From c22be202d9d16022efa87c4752170a2fda3e3f09 Mon Sep 17 00:00:00 2001 From: bomuux Date: Mon, 18 Feb 2019 23:17:03 +0100 Subject: [PATCH] SQL error in box_project.php Corrected a bug : for an internal user with no rights to see all projects, the project box on home cause an error in log. Finally a lot of simplification because Project::getProjectsAuthorizedForUser do most of the filtering. --- htdocs/core/boxes/box_project.php | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/htdocs/core/boxes/box_project.php b/htdocs/core/boxes/box_project.php index 7ab97832637..a969d2126e6 100644 --- a/htdocs/core/boxes/box_project.php +++ b/htdocs/core/boxes/box_project.php @@ -89,21 +89,14 @@ class box_project extends ModeleBoxes include_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php'; $projectstatic = new Project($this->db); - $socid=$user->societe_id; - - // Get list of project id allowed to user (in a string list separated by coma) + // Get list of project id allowed to user (in a string list separated by coma) $projectsListId=''; - if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $socid); + if (! $user->rights->projet->all->lire) $projectsListId = $projectstatic->getProjectsAuthorizedForUser($user, 0, 1, $user->socid); $sql = "SELECT p.rowid, p.ref, p.title, p.fk_statut, p.public"; $sql.= " FROM ".MAIN_DB_PREFIX."projet as p"; - if($user->socid) $sql.= " INNER JOIN ".MAIN_DB_PREFIX."societe as s ON s.rowid=p.fk_soc"; - $sql.= " WHERE p.entity IN (".getEntity('project').')'; - if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users - if ($user->socid) $sql.= " AND s.rowid = ".$user->socid; - $sql.= " AND p.fk_statut = 1"; // Seulement les projets ouverts - if ($socid) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".$socid.")"; - if (! $user->rights->societe->client->voir && ! $socid) $sql.= " AND ((s.rowid = sc.fk_soc AND sc.fk_user = " .$user->id.") OR (s.rowid IS NULL))"; + $sql.= " WHERE p.fk_statut = 1"; // Only open projects + if (! $user->rights->projet->all->lire) $sql.= " AND p.rowid IN (".$projectsListId.")"; // public and assigned to, or restricted to company for external users $sql.= " ORDER BY p.datec DESC"; //$sql.= $db->plimit($max, 0);