE (ug.fk_user = u.rowid";
-					$sql.= " AND ug.entity = ".$conf->entity.")";
-					$sql.= " OR u.admin = 1";
+					$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
+					$sql.= " WHERE ((ug.fk_user = u.rowid";
+					$sql.= " AND ug.entity IN (".getEntity('user')."))";
+					$sql.= " OR u.entity = 0)"; // Show always superadmin
 				}
 				else
-					$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
+				{
+					$sql.= " WHERE u.entity IN (".getEntity('user').")";
+				}
 
 					$sql.= " AND u.statut > 0";
 					if ($filters) $sql.=$filters;

From e74e63941d6914241a60d5855a891cda1d9a14e8 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis.houssin@inodbox.com>
Date: Mon, 3 Feb 2020 11:55:55 +0100
Subject: [PATCH 02/10] FIX use "usergroup" instead "user"

---
 htdocs/holiday/class/holiday.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 1e3567549a9..31723379314 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -1665,7 +1665,7 @@ class Holiday extends CommonObject
 				{
 					$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
 					$sql.= " WHERE ((ug.fk_user = u.rowid";
-					$sql.= " AND ug.entity IN (".getEntity('user')."))";
+					$sql.= " AND ug.entity IN (".getEntity('usergroup')."))";
 					$sql.= " OR u.entity = 0)"; // Show always superadmin
 				}
 				else
@@ -1761,7 +1761,7 @@ class Holiday extends CommonObject
 				{
 					$sql.= ",".MAIN_DB_PREFIX."usergroup_user as ug";
 					$sql.= " WHERE ((ug.fk_user = u.rowid";
-					$sql.= " AND ug.entity IN (".getEntity('user')."))";
+					$sql.= " AND ug.entity IN (".getEntity('usergroup')."))";
 					$sql.= " OR u.entity = 0)"; // Show always superadmin
 				}
 				else

From d93a597a1eb62db89392aa44b79b73ba19e7c6bb Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Tue, 4 Feb 2020 09:17:02 +0100
Subject: [PATCH 03/10] Fix Compatbility with Multicompany

Before : Show all projects of all entities
Now : Show only projects that are allowed by permissions
---
 htdocs/core/boxes/box_project.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index e7281708802..5e06e154987 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -3,6 +3,7 @@
  * Copyright (C) 2014      Marcos García          <marcosgdf@gmail.com>
  * Copyright (C) 2015      Frederic France        <frederic.france@free.fr>
  * Copyright (C) 2016      Juan José Menent       <jmenent@2byte.es>
+ * Copyright (C) 2020      Pierre Ardoin          <mapiolca@me.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -99,6 +100,7 @@ class box_project extends ModeleBoxes
             $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
             $sql.= " WHERE p.fk_statut = 1"; // Only open projects
+			$sql .= " AND entity IN (".getEntity('projet').")"; // Only current entity or severals if permission ok
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
             $sql.= " ORDER BY p.datec DESC";

From 262d889700ac6fb2fb149c149799ccfedcce133e Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Wed, 5 Feb 2020 08:50:51 +0100
Subject: [PATCH 04/10] Update box_project.php

---
 htdocs/core/boxes/box_project.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index 5e06e154987..d3670d05ee1 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -100,7 +100,7 @@ class box_project extends ModeleBoxes
             $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
             $sql.= " WHERE p.fk_statut = 1"; // Only open projects
-			$sql .= " AND entity IN (".getEntity('projet').")"; // Only current entity or severals if permission ok
+			$sql .= " AND entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
             $sql.= " ORDER BY p.datec DESC";

From d5b74a8ca3d1fc210c0d60160cf8e2d42415f125 Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Wed, 5 Feb 2020 09:06:43 +0100
Subject: [PATCH 05/10] Update box_project.php

---
 htdocs/core/boxes/box_project.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index d3670d05ee1..ca9618aab9a 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -100,7 +100,7 @@ class box_project extends ModeleBoxes
             $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
             $sql.= " WHERE p.fk_statut = 1"; // Only open projects
-			$sql .= " AND entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
+			$sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
             $sql.= " ORDER BY p.datec DESC";

