From d93a597a1eb62db89392aa44b79b73ba19e7c6bb Mon Sep 17 00:00:00 2001 From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com> Date: Tue, 4 Feb 2020 09:17:02 +0100 Subject: [PATCH 1/5] Fix Compatbility with Multicompany Before : Show all projects of all entities Now : Show only projects that are allowed by permissions --- htdocs/core/boxes/box_project.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index e7281708802..5e06e154987 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -3,6 +3,7 @@ * Copyright (C) 2014 Marcos García * Copyright (C) 2015 Frederic France * Copyright (C) 2016 Juan José Menent + * Copyright (C) 2020 Pierre Ardoin * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -99,6 +100,7 @@ class box_project extends ModeleBoxes $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql.= " WHERE p.fk_statut = 1"; // Only open projects + $sql .= " AND entity IN (".getEntity('projet').")"; // Only current entity or severals if permission ok if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql.= " ORDER BY p.datec DESC"; From 262d889700ac6fb2fb149c149799ccfedcce133e Mon Sep 17 00:00:00 2001 From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com> Date: Wed, 5 Feb 2020 08:50:51 +0100 Subject: [PATCH 2/5] Update box_project.php --- htdocs/core/boxes/box_project.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 5e06e154987..d3670d05ee1 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -100,7 +100,7 @@ class box_project extends ModeleBoxes $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql.= " WHERE p.fk_statut = 1"; // Only open projects - $sql .= " AND entity IN (".getEntity('projet').")"; // Only current entity or severals if permission ok + $sql .= " AND entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql.= " ORDER BY p.datec DESC"; From d5b74a8ca3d1fc210c0d60160cf8e2d42415f125 Mon Sep 17 00:00:00 2001 From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com> Date: Wed, 5 Feb 2020 09:06:43 +0100 Subject: [PATCH 3/5] Update box_project.php --- htdocs/core/boxes/box_project.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index d3670d05ee1..ca9618aab9a 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -100,7 +100,7 @@ class box_project extends ModeleBoxes $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; $sql.= " WHERE p.fk_statut = 1"; // Only open projects - $sql .= " AND entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok + $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql.= " ORDER BY p.datec DESC"; From 81ed70ffc7ac61844088e1e664324e5fdacb8e78 Mon Sep 17 00:00:00 2001 From: Pierre Ardoin <32256817+mapiolca@users.noreply.github.com> Date: Wed, 5 Feb 2020 09:18:39 +0100 Subject: [PATCH 4/5] Update box_project.php --- htdocs/core/boxes/box_project.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index ca9618aab9a..071e4b013ec 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -99,8 +99,8 @@ class box_project extends ModeleBoxes $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql.= " WHERE p.fk_statut = 1"; // Only open projects - $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok + $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok + $sql.= " AND p.fk_statut = 1"; // Only open projects if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql.= " ORDER BY p.datec DESC"; From 63ba601906cb9e0fda349dd06f0968bc48f3330b Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Wed, 5 Feb 2020 12:39:00 +0100 Subject: [PATCH 5/5] Update box_project.php --- htdocs/core/boxes/box_project.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 071e4b013ec..9b3920590d2 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -99,7 +99,7 @@ class box_project extends ModeleBoxes $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; - $sql.= " WHERE entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok + $sql.= " WHERE p.entity IN (".getEntity('project').")"; // Only current entity or severals if permission ok $sql.= " AND p.fk_statut = 1"; // Only open projects if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users