Fix: If user has no permission to see all projects, see only its projects

htdocs/projet/index.php

@@ -29,15 +29,14 @@ require("../main.inc.php");
 require_once(DOL_DOCUMENT_ROOT."/projet/class/project.class.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
 
-$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 
 $langs->load("projects");
 
+$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
+
 // Security check
-if ($user->societe_id > 0)
-{
-	$socid = $user->societe_id;
-}
+if (! $user->rights->projet->all->lire) $mine=1;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 
 
@@ -49,6 +48,7 @@ $socstatic=new Societe($db);
 $projectstatic=new Project($db);
 
 $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1);
+//var_dump($projectsListId);
 
 llxHeader("",$langs->trans("Projects"),"EN:Module_Projects|FR:Module_Projets|ES:Módulo_Proyectos");
 
@@ -82,7 +82,7 @@ $sql.= ", s.nom, s.rowid as socid";
 $sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
 $sql.= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s on p.fk_soc = s.rowid";
 $sql.= " WHERE p.entity = ".$conf->entity;
-if (!$user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
+if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")";
 if ($socid) $sql.= " AND s.rowid = ".$socid;
 $sql.= " GROUP BY s.nom, s.rowid";