From 81ed70ffc7ac61844088e1e664324e5fdacb8e78 Mon Sep 17 00:00:00 2001
From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com>
Date: Wed, 5 Feb 2020 09:18:39 +0100
Subject: [PATCH 06/10] Update box_project.php

---
 htdocs/core/boxes/box_project.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index ca9618aab9a..071e4b013ec 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -99,8 +99,8 @@ class box_project extends ModeleBoxes
 
             $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
-            $sql.= " WHERE p.fk_statut = 1"; // Only open projects
-			$sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
+            $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
+			$sql.= " AND p.fk_statut = 1"; // Only open projects
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 
             $sql.= " ORDER BY p.datec DESC";

From c3cf9e62b3bad4145fa1f145f9863e84c2b046df Mon Sep 17 00:00:00 2001
From: VESSILLER <lvessiller@open-dsi.fr>
Date: Wed, 5 Feb 2020 11:31:02 +0100
Subject: [PATCH 07/10] FIX links in products/services index

---
 htdocs/product/index.php | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/htdocs/product/index.php b/htdocs/product/index.php
index caeb5e5d873..246d50e5c3e 100644
--- a/htdocs/product/index.php
+++ b/htdocs/product/index.php
@@ -143,31 +143,31 @@ print '<tr class="liste_titre"><th colspan="2">'.$langs->trans("Statistics").'</
 if (! empty($conf->product->enabled))
 {
 	$statProducts = '<tr class="oddeven">';
-	$statProducts.= '<td><a href="list.php?type=0&amp;tosell=0&amp;tobuy=0">'.$langs->trans("ProductsNotOnSell").'</a></td><td class="right">'.round($prodser[0][0]).'</td>';
+	$statProducts.= '<td><a href="list.php?type=0&amp;search_tosell=0&amp;search_tobuy=0">'.$langs->trans("ProductsNotOnSell").'</a></td><td class="right">'.round($prodser[0][0]).'</td>';
 	$statProducts.= "</tr>";
 	$statProducts.= '<tr class="oddeven">';
-	$statProducts.= '<td><a href="list.php?type=0">'.$langs->trans("ProductsOnSaleOnly").'</a></td><td class="right">'.round($prodser[0][1]).'</td>';
+	$statProducts.= '<td><a href="list.php?type=0&amp;search_tosell=1&amp;search_tobuy=0">'.$langs->trans("ProductsOnSaleOnly").'</a></td><td class="right">'.round($prodser[0][1]).'</td>';
 	$statProducts.= "</tr>";
 	$statProducts.= '<tr class="oddeven">';
-	$statProducts.= '<td><a href="list.php?type=0">'.$langs->trans("ProductsOnPurchaseOnly").'</a></td><td class="right">'.round($prodser[0][2]).'</td>';
+	$statProducts.= '<td><a href="list.php?type=0&amp;search_tosell=0&amp;search_tobuy=1">'.$langs->trans("ProductsOnPurchaseOnly").'</a></td><td class="right">'.round($prodser[0][2]).'</td>';
 	$statProducts.= "</tr>";
 	$statProducts.= '<tr class="oddeven">';
-	$statProducts.= '<td><a href="list.php?type=0&amp;tosell=1&amp;tobuy=1">'.$langs->trans("ProductsOnSellAndOnBuy").'</a></td><td class="right">'.round($prodser[0][3]).'</td>';
+	$statProducts.= '<td><a href="list.php?type=0&amp;search_tosell=1&amp;search_tobuy=1">'.$langs->trans("ProductsOnSellAndOnBuy").'</a></td><td class="right">'.round($prodser[0][3]).'</td>';
 	$statProducts.= "</tr>";
 }
 if (! empty($conf->service->enabled))
 {
 	$statServices = '<tr class="oddeven">';
-	$statServices.= '<td><a href="list.php?type=1&amp;tosell=0&amp;tobuy=0">'.$langs->trans("ServicesNotOnSell").'</a></td><td class="right">'.round($prodser[1][0]).'</td>';
+	$statServices.= '<td><a href="list.php?type=1&amp;search_tosell=0&amp;search_tobuy=0">'.$langs->trans("ServicesNotOnSell").'</a></td><td class="right">'.round($prodser[1][0]).'</td>';
 	$statServices.= "</tr>";
 	$statServices.= '<tr class="oddeven">';
-	$statServices.= '<td><a href="list.php?type=1">'.$langs->trans("ServicesOnSaleOnly").'</a></td><td class="right">'.round($prodser[1][1]).'</td>';
+	$statServices.= '<td><a href="list.php?type=1&amp;search_tosell=1&amp;search_tobuy=0">'.$langs->trans("ServicesOnSaleOnly").'</a></td><td class="right">'.round($prodser[1][1]).'</td>';
 	$statServices.= "</tr>";
 	$statServices.= '<tr class="oddeven">';
-	$statServices.= '<td><a href="list.php?type=1">'.$langs->trans("ServicesOnPurchaseOnly").'</a></td><td class="right">'.round($prodser[1][2]).'</td>';
+	$statServices.= '<td><a href="list.php?type=1&amp;search_tosell=0&amp;search_tobuy=1">'.$langs->trans("ServicesOnPurchaseOnly").'</a></td><td class="right">'.round($prodser[1][2]).'</td>';
 	$statServices.= "</tr>";
 	$statServices.= '<tr class="oddeven">';
-	$statServices.= '<td><a href="list.php?type=1&amp;tosell=1&amp;tobuy=1">'.$langs->trans("ServicesOnSellAndOnBuy").'</a></td><td class="right">'.round($prodser[1][3]).'</td>';
+	$statServices.= '<td><a href="list.php?type=1&amp;search_tosell=1&amp;search_tobuy=1">'.$langs->trans("ServicesOnSellAndOnBuy").'</a></td><td class="right">'.round($prodser[1][3]).'</td>';
 	$statServices.= "</tr>";
 }
 $total=0;

