From c666c2cb89d3ae77f335e9be999a3510840c99fb Mon Sep 17 00:00:00 2001 From: Julien Nicolas Date: Tue, 30 Aug 2022 12:02:53 +0200 Subject: [PATCH] Bugfix project stats when user has no project In case of no project assigned to user, stats were using all projects --- htdocs/projet/class/project.class.php | 42 ++++++++++++++------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/htdocs/projet/class/project.class.php b/htdocs/projet/class/project.class.php index f395173b327..04e32a80c5d 100644 --- a/htdocs/projet/class/project.class.php +++ b/htdocs/projet/class/project.class.php @@ -2040,7 +2040,6 @@ class Project extends CommonObject } } - // phpcs:disable PEAR.NamingConventions.ValidFunctionName.ScopeNotCamelCaps /** * Load indicators for dashboard (this->nbtodo and this->nbtodolate) @@ -2056,10 +2055,14 @@ class Project extends CommonObject // For external user, no check is done on company because readability is managed by public status of project and assignement. //$socid=$user->socid; - $projectsListId = null; - if (empty($user->rights->projet->all->lire)) { - $projectsListId = $this->getProjectsAuthorizedForUser($user, 0, 1); - } + $response = new WorkboardResponse(); + $response->warning_delay = $conf->project->warning_delay / 60 / 60 / 24; + $response->label = $langs->trans("OpenedProjects"); + $response->labelShort = $langs->trans("Opened"); + $response->url = DOL_URL_ROOT.'/projet/list.php?search_project_user=-1&search_status=1&mainmenu=project'; + $response->img = img_object('', "projectpub"); + $response->nbtodo = 0; + $response->nbtodolate = 0; $sql = "SELECT p.rowid, p.fk_statut as status, p.fk_opp_status, p.datee as datee"; $sql .= " FROM (".MAIN_DB_PREFIX."projet as p"; @@ -2069,9 +2072,19 @@ class Project extends CommonObject //if (! $user->rights->societe->client->voir && ! $socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON sc.fk_soc = s.rowid"; $sql .= " WHERE p.fk_statut = 1"; $sql .= " AND p.entity IN (".getEntity('project').')'; - if (!empty($projectsListId)) { + + + $projectsListId = null; + if (!$user->rights->projet->all->lire) { + $response->url = DOL_URL_ROOT.'/projet/list.php?search_status=1&mainmenu=project'; + $projectsListId = $this->getProjectsAuthorizedForUser($user, 0, 1); + if (empty($projectsListId)) { + return $response; + } + $sql .= " AND p.rowid IN (".$this->db->sanitize($projectsListId).")"; } + // No need to check company, as filtering of projects must be done by getProjectsAuthorizedForUser //if ($socid || ! $user->rights->societe->client->voir) $sql.= " AND (p.fk_soc IS NULL OR p.fk_soc = 0 OR p.fk_soc = ".((int) $socid).")"; // For external user, no check is done on company permission because readability is managed by public status of project and assignement. @@ -2082,16 +2095,6 @@ class Project extends CommonObject if ($resql) { $project_static = new Project($this->db); - $response = new WorkboardResponse(); - $response->warning_delay = $conf->project->warning_delay / 60 / 60 / 24; - $response->label = $langs->trans("OpenedProjects"); - $response->labelShort = $langs->trans("Opened"); - if ($user->rights->projet->all->lire) { - $response->url = DOL_URL_ROOT.'/projet/list.php?search_status=1&mainmenu=project'; - } else { - $response->url = DOL_URL_ROOT.'/projet/list.php?search_project_user=-1&search_status=1&mainmenu=project'; - } - $response->img = img_object('', "projectpub"); // This assignment in condition is not a bug. It allows walking the results. while ($obj = $this->db->fetch_object($resql)) { @@ -2107,12 +2110,11 @@ class Project extends CommonObject } return $response; - } else { - $this->error = $this->db->error(); - return -1; } - } + $this->error = $this->db->error(); + return -1; + } /** * Function used to replace a thirdparty id with another one.