diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index 023c623e0cd..fc021fca1ca 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -2377,10 +2377,11 @@ class Form
 	 *		@param	form_name 		Nom du formulaire de provenance. Utilise pour les dates en popup.
 	 *		@param	d				1=Affiche aussi les jours, mois, annees
 	 * 		@param	addnowbutton	Add a button "Now"
-	 * 		@param	nooutput		Do not output zone but return it
+	 * 		@param	nooutput		Do not output html string but return it
+	 * 		@param 	disabled		Disable input fields
 	 * 		@return	nothing or string if nooutput is 1
 	 */
-	function select_date($set_time='', $prefix='re', $h=0, $m=0, $empty=0, $form_name="", $d=1, $addnowbutton=0, $nooutput=0)
+	function select_date($set_time='', $prefix='re', $h=0, $m=0, $empty=0, $form_name="", $d=1, $addnowbutton=0, $nooutput=0, $disabled=0)
 	{
 		global $conf,$langs;
 
@@ -2440,13 +2441,17 @@ class Form
 				{
 					// Zone de saisie manuelle de la date
 					$retstring.='<input id="'.$prefix.'" name="'.$prefix.'" type="text" size="9" maxlength="11" value="'.$formated_date.'"';
+					$retstring.=($disabled?' disabled="true"':'');
 					$retstring.=' onChange="dpChangeDay(\''.$prefix.'\',\''.$conf->format_date_short_java.'\'); "';
 					$retstring.='>';
 
 					// Icone calendrier
-					$retstring.='<button id="'.$prefix.'Button" type="button" class="dpInvisibleButtons"';
-					$base=DOL_URL_ROOT.'/lib/';
-					$retstring.=' onClick="showDP(\''.$base.'\',\''.$prefix.'\',\''.$conf->format_date_short_java.'\');">'.img_object($langs->trans("SelectDate"),'calendar').'</button>';
+					if (! $disabled)
+					{
+						$retstring.='<button id="'.$prefix.'Button" type="button" class="dpInvisibleButtons"';
+						$base=DOL_URL_ROOT.'/lib/';
+						$retstring.=' onClick="showDP(\''.$base.'\',\''.$prefix.'\',\''.$conf->format_date_short_java.'\');">'.img_object($langs->trans("SelectDate"),'calendar').'</button>';
+					}
 
 					$retstring.='<input type="hidden" id="'.$prefix.'day"   name="'.$prefix.'day"   value="'.$sday.'">'."\n";
 					$retstring.='<input type="hidden" id="'.$prefix.'month" name="'.$prefix.'month" value="'.$smonth.'">'."\n";
@@ -2489,7 +2494,7 @@ class Form
 			if (! $conf->use_javascript_ajax || ! $conf->use_popup_calendar)
 			{
 				// Jour
-				$retstring.='<select class="flat" name="'.$prefix.'day">';
+				$retstring.='<select'.($disabled?' disabled="true"':'').' class="flat" name="'.$prefix.'day">';
 
 				if ($empty || $set_time == -1)
 				{
@@ -2511,7 +2516,7 @@ class Form
 
 				$retstring.="</select>";
 
-				$retstring.='<select class="flat" name="'.$prefix.'month">';
+				$retstring.='<select'.($disabled?' disabled="true"':'').' class="flat" name="'.$prefix.'month">';
 				if ($empty || $set_time == -1)
 				{
 					$retstring.='<option value="0" selected="true">&nbsp;</option>';
@@ -2529,11 +2534,11 @@ class Form
 				// Year
 				if ($empty || $set_time == -1)
 				{
-					$retstring.='<input class="flat" type="text" size="3" maxlength="4" name="'.$prefix.'year" value="'.$syear.'">';
+					$retstring.='<input'.($disabled?' disabled="true"':'').' class="flat" type="text" size="3" maxlength="4" name="'.$prefix.'year" value="'.$syear.'">';
 				}
 				else
 				{
-					$retstring.='<select class="flat" name="'.$prefix.'year">';
+					$retstring.='<select'.($disabled?' disabled="true"':'').' class="flat" name="'.$prefix.'year">';
 
