Fix: [ bug #1079 ] External users can't access projects even if it is a

contact.
2013-12-01 16:01:33 +01:00 · 2013-12-01 16:01:33 +01:00 · bfd229d484
commit bfd229d484
parent f207aabe7a
5 changed files with 15 additions and 8 deletions
--- a/htdocs/install/mysql/data/llx_c_type_contact.sql
+++ b/htdocs/install/mysql/data/llx_c_type_contact.sql
@ -70,12 +70,14 @@ insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) v
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (143,'order_supplier','external', 'CUSTOMER',      'Contact fournisseur suivi commande', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (145,'order_supplier','external', 'SHIPPING',      'Contact fournisseur livraison commande', 1);

+-- All project code must start with 'PROJECT'
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (160, 'project',  'internal', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project',  'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (161, 'project',  'internal', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (170, 'project',  'external', 'PROJECTLEADER', 'Chef de Projet', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project',  'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (171, 'project',  'external', 'PROJECTCONTRIBUTOR', 'Intervenant', 1);

+-- All task code must start with 'TASK'
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (180, 'project_task',  'internal', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task',  'internal', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (181, 'project_task',  'internal', 'TASKCONTRIBUTOR', 'Intervenant', 1);
 insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (190, 'project_task',  'external', 'TASKEXECUTIVE', 'Responsable', 1);
-insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task',  'external', 'CONTRIBUTOR', 'Intervenant', 1);
+insert into llx_c_type_contact(rowid, element, source, code, libelle, active ) values (191, 'project_task',  'external', 'TASKCONTRIBUTOR', 'Intervenant', 1);
--- a/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
+++ b/htdocs/install/mysql/migration/3.4.0-3.5.0.sql
@ -20,6 +20,10 @@

 DELETE FROM llx_menu where module='holiday';

+ALTER TABLE llx_c_type_contact MODIFY COLUMN code varchar(32) NOT NULL;
+UPDATE llx_c_type_contact set code = 'PROJECTCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project';
+UPDATE llx_c_type_contact set code = 'TASKCONTRIBUTOR' where code = 'CONTRIBUTOR' and element = 'project_task';
+
 insert into llx_c_tva(rowid,fk_pays,taux,recuperableonly,localtax1,localtax1_type,note,active) values (143, 14,'5','0','9.975','1','TPS and TVQ rate',1);

 -- Fix bad migration of 3.4 that make this text instead of varchar(50)
--- a/htdocs/install/mysql/tables/llx_c_type_contact.sql
+++ b/htdocs/install/mysql/tables/llx_c_type_contact.sql
@ -31,7 +31,7 @@ create table llx_c_type_contact
  rowid      	integer     PRIMARY KEY,
  element       varchar(30) NOT NULL,
  source        varchar(8)  DEFAULT 'external' NOT NULL,
-  code          varchar(16) NOT NULL,
+  code          varchar(32) NOT NULL,
  libelle 	    varchar(64)	NOT NULL,
  active  	    tinyint DEFAULT 1  NOT NULL,
  module        varchar(32) NULL
--- a/htdocs/projet/class/project.class.php
+++ b/htdocs/projet/class/project.class.php
@ -844,7 +844,7 @@ class Project extends CommonObject
            $userAccess = 1;
        }
        else
-        {
+		{
            foreach (array('internal', 'external') as $source)
            {
                $userRole = $this->liste_contact(4, $source);
@ -853,7 +853,7 @@ class Project extends CommonObject
                $nblinks = 0;
                while ($nblinks < $num)
                {
-                    if ($source == 'internal' && preg_match('/PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
+                    if ($source == 'internal' && preg_match('/^PROJECT/', $userRole[$nblinks]['code']) && $user->id == $userRole[$nblinks]['id'])
                    {
                        if ($mode == 'read'   && $user->rights->projet->lire)      $userAccess++;
                        if ($mode == 'write'  && $user->rights->projet->creer)     $userAccess++;
--- a/htdocs/projet/liste.php
+++ b/htdocs/projet/liste.php
@ -100,10 +100,11 @@ if ($search_societe)
 $sql.= $db->order($sortfield,$sortorder);
 $sql.= $db->plimit($conf->liste_limit+1, $offset);

-$var=true;
+dol_syslog("list allowed project sql=".$sql);
 $resql = $db->query($sql);
 if ($resql)
 {
+	$var=true;
 	$num = $db->num_rows($resql);
 	$i = 0;