From d80709a7b9368b31651e5ef66bad49febc9685af Mon Sep 17 00:00:00 2001
From: "Paul Vincent M. Ancajas" <pv@pvancajas.xyz>
Date: Mon, 1 Feb 2021 01:41:19 +0800
Subject: [PATCH] Fix/FIX: making sure the return agenda is only specific to
 user

---
 htdocs/comm/action/class/actioncomm.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/htdocs/comm/action/class/actioncomm.class.php b/htdocs/comm/action/class/actioncomm.class.php
index 143dbf064a9..9e562173b04 100644
--- a/htdocs/comm/action/class/actioncomm.class.php
+++ b/htdocs/comm/action/class/actioncomm.class.php
@@ -1201,8 +1201,8 @@ class ActionComm extends CommonObject
     	}
     	$sql .= " FROM ".MAIN_DB_PREFIX."actioncomm as a";
     	if (!$user->rights->societe->client->voir && !$user->socid) $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe_commerciaux as sc ON a.fk_soc = sc.fk_soc";
-    	if (!$user->rights->agenda->allactions->read) { // If bloack Added by PV
-    	    $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm";
+    	if (!$user->rights->agenda->allactions->read) {
+    	    $sql .= " LEFT JOIN ".MAIN_DB_PREFIX."actioncomm_resources AS ar ON a.id = ar.fk_actioncomm AND ar.element_type ='user' AND ar.fk_element = ".$user->id;
     	}
     	$sql .= " LEFT JOIN ".MAIN_DB_PREFIX."societe as s ON a.fk_soc = s.rowid";
     	$sql .= " WHERE 1 = 1";