 					for ($year = $syear - 5; $year < $syear + 10 ; $year++)
 					{
@@ -2559,7 +2564,7 @@ class Form
 			/*
 			 * Affiche heure en select
 			 */
-			$retstring.='<select class="flat" name="'.$prefix.'hour">';
+			$retstring.='<select'.($disabled?' disabled="true"':'').' class="flat" name="'.$prefix.'hour">';
 			if ($empty) $retstring.='<option value="-1">&nbsp;</option>';
 			for ($hour = 0; $hour < 24; $hour++)
 			{
@@ -2585,7 +2590,7 @@ class Form
 			/*
 			 * Affiche min en select
 			 */
-			$retstring.='<select class="flat" name="'.$prefix.'min">';
+			$retstring.='<select'.($disabled?' disabled="true"':'').' class="flat" name="'.$prefix.'min">';
 			if ($empty) $retstring.='<option value="-1">&nbsp;</option>';
 			for ($min = 0; $min < 60 ; $min++)
 			{
diff --git a/htdocs/lib/project.lib.php b/htdocs/lib/project.lib.php
index 7fef80cf6fb..6095eeaf494 100644
--- a/htdocs/lib/project.lib.php
+++ b/htdocs/lib/project.lib.php
@@ -315,7 +315,7 @@ function PLinesb(&$inc, $parent, $lines, &$level, &$projectsrole)
 			if ($lines[$i]->public || ! empty($projectsrole[$lines[$i]->fk_project]) || $user->rights->projet->all->creer) $disabled=0;
 
 			print '<td nowrap="nowrap">';
-			print $form->select_date('',$lines[$i]->id,'','','',"addtime");
+			print $form->select_date('',$lines[$i]->id,'','','',"addtime",1,0,1,$disabled);
 			print '&nbsp;&nbsp;&nbsp;';
 			print $form->select_duration($lines[$i]->id,'',$disabled);
 			print '&nbsp;<input type="submit" class="button"'.($disabled?' disabled="true"':'').' value="'.$langs->trans("Add").'">';
diff --git a/htdocs/projet/activity/index.php b/htdocs/projet/activity/index.php
index 18fa0c7e2dd..f2eb598999a 100644
--- a/htdocs/projet/activity/index.php
+++ b/htdocs/projet/activity/index.php
@@ -33,11 +33,11 @@ require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 
 // Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
+//$result = restrictedArea($user, 'projet', $projectid);
 if (!$user->rights->projet->lire) accessforbidden();
-if ($user->societe_id > 0)
-{
-	$socid = $user->societe_id;
-}
+
 
 $langs->load("projects");
 
@@ -46,7 +46,7 @@ $langs->load("projects");
  * View
  */
 
-$now = gmmktime();
+$now = dol_now();
 
 $projectstatic=new Project($db);
 
diff --git a/htdocs/projet/activity/list.php b/htdocs/projet/activity/list.php
index 29585268ba0..52d514bd3dc 100644
--- a/htdocs/projet/activity/list.php
+++ b/htdocs/projet/activity/list.php
@@ -40,7 +40,7 @@ $projectid=isset($_GET["id"])?$_GET["id"]:$_POST["projectid"];
 
 // Security check
 $socid=0;
-if ($user->societe_id) $socid=$user->societe_id;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 /*
@@ -81,7 +81,7 @@ if ($_POST["action"] == 'addtime' && $user->rights->projet->creer)
 				$task->timespent_duration = $_POST[$id."hour"]*60*60;	// We store duration in seconds
 		  		$task->timespent_duration+= $_POST[$id."min"]*60;		// We store duration in seconds
 				$task->timespent_date = dol_mktime(12,0,0,$_POST["$id"."month"],$_POST["$id"."day"],$_POST["$id"."year"]);
-	
+
 		  		$task->addTimeSpent($user);
 		  	}
 		  	else
diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php
index 7d5c3aa9bff..56c38c70fda 100644
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@@ -692,13 +692,15 @@ class Project extends CommonObject
 	}
 
 	/**
-	 *		\brief		Check permissions
+	 *	\brief		Check permissions
+	 * 	@param		user		Object user to evaluate
+	 * 	@param 		noprint		0=Print forbidden message if no permission, 1=Return -1 if no permission
 	 */
-	function restrictedProjectArea($user,$list=0)
+	function restrictedProjectArea($user,$noprint=0)
 	{
 		// To verify role of users
 		$userAccess = 0;
-		if ((!empty($this->user_author_id) && $this->user_author_id == $user->id) || $user->rights->projet->all->lire)
+		if ($user->rights->projet->all->lire)
 		{
 			$userAccess = 1;
 		}
@@ -713,21 +715,28 @@ class Project extends CommonObject
 				$userRole = $this->liste_contact(4,$source);
 				$num=sizeof($userRole);
 
