From 17771c3990a59fe9ce30cf65b1e7685a07adc84b Mon Sep 17 00:00:00 2001
From: Adrien Raze <adrien.raze@atm-consulting.fr>
Date: Thu, 2 Mar 2023 18:23:48 +0100
Subject: [PATCH 1/4] NEW : Authorize the link between OF and supplier order,
 even if the associated thirdparty is not the same

---
 htdocs/core/class/html.form.class.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 62fd1db45e6..fc20180737b 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -8862,8 +8862,7 @@ class Form
 					'perms'=>1,
 					'label'=>'LinkToContract',
 					'sql'=>"SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_customer as ref_client, t.ref_supplier, SUM(td.total_ht) as total_ht
-							FROM ".$this->db->prefix()."societe as s, ".$this->db->prefix()."contrat as t, ".$this->db->prefix()."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('contract').') GROUP BY s.rowid, s.nom, s.client, t.rowid, t.ref, t.ref_customer, t.ref_supplier'
-				),
+							FROM ".$this->db->prefix()."societe as s, ".$this->db->prefix()."contrat as t, ".$this->db->prefix()."contratdet as td WHERE t.fk_soc = s.rowid AND td.fk_contrat = t.rowid AND t.fk_soc IN (".$this->db->sanitize($listofidcompanytoscan).') AND t.entity IN ('.getEntity('contract').') GROUP BY s.rowid, s.nom, s.client, t.rowid, t.ref, t.ref_customer, t.ref_supplier'),
 				'fichinter'=>array(
 					'enabled'=>isModEnabled('ficheinter'),
 					'perms'=>1,
@@ -8896,6 +8895,12 @@ class Form
 			);
 		}
 
+		if($object->table_element == 'commande_fournisseur') {
+			$possiblelinks['mo']['sql'] = "SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.rowid, '0' as total_ht FROM ".$this->db->prefix()."societe as s INNER JOIN ".$this->db->prefix().'mrp_mo as t ON t.fk_soc = s.rowid  WHERE t.entity IN ('.getEntity('mo').')';
+		} elseif($object->table_element == 'mrp_mo') {
+			$possiblelinks['order_supplier']['sql'] = "SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".$this->db->prefix()."societe as s, ".$this->db->prefix().'commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.entity IN ('.getEntity('commande_fournisseur').')';
+		}
+
 		if (!empty($listofidcompanytoscan)) {  // If empty, we don't have criteria to scan the object we can link to
 			// Can complete the possiblelink array
 			$hookmanager->initHooks(array('commonobject'));

From 3e0689879d267fb4c04c4535094de475d884783a Mon Sep 17 00:00:00 2001
From: Adrien Raze <adrien.raze@atm-consulting.fr>
Date: Fri, 3 Mar 2023 10:25:23 +0100
Subject: [PATCH 2/4] FIX : stickler-ci

---
 htdocs/core/class/html.form.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index fc20180737b..d52b752802b 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -8895,9 +8895,9 @@ class Form
 			);
 		}
 
-		if($object->table_element == 'commande_fournisseur') {
+		if ($object->table_element == 'commande_fournisseur') {
 			$possiblelinks['mo']['sql'] = "SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.rowid, '0' as total_ht FROM ".$this->db->prefix()."societe as s INNER JOIN ".$this->db->prefix().'mrp_mo as t ON t.fk_soc = s.rowid  WHERE t.entity IN ('.getEntity('mo').')';
-		} elseif($object->table_element == 'mrp_mo') {
+		} elseif ($object->table_element == 'mrp_mo') {
 			$possiblelinks['order_supplier']['sql'] = "SELECT s.rowid as socid, s.nom as name, s.client, t.rowid, t.ref, t.ref_supplier, t.total_ht FROM ".$this->db->prefix()."societe as s, ".$this->db->prefix().'commande_fournisseur as t WHERE t.fk_soc = s.rowid AND t.entity IN ('.getEntity('commande_fournisseur').')';
 		}
 

From 412a1e14531c91dd2a2d4dd64d61d070d1467661 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20NASSIET?=
 <109105553+comaiteseb@users.noreply.github.com>
Date: Fri, 3 Mar 2023 18:26:00 +0100
Subject: [PATCH 3/4] FIX impossible to edit user if you are admin

Line 128 surcharged the line 111 even if you ard admin ou user->user->write.
So I was impossible to update user card if it was not yours...
---
 htdocs/user/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 08c2defd546..af1e198dcc3 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -125,7 +125,7 @@ if ($user->id != $id && !$canreaduser) {
 // Define value to know what current user can do on properties of edited user
 if ($id > 0) {
 	// $user is the current logged user, $id is the user we want to edit
-	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write"));	// can edit myself
+	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (!empty($user->admin) || $user->hasRight("user", "user", "write"));  // can edit myself
 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
 	$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
 }

From 39ddd5368e939c4d04344511a1cf5c0df41756a7 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 4 Mar 2023 15:02:04 +0100
Subject: [PATCH 4/4] Update card.php

---
 htdocs/user/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index af1e198dcc3..2a6b8a813be 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -125,7 +125,7 @@ if ($user->id != $id && !$canreaduser) {
 // Define value to know what current user can do on properties of edited user
 if ($id > 0) {
 	// $user is the current logged user, $id is the user we want to edit
-	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (!empty($user->admin) || $user->hasRight("user", "user", "write"));  // can edit myself
+	$canedituser = (($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write"));
 	$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write")) || (($user->id != $id) && $user->hasRight("user", "user", "write")));
 	$caneditpassword = ((($user->id == $id) && $user->hasRight("user", "self", "password")) || (($user->id != $id) && $user->hasRight("user", "user", "password")));
 }