From 100c48372b7f806dbac0a6e43725221ac306944a Mon Sep 17 00:00:00 2001
From: Marc de Lima Lucio <68746600+marc-dll@users.noreply.github.com>
Date: Tue, 22 Mar 2022 17:13:48 +0100
Subject: [PATCH] FIX: permit access to medias when logged in a different
 entity

---
 htdocs/viewimage.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 69d0b38571c..fda4cdfbf20 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -186,6 +186,13 @@ $refname = basename(dirname($original_file)."/");
 // Security check
 if (empty($modulepart)) accessforbidden('Bad value for parameter modulepart', 0, 0, 1);
 
+// When logged in a different entity, medias cannot be accessed because $conf->$module->multidir_output
+// is not set on the requested entity, but they are public documents, so reset entity
+if ($modulepart === 'medias' && $entity != $conf->entity) {
+    $conf->entity = $entity;
+    $conf->setValues($db);
+}
+
 $check_access = dol_check_secure_access_document($modulepart, $original_file, $entity, $user, $refname);
 $accessallowed              = $check_access['accessallowed'];
 $sqlprotectagainstexternals = $check_access['sqlprotectagainstexternals'];