-				$i = 0;
-				while ($i < $num)
+				$nblinks = 0;
+				while ($nblinks < $num)
 				{
-					if ($userRole[$i]['code'] == 'PROJECTLEADER' && $user->id == $userRole[$i]['id'])
+					if (preg_match('/PROJECT/',$userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
 					{
 						$userAccess++;
 					}
-					$i++;
+					$nblinks++;
 				}
 			}
+			//if (empty($nblinks))	// If nobody has permission, we grant creator
+			//{
+			//	if ((!empty($this->user_author_id) && $this->user_author_id == $user->id))
+			//	{
+			//		$userAccess = 1;
+			//	}
+			//}
 		}
 
-		if (!$userAccess && !$this->public)
+		if (! $userAccess)
 		{
-			if (!$list)
+			if (!$noprint)
 			{
 				accessforbidden('',0);
 			}
@@ -776,7 +785,7 @@ class Project extends CommonObject
 		if ($mode == 0)
 		{
 			$sql.= " AND ( p.public = 1";
-			$sql.= " OR p.fk_user_creat = ".$user->id;
+			//$sql.= " OR p.fk_user_creat = ".$user->id;
 			$sql.= " OR ( ec.element_id = p.rowid";
 			$sql.= " AND ctc.rowid = ec.fk_c_type_contact";
 			$sql.= " AND ctc.element = '".$this->element."'";
diff --git a/htdocs/projet/contact.php b/htdocs/projet/contact.php
index 24de6cea62e..10d2b1798a4 100644
--- a/htdocs/projet/contact.php
+++ b/htdocs/projet/contact.php
@@ -34,15 +34,11 @@ $langs->load("companies");
 
 $projectid = isset($_GET["id"])?$_GET["id"]:'';
 
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
+
+// Security check
+$socid=0;
 if ($user->societe_id) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
diff --git a/htdocs/projet/document.php b/htdocs/projet/document.php
index 272936e5568..db64340449b 100644
--- a/htdocs/projet/document.php
+++ b/htdocs/projet/document.php
@@ -32,20 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
 $langs->load('projects');
 $langs->load('other');
 
-$id=empty($_GET['id']) ? 0 : intVal($_GET['id']);
-
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-$socid=0;
+
 $id = isset($_GET["id"])?$_GET["id"]:'';
-if ($user->societe_id) $socid=$user->societe_id;
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result=restrictedArea($user,'projet',$id,'');
 
 // Get parameters
diff --git a/htdocs/projet/element.php b/htdocs/projet/element.php
index 3efd230d1e3..a653eb7d8a4 100644
--- a/htdocs/projet/element.php
+++ b/htdocs/projet/element.php
@@ -56,16 +56,12 @@ if ($projectid == '' && $ref == '')
 	exit;
 }
 
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-if ($user->societe_id) $socid=$user->societe_id;
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 
diff --git a/htdocs/projet/fiche.php b/htdocs/projet/fiche.php
index 7c830b398c8..30068a8a286 100644
--- a/htdocs/projet/fiche.php
+++ b/htdocs/projet/fiche.php
@@ -47,16 +47,12 @@ if (! empty($_REQUEST['socid_id']))
 
 if ($projectid == '' && $projectref == '' && ($_GET['action'] != "create" && $_POST['action'] != "add" && $_POST["action"] != "update" && !$_POST["cancel"])) accessforbidden();
 
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-if ($user->societe_id) $socid=$user->societe_id;
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 
diff --git a/htdocs/projet/ganttview.php b/htdocs/projet/ganttview.php
index 0fa9dcb3ae2..d8dcdc76ba8 100644
--- a/htdocs/projet/ganttview.php
+++ b/htdocs/projet/ganttview.php
@@ -38,16 +38,12 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
 
 $projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"];
 
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-if ($user->societe_id) $socid=$user->societe_id;
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $projectid);
 
