lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SQL error in box_project.php

Browse Source 
Corrected a bug : for an internal user with no rights to see all projects, the project box on home cause an error in log.
Finally a lot of simplification because Project::getProjectsAuthorizedForUser do most of the filtering.
This commit is contained in:
bomuux 2019-02-18 23:17:03 +01:00 committed by GitHub
parent ebfb6beee3
commit c22be202d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/core/boxes/box_project.php
View File

@ -89,21 +89,14 @@ class box_project extends ModeleBoxes
include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
$projectstatic = new Project($this->db);
$socid=$user->societe_id;
// Get list of project id allowed to user (in a string list separated by coma)
// Get list of project id allowed to user (in a string list separated by coma)
$projectsListId='';
if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid);
if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $user->socid);
$sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public";
$sql.= " FROM ".MAIN_DB_PREFIX."projet as p";
if($user->socid) $sql.= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=p.fk_soc";
$sql.= " WHERE p.entity IN (".getEntity('project').')';
if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
if ($user->socid) $sql.= " AND s.rowid = ".$user->socid;
$sql.= " AND p.fk_statut = 1"; // Seulement les projets ouverts
if ($socid) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")";
if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))";
$sql.= " WHERE p.fk_statut = 1"; // Only open projects
if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users
$sql.= " ORDER BY p.datec DESC";
//$sql.= $db->plimit($max, 0);