diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 7aa9e522b71..45dbb32b7f0 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -344,7 +344,7 @@ function restrictedArea($user, $features, $objectid=0, $tableandshare='', $featu
  * This function is also called by restrictedArea
  *
  * @param User		$user			User to check
- * @param array		$featuresarray	Features/modules to check. Example: ('user','service')
+ * @param array		$featuresarray	Features/modules to check. Example: ('user','service','member','project','task',...)
  * @param int		$objectid		Object ID if we want to check a particular record (optional) is linked to a owned thirdparty (optional).
  * @param string	$tableandshare	'TableName&SharedElement' with Tablename is table where object is stored. SharedElement is an optional key to define where to check entity for multicompany modume. Param not used if objectid is null (optional).
  * @param string	$feature2		Feature to check, second level of permission (optional). Can be or check with 'level1|level2'.
@@ -368,11 +368,14 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 
 		// For backward compatibility
 		if ($feature == 'member') $feature='adherent';
+		if ($feature == 'project') $feature='projet';
+		if ($feature == 'task') $feature='projet_task';
 
 		$check = array('adherent','banque','user','usergroup','produit','service','produit|service','categorie'); // Test on entity only (Objects with no link to company)
 		$checksoc = array('societe');	 // Test for societe object
 		$checkother = array('contact');	 // Test on entity and link to societe. Allowed if link is empty (Ex: contacts...).
 		$checkproject = array('projet','project'); // Test for project object
+		$checktask = array('projet_task');
 		$nocheck = array('barcode','stock','fournisseur');	// No test
 		$checkdefault = 'all other not already defined'; // Test on entity and link to third party. Not allowed if link is empty (Ex: invoice, orders...).
 
@@ -452,7 +455,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 		}
 		else if (in_array($feature,$checkproject))
 		{
-			if (! empty($conf->projet->enabled) && ! $user->rights->projet->all->lire)
+			if (! empty($conf->projet->enabled) && empty($user->rights->projet->all->lire))
 			{
 				include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
 				$projectstatic=new Project($db);
@@ -462,7 +465,27 @@ function checkUserAccessToObject($user, $featuresarray, $objectid=0, $tableandsh
 			}
 			else
 			{
-			    if ($dbtablename == 'project') $dbtablename='projet';
+				$sql = "SELECT dbt.".$dbt_select;
+				$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
+				$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;
+				$sql.= " AND dbt.entity IN (".getEntity($sharedelement, 1).")";
+			}
+		}
+		else if (in_array($feature,$checktask))
+		{
+			if (! empty($conf->projet->enabled) && empty($user->rights->projet->all->lire))
+			{
+			    $task = new Task($db);
+			    $task->fetch($objectid);
+
+				include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
+				$projectstatic=new Project($db);
+				$tmps=$projectstatic->getProjectsAuthorizedForUser($user,0,1,0);
+				$tmparray=explode(',',$tmps);
+				if (! in_array($task->fk_project,$tmparray)) return false;
+			}
+			else
+			{
 				$sql = "SELECT dbt.".$dbt_select;
 				$sql.= " FROM ".MAIN_DB_PREFIX.$dbtablename." as dbt";
 				$sql.= " WHERE dbt.".$dbt_select." = ".$objectid;