 $userAccess=0;
diff --git a/htdocs/projet/index.php b/htdocs/projet/index.php
index 76325a52eb5..c215dfdfd3e 100644
--- a/htdocs/projet/index.php
+++ b/htdocs/projet/index.php
@@ -35,8 +35,8 @@ $langs->load("projects");
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 
 // Security check
-//if (! $user->rights->projet->all->lire) $mine=1;		// Special for projects
-if ($user->societe_id > 0) $socid = $user->societe_id;
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 
 
diff --git a/htdocs/projet/liste.php b/htdocs/projet/liste.php
index 0bdc1c882a2..5b79afdaf76 100644
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@@ -36,7 +36,9 @@ $socid = ( is_numeric($_GET["socid"]) ? $_GET["socid"] : 0 );
 $title = $langs->trans("Projects");
 
 // Security check
-if ($user->societe_id > 0) $socid = $user->societe_id;
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
+
 
 if ($socid > 0)
 {
diff --git a/htdocs/projet/note.php b/htdocs/projet/note.php
index 1ebb7ac8eca..99bba94acd7 100644
--- a/htdocs/projet/note.php
+++ b/htdocs/projet/note.php
@@ -31,16 +31,12 @@ $langs->load('projects');
 
 $id = isset($_GET["id"])?$_GET["id"]:'';
 
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-if ($user->societe_id) $socid=$user->societe_id;
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid=$user->societe_id;
 $result = restrictedArea($user, 'projet', $id);
 
 
diff --git a/htdocs/projet/tasks/contact.php b/htdocs/projet/tasks/contact.php
index 354be931de5..8c1106e531d 100644
--- a/htdocs/projet/tasks/contact.php
+++ b/htdocs/projet/tasks/contact.php
@@ -38,7 +38,8 @@ $langs->load("companies");
 $taskid = isset($_GET["id"])?$_GET["id"]:'';
 
 // Security check
-if ($user->societe_id) $socid=$user->societe_id;
+$socid=0;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 //$result = restrictedArea($user, 'projet', $taskid, 'projet_task');
 if (!$user->rights->projet->lire) accessforbidden();
 
diff --git a/htdocs/projet/tasks/document.php b/htdocs/projet/tasks/document.php
index 86b1038b4c8..28ff56c6e77 100644
--- a/htdocs/projet/tasks/document.php
+++ b/htdocs/projet/tasks/document.php
@@ -30,19 +30,22 @@ require_once(DOL_DOCUMENT_ROOT.'/lib/project.lib.php');
 require_once(DOL_DOCUMENT_ROOT."/lib/files.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/class/html.formfile.class.php");
 
-if (!$user->rights->projet->lire) accessforbidden();
 
 $langs->load('projects');
 $langs->load('other');
 
-$id=empty($_GET['id']) ? 0 : intVal($_GET['id']);
 $action=empty($_GET['action']) ? (empty($_POST['action']) ? '' : $_POST['action']) : $_GET['action'];
 
+$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
+//if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
+
+$id = isset($_GET["id"])?$_GET["id"]:'';
+
 // Security check
 $socid=0;
-$id = isset($_GET["id"])?$_GET["id"]:'';
-if ($user->societe_id) $socid=$user->societe_id;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 //$result=restrictedArea($user,'projet',$id,'');
+if (!$user->rights->projet->lire) accessforbidden();
 
 // Get parameters
 $page=$_GET["page"];
diff --git a/htdocs/projet/tasks/fiche.php b/htdocs/projet/tasks/fiche.php
index 5f15c6abb3d..95e183707fb 100644
--- a/htdocs/projet/tasks/fiche.php
+++ b/htdocs/projet/tasks/fiche.php
@@ -32,20 +32,14 @@ require_once(DOL_DOCUMENT_ROOT."/lib/project.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
 require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
 
-$projectid='';
-$projectid=isset($_REQUEST["id"])?$_REQUEST["id"]:$_POST["id"];
-
-// Security check
-if (empty($user->rights->projet->all->lire))
-{
-	$_GET["mode"]='mine';
-	$_POST["mode"]='mine';
-	$_REQUEST["mode"]='mine';
-}
 $mine = $_REQUEST['mode']=='mine' ? 1 : 0;
 //if (! $user->rights->projet->all->lire) $mine=1;	// Special for projects
-if ($user->societe_id) $socid=$user->societe_id;
-$result = restrictedArea($user, 'projet', $projectid);
+
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid = $user->societe_id;
+//$result = restrictedArea($user, 'projet', $projectid);
+if (!$user->rights->projet->lire) accessforbidden();
 