From 63ba601906cb9e0fda349dd06f0968bc48f3330b Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 5 Feb 2020 12:39:00 +0100
Subject: [PATCH 08/10] Update box_project.php

---
 htdocs/core/boxes/box_project.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php
index 071e4b013ec..9b3920590d2 100644
--- a/htdocs/core/boxes/box_project.php
+++ b/htdocs/core/boxes/box_project.php
@@ -99,7 +99,7 @@ class box_project extends ModeleBoxes
 
             $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
             $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
-            $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
+            $sql.= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok
 			$sql.= " AND p.fk_statut = 1"; // Only open projects
             if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
 

From d35994e5db1a79ddea4babe94f466589f8b8a69a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 5 Feb 2020 13:25:51 +0100
Subject: [PATCH 09/10] Update holiday.class.php

---
 htdocs/holiday/class/holiday.class.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 31723379314..78210d08bc9 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -1656,9 +1656,12 @@ class Holiday extends CommonObject
 		{
 			if ($type)
 			{
-				// Si utilisateur de Dolibarr
-
-				$sql = "SELECT DISTINCT u.rowid";
+				// If user of Dolibarr
+				$sql = "SELECT";
+				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
+					$sql .= " DISTINCT";
+				}
+				$sql.= " u.rowid";
 				$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 
 				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))

From c101c3dd55ec96f86e23c29618f6a1c4e0ef05ad Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 5 Feb 2020 13:27:22 +0100
Subject: [PATCH 10/10] Update holiday.class.php

---
 htdocs/holiday/class/holiday.class.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/htdocs/holiday/class/holiday.class.php b/htdocs/holiday/class/holiday.class.php
index 78210d08bc9..04ccf239766 100644
--- a/htdocs/holiday/class/holiday.class.php
+++ b/htdocs/holiday/class/holiday.class.php
@@ -1757,7 +1757,12 @@ class Holiday extends CommonObject
 			// List for Dolibarr users
 			if ($type)
 			{
-				$sql = "SELECT DISTINCT u.rowid, u.lastname, u.firstname, u.gender, u.photo, u.employee, u.statut, u.fk_user";
+								// If user of Dolibarr
+				$sql = "SELECT";
+				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE)) {
+					$sql .= " DISTINCT";
+				}
+				$sql = " u.rowid, u.lastname, u.firstname, u.gender, u.photo, u.employee, u.statut, u.fk_user";
 				$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
 
 				if (! empty($conf->multicompany->enabled) && ! empty($conf->global->MULTICOMPANY_TRANSVERSE_MODE))