From d82c62c40d9558d9c97c49a5cf62053d0ffc5125 Mon Sep 17 00:00:00 2001
From: abb <bafbes@gmail.com>
Date: Fri, 12 Feb 2021 23:53:05 +0100
Subject: [PATCH 1/4] New:Constant MAIN_SHOW_SOCIETE2EXTERN to allow access to
 any thirdparty for external users

---
 htdocs/core/lib/security.lib.php | 2 +-
 htdocs/societe/card.php          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 2f1e3d5596b..f2714dc9fb2 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -493,7 +493,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 		} elseif (in_array($feature, $checksoc))	// We check feature = checksoc
 		{
 			// If external user: Check permission for external users
-			if ($user->socid > 0)
+			if ($user->socid > 0  && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN))
 			{
 				if ($user->socid <> $objectid) return false;
 			} // If internal user: Check permission for internal users that are restricted on their objects
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index b471ca23ead..757b168e0cf 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -64,7 +64,7 @@ $backtopage = GETPOST('backtopage', 'alpha');
 $confirm	= GETPOST('confirm', 'alpha');
 
 $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int');
-if ($user->socid) $socid = $user->socid;
+if ($user->socid && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN)) $socid = $user->socid;
 if (empty($socid) && $action == 'view') $action = 'create';
 
 $object = new Societe($db);

From 135932633711c43f11fa3a9839f1042b3e7d3e8b Mon Sep 17 00:00:00 2001
From: Bahfir Abbes <bafbes@gmail.com>
Date: Thu, 11 Mar 2021 04:01:43 +0100
Subject: [PATCH 2/4] Update card.php

---
 htdocs/societe/card.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index 757b168e0cf..22f8f843c13 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -64,7 +64,7 @@ $backtopage = GETPOST('backtopage', 'alpha');
 $confirm	= GETPOST('confirm', 'alpha');
 
 $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int');
-if ($user->socid && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN)) $socid = $user->socid;
+if ($user->socid && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES)) $socid = $user->socid;
 if (empty($socid) && $action == 'view') $action = 'create';
 
 $object = new Societe($db);

From 0158cbb89327253229e53c30ae3186f2a27509cf Mon Sep 17 00:00:00 2001
From: Bahfir Abbes <bafbes@gmail.com>
Date: Thu, 11 Mar 2021 04:02:30 +0100
Subject: [PATCH 3/4] Update security.lib.php

---
 htdocs/core/lib/security.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index f2714dc9fb2..7062e3cc2ab 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -493,7 +493,7 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 		} elseif (in_array($feature, $checksoc))	// We check feature = checksoc
 		{
 			// If external user: Check permission for external users
-			if ($user->socid > 0  && empty($conf->global->MAIN_SHOW_SOCIETE2EXTERN))
+			if ($user->socid > 0  && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES))
 			{
 				if ($user->socid <> $objectid) return false;
 			} // If internal user: Check permission for internal users that are restricted on their objects

From 345fe648b3cc11c296c6a44810e7cfba78e2c33d Mon Sep 17 00:00:00 2001
From: stickler-ci <support@stickler-ci.com>
Date: Thu, 11 Mar 2021 15:37:27 +0000
Subject: [PATCH 4/4] Fixing style errors.

---
 htdocs/core/lib/security.lib.php | 6 +++---
 htdocs/societe/card.php          | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 00c2d8ee99b..c8c2c5cdc2b 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -623,10 +623,10 @@ function checkUserAccessToObject($user, $featuresarray, $objectid = 0, $tableand
 			// If external user: Check permission for external users
 			if ($user->socid > 0 && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES)) {
 				if ($user->socid <> $objectid) {
-          return false;
-        }
+					return false;
+				}
 			} elseif (!empty($conf->societe->enabled) && ($user->rights->societe->lire && !$user->rights->societe->client->voir)) {
-        // If internal user: Check permission for internal users that are restricted on their objects
+				// If internal user: Check permission for internal users that are restricted on their objects
 				$sql = "SELECT COUNT(sc.fk_soc) as nb";
 				$sql .= " FROM (".MAIN_DB_PREFIX."societe_commerciaux as sc";
 				$sql .= ", ".MAIN_DB_PREFIX."societe as s)";
diff --git a/htdocs/societe/card.php b/htdocs/societe/card.php
index 220576bd927..d69a602c900 100644
--- a/htdocs/societe/card.php
+++ b/htdocs/societe/card.php
@@ -81,10 +81,10 @@ $confirm	= GETPOST('confirm', 'alpha');
 
 $socid = GETPOST('socid', 'int') ?GETPOST('socid', 'int') : GETPOST('id', 'int');
 if ($user->socid && empty($conf->global->MAIN_EXTERNAL_USERS_CAN_SEE_SUBSIDIARY_COMPANIES)) {
-  $socid = $user->socid;
+	$socid = $user->socid;
 }
 if (empty($socid) && $action == 'view') {
-  $action = 'create';
+	$action = 'create';
 }
 
 $object = new Societe($db);