 $userAccess=0;
 
diff --git a/htdocs/projet/tasks/index.php b/htdocs/projet/tasks/index.php
index 348035bbb89..2b23b7e5ce9 100644
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@@ -35,8 +35,8 @@ $langs->load('projects');
 
 // Security check
 $socid=0;
-if (!$user->rights->projet->lire) accessforbidden();
 if ($user->societe_id > 0) $socid = $user->societe_id;
+if (!$user->rights->projet->lire) accessforbidden();
 
 $sortfield = isset($_GET["sortfield"])?$_GET["sortfield"]:$_POST["sortfield"];
 $sortorder = isset($_GET["sortorder"])?$_GET["sortorder"]:$_POST["sortorder"];
@@ -44,13 +44,13 @@ $page = isset($_GET["page"])? $_GET["page"]:$_POST["page"];
 $page = is_numeric($page) ? $page : 0;
 $page = $page == -1 ? 0 : $page;
 
+$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
+
 
 /*
  * View
  */
 
-$mine = $_REQUEST['mode']=='mine' ? 1 : 0;
-
 $title=$langs->trans("Activities");
 if ($mine) $title=$langs->trans("MyActivities");
 
@@ -78,6 +78,8 @@ else
 }
 
 
+//$projectsListId = $project->getProjectsAuthorizedForUser($user,$mine,1);
+
 // Get list of tasks in tasksarray and taskarrayfiltered
 // We need all tasks (even not limited to a user because a task to user
 // can have a parent that is not affected to him).
diff --git a/htdocs/projet/tasks/note.php b/htdocs/projet/tasks/note.php
index 7aa3b7e2e7c..351d238db0f 100644
--- a/htdocs/projet/tasks/note.php
+++ b/htdocs/projet/tasks/note.php
@@ -33,7 +33,8 @@ $langs->load('projects');
 $id = isset($_GET["id"])?$_GET["id"]:'';
 
 // Security check
-if ($user->societe_id) $socid=$user->societe_id;
+$socid=0;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 //$result = restrictedArea($user, 'projet', $id, '', 'task'); // TODO ameliorer la verification
 
diff --git a/htdocs/projet/tasks/task.php b/htdocs/projet/tasks/task.php
index bf380aa2c8b..76c15fa93f4 100644
--- a/htdocs/projet/tasks/task.php
+++ b/htdocs/projet/tasks/task.php
@@ -34,8 +34,12 @@ require_once(DOL_DOCUMENT_ROOT."/core/class/html.formother.class.php");
 $taskid = (isset($_GET["id"])?$_GET["id"]:(isset($_POST["id"])?$_POST["id"]:''));
 $taskref = (isset($_GET["ref"])?$_GET["ref"]:'');
 
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 
+
 /*
  * Actions
  */
@@ -121,12 +125,12 @@ if ($taskid)
 	{
 		$result=$projectstatic->fetch($task->fk_project);
 		if (! empty($projectstatic->socid)) $projectstatic->societe->fetch($projectstatic->socid);
-		
+
 		// To verify role of users
 		$userAccess = $projectstatic->restrictedProjectArea($user);
 
 		if ($mesg) print $mesg;
-		
+
 		$head=task_prepare_head($task);
 
 		dol_fiche_head($head, 'task', $langs->trans("Task"),0,'projecttask');
diff --git a/htdocs/projet/tasks/time.php b/htdocs/projet/tasks/time.php
index 00c8cffc082..38fde85ce6d 100644
--- a/htdocs/projet/tasks/time.php
+++ b/htdocs/projet/tasks/time.php
@@ -33,8 +33,12 @@ require_once(DOL_DOCUMENT_ROOT."/lib/date.lib.php");
 
 $langs->load('projects');
 
+// Security check
+$socid=0;
+if ($user->societe_id > 0) $socid = $user->societe_id;
 if (!$user->rights->projet->lire) accessforbidden();
 
+
 /*
  * Actions
  */