Works on enhancement of project tasks

Fix: security check
2010-02-14 17:34:43 +00:00 · 2010-02-14 17:34:43 +00:00 · af2a715f62
commit af2a715f62
parent 2ddb3925d4
2 changed files with 8 additions and 8 deletions
--- a/htdocs/projet/tasks/index.php
+++ b/htdocs/projet/tasks/index.php
@ -63,8 +63,6 @@ if ($_GET["id"])
 	$projectstatic->societe->fetch($projectstatic->societe->id);
 }

-$projectsListId = $projectstatic->getProjectsAuthorizedForUser($user,$mine,1);
-
 print_barre_liste($title, $page, $_SERVER["PHP_SELF"], "", $sortfield, $sortorder, "", $num);

 // Get list of tasks in tasksarray and taskarrayfiltered
--- a/htdocs/projet/tasks/task.class.php
+++ b/htdocs/projet/tasks/task.class.php
@ -447,7 +447,7 @@ class Task extends CommonObject
 		if ($mode == 0)
 		{
 			$sql.= " FROM (".MAIN_DB_PREFIX."projet as p, ".MAIN_DB_PREFIX."projet_task as t)";
-			if (is_object($userp) && $userp->id)	// Limit to projects affected to a user
+			/*if (is_object($userp) && $userp->id)	// Limit to projects affected to a user
 			{
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = p.rowid";
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid";
@ -456,19 +456,20 @@ class Task extends CommonObject
 			{
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = t.rowid";
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid";
-			}
+			}*/
 			$sql.= " WHERE t.fk_projet = p.rowid";
 			$sql.= " AND p.entity = ".$conf->entity;
 			if ($socid)	$sql.= " AND p.fk_soc = ".$socid;
 			if ($projectid) $sql.= " AND p.rowid =".$projectid;
-			if (is_object($userp)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))";
+			/*if (is_object($userp)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))";
 			if (is_object($usert)) $sql .= " AND (p.public=1 OR (ec.fk_socpeople = ".$usert->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project_task'))";
+			*/
 		}
 		if ($mode == 1)
 		{
 			$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
 			$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."projet_task as t on t.fk_projet = p.rowid";
-			if (is_object($userp) && $userp->id)	// Limit to projects affected to a user
+			/*if (is_object($userp) && $userp->id)	// Limit to projects affected to a user
 			{
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = p.rowid";
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid";
@ -477,12 +478,13 @@ class Task extends CommonObject
 			{
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."element_contact as ec ON ec.element_id = t.rowid";
 				$sql.= " LEFT JOIN ".MAIN_DB_PREFIX."c_type_contact as tc ON ec.fk_c_type_contact = tc.rowid";
-			}
+			}*/
 			$sql.= " WHERE p.entity = ".$conf->entity;
 			if ($socid)	$sql.= " AND p.fk_soc = ".$socid;
 			if ($projectid) $sql.= " AND p.rowid =".$projectid;
-			if (is_object($userp) && $userp->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))";
+			/*if (is_object($userp) && $userp->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$userp->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project'))";
 			if (is_object($usert) && $usert->id) $sql .= " AND (p.public=1 OR (ec.fk.socpeople = ".$usert->id." AND tc.active = 1 AND tc.source = 'internal' AND tc.element='project_task'))";
+			*/
 		}
 		$sql.= " ORDER BY p.ref, t.label";