From e6d35039c9bc14fe1ff58aa5a8c1197ffd7b9779 Mon Sep 17 00:00:00 2001
From: abb <bafbes@gmail.com>
Date: Sun, 14 Feb 2021 17:59:12 +0100
Subject: [PATCH 1/2] fix:Handle constant MAIN_SHOW_SOCIETE2EXTERN in
 checkUserAccessToObject

---
 htdocs/core/lib/security.lib.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 2f1e3d5596b..13f93ec59d4 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -584,7 +584,8 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 			}
 		} elseif (!in_array($feature, $nocheck)) {		// By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield
 			// If external user: Check permission for external users
-			if ($user->socid > 0) {
+			if ($user->socid > 0  && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN))
+			{
 				if (empty($dbt_keyfield)) dol_print_error('', 'Param dbt_keyfield is required but not defined');
 				$sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";
 				$sql .= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";

From 9c51e62d0f3cffd632f069fa23156ec6f724b321 Mon Sep 17 00:00:00 2001
From: Bahfir Abbes <bafbes@gmail.com>
Date: Tue, 16 Mar 2021 12:25:17 +0100
Subject: [PATCH 2/2] Update security.lib.php

MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES
---
 htdocs/core/lib/security.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 13f93ec59d4..381745a5359 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -584,7 +584,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 			}
 		} elseif (!in_array($feature, $nocheck)) {		// By default (case of $checkdefault), we check on object entity + link to third party on field $dbt_keyfield
 			// If external user: Check permission for external users
-			if ($user->socid > 0  && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN))
+			if ($user->socid > 0  && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES))
 			{
 				if (empty($dbt_keyfield)) dol_print_error('', 'Param dbt_keyfield is required but not defined');
 				$sql = "SELECT COUNT(dbt.".$dbt_keyfield.